Dell PowerEdge FN I/O Module Configuration Guide 9.10(0.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 About this Guide..................................................................................................................... 34 Audience.................................................................................................................................... 34 Conventions.............................................................................................................................. 34 Information Symbols............................................................
Console Access......................................................................................................................... 51 Serial Console...................................................................................................................... 51 External Serial Port with a USB Connector................................................................... 53 Accessing the CLI Interface and Running Scripts Using SSH..........................................
Log Messages in the Internal Buffer..................................................................................... 82 Configuration Task List for System Log Management............................................... 82 Disabling System Logging...................................................................................................... 82 Sending System Messages to a Syslog Server....................................................................83 Configuring a UNIX System as a Syslog Server.
Configuring Request Identity Re-Transmissions........................................................ 111 Configuring a Quiet Period after a Failed Authentication.........................................111 Forcibly Authorizing or Unauthorizing a Port................................................................... 112 Re-Authenticating a Port.......................................................................................................113 Configuring Timeouts......................................
Applying Egress Layer 3 ACLs (Control-Plane)................................................................ 139 IP Prefix Lists............................................................................................................................140 Implementation Information.......................................................................................... 141 Configuration Task List for Prefix Lists...............................................................................
Configure BFD for Static Routes......................................................................................... 172 Related Configuration Tasks...........................................................................................172 Establishing Sessions for Static Routes........................................................................ 173 Changing Static Route Session Parameters................................................................ 174 Disabling BFD for Static Routes.........
Sessions and Peers.................................................................................................................199 Establish a Session............................................................................................................199 Route Reflectors.................................................................................................................... 200 Communities..................................................................................................
Configure Control Plane Policing.......................................................................................270 Configuring CoPP for Protocols................................................................................... 270 Configuring CoPP for CPU Queues............................................................................. 272 Show Commands............................................................................................................. 273 14 Data Center Bridging (DCB)..
Assigning an IP Address using DHCP................................................................................. 313 Debugging DHCP Client Operation................................................................................... 314 DHCP Client.............................................................................................................................317 How DHCP Client is Implemented.....................................................................................
Configure a Port for a Bridge-to-FCF Link................................................................. 344 Impact on Other Software Features.............................................................................344 FIP Snooping Prerequisites.............................................................................................345 FIP Snooping Restrictions...............................................................................................345 Configuring FIP Snooping................
22 FIP Snooping....................................................................................................................... 377 Supported Modes................................................................................................................... 377 Fibre Channel over Ethernet................................................................................................ 377 Ensuring Robustness in a Converged Ethernet Network...............................................
Configuring Layer 2 (Interface) Mode..........................................................................407 Configuring Layer 3 (Network) Mode.......................................................................... 407 Configuring Layer 3 (Interface) Mode......................................................................... 408 Management Interfaces.......................................................................................................
Splitting QSFP Ports to SFP+ Ports.....................................................................................433 Merging SFP+ Ports to QSFP 40G Ports..................................................................... 433 Configure the MTU Size on an Interface.................................................................... 434 Configuring wavelength for 10–Gigabit SFP+ optics.................................................... 434 Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port........
Configure UDP Helper.....................................................................................................461 Important Points to Remember.................................................................................... 462 Enabling UDP Helper.......................................................................................................462 Configurations Using UDP Helper......................................................................................
Configuring Telnet with IPv6.........................................................................................483 SNMP over IPv6................................................................................................................ 483 Showing IPv6 Information............................................................................................. 484 Showing an IPv6 Interface.............................................................................................
Supported Modes...................................................................................................................526 How the LACP is Implemented on an Aggregator..........................................................527 Uplink LAG..........................................................................................................................527 Server-Facing LAGs..........................................................................................................
CONFIGURATION versus INTERFACE Configurations...................................................552 Enabling LLDP......................................................................................................................... 552 Disabling and Undoing LLDP......................................................................................... 553 Advertising TLVs..................................................................................................................... 553 Optional TLVs..
Limiting the Source-Active Messages from a Peer.........................................................590 Preventing MSDP from Caching a Local Source.............................................................590 Preventing MSDP from Caching a Remote Source.........................................................591 Preventing MSDP from Advertising a Local Source........................................................592 Logging Changes in Peership States..................................................
Preventing a Host from Joining a Group.................................................................... 623 Rate Limiting IGMP Join Requests............................................................................... 626 Preventing a PIM Router from Forming an Adjacency.............................................626 Preventing a Source from Registering with the RP...................................................626 Preventing a PIM Router from Processing a Join......................................
Create the Redirect-List GOLDAssign Redirect-List GOLD to Interface 2/11View Redirect-List GOLD....................................................................................... 680 40 PIM Sparse-Mode (PIM-SM).............................................................................................684 Implementation Information...............................................................................................684 Protocol Overview...........................................................
Implementation Information.......................................................................................... 711 Configure Per-VLAN Spanning Tree Plus.......................................................................... 711 Related Configuration Tasks........................................................................................... 711 Enabling PVST+.......................................................................................................................
Classifying Packets Based on a Combination of DSCP Code Points and VLAN IDs.............................................................................................................................752 46 Routing Information Protocol (RIP)............................................................................... 754 Protocol Overview................................................................................................................. 754 RIPv1...............................................
Configuration Task List for AAA Accounting.............................................................. 785 AAA Authentication................................................................................................................788 Configuration Task List for AAA Authentication........................................................ 788 AAA Authorization...................................................................................................................791 Privilege Levels Overview.
Setting Rate-Limit BPDUs...............................................................................................827 Debugging Layer 2 Protocol Tunneling...................................................................... 828 Provider Backbone Bridging................................................................................................ 828 51 sFlow.....................................................................................................................................
MIB Support to Display the Available Memory Size on Flash....................................... 850 Viewing the Available Flash Memory Size................................................................... 850 MIB Support to Display the Software Core Files Generated by the System..............850 Viewing the Software Core Files Generated by the System.................................... 851 53 Stacking.........................................................................................................
Enabling Spanning Tree Protocol Globally.......................................................................872 Adding an Interface to the Spanning Tree Group........................................................... 875 Removing an Interface from the Spanning Tree Group................................................ 875 Modifying Global Parameters.............................................................................................. 875 Modifying Interface STP Parameters........................
Sample Configuration: Uplink Failure Detection............................................................ 905 60 PMUX Mode of the IO Aggregator..................................................................................907 I/O Aggregator (IOA) Programmable MUX (PMUX) Mode.............................................907 Configuring and Changing to PMUX Mode......................................................................907 Configuring the Commands without a Separate User Account.................
63 Virtual LANs (VLANs)......................................................................................................... 943 Default VLAN...........................................................................................................................944 Port-Based VLANs............................................................................................................945 VLANs and Port Tagging..........................................................................................
VLT domain and VLTi on Peer 2Configure mVLT on Peer 2Add links to the mVLT port-channel on Peer 2In Domain 2, configure the VLT domain and VLTi on Peer 3Configure mVLT on Peer 3Add links to the mVLT portchannel on Peer 3Configure the VLT domain and VLTi on Peer 4Configure mVLT on Peer 4Add links to the mVLT port-channel on Peer 4........................... 982 PIM-Sparse Mode Configuration Example.......................................................................
Software show Commands................................................................................................1019 Offline Diagnostics.............................................................................................................. 1020 Important Points to Remember.................................................................................. 1020 Running Offline Diagnostics........................................................................................1020 Trace Logs........
Enabling Data Center Bridging....................................................................................1062 QoS dot1p Traffic Classification and Queue Assignment..................................... 1063 Configure Enhanced Transmission Selection..........................................................1064 Configure a DCBx Operation...................................................................................... 1066 Verifying the DCB Configuration.............................................
1 About this Guide This guide describes the supported protocols and software features, and provides configuration instructions and examples, for the Dell Networking Operating System (OS). Dell Networking FN IOM is available with running Dell Networking OS version 9.9(0.0). The FN IOM is installed in a Dell PowerEdge FX2 server chassis. For information about how to install and perform the initial switch configuration, refer to the Getting Started Guides on the Dell Support website at http://www.dell.
[X] Keywords and parameters within brackets are optional. x|y Keywords and parameters separated by a bar require you to choose one option. x||y Keywords and parameters separated by a double bar allows you to choose any or all of the options. Information Symbols This book uses the following information symbols. NOTE: The Note icon signals important operational information. CAUTION: The Caution icon signals information about situations that could result in equipment damage or loss of data.
2 Before You Start To install the FN IOM in a Dell FX2 server chassis, use the instructions in the Dell Networking FN IOM Getting Started Guide that is shipped with the product. The FN IOM installs with zero-touch configuration. After you power it on, it boots up with default settings and auto-configures with software features enabled. This topic describes the default settings and software features that are automatically configured at startup.
CONFIGURATION mode Dell(conf)#stack-unit 0 iom-mode programmable-mux Select this mode to configure PMUX mode CLI commands. Standalone mode is the zero-touch auto configuration default mode. If you want the flexibility to configure different settings, change the FN I/O Module to PMUX mode. PMUX mode provides additional CLI commands to customize the software configuration, as needed. You can configure any of the external Ethernet ports to operate as stack links.
• VLAN (vlan1) and IP address for in-band management (DHCP) • IP address for out-of-band (OOB) management (DHCP) • read-only SNMP community name (public) • broadcast storm control (enabled in Standalone mode and disabled in VLT mode) • IGMP multicast flooding (enabled) • VLAN configuration (in Standalone mode, all ports belong to all VLANs) You can change any of these default settings using the CLI. Refer to the appropriate chapter for details.
The aggregator provides zero-touch configuration for DCB. The aggregator auto-configures DCBX port roles as follows: • Server-facing ports are configured as auto-downstream interfaces. • Uplink ports are configured as auto-upstream interfaces. In operation, DCBx auto-configures uplink ports to match the DCB configuration in the ToR switches to which they connect. The Aggregator supports DCB only in standalone mode.
Link Tracking By default, all server-facing ports are tracked by the operational status of the uplink LAG. If the uplink LAG goes down, the aggregator loses its connectivity and is no longer operational; all server-facing ports are brought down after the specified defer-timer interval, which is 10 seconds by default. If you have configured VLAN, you can reduce the defer time by changing the defer-timer value or remove it by using the no defertimer command.
• For local management using the CLI, use the attached console connection. • For remote in-band management from a network management station, enter the IP address of the default VLAN and log in to the switch to access the CLI. In case of a Dell upgrade, you can check to see that an Aggregator is running the latest Dell version by entering the show versioncommand. To download Dell version, go to http://support.dell.
3 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels. In Dell Networking OS, after you enable a command, it is entered into the running configuration file.
Login: username Password: Dell> CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (except for EXEC mode commands with a preceding do command (refer to the do Command section). The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level.
Navigating CLI Modes The Dell prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level. NOTE: Sub-CONFIGURATION modes all have the letters “conf” in the prompt with more modifiers to identify the mode and slot/port information. Table 1.
The do Command You can enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, and so on.) without having to return to EXEC mode by preceding the EXEC mode command with the do command. The following example shows the output of the do command.
no shutdown Dell(conf-if-ma-0/0)# Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: • To list the keywords available in the current mode, enter ? at the prompt or after a keyword. • Enter ? after a prompt lists all of the available keywords. The output of this command is the same for the help command.
Short-Cut Key Combination Action CNTL-A Moves the cursor to the beginning of the command line. CNTL-B Moves the cursor back one character. CNTL-D Deletes character at cursor. CNTL-E Moves the cursor to the end of the line. CNTL-F Moves the cursor forward one character. CNTL-I Completes a keyword. CNTL-K Deletes all characters from the cursor to the end of the command line. CNTL-L Re-enters the previous command.
Starting with Dell Networking OS version 7.8.1.0, the grep command accepts an ignore-case sub-option that forces the search to case-insensitive. For example, the commands: • show run | grep Ethernet returns a search result with instances containing a capitalized “Ethernet,” such as interface TenGigabitEthernet 0/1. • show run | grep ethernet does not return that search result because it only searches for instances containing a non-capitalized “ethernet.
NOTE: You can filter a single command output multiple times. The save option must be the last option entered. For example: Dell# command | grep regular-expression | except regularexpression | grep other-regular-expression | find regular-expression | save. Multiple Users in Configuration Mode Dell notifies all users when there are multiple users logged in to CONFIGURATION mode.
4 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) during which the route processor module (RPM), switch fabric module (SFM), and line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking operating system. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
Console Access The switch has two management ports available for system access: a serial console port and an out-ofbounds (OOB) port. Serial Console A universal serial bus (USB) (A-Type) connector is located at the front panel. The USB can be defined as an External Serial Console (RS-232) port, and is labeled on the chassis. The USB is present on the lower side, as you face the I/O side of the chassis, as shown.
Serial Console Getting Started 52
External Serial Port with a USB Connector The following table list the pin assignments. Table 2. Pin Assignments USB Pin Number Signal Name Pin 1 RTS Pin 2 RX Pin 3 TX Pin 4 CTS Pin 5, 6 GND RxD Chassis GND Accessing the CLI Interface and Running Scripts Using SSH In addition to the capability to access a device using a console connection or a Telnet session, you can also use SSH for secure, protected communication with the device. You can open an SSH session and run commands or script files.
Executing Local CLI Scripts Using an SSH Connection You can execute CLI commands by entering a CLI script in one of the following ways: ssh username@hostname or cat < CLIscript.file > | ssh admin@hostname The script is run and the actions contained in the script are performed. Following are the points to remember, when you are trying to establish an SSH session to the device to run commands or script files: • There is an upper limit of 10 concurrent sessions in SSH.
NetLogic XLP Stage 1 Loader Built by build at tools-sjc-01 on Thu May 31 23:53:38 2012 IOM Boot Selector Label 4.0.0.0 Nodes online: 1 GPIO 22 init'ed as an output GPIO 23 init'ed as an output I2C0 speed = 30 KHz, prescaler = 0x0377. Initialized I2C0 Controller. I2C1 speed = 100 KHz, prescaler = 0x0109. Initialized I2C1 Controller.
Starting Dell Networking application Welcome to Dell Easy Setup Wizard The setup wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You can skip the setup wizard, and enter CLI mode to manually configure the switch. You must respond to the next question to run the setup wizard within 60 seconds, otherwise the system will continue with normal operation using the default system configuration.
Configuring a Unique Host Name on the System While you can manually configure a host name for the system, you can also configure the system to have a unique host name. The unique host name is a combination of the platform type and the serial number of the system. The unique host name appears in the command prompt. The running configuration gets updated with the feature unique-name command. It also overwrites any existing host name configured on the system using the hostname command.
interface ManagementEthernet slot/port 2 • slot: the range is 0. • port: the range is 0. Assign an IP address to the interface. INTERFACE mode ip address ip-address/mask 3 • ip-address: an address in dotted-decimal format (A.B.C.D). • mask: a subnet mask in /prefix-length format (/ xx). Enable the interface. INTERFACE mode no shutdown Configure a Management Route Define a path from the system to the network from which you are accessing the system remotely.
Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are two types of enable passwords: • enable password stores the password in the running/startup configuration using a DES encryption method. • enable secret is stored in the running/startup configuration in using a stronger, MD5 encryption method.
Copy Files to and from the System The command syntax for copying files is similar to UNIX. The copy command uses the format copy sourcefile-url destination-file-url. NOTE: For a detailed description of the copy command, refer to the Dell Networking OS Command Line Reference Guide. • To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location.
NOTE: If all of the following conditions are true, the Portmode Hybrid configuration is not applied, because of the configuration process for server ports as switch ports by default: • The running configuration is saved in flash. • The startup configuration is deleted. • The switch is reloaded. • The saved configuration is copied to the running configuration.
EXEC Privilege mode • copy running-config tftp://{hostip | hostname}/ filepath/filename Save the running-configuration to an SCP server. EXEC Privilege mode copy running-config scp://{hostip | hostname}/ filepath/filename NOTE: When copying to a server, you can only use a host name if you have configured a DNS server. • Save the running-configuration to the startup-configuration on the internal flash of the primary RPM. Then copy the new startup-config file to the external flash of the primary RPM.
Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file.
• View information about each file system. EXEC Privilege mode show file-systems The output of the show file-systems command in the following example shows the total capacity, amount of free memory, file structure, media type, read/write privileges for each storage device in use.
[5/18 21:58:48]: CMD-(TEL0):[configure]by admin from vty0 (10.11.68.5) - Repeated 1 time. [5/18 21:58:57]: CMD-(TEL0):[interface port-channel 1]by admin from vty0 (10.11.68.5) [5/18 21:59:9]: CMD-(TEL0):[show config]by admin from vty0 (10.11.68.5) [5/18 22:4:32]: CMD-(TEL0):[exit]by admin from vty0 (10.11.68.5) [5/18 22:4:41]: CMD-(TEL0):[show interfaces port-channel brief]by admin from vty0 (10.11.68.5) Using HTTP for File Transfers Stating with Release 9.3(0.
Upgrading and Downgrading the Dell Networking OS NOTE: To upgrade the Dell Networking OS, refer to the Release Notes for the version you want to load on the system. Verify Software Images Before Installation To validate the software image on the flash drive, you can use the MD5 message-digest algorithm or SHA256 Secure Hash Algorithm, after the image is transferred to the system but before the image is installed.
• flash: (Optional) Specifies the flash drive. The default uses the flash drive. You can enter the image file name. • hash-value: (Optional). Specify the relevant hash published on iSupport. • img-file: Enter the name of the Dell Networking software image file to validate Examples: Without Entering the Hash Value for Verification MD5 Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin MD5 hash for FTOS-SE-9.5.0.0.bin: 275ceb73a4f3118e1d6bcf7d75753459 SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.
Mode Default Settings NPIV Proxy Gateway Mode (NPG) Enabled in FN 2210S; Disabled on FN 410S & FN 410T iSCSI Optimization Enabled Broadcast Storm Control Enabled Internet Group Management Protocol (IGMP) Flood Restrict Enabled Network Time Protocol (NTP) Enabled Enable and Disable All port enabled by default.
Configuration Examples Following are the configuration examples for common upstream switches. To establish a functional uplink and bring the network ports on PowerEdge FC-Series servers up (FC830, FC630, FC430, FC 620, and FC420) use the following steps: 1 Ensure that the FN IOM system is in Standalone Mode. 2 Create a LACP LAG on the upstream top of rack switch. 3 Verify the connection.
0 CRC, 0 overrun, 0 discarded Output Statistics: 1619 packets, 212604 bytes, 0 underruns 0 64-byte pkts, 201 over 64-byte pkts, 1376 over 127-byte pkts 42 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 1531 Multicasts, 88 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 1 packets/sec, 0.
Configure Interfaces and Port Channel This section provides the commands for configuring port channels on common upstream switches that are connected to the FN IOM system. The previous illustration is applicable to the FN 410S and FN 410T servers. If you are using the FN 2210S server in its default configuration, you can only use the TenGigabitethernet 0/11 and TenGigabitethernet 0/12 in the uplink port channel. Ports TenGigabitethernet 0/9 and TenGigabitethernet 0/10 are Fibre Channel ports.
Downstream interface cleared from UFD error-disabled: Te 0/3 …etc.
5 Management Dell Networking OS supports management. This chapter describes the different protocols or services used to manage the Dell Networking system.
Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set. You can then customize privilege levels 2-14 by: • removing commands from the EXEC mode commands • moving commands from EXEC Privilege mode to EXEC mode • allowing access to CONFIGURATION mode commands • allowing access to INTERFACE, LINE, ROUTE-MAP, and ROUTER mode commands You can access all commands at your privilege level and below.
level command. In the command, specify the privilege level of the user or terminal line and specify all keywords in the command to which you want to allow access. Customizing a Privilege Level to customize a privilege level, use the following commands. 1 Remove a command from the list of available commands in EXEC mode. CONFIGURATION mode privilege exec level level {command ||...|| command} 2 Move a command from EXEC Privilege to EXEC mode. CONFIGURATION mode privilege exec level level {command ||...
Current privilege level is 3. Dell#? capture Capture packet configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC ip Global IP subcommands monitor Monitoring feature mtrace Trace reverse multicast path from destination to source ping Send echo messages quit Exit from the EXEC show Show running system information [output omitted] Dell#config [output omitted] Dell(conf)#do show priv Current privilege level is 3.
Line mode privilege levellevel NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking operating system tracks changes in the system using event and error messages. By default, the system logs these messages on: • the internal buffer • console and terminal lines • any configured syslog servers To disable logging, use the following commands.
Enabling Audit and Security Logs You enable audit and security logs to monitor configuration changes or determine if these changes affect the operation of the system in the network. You log audit and security events to a system log server, using the logging extended command in CONFIGURATION mode. Audit Logs The audit log contains configuration events and information. The types of information in this log consist of the following: • User logins to the switch.
audit logs. Only the RBAC security administrator and system administrator user role can view the security logs. If extended logging is disabled, you can only view system events, regardless of RBAC user role. To view security logs, use the show logging command. Example of the show logging auditlog Command For information about the logging extended command, see Enabling Audit and Security Logs Dell#show logging auditlog May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.
Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Figure 1.
2 On the syslog server, create a reverse SSH tunnel from the syslog server to the Dell OS switch, using following syntax: ssh -R :: user@remote_host -nNf In the following example the syslog server IP address is 10.156.166.48 and the listening port is 5141. The switch IP address is 10.16.131.141 and the listening port is 5140 ssh -R 5140:10.156.166.48:5141 admin@10.16.131.141 -nNf 3 Configure logging to a local host. locahost is “127.0.0.1” or “::1”.
%TSM-6-PORT_CONFIG: Port link status for LC 12 => portpipe 0: OK portpipe 1: N/A %CHMGR-5-LINECARDUP: Line card 12 is up %IFMGR-5-CSTATE_UP: changed interface Physical state to up: So 12/8 %IFMGR-5-CSTATE_DN: changed interface Physical state to down: So 12/8 To view any changes made, use the show running-config logging command in EXEC privilege mode. Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
Sending System Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R. Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog messages over UDP. • Specify the server to which you want to send system messages. You can configure up to eight syslog servers.
• logging monitor level Specify the minimum severity level for logging to a syslog server. CONFIGURATION mode • logging trap level Specify the minimum severity level for logging to the syslog history table. CONFIGURATION mode • logging history level Specify the size of the logging buffer. CONFIGURATION mode logging buffered size • NOTE: When you decrease the buffer size, the system deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer.
%TSM-6-SFM_DISCOVERY: Found SFM 2 %TSM-6-SFM_DISCOVERY: Found SFM 3 %TSM-6-SFM_DISCOVERY: Found SFM 4 %TSM-6-SFM_DISCOVERY: Found SFM 5 %TSM-6-SFM_DISCOVERY: Found SFM 6 %TSM-6-SFM_DISCOVERY: Found SFM 7 %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP %TSM-6-SFM_DISCOVERY: Found SFM 8 %TSM-6-SFM_DISCOVERY: Found 9 SFMs %CHMGR-5-CHECKIN: Checkin from line card 5 (type EX1YB, 1 ports) %TSM-6-PORT_CONFIG: Port link status for LC 5 => portpipe 0: OK portpipe 1: N/A %CHMGR-5-LINECARDUP: Line card 5 is up %CHMGR-5-
• sys10 (system use) • sys11 (system use) • sys12 (system use) • sys13 (system use) • sys14 (system use) • syslog (for syslog messages) • user (for user programs) • uucp (UNIX to UNIX copy protocol) Example of the show running-config logging Command To view non default settings, use the show running-config logging command in EXEC mode.
• level severity-level: the range is from 0 to 7. The default is 2. Use the all keyword to include all messages. • limit: the range is from 20 to 300. The default is 20. To view the logging synchronous configuration, use the show config command in LINE mode. Enabling Timestamp on Syslog Messages By default, syslog messages do not include a time/date stamp stating when the error or message was created. To enable timestamp, use the following command. • Add timestamp to syslog messages.
Secure mode limits the ability to view or modify configuration, or upgrade software to the MXL's external USB console port and internal management network only. CMC continues to have access to other properties like power status and system health. To disable the secure mode, use no enable secure command. For the changes to take effect, save the configuration and reboot the system. Once the system exits secure mode, all the restrictions are gone. CMC is able to learn the status when it readsswitch.
Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. • Specify the directory for users using FTP to reach the system. CONFIGURATION mode ftp-server topdir dir • The default is the internal flash directory. Specify a user name for all FTP users and configure either a plain text or encrypted password.
ip ftp username name To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enabling the FTP Server. Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles. Terminal lines on the system provide different means of accessing the system. The virtual terminal lines (VTYs) connect you through Telnet to the system.
Dell(config-std-nacl)#line vty 0 Dell(config-line-vty)#show config line vty 0 access-class myvtyacl Dell OS Behavior: Prior to Dell OS version 7.4.2.0, in order to deny access on a VTY line, apply an ACL and accounting, authentication, and authorization (AAA) to the line. Then users are denied access only after they enter a username and password. Beginning in Dell OS version 7.4.2.0, only an ACL is required, and users are denied access before they are prompted for a username and password.
Dell(config-line-vty)#password myvtypassword Dell(config-line-vty)#show config line vty 0 password myvtypassword login authentication myvtymethodlist line vty 1 password myvtypassword login authentication myvtymethodlist line vty 2 password myvtypassword login authentication myvtymethodlist Dell(config-line-vty)# Setting Time Out of EXEC Privilege Mode EXEC time-out is a basic security feature that returns the Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines.
EXEC Privilege mode telnet-peer-stack-unit Telnet to a device with an IPv4 address. • EXEC Privilege telnet [ip-address] If you do not enter an IP address, the system enters a Telnet dialog that prompts you for one. Enter an IPv4 address in dotted decimal format (A.B.C.D). Example of the telnet Command for Device Access Dell# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'.
You can then send any user a message using the send command from EXEC Privilege mode. Alternatively, you can clear any line using the clear command from EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode. Example of Locking CONFIGURATION Mode for Single-User Access Dell(conf)#configuration mode exclusive auto BATMAN(conf)#exit 3d23h35m: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Dell#config ! Locks configuration mode exclusively.
• Users can clear their existing sessions only if the system is configured with the login concurrentsession clear-line enable command. Configuring Concurrent Session Limit To configure concurrent session limit, follow this procedure: • Limit the number of concurrent sessions for all users. CONFIGURATION mode login concurrent-session limit number-of-sessions Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4.
Connected to 10.11.178.17. Escape character is '^]'. Login: admin Password: Maximum concurrent sessions for the user reached. Current VTY sessions for user admin: Line Location 2 vty 0 10.14.1.97 3 vty 1 10.14.1.97 4 vty 2 10.14.1.97 5 vty 3 10.14.1.97 Kill existing session? [line number/Enter to cancel]: Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events.
login statistics time-period days Example of Configuring Login Activity Tracking The following example enables login activity tracking. The system stores the login activity details for the last 30 days. Dell(config)#login statistics enable The following example enables login activity tracking and configures the system to store the login activity details for 12 days.
User: admin2 Last login time: 12:49:27 UTC Tue Mar 22 2016 Last login location: Line vty0 ( 10.16.127.145 ) Unsuccessful login attempt(s) since the last successful login: 0 Unsuccessful login attempt(s) in last 30 day(s): 3 Successful login attempt(s) in last 30 day(s): 2 ----------------------------------------------------------------------------------------------------------------------------------User: admin3 Last login time: 13:18:42 UTC Tue Mar 22 2016 Last login location: Line vty0 ( 10.16.127.
Recovering from a Forgotten Password If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter. Use the following commands if you forget your password. 1 Log onto the system using the console. 2 Power-cycle the chassis by switching off all of the power modules and then switching them back on. 3 Hit any key to abort the boot process. You enter uBoot immediately, as indicated by the => prompt.
Recovering from a Forgotten Enable Password Use the following commands if you forget the enable password. 1 Log onto the system using the console. 2 Power-cycle the chassis by switching off all of the power modules and then switching them back on. 3 Hit any key to abort the boot process. You enter uBoot immediately, as indicated by the => prompt. (during bootup) hit any key 4 Set the system parameters to ignore the enable password when the system reloads.
uBoot mode setenv [primary_image f10boot location | secondary_image f10boot location | default_image f10boot location] 4 Assign an IP address to the Management Ethernet interface. uBoot mode setenv ipaddre address 5 Assign an IP address as the default gateway for the system. uBoot mode setenv gatewayip address 6 Reload the system.
6 802.1X 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.
The following figures show how the EAP frames are encapsulated in Ethernet and RADIUS frames. Figure 2. EAP Frames Encapsulated in Ethernet and RADUIS 802.
Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X requests. • The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network.
• Forcibly Authorizing or Unauthorizing a Port • Re-Authenticating a Port • Configuring Timeouts • Configuring Dynamic VLAN Assignment with Port Authentication The Port-Authentication Process The authentication process begins when the authenticator senses that a link status has changed from down to up: 1 When the authenticator senses a link state change, it requests that the supplicant identify itself using an EAP Identity Request frame.
Access-Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. Figure 4. EAP Port-Authentication 802.
EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 5. EAP Over RADIUS RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.
Related Configuration Tasks • Configuring Request Identity Re-transmissions • Forcibly Authorizing or Unauthorizing a Port • Re-authenticating a Port • Configuring Timeouts • Configuring a Guest VLAN • Configuring an Authentication-fail VLAN Important Points to Remember • The Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • 802.1X is not supported on port-channels or port-channel members. 802.
Enabling 802.1X Enable 802.1X globally and at a interface level. Figure 6. 802.1X Enabled 1 Enable 802.1X globally. CONFIGURATION mode dot1x authentication 2 Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3 Enable 802.1X on an interface or a range of interfaces. 802.
INTERFACE mode dot1x authentication Example of Verifying that 802.1X is Enabled Globally Example of Verifying 802.1X is Enabled on an Interface Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. The bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface GigabitEthernet 2/1 ip address 2.2.2.
Configuring Request Identity Re-Transmissions If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits are configurable.
The range is from 1 to 65535. The default is 60 seconds. Example of Configuring and Verifying Port Authentication The following example shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame: • after 90 seconds and a maximum of 10 times for an unresponsive supplicant • re-transmits an EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions.
INTERFACE mode dot1x port-control {force-authorized | force-unauthorized | auto} The default state is auto. Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-gi-2/1)#dot1x port-control force-authorized Dell(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.
dot1x reauth-max number The range is from 1 to 10. The default is 2. Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-gi-2/1)#dot1x reauthentication interval 7200 Dell(conf-if-gi-2/1)#dot1x reauth-max 10 Dell(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.
The default is 30. Example of Viewing Configured Server Timeouts The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the new supplicant and server timeouts. Dell(conf-if-gi-2/1)#dot1x port-control force-authorized Dell(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.
The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X. Figure 7. Dynamic VLAN Assignment 1 Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to the illustration in Dynamic VLAN Assignment with Port Authentication).
places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data. NOTE: Ports cannot be dynamically assigned to the default VLAN. If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network.
Configure a port to be placed in the VLAN after failing the authentication process as specified number of times using the dot1x auth-fail-vlan command from INTERFACE mode. Configure the maximum number of authentication attempts by the authenticator using the keyword max-attempts with this command.
7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This chapter describes the access control list (ACL) VLAN group and content addressable memory (CAM) enhancements.
each ACL has a mapping with the VLAN and increased CAM space utilization occurs. Attaching an ACL individually to VLAN interfaces is similar to the behavior of ACL-VLAN mapping storage in CAM prior to the implementation of the ACL VLAN group functionality. The ACL manager application on router processor (RP1) contains all the state information about all the ACL VLAN groups that are present.
• When you attach an ACL VLAN group to the same interface, a validation is performed to determine whether an ACL is applied directly to an interface. If you previously applied an ACL separately to the interface, an error occurs when you attempt to attach an ACL VLAN group to the same interface. • The maximum number of members in an ACL VLAN group is determined by the type of switch and its hardware capabilities.
to VLAN interfaces is similar to the behavior of ACL-VLAN mapping storage in CAM prior to the implementation of the ACL VLAN group functionality. 1 Create an ACL VLAN group CONFIGURATION mode acl-vlan-group {group name} You can have up to eight different ACL VLAN groups at any given time. 2 Add a description to the ACL VLAN group. CONFIGURATION (conf-acl-vl-grp) mode description description 3 Apply an egress IP ACL to the ACL VLAN group.
default, 0 groups are allocated for the ACL in VCAP. ACL VLAN groups or CAM optimization is not enabled by default, and you need to allocate the slices for CAM optimization. 1 Allocate the number of FP blocks for VLAN Open Flow operations. CONFIGURATION mode cam-acl-vlan vlanopenflow <0-2> 2 Allocate the number of FP blocks for VLAN iSCSI counters. CONFIGURATION mode cam-acl-vlan vlaniscsi <0-2> 3 Allocate the number of FP blocks for ACL VLAN optimization feature.
| | | | | | | | 1 | | | | | --More-- 1 | | | | | | | | | | | | | IN-L3-PBR IN-V6 ACL IN-V6 FIB IN-V6-SysFlow IN-V6-McastFib OUT-L2 ACL OUT-L3 ACL OUT-V6 ACL IN-L2 ACL IN-L2 FIB IN-L3 ACL IN-L3 FIB IN-L3-SysFlow | | | | | | | | | | | | | 1024 0 0 0 0 1024 1024 0 320 32768 12288 262141 2878 | | | | | | | | | | | | | 0 0 0 0 0 0 0 0 0 1136 2 14 44 | | | | | | | | | | | | | 1024 0 0 0 0 1024 1024 0 320 31632 12286 262127 2834 The following sample output displays the CAM space utilization when Layer 2
Allocating FP Blocks for VLAN Processes The VLAN ContentAware Processor (VCAP) application is a preingress CAP that modifies the VLAN settings before packets are forwarded. To support the ACL CAM optimization functionality, the CAM carving feature is enhanced. A total of four VACP groups are present, of which two are for fixed groups and the other two are for dynamic groups. Out of the total of two dynamic groups, you can allocate zero, one, or two FP blocks to iSCSI Counters, OpenFlow and ACL Optimization.
8 Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, ACLs, prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer 2.
• Creating a Prefix List • Creating a Prefix List Without a Sequence Number • Viewing Prefix Lists • Applying a Prefix List for Route Redistribution • Applying a Filter to a Prefix List (OSPF) • ACL Resequencing • Resequencing an ACL or Prefix List • Route Maps • Important Points to Remember • Configuration Task List for Route Maps • Creating a Route Map • Configure Route Map Filters • Configuring Match Routes • Configuring Set Conditions • Configure a Route Map for Route Redist
in the order the filters are created. The sequence numbers are listed in the display output of the show config and show ip accounting access-list commands. Ingress and egress hot lock ACLs allow you to append or delete new rules into an existing ACL (already written into CAM) without disrupting traffic flow. Existing entries in the CAM are shuffled to accommodate the new entries. Hot lock ACLs are enabled by default and support both standard and extended ACLs.
Determine the Order in which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, the system matches the classmaps according to queue priority (queue numbers closer to 0 have lower priorities). As shown in the following example, class-map cmap2 is matched against ingress packets before cmap1. ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8. Therefore (without the keyword order), packets within the range 20.
IP Fragment Handling The Dell Networking OS supports a configurable option to explicitly deny IP fragmented packets, especially second and subsequent packets. It extends the existing ACL command syntax with the fragments keyword for all Layer 3 rules applicable to all Layer protocols (permit/deny ip/tcp/udp/icmp). • Both standard and extended ACLs support IP fragments. • Second and subsequent fragments are allowed because a Layer 4 rule cannot be applied to these fragments.
Layer 4 ACL Rules Examples The following examples show the ACL commands for Layer 4 packet filtering. When configuring ACLs with the fragments keyword, be aware of the following. When an ACL filters packets, it looks at the fragment offset (FO) to determine whether it is a fragment. • FO = 0 means it is either the first fragment or the packet is a non-fragment. • FO > 0 means it is dealing with the fragments of the original packet.
A standard IP ACL uses the source IP address as its match criterion. 1 Enter IP ACCESS LIST mode by naming a standard IP access list. CONFIGURATION mode ip access-list standard access-listname 2 Configure a drop or forward filter. CONFIG-STD-NACL mode seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [count [byte]] [order] [fragments] NOTE: When assigning sequence numbers to filters, keep in mind that you might need to insert a new filter.
Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters, you can let the system ssign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of five. 1 Configure a standard IP ACL and assign it a unique name. CONFIGURATION mode ip access-list standard access-list-name 2 Configure a drop or forward IP ACL filter.
Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. Because traffic passes through the filter in the order of the filter’s sequence, you can configure the extended IP ACL by first entering IP ACCESS LIST mode and then assigning a sequence number to the filter. Configuring Filters with a Sequence Number To configure filters with a sequence number, use the following commands.
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let the system assign a sequence number based on the order in which the filters are configured. The system assigns filters in multiples of five. To configure a filter for an extended IP ACL without a specified sequence number, use any or all of the following commands: • Configure a deny or permit filter to examine IP packets.
• permit tcp any any rst • permit tcp any any ack Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When the system routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When the system switches the packets, first the L3 ACL filters them, then the L2 ACL filters them.
The same ACL may be applied to different interfaces and that changes its functionality. For example, you can take ACL “ABCD” and apply it using the in keyword and it becomes an ingress access list. If you apply the same ACL using the out keyword, it becomes an egress access list. For more information about Layer-3 interfaces, refer to Interfaces. Applying an IP ACL To apply an IP ACL (standard or extended) to a physical or port channel interface, use the following commands. 1 Enter the interface number.
Counting ACL Hits You can view the number of packets matching the ACL by using the count option when creating ACL entries. You can configure either count (packets) or count (bytes). However, for an ACL with multiple rules, you can configure some ACLs with count (packets) and others as count (bytes) at any given time. 1 Create an ACL that uses rules with the count option. Refer to Configuring a Standard IP ACL Filter. 2 Apply the ACL as an inbound or outbound ACL on an interface.
Configure Egress ACLs Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized traffic. These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler implementation. To restrict egress traffic, use an egress ACL.
forwarded traffic. Using permit rules with the count option, you can track on a per-flow basis whether CPUgenerated and CPU-forwarded packets were transmitted successfully. 1 Apply Egress ACLs to IPv4 system traffic. CONFIGURATION mode ip control-plane [egress filter] 2 Create a Layer 3 ACL using permit rules with the count option to describe the desired CPU traffic.
Implementation Information In the Dell Networking OS, prefix lists are used in processing routes for routing protocols (for example, router information protocol [RIP], open shortest path first [OSPF], and border gateway protocol [BGP]). NOTE: Dell Networking OS does not support all protocols. It is important to know which protocol you are supporting prior to implementing prefix lists.
Example of Assigning Sequence Numbers to Filters If you want to forward all routes that do not match the prefix list criteria, configure a prefix list filter to permit all routes (permit 0.0.0.0/0 le 32). The “permit all” filter must be the last filter in your prefix list. To permit the default route only, enter permit 0.0.0.0/0. The following example shows how the seq command orders the filters according to the sequence number assigned.
filter was given the lowest sequence number). The show config command in PREFIX LIST mode displays the two filters with the sequence numbers 5 and 10. Dell(conf-nprefixl)#permit 123.23.0.0 /16 Dell(conf-nprefixl)#deny 133.24.56.0 /8 Dell(conf-nprefixl)#show conf ! ip prefix-list awe seq 5 permit 123.23.0.0/16 seq 10 deny 133.0.0.
Applying a Prefix List for Route Redistribution To pass traffic through a configured prefix list, use the prefix list in a route redistribution command. Apply the prefix list to all traffic redistributed into the routing process. The traffic is either forwarded or dropped, depending on the criteria and actions specified in the prefix list. To apply a filter to routes in RIP, use the following commands. • Enter RIP mode. CONFIGURATION mode • router rip Apply a configured prefix list to incoming routes.
CONFIG-ROUTER-OSPF mode • distribute-list prefix-list-name in [interface] Apply a configured prefix list to incoming routes. You can specify which type of routes are affected. If you enter the name of a non-existent prefix list, all routes are forwarded.
Rules Resequencing seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available for IPv4 ACLs, prefix lists, and MAC ACLs. To resequence an ACL or prefix list, use the following commands. You must specify the list name, starting number, and increment when using these commands. • Resequence an IPv4 or MAC ACL. EXEC mode • resequence access-list {ipv4 | mac} {access-list-name StartingSeqNum Step-toIncrement} Resequence an IPv4 prefix-list.
Remarks that do not have a corresponding rule are incremented as a rule. These two mechanisms allow remarks to retain their original position in the list. The following example shows remark 10 corresponding to rule 10 and as such, they have the same number before and after the command is entered. Remark 4 is incremented as a rule, and all rules have retained their original positions.
Important Points to Remember • For route-maps with more than one match clause: • Two or more match clauses within the same route-map sequence have the same match commands (though the values are different), matching a packet against these clauses is a logical OR operation. • Two or more match clauses within the same route-map sequence have different match commands, matching a packet against these clauses is a logical AND operation.
Example of Viewing a Configured Route Map Example of Multiple Instances of a Route-Map Example of Deleting One Instance of a Route Map Example of Viewing All Instances of a Specified Route Map The default action is permit and the default sequence number starts at 10. When you use the keyword deny in configuring a route map, routes that meet the match filters are not redistributed. To view the configuration, use the show config command in ROUTE-MAP mode.
tag 3444 Dell# To delete a route map, use the no route-map map-name command in CONFIGURATION mode. Configure Route Map Filters Within ROUTE-MAP mode, there are match and set commands. • match commands search for a certain criterion in the routes. • set commands change the characteristics of routes, either adding something or specifying a level. When there are multiple match commands with the same parameter under one instance of route-map, the system does a match between all of those match commands.
Configuring Match Routes To configure match criterion for a route map, use the following commands. • Match routes whose next hop is a specific interface. CONFIG-ROUTE-MAP mode match interface interface The parameters are: • • For a Loopback interface, enter the keyword loopback then a number between zero (0) and 16383. • For a 10-Gigabit Ethernet interface, enter the keyword tengigabitEthernet then the slot/port information. • For a VLAN, enter the keyword vlan then a number from 1 to 4094.
Configuring Set Conditions To configure a set condition, use the following commands. • Generate a tag to be added to redistributed routes. CONFIG-ROUTE-MAP mode • set automatic-tag Specify an OSPF area or ISIS level for redistributed routes. CONFIG-ROUTE-MAP mode • set level {backbone | level-1 | level-1-2 | level-2 | stub-area} Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode • set metric {+ | - | metric-value} Specify an OSPF or ISIS type for redistributed routes.
command in OSPF, RIP, ISIS, and BGP to set some of these attributes for routes that are redistributed into those protocols. Route maps add to that redistribution capability by allowing you to match specific routes and set or change more attributes when redistributing those routes. In the following example, the redistribute command calls the route map static ospf to redistribute only certain static routes into OSPF.
Continue Clause Normally, when a match is found, set clauses are executed, and the packet is then forwarded; no more routemap modules are processed. If you configure the continue command at the end of a module, the next module (or a specified module) is processed even after a match is found. The following example shows a continue clause at the end of a routemap module. In this example, if a match is found in the route-map “test” module 10, module 30 is processed.
are configured to be recorded expires, a fresh interval timer starts and the packet count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold has exceeded, it is reenabled for this new interval. The ACL application sends the ACL logging configuration information and other details, such as the action, sequence number, and the ACL parameters that pertain to that ACL entry.
• ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and standard and extended MAC ACLs. • For ACL entries applied on port-channel interfaces, one match index for every member interface of the port-channel interface is assigned. Therefore, the total available match indices of 251 are split (125 match indices for permit action and 126 match indices for the deny action).
The port mirroring application maintains and performs all the monitoring operations on the chassis. ACL information is sent to the ACL manager, which in turn notifies the ACL agent to add entries in the CAM area. Duplicate entries in the ACL are not saved. When a packet arrives at a port that is being monitored, the packet is validated against the configured ACL rules. If the packet matches an ACL rule, the system examines the corresponding flow processor to perform the action specified for that port.
ACL agent whenever the ACL agent is registered with the port mirroring application or when flow-based monitoring is enabled. The show monitor session session-id command has been enhanced to display the Type field in the output, which indicates whether a particular session is enabled for flow-monitoring.
Enabling Flow-Based Monitoring Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic. You can specify traffic using standard or extended access-lists. 1 Enable flow-based monitoring for a monitoring session.
--------- ------ ----------- --------- ------0 Gi 1/1 Gi 1/2 rx interface Flow-based Access Control Lists (ACLs) 160
9 Bidirectional Forwarding Detection (BFD) Bidirectional forwarding detection (BFD) is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used. BFD is a simple hello mechanism. Two neighboring systems running BFD establish a session using a threeway handshake.
• Configuring Protocol Liveness • Troubleshooting BFD How BFD Works Two neighboring systems running BFD establish a session using a three-way handshake. After the session has been established, the systems exchange control packets at agreed upon intervals. In addition, systems send a control packet anytime there is a state change or change in a session parameter. These control packets are sent without regard to transmit and receive intervals.
BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet. Figure 8. BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed. State The current local session state. Refer to BFD Sessions. Flag A bit that indicates packet function.
Field Description system clears the poll bit and sets the final bit in its response. The poll and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: The Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Detection Multiplier The number of packets that must be missed in order to declare a session down. Length The entire length of the BFD packet.
BFD Sessions You must enable BFD on both sides of a link in order to establish a session. The two participating systems can assume either of two roles: Active The active system initiates the BFD session. Both systems can be active for the same session. Passive The passive system does not initiate a session. It only responds to a request for session initialization from the active system.
2 When the passive system receives any of these control packets, it changes its session state to Init and sends a response that indicates its state change. The response includes its session ID in the My Discriminator field and the session ID of the remote system in the Your Discriminator field. 3 The active system receives the response from the passive system and changes its session state to Up. It then sends a control packet indicating this state change.
Session State Changes The following illustration shows how the session state on a system changes based on the status notification it receives from the remote system. For example, if a session on a system is down and it receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 10. Session State Changes Important Points to Remember • BFD for line card ports is hitless, but is not hitless for VLANs because they are instantiated on the RPM.
• The Dell Networking OS supports only OSPF, OSPFv3, BGP, and VRRP protocols as BFD clients. Configure BFD This section contains the following procedures.
Example of Verifying BFD is Enabled To verify that BFD is enabled globally, use the show running bfd command. The bold line shows that BFD is enabled. R1(conf)#bfd ? enable protocol-liveness R1(conf)#bfd enable Enable BFD protocol Enable BFD protocol-liveness R1(conf)#do show running-config bfd ! bfd enable R1(conf)# Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration.
The bold line shows the BFD session. R1(conf-if-gi-4/24)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int * 2.2.2.1 2.2.2.2 Gi 4/24 Up 200 Tx-int 200 Mult 3 Clients C To view specific information about BFD sessions, use the show bfd neighbors detail command. R1(conf-if-gi-4/24)#do show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 2.2.2.
NOTE: Dell Networking recommends maintaining the default values. Change session parameters for all sessions on an interface. INTERFACE mode bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] Changing Session Parameters for Physical Ports View session parameters using the show bfd neighbors detail command. The bold line shows the parameter changes.
bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-gi-4/24)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor 2.2.2.2 on interface Gi 4/24 (diag: 0) If the remote system state changes due to the local state administration being down, this message displays: R2>01:32:53: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.
Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 12. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command.
Changing Static Route Session Parameters BFD sessions are configured with default intervals and a default role. The parameters you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured for all static routes. If you change a parameter, the change affects all sessions for static routes. To change parameters for static route sessions, use the following command . • Change parameters for all static route sessions.
• Disabling BFD for OSPF Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 13. Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface, use the following commands. • Establish sessions with all OSPF neighbors.
ROUTER-OSPF mode • bfd all-neighbors Establish sessions with OSPF neighbors on a single interface. INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.2 * 2.2.3.
Disabling BFD for OSPF If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state. Disabling BFD does not trigger a change in BFD clients; a final Admin Down packet is sent before the session is terminated. To disable BFD sessions, use the following commands. • Disable BFD sessions with all OSPF neighbors.
INTERFACE mode ipv6 ospf bfd all-neighbors To view the established sessions, use the show bfd neighbors command. Changing OSPFv3 Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: desired tx interval, required min rx interval, detection multiplier, and system role. Configure these parameters for all OSPFv3 sessions or all OSPFv3 sessions on a particular interface.
Configure BFD for BGP In a BGP core network, bidirectional forwarding detection (BFD) provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD for BGP does not support IPv6 and the BGP multihop feature.
For example, the following illustration shows a sample BFD configuration on Router 1 and Router 2 that use eBGP in a transit network to interconnect AS1 and AS2. The eBGP routers exchange information with each other as well as with iBGP routers to maintain connectivity and accessibility within each autonomous system. Figure 14.
uses the BGP link to determine the appropriate response to the failure condition. The typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. You can configure BFD for BGP on the following types of interfaces: physical port (10GE or 40GE), port channel, and VLAN. 1 Enable BFD globally.
Disabling BFD for BGP You can disable BFD for BGP. To disable a BFD for BGP session with a specified neighbor, use the first command. To remove the disabled state of a BFD for BGP session with a specified neighbor, use the no neighbor {ip-address | peergroup-name} bfd disable command in ROUTER BGP configuration mode.
• Verify a BFD for BGP configuration. EXEC Privilege mode • show running-config bgp Verify that a BFD for BGP session has been successfully established with a BGP neighbor. A line-by-line listing of established BFD adjacencies is displayed. EXEC Privilege mode • show bfd neighbors [interface] [detail] Display BFD packet counters for sessions with BGP neighbors. EXEC Privilege mode • show bfd counters bgp [interface] Check to see if BFD is enabled for BGP connections.
The bold lines show the BFD session parameters: TX (packet transmission), RX (packet reception), and multiplier (maximum number of missed packets). R2# show bfd neighbors detail Session Discriminator: 9 Neighbor Discriminator: 10 Local Addr: 1.1.1.3 Local MAC Addr: 00:01:e8:66:da:33 Remote Addr: 1.1.1.
Init Up Down Admin Down : : : : 0 6 0 2 Interface TenGigabitEthernet 6/1 Protocol BGP Messages: Registration De-registration Init Up Down Admin Down : : : : : : 5 4 0 6 0 2 Interface TenGigabitEthernet 6/2 Protocol BGP Messages: Registration De-registration Init Up Down Admin Down : : : : : : 1 0 0 1 0 2 The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.
Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Neighbor is using BGP global mode BFD configuration For address family: IPv4 Unicast BGP table version 0, neighbor version 0 Prefixes accepted 0 (consume 0 bytes), withdrawn
1 Enable BFD globally. Refer to Enabling BFD Globally. 2 Establish VRRP BFD sessions with all VRRP-participating neighbors. Refer to Establishing VRRP Sessions on VRRP Neighbors. 3 On the master router, establish a VRRP BFD sessions with the backup routers. Refer to Establishing Sessions with All VRRP Neighbors. Related Configuration Tasks • Changing VRRP Session Parameters. • Disabling BFD for VRRP.
Establishing VRRP Sessions on VRRP Neighbors The master router does not care about the state of the backup router, so it does not participate in any VRRP BFD sessions. VRRP BFD sessions on the backup router cannot change to the UP state. Configure the master router to establish an individual VRRP session the backup router. To establish a session with a particular VRRP neighbor, use the following command. • Establish a session with a particular VRRP neighbor.
Changing VRRP Session Parameters BFD sessions are configured with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. You can change parameters for all VRRP sessions or for a particular neighbor. To change parameters for all VRRP sessions or for a particular VRRP session, use the following commands. • Change parameters for all VRRP sessions.
Configure BFD for VLANs BFD on Dell Networking systems is a Layer 3 protocol. Use BFD with routed virtual local area networks (VLANs). BFD on VLANs is analogous to BFD on physical ports. If you enable the no routing protocol, and a remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet. If you enable BFD, the local system removes the route when it stops receiving periodic control packets from the remote system.
• Establish sessions with a VLAN neighbor. INTERFACE VLAN mode bfd neighbor ip-address View the established sessions using the show bfd neighbors command, as shown in the following example. R2(conf-if-vl-200)#bfd neighbor 2.2.3.2 R2(conf-if-vl-200)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) V - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients Vl 200 Up 200 200 3 C * 2.2.3.2 2.2.3.
no bfd enable Configure BFD for Port-Channels BFD on port-channels is analogous to BFD on physical ports. If you enable the no routing protocol, and a remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet. If you enable BFD, the local system removes the route when it stops receiving periodic control packets from the remote system.
Establish Sessions on Port-Channels To establish a session, you must enable BFD at interface level on both ends of the link, as shown in the following example. The session parameters do not need to match. Figure 17. Establishing Sessions on Port-Channels To establish a session on a port-channel, use the bfd neighbor ip-address command in INTERFACE PORT-CHANNEL mode. View the established sessions using the show bfd neighbors command, as shown in Changing Port-Channel Session Parameters.
Changing Physical Port Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. Configure these parameters per interface; if you change a parameter, the change affects all physical port sessions on that interface.
Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in hexadecimal format, use the following command. • Examine control packet field values. CONFIGURATION mode • debug bfd detail Examine the control packets in hexadecimal format.
10 Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking operating system. BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). The primary function of the BGP is to exchange network reachability information with other BGP systems.
• multihomed AS — is one that maintains connections to more than one other AS. This group allows the AS to remain connected to the Internet in the event of a complete failure of one of their connections. However, this type of AS does not allow traffic from one AS to pass through on its way to another AS. A simple example of this group is seen in the following illustration. • stub AS — is one that is connected to only one other AS.
to be in “full mesh.” As seen in the following illustration, four routers connected in a full mesh have three peers each, six routers have five peers each, and eight routers in full mesh have seven peers each. Figure 19. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible.
Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies.
proper peers. If the peers are members of a peer group however, the information can be sent to one place and then passed onto the peers within the group. Route Reflectors Route reflectors (RR) reorganize the iBGP core into a hierarchy and allow some route advertisement rules. Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster.
Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes at the same time. BGP Attributes Routes learned using BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination.
The following illustration shows that the decisions BGP goes through to select the best path. The list following the illustration details the path selection criteria. Figure 21. BGP Best Path Selection Best Path Selection Details 1 Prefer the path with the largest WEIGHT attribute. 2 Prefer the path with the largest LOCAL_PREF attribute. 3 Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command.
a This comparison is only done if the first (neighboring) AS is the same in the two paths; the MEDs are compared only if the first AS in the AS_SEQUENCE is the same for both paths. b If you entered the bgp always-compare-med command, MEDs are compared for all paths. c Paths with no MED are treated as “worst” and assigned a MED of 4294967295. 7 Prefer external (EBGP) to internal (IBGP) paths or confederation EBGP paths.
Local Preference Local preference (LOCAL_PREF) represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route. Local preference (LOCAL_PREF) is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria. For this example, assume that thelocal preference (LOCAL_PREF) is the only attribute applied.
One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied. In the following illustration, AS100 and AS200 connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50. This sets up a path preference through the OC3 link. The MEDs are advertised to AS100 routers so they know which is the preferred path.
Generally, an IGP indicator means that the route was derived inside the originating AS. EGP generally means that a route was learned from an external gateway protocol. An INCOMPLETE origin code generally results from aggregation, redistribution, or other indirect ways of installing routes into BGP. In the Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold).
advertises itself to another BGP speaker outside its local AS and when advertising routes within an AS. The next hop attribute also serves as a way to direct traffic to another BGP speaker, rather than waiting for a speaker to advertise. The system allows you to set the next hop attribute in the CLI. Setting the next hop attribute lets you determine a router as the next hop for a BGP neighbor. Multiprotocol BGP Multiprotocol extensions for BGP (MBGP) is defined in IETF RFC 2858.
Advertise IGP Cost as MED for Redistributed Routes When using multipath connectivity to an external AS, you can advertise the MED value selectively to each peer for redistributed routes. For some peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. The Dell Networking OS version 8.3.1.
reduces network disruption caused by routing and forwarding plane changes and allows for faster convergence. Four-Byte AS Numbers The Dell Networking OS version 7.7.1 and later supports 4-Byte (32-bit) format when configuring autonomous system numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message. If a 4-Byte BGP speaker has sent and received this capability from another speaker, all the messages will be 4-octet.
ASDOT+ representation splits the full binary 4-byte AS number into two words of 16 bits separated by a decimal point (.): .. Some examples are shown in the following table. • All AS numbers between 0 and 65535 are represented as a decimal number, when entered in the CLI and when displayed in the show commands outputs. • AS Numbers larger than 65535 is represented using ASDOT notation as ..
Dell(conf-router_bgp)#do sho ip bgp BGP table version is 31571, local router ID is 172.30.1.57
C’s configuration. Local-AS allows this behavior to happen by allowing Router B to appear as if it still belongs to Router B’s old network (AS 200) as far as communicating with Router C is concerned. Figure 24. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the no prepend option, the Local-AS does not prepend to the updates received from the eBGP peer.
3 Prepend "65001 65002" to as-path. Local-AS is prepended before the route-map to give an impression that update passed through a router in AS 200 before it reached Router B. BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances Dell Networking OS BGP management information base (MIB) support with many new simple network management protocol (SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell website.
• The f10BgpM2[Cfg]PeerReflectorClient field is populated based on the assumption that route-reflector clients are not in a full mesh if you enable BGP client-2-client reflection and that the BGP speaker acting as reflector advertises routes learned from one client to another client. If disabled, it is assumed that clients are in a full mesh and there is no need to advertise prefixes to the other clients. • High CPU utilization may be observed during an SNMP walk of a large BGP Loc-RIB.
By default, the system compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). NOTE: In the Dell Networking OS, all newly configured neighbors and peer groups are disabled. To enable a neighbor or peer group, enter the neighbor {ip-address | peer-group-name} no shutdown command. The following table displays the default values for BGP. Table 7.
need to be directly connected. The IP address of an EBGP neighbor is usually the IP address of the interface directly connected to the router. First, the BGP process determines if all internal BGP peers are reachable, then it determines which peers outside the AS are reachable. NOTE: Find Sample Configurations for enabling BGP routers at the end of this chapter. 1 Assign an AS number and enter ROUTER BGP mode.
You must use Configuring Peer Groups before assigning them a remote AS. 3 Enable the BGP neighbor.
NOTE: The showconfig command in CONFIGURATION ROUTER BGP mode gives the same information as the show running-config bgp command. The following example displays two neighbors: one is an external internal BGP neighbor and the second one is an internal BGP neighbor. The first line of the output for each neighbor displays the AS number and states whether the link is an external or internal (shown in bold). The third line of the show ip bgp neighbors output contains the BGP State.
neighbor neighbor neighbor neighbor neighbor neighbor neighbor neighbor neighbor 10.10.21.1 remote-as 65123 10.10.21.1 filter-list ISP1in 10.10.21.1 no shutdown 10.10.32.3 remote-as 65123 10.10.32.3 no shutdown 100.10.92.9 remote-as 65192 100.10.92.9 no shutdown 192.168.10.1 remote-as 65123 192.168.10.1 update-source Loopback 0 Configuring AS4 Number Representations Enable one type of AS number representation: ASPLAIN, ASDOT+, or ASDOT.
router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30.1.250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 Dell(conf-router_bgp)#bgp asnotation asdot Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30.1.
CONFIG-ROUTERBGP mode neighbor ip-address remote-as as-number 4 Enable the neighbor. CONFIG-ROUTERBGP mode neighbor ip-address no shutdown 5 Add an enabled neighbor to the peer group. CONFIG-ROUTERBGP mode neighbor ip-address peer-group peer-group-name 6 Add a neighbor as a remote AS. CONFIG-ROUTERBGP mode neighbor {ip-address | peer-group name} remote-as as-number Formats: IP Address A.B.C.D • Peer-Group Name: 16 characters. • as-number: the range is from 0 to 65535 (2-Byte) or 1 to 4294967295 | 0.
NOTE: When you configure a new set of BGP policies for a peer group, always reset the peer group by entering the clear ip bgp peer-group peer-group-name command in EXEC Privilege mode. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. When you create a peer group, it is disabled (shutdown). The following example shows the creation of a peer group (zanzibar) (in bold).
10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 Configuring BGP Fast Fail-Over By default, a BGP session is governed by the hold time. BGP routers typically carry large routing tables, so frequent session resets are not desirable. The BGP fast failover feature reduces the convergence time while maintaining stability. The connection to a BGP peer is immediately reset if a link to a directly connected external peer fails.
ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) fail-over enabled Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 52, neighbor version 52 4 accepted prefixes consume 16 bytes Prefix advertised 0, denied 0, withdrawn 0 To verify that fast fail-over is enabled on a peer-group, use the show ip bgp peer-group command (shown in bold).
neighbor peer-group-name subnet subnet-number mask The peer group responds to OPEN messages sent on this subnet. 3 Enable the peer group. CONFIG-ROUTER-BGP mode neighbor peer-group-name no shutdown 4 Create and specify a remote peer for BGP neighbor. CONFIG-ROUTER-BGP mode neighbor peer-group-name remote-as as-number Only after the peer group responds to an OPEN message sent on the subnet does its BGP state change to ESTABLISHED.
neighbor neighbor neighbor neighbor neighbor neighbor neighbor neighbor neighbor 10.10.21.1 filter-list Laura in 10.10.21.1 no shutdown 10.10.32.3 remote-as 65123 10.10.32.3 no shutdown 100.10.92.9 remote-as 65192 100.10.92.9 local-as 6500 100.10.92.9 no shutdown 192.168.10.1 remote-as 65123 192.168.10.1 update-source Loopback 0 Allowing an AS Number to Appear in its Own AS Path This command allows you to set the number of times a particular AS number can occur in the AS path.
Enabling Graceful Restart Use this feature to lessen the negative effects of a BGP restart. The Dell Networking OS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer group. NOTE: By default, BGP graceful restart is disabled. The default role for BGP is as a receiving or restarting peer.
Enabling Neighbor Graceful Restart BGP graceful restart is active only when the neighbor becomes established. Otherwise, it is disabled. Graceful-restart applies to all neighbors with established adjacency. With the graceful restart feature, the system enables the receiving/restarting mode by default. In ReceiverOnly mode, graceful restart saves the advertised routes of peers that support this capability when they restart.
ip as-path access-list as-path-name 2 Enter the parameter to match BGP AS-PATH for filtering. CONFIG-AS-PATH mode {deny | permit} filter parameter This is the filter that is used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions. You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as Filters. 3 Return to CONFIGURATION mode. AS-PATH ACL mode exit 4 Enter ROUTER BGP mode.
0x5cd891c 0 --More-- 9 18508 209 6453 4759 i Regular Expressions as Filters Regular expressions are used to filter AS paths or community lists. A regular expression is a special character used to define a pattern that is then compared with an input string. For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in the Dell Networking OS.
neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#neigh 10.155.15.2 filter-list 1 in Dell(conf-router_bgp)#ex Dell(conf)#ip as-path access-list Eagle Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in Dell(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.
• process-id: the range is from 1 to 65535. • match external: the range is from 1 or 2. • match internal • metric-type: external or internal. • map-name: name of a configured route map. Enabling Additional Paths The add-path feature is disabled by default. NOTE: Note: In some cases, while receiving 1K same routes from more than 64 iBGP neighbors, BGP sessions holdtime of 10 seconds may flap. The BGP add-path does not update packets for advertisement and cannot scale to higher numbers.
• All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP boundary, but are sent to CONFED-EBGP and IBGP peers. The Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 — BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1 Create a community list and enter COMMUNITY-LIST mode.
ip extcommunity-list extcommunity-list-name 2 Two types of extended communities are supported. CONFIG-COMMUNITY-LIST mode {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} Filter routes based on the type of extended communities they carry using one of the following keywords: • rt: route target. • soo: route origin or site-of-origin. Support for matching extended communities against regular expression is also supported. Match against a regular expression using the following keyword.
4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number AS-number: 0 to 65535 (2-Byte) or 1 to 4294967295 (4-Byte) or 0.1 to 65535.65535 (Dotted format) 5 Apply the route map to the neighbor or peer group’s incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode.
• 3 • local-AS: routes with the COMMUNITY attribute of NO_EXPORT_SUBCONFED and are not sent to EBGP peers. no-advertise: routes with the COMMUNITY attribute of NO_ADVERTISE and are not advertised. • no-export: routes with the COMMUNITY attribute of NO_EXPORT. • none: remove the COMMUNITY attribute. • additive: add the communities to already existing communities. Return to CONFIGURATION mode. CONFIG-ROUTE-MAP mode exit 4 Enter the ROUTER BGP mode.
By default, this comparison is not performed. Change the bestpath MED selection. • CONFIG-ROUTER-BGP mode bgp bestpath med {confed | missing-as-best} • confed: Chooses the bestpath MED comparison of paths learned from BGP confederations. • missing-as-best: Treat a path missing an MED as the most preferred one. To view the nondefault values, use the show config command in CONFIGURATION ROUTER BGP mode.
To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode. Changing the NEXT_HOP Attribute You can change how the NEXT_HOP attribute is used. To change how the NEXT_HOP attribute is used, enter the first command. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode.
• Enable multiple parallel paths. CONFIG-ROUTER-BGP mode maximum-paths {ebgp | ibgp} number The show ip bgp network command includes multipath information for that network. Filtering BGP Routes Filtering routes allows you to implement BGP policies. You can use either IP prefix lists, route maps, AS-PATH ACLs or IP community lists (using a route map) to control which routes the BGP neighbor or peer group accepts and advertises.
exit 4 Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5 Filter routes based on the criteria in the configured prefix list. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} distribute-list prefix-list-name {in | out} Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • prefix-list-name: enter the name of a configured prefix list. • in: apply the prefix list to inbound routes.
5 Filter routes based on the criteria in the configured route map. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • map-name: enter the name of a configured route map. • in: apply the route map to inbound routes. • out: apply the route map to outbound routes.
Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information. Configure clusters of routers where one router is a concentration router and the others are clients who receive their updates from the concentration router. To configure a route reflector, use the following commands.
Network *> 7.0.0.0/29 *> 7.0.0.0/30 *>a 9.0.0.0/8 Next Hop 10.114.8.33 10.114.8.33 192.0.0.0 Metric LocPrf Weight Path 0 0 18508 ? 0 0 18508 ? 32768 18508 701 {7018 2686 3786} ? Configuring BGP Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, BGP confederations are recommended only for IBGP peering involving many IBGP peering sessions per router.
• • Readvertise Attribute change When dampening is applied to a route, its path is described by one of the following terms: • • • history entry — an entry that stores information on a downed route dampened path — a path that is no longer advertised penalized path — a path that is assigned a penalty To configure route flap dampening parameters, set dampening parameters using a route map, clear information on route dampening and return suppressed routes to active state, view statistics on route flapping,
• View all flap statistics or for specific routes meeting the following criteria. EXEC or EXEC Privilege mode show ip bgp flap-statistics [ip-address [mask]] [filter-list as-path-name] [regexp regular-expression] • • ip-address [mask]: enter the IP address and mask. • filter-list as-path-name: enter the name of an AS-PATH ACL. • regexp regular-expression: enter a regular express to match on.
29577 BGP AS-PATH entrie(s) using 1384403 bytes of memory 184 BGP community entrie(s) using 7616 bytes of memory Dampening enabled. 0 history paths, 0 dampened paths, 0 penalized paths Neighbor AS MsgRcvd MsgSent TblVer 10.114.8.34 18508 82883 79977 780266 10.114.8.33 18508 117265 25069 780266 Dell> InQ OutQ Up/Down State/PfxRcd 0 2 00:38:51 118904 0 20 00:38:50 102759 To view which routes are dampened (non-active), use the show ip bgp dampened-routes command in EXEC Privilege mode.
BGP soft-reconfiguration clears the policies without resetting the TCP connection. To reset a BGP connection using BGP soft reconfiguration, use the clear ip bgp command in EXEC Privilege mode at the system prompt. When you enable soft-reconfiguration for a neighbor and you execute the clear ip bgp soft in command, the update database stored in the router is replayed and updates are reevaluated.
Route Map Continue The BGP route map continue feature, continue [sequence-number], (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the sequence number). If you do not specify a sequence number, the continue feature moves to the next sequence number (also known as an “implied continue”). If a match clause exists, the continue feature executes only after a successful match occurs. If there are no successful matches, continue is ignored.
• When exchanging updates with the peer, BGP sends and receives IPv4 multicast routes if the peer is marked as supporting that AFI/SAFI. • Exchange of IPv4 multicast route information occurs through the use of two new attributes called MP_REACH_NLRI and MP_UNREACH_NLRI, for feasible and withdrawn routes, respectively. • If the peer has not been activated in any AFI/SAFI, the peer remains in Idle state.
EXEC Privilege mode • debug ip bgp [ip-address | peer-group peer-group-name] keepalive [in | out] View information about BGP notifications received from or sent to neighbors. EXEC Privilege mode • debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] View information about BGP updates and filter by prefix name. EXEC Privilege mode • debug ip bgp [ip-address | peer-group peer-group-name] updates [in | out] [prefix-list name] Enable soft-reconfiguration debug.
ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv4 Unicast BGP table version 1395, neighbor version 1394 Prefixes accepted 1 (consume 4 bytes), 0 withdrawn by peer Prefixes advertised 0, rejected 0, 0 withdrawn from peer Connections established 3; dropped 2 Last reset 00:00:12, due to Missing well known attribute Notification History 'UPDATE error/Missing well-known attr' Sent :
The following illustration shows the configurations described on the following examples. These configurations show how to create BGP areas using physical and virtual links. They include setting up the interfaces and peers groups with each other. Figure 25.
R1(conf-if-gi-1/21)#ip address 10.0.1.21/24 R1(conf-if-gi-1/21)#no shutdown R1(conf-if-gi-1/21)#show config ! interface GigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown R1(conf-if-gi-1/21)#int gig 1/31 R1(conf-if-gi-1/31)#ip address 10.0.3.31/24 R1(conf-if-gi-1/31)#no shutdown R1(conf-if-gi-1/31)#show config ! interface GigabitEthernet 1/31 ip address 10.0.3.31/24 no shutdown R1(conf-if-gi-1/31)#router bgp 99 R1(conf-router_bgp)#network 192.168.128.0/24 R1(conf-router_bgp)#neighbor 192.168.128.
interface GigabitEthernet 2/11 ip address 10.0.1.22/24 no shutdown R2(conf-if-gi-2/11)#int gig 2/31 R2(conf-if-gi-2/31)#ip address 10.0.2.2/24 R2(conf-if-gi-2/31)#no shutdown R2(conf-if-gi-2/31)#show config ! interface GigabitEthernet 2/31 ip address 10.0.2.2/24 no shutdown R2(conf-if-gi-2/31)# R2(conf-if-gi-2/31)#router bgp 99 R2(conf-router_bgp)#network 192.168.128.0/24 R2(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R2(conf-router_bgp)#neighbor 192.168.128.1 no shut R2(conf-router_bgp)#neighbor 192.
! interface GigabitEthernet 3/11 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int gig 3/21 R3(conf-if-gi-3/21)#ip address 10.0.2.3/24 R3(conf-if-gi-3/21)#no shutdown R3(conf-if-gi-3/21)#show config ! interface GigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown R3(conf-if-gi-3/21)# R3(conf-if-gi-3/21)#router bgp 100 R3(conf-router_bgp)#show config ! router bgp 100 R3(conf-router_bgp)#network 192.168.128.0/24 R3(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R3(conf-router_bgp)#neighbor 192.
network 192.168.128.0/24 neighbor AAA peer-group neighbor AAA no shutdown neighbor BBB peer-group neighbor BBB no shutdown neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 peer-group AAA neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 peer-group BBB neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown R1# R1#show ip bgp summary BGP router identifier 192.168.128.
'Connection Reset' Sent : 1 Recv: 0 Last notification (len 21) sent 00:00:57 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host: 192.168.128.1, Local port: 179 Foreign host: 192.168.128.2, Foreign port: 65464 BGP neighbor is 192.168.128.3, remote AS 100, external link Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.
R2# R2#show ip bgp summary BGP router identifier 192.168.128.2, local AS number 99 BGP table version is 2, main routing table version 2 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory 2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.
BGP version 4, remote router ID 192.168.128.
Last read 00:00:45, last write 00:00:44 Hold time is 180, keepalive interval is 60 seconds Received 138 messages, 0 in queue 7 opens, 2 notifications, 7 updates 122 keepalives, 0 route refresh requests Sent 140 messages, 0 in queue 7 opens, 4 notifications, 7 updates 122 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) Capabilities received
11 Configuration Cloning Configuration Cloning enables you to clone the configuration from one aggregator to one or more aggregators. You can identify the source aggregator where running configuration is check-pointed, extracted and downloaded to the target aggregator for further use. The target aggregator checks the compatibilities of the cloning file based on the version, mode and optional modules.
Cloning Configuration Output Status If you specify the XML option in the CLI, the output of the CLI commands is displayed in XML format. The output includes the following parameters: • Cloning state displays one of the following status: • Success • Warning • Failure • Cloning detailed status displays a string that gives detailed description of cloning status. When multiple error or warning messages are present, the status is separated by the ; delimiter.
Cloning state (captured in command output) Cloning status (captured in command output) Applicability Failure Release version mismatch Target Failure Card type mismatch Target Failure Optional –module mismatch at slot <> Target Failure IOM-mode mismatch Target Failure The specified file doesn’t exist to check compatibility Target Failure The specified file cannot be applied as it ‘failed’ compatibility check.
Command Comments stack-unit stack-number priority 1-14 Stacking specific. Stack config cloning is not supported. stack-unit stack-number stack-group <> Stacking specific. Stack config cloning is not supported. Stack-unit <> renumber <> Restore factory defaults Action command, not present in xxxxx-config file. Reset stack-unit Stacking specific Power-cycle stack-unit <> Action command, not present in xxxxx-config file.
12 Content Addressable Memory (CAM) Content addressable memory (CAM) is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. Topics: • CAM Allocation • Test CAM Usage • View CAM-ACL Settings • CAM Optimization CAM Allocation Allocate space for IPV4 ACLs and quality of service (QoS) regions by using the cam-acl command in CONFIGURATION mode.
CAM Allocation Setting VMAN QoS (vman-qos) 0 VMAN Dual QoS (vman-dual-qos) 0 The ipv6acl and vman-dual-qos allocations must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges. NOTE: There can be only one odd number of Blocks in the CLI configuration; the other Blocks must be in factors of 2. For example, a CLI configuration of 5+4+2+1+1 Blocks is not supported; a configuration of 6+4+2+1 Blocks is supported.
Stack-Unit | Portpipe | CAM Partition | Available CAM | Estimated CAM per Port | Status ----------------------------------------------------------------------------------------2 | 0 | L2ACL | 28 | 1 | Allowed (28) View CAM-ACL Settings View the current cam-acl settings using the show cam-acl command.
13 Control Plane Policing (CoPP) Dell Networking OS supports control plane policing (CoPP). CoPP uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
The following illustration shows an example of the difference between having CoPP implemented and not having CoPP implemented. Figure 26. Control Plane Policing Figure 27.
Configure Control Plane Policing The switch can process maximum of 4200 PPS (packets per second). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though Per Protocol CoPP is applied. This happens because Queue-Based Rate Limiting is applies first. For example, border gateway protocol (BGP) and internet control message protocol (ICMP) share same queue (Q6); Q6 has 400 PPS of bandwidth by default.
CONFIGURATION mode qos-policy-input name cpu-qos rate-police 5 Create a QoS class map to differentiate the control-plane traffic and assign to an ACL. CONFIGURATION mode class-map match-any name cpu-qos match {ip | mac | ipv6} access-group name 6 Create a QoS input policy map to match to the class-map and qos-policy for each desired protocol. CONFIGURATION mode policy-map-input name cpu-qos class-map name qos-policy name 7 Enter Control Plane mode.
Dell(conf-in-qos-policy-cpuqos)#rate-police 500 50 peak 1000 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#class-map match-any class_ospf cpu-qos Dell(conf-class-map-cpuqos)#match ip access-group ospf Dell(conf-class-map-cpuqos)#exit Dell(conf)#class-map match-any class_bgp cpu-qos Dell(conf-class-map-cpuqos)#match ip access-group bgp Dell(conf-class-map-cpuqos)#exit Dell(conf)#class-map match-any class_lacp cpu-qos Dell(conf-class-map-cpuqos)#match mac access-group lacp Dell(conf-class-map-cpuqos)#exi
service-policy rate-limit-cpu-queues name Example of Creating the QoS Policy Example of Assigning the QoS Policy to the Queues Example of Creating the Control Plane Service Policy Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit Dell(conf)#policy-map-input cpuq_rate_policy cpu-qos Dell(conf-qos-policy-in)#
IGMP TCP (MSDP) UDP (NTP) OSPF PIM UDP (RIP) TCP (SSH) TCP (TELNET) VRRP Dell# any any/639 any any any any any any any any 639/any 123 any any 520 22 23 any _ _ _ _ _ _ _ _ _ Q7 Q6 Q6 Q7 Q7 Q7 Q6 Q6 Q7 CP CP CP CP CP CP CP CP CP _ _ _ _ _ _ _ _ _ To view the queue mapping for the MAC protocols, use the show mac protocol-queue-mapping command.
14 Data Center Bridging (DCB) On an I/O Aggregator, data center bridging (DCB) features are auto-configured in standalone mode. You can display information on DCB operation by using show commands. NOTE: DCB features are not supported on an Aggregator in stacking mode.
• Priority-based flow control (PFC) • Enhanced transmission selection (ETS) DCB refers to a set of IEEE Ethernet enhancements that provide data centers with a single, robust, converged network to support multiple traffic types, including local area network (LAN), server, and storage traffic. Through network consolidation, DCB results in reduced operational cost, simplified management, and easy scalability by avoiding the need to deploy separate application-specific networks.
not cause storage traffic to be dropped, and that storage traffic does not result in high latency for highperformance computing (HPC) traffic between servers. PFC enhances the existing 802.3x pause and 802.1p priority capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the traditional Ethernet pause mechanism), PFC pauses traffic on a link according to the 802.1p priority set on a traffic type.
priorities configured). If you do not enable PFC on an interface, you can enable the 802.3x linklevel pause function. By default, the link-level pause is disabled, when you disable DCBx and PFC. If no PFC dcb-map has been applied on the interface, the default PFC settings are used. • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation. • PFC uses the DCB MIB IEEE802.1azd2.5 and the PFC MIB IEEE802.1bb-d2.2.
Table 11. ETS Traffic Groupings Traffic Groupings Description Priority group A group of 802.1p priorities used for bandwidth allocation and queue scheduling. All 802.1p priority traffic in a group must have the same traffic handling requirements for latency and frame loss. Group ID A 4-bit identifier assigned to each priority group. The range is from 0 to 7. Group bandwidth Percentage of available bandwidth allocated to a priority group.
information, refer to Link Layer Discovery Protocol (LLDP). The following LLDP TLVs are supported for DCB parameter exchange: PFC parameters PFC Configuration TLV and Application Priority Configuration TLV. ETS parameters ETS Configuration TLV and ETS Recommendation TLV. Creating a DCB Map Configure the priority-based flow control (PFC) and enhanced traffic selection (ETS) settings in a DCB map before you can apply them on downstream server-facing ports.
Applying a DCB Map on Server-Facing Ethernet Ports You can apply a DCB map only on a physical Ethernet interface and can apply only one DCB map per interface. 1 Enter Interface Configuration mode on a server-facing port to apply a DCB map. CONFIGURATION mode interface tengigabitEthernet slot/port 2 Apply the DCB map on an Ethernet port. Repeat this step to apply a DCB map to more than one port.
Data Center Bridging in a Traffic Flow The following figure shows how DCB handles a traffic flow on an interface. Figure 30. DCB PFC and ETS Traffic Handling Data Center Bridging: Auto-DCBEnable Mode On an Aggregator in standalone or VLT modes, the default mode of operation for data center bridging on Ethernet ports is auto-DCB-enable mode.
For DCB to operate effectively, ingress traffic is classified according to its dot1p priority so that it maps to different data queues. The dot1p-queue assignments used on an Aggregator are shown in Table 6-1 in dcb enable auto-detect on-next-reload Command Example QoS dot1p Traffic Classification and Queue Assignment. When DCB is Disabled (Default) By default, Aggregator interfaces operate with DCB disabled and link-level flow control enabled.
As a result, lossless traffic is ensured only if traffic ingresses on a PFC-enabled port and egresses on another PFC-enabled port. Lossless traffic is not guaranteed when it is transmitted on a PFC-enabled port and received on a link-level flow control-enabled port, or transmitted on a link-level flow control-enabled port and received on a PFCenabled port.
of PFC parameters between peer devices. PFC allows network administrators to create zero-loss links for Storage Area Network (SAN) traffic that requires no-drop service, while retaining packet-drop congestion management for Local Area Network (LAN) traffic. To ensure complete no-drop service, apply the same dcb-map on all PFC and ETS enabled interfaces. 1 Create a DCB map to apply priority based flow control or enhanced transmission selection for specified priority groups and priorities.
Type, Length, Value (TLV) are supported. DCBx also validates PFC configurations that are received in TLVs from peer devices. By applying a DCB MAP with PFC enabled, you enable PFC operation on ingress port traffic. To achieve complete lossless handling of traffic, also enable PFC on all DCB egress ports or configure the dot1p priorityqueue assignment of PFC priorities to lossless queues.
Ethernet pause mechanism, PFC stops traffic transmission for specified priorities (CoS values) without impacting other priority classes. Different traffic types are assigned to different priority classes. When traffic congestion occurs, PFC sends a pause frame to a peer device with the CoS priority values of the traffic that needs to be stopped. DCBx provides the link-level exchange of PFC parameters between peer devices.
Refer the following configuration for queue to dot1p mapping: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 1 2 3 4 5 6 7 -> On ingress interfaces[Port A and C] we used the PFC on priority level. Queue : 0 0 0 1 2 3 3 3 -> On Egress interface[Port B] we used no-drop queues. The configuration of no-drop queues provides flexibility for ports on which PFC is not needed but lossless traffic should egress from the interface. Lossless traffic egresses out the no-drop queues.
• Configure the PFC buffer for all switches in the stack. CONFIGURATION mode [no] dcb stack-unit all pfc-buffering pfc-port {1-56} pfc-queues {1-2} By default, the PFC buffer is enabled on all ports on the stack unit. Configure the PFC buffer for all port pipes in a specified stack unit by specifying the port-pipe number, number of PFC-enabled ports, and number of configured lossless queues.
How Enhanced Transmission Selection is Implemented Enhanced transmission selection (ETS) provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, groups within an 802.1p priority class are auto-configured to provide different treatment for traffic with different bandwidth, latency, and best-effort needs.
ETS Operation with DCBx In DCBx negotiation with peer ETS devices, ETS configuration is handled as follows: • ETS TLVs are supported in DCBx versions CIN, CEE, and IEEE2.5. • ETS operational parameters are determined by the DCBX port-role configurations. • ETS configurations received from TLVs from a peer are validated. • In case of a hardware limitation or TLV error, the DCBx operation on an ETS port goes down.
• Strict-priority groups: If priority group 1 or 2 has free bandwidth, (20 + 30)% of the free bandwidth is distributed to priority group 3. Priority groups 1 and 2 retain whatever free bandwidth remains up to the (20+ 30)%. If two priority groups have strict-priority scheduling, traffic assigned from the priority group with the higher priority-queue number is scheduled first.
DCBx Port Roles The following DCBx port roles are auto-configured on an Aggregator to propagate DCB configurations learned from peer DCBx devices internally to other switch ports: Auto-upstream The port advertises its own configuration to DCBx peers and receives its configuration from DCBx peers (ToR or FCF device). The port also propagates its configuration to other ports on the switch. The first auto-upstream that is capable of receiving a peer configuration is elected as the configuration source.
The internally propagated configuration is not stored in the switch’s running configuration. On a DCBx port in an auto-downstream role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. Default DCBx port role: Uplink ports are auto-configured in an auto-upstream role. Server-facing ports are auto-configured in an auto-downstream role. NOTE: You can change the port roles only in the PMUX mode.
Configuration Source Election When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port first checks to see if there is an active configuration source on the switch. • If a configuration source already exists, the received peer configuration is checked against the local port configuration. If the received configuration is compatible, the DCBx marks the port as DCBx-enabled.
Auto-Detection of the DCBx Version The Aggregator operates in auto-detection mode so that a DCBx port automatically detects the DCBx version on a peer port. Legacy CIN and CEE versions are supported in addition to the standard IEEE version 2.5 DCBx. A DCBx port detects a peer version after receiving a valid frame for that version. The local DCBx port reconfigures to operate with the peer version and maintains the peer version on the link until one of the following conditions occurs: • The switch reboots.
On the Aggregator, PFC and ETS use DCBx to exchange link-level configuration with DCBx peer devices. Figure 31. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • DCBx requires LLDP in both send (TX) and receive (RX) modes to be enabled on a port interface. If multiple DCBx peer ports are detected on a local DCBx interface, LLDP is shut down.
DCBx Error Messages The following syslog messages appear when an error in DCBx operation occurs. LLDP_MULTIPLE_PEER_DETECTED: DCBx is operationally disabled after detecting more than one DCBx peer on the port interface. LLDP_PEER_AGE_OUT: DCBx is disabled as a result of LLDP timing out on a DCBx peer interface. DSM_DCBx_PEER_VERSION_CONFLICT: A local port expected to receive the IEEE, CIN, or CEE version in a DCBx TLV from a remote peer but received a different, conflicting DCBx version.
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 12. Displaying DCB Configurations Command Output show dcb [stack-unit unit-number] Displays the data center bridging status, number of PFC-enabled ports, and number of PFC-enabled queues. On the master switch in a stack, you can specify a stack-unit number. The range is from 0 to 5.
5 6 7 0 0 0 0 0 0 0 0 0 Example of the show interfaces pfc summary Command Dell# show interfaces tengigabitethernet 0/4 pfc summary Interface TenGigabitEthernet 0/4 Admin mode is on Admin is enabled Remote is enabled, Priority list is 4 Remote Willing Status is enabled Local is enabled Oper status is Recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quantams Application Priority TLV Parameters : -------------------------------------F
Table 13. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are enabled to be sent and received from peers; received PFC configuration takes effect. The admin operational status for a DCBx exchange of PFC configuration is enabled or disabled.
Fields Description Application Priority TLV: Local FCOE Priority Map Priority bitmap used by local DCBx port in FCoE advertisements in application priority TLVs. Application Priority TLV: Local ISCSI Priority Map Priority bitmap used by local DCBx port in ISCSI advertisements in application priority TLVs. Application Priority TLV: Remote FCOE Priority Map Priority bitmap received from the remote DCBx port in FCoE advertisements in application priority TLVs.
Remote is disabled Local Parameters : -----------------Local is enabled TC-grp Priority# 0 0,1,2,3,4,5,6,7 1 2 3 4 5 6 7 Bandwidth 100% 0% 0% 0% 0% 0% 0% 0% Priority# Bandwidth 0 13% 1 13% 2 13% 3 13% 4 12% 5 12% 6 12% 7 12% Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled TSA ETS ETS ETS ETS ETS ETS ETS ETS TSA ETS ETS ETS ETS ETS ETS ETS ETS Example of the show interface ets detail Command Dell# show interfaces tengigabitethernet Interface TenGigabitEthernet 0
5 6 7 0% 0% 0% ETS ETS ETS Oper status is init ETS DCBX Oper status is Down Reason: Port Shutdown State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 0 Input Conf TLV Pkts, 0 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Reco TLV Pkts, 0 Output Reco TLV Pkts, 0 Error Reco TLV Pkts The following table describes the show interface ets detail command fields. Table 14.
Field Description • Internally propagated: ETS configuration parameters were received from configuration source. ETS DCBx Oper status Operational status of ETS configuration on local port: match or mismatch. Reason Reason displayed when the DCBx operational status for ETS on a port is down.
Admin Parameters: -------------------Admin is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3,4,5,6,7 100% ETS 1 2 3 4 5 6 7 8 Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: -------------------Admin is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3,4,5,6,7 100% ETS 1 2 3 4 5 6 7 8 Example of the show interface DCBx detail Command Dell# s
Sequence Number: 2 Acknowledgment Number: 2 Protocol State: In-Sync Peer DCBX Status: ---------------DCBX Operational Version is 0 DCBX Max Version Supported is 255 Sequence Number: 2 Acknowledgment Number: 2 2 Input PFC TLV pkts, 3 Output PFC TLV pkts, 0 Error PFC pkts, 0 PFC Pause Tx pkts, 0 Pause Rx pkts 2 Input PG TLV Pkts, 3 Output PG TLV Pkts, 0 Error PG TLV Pkts 2 Input Appln Priority TLV pkts, 0 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts Total DCBX Frames transmitted 27 Total DC
Field Description Local DCBx Status: DCBx Max Version Supported Highest DCBx version supported in Control TLVs. Local DCBx Status: Sequence Number Sequence number transmitted in Control TLVs. Local DCBx Status: Acknowledgment Number Acknowledgement number transmitted in Control TLVs. Local DCBx Status: Protocol State Current operational state of DCBx protocol: ACK or IN-SYNC. Peer DCBx Status: DCBx Operational Version DCBx version advertised in Control TLVs received from peer device.
QoS dot1p Traffic Classification and Queue Assignment DCB supports PFC, ETS, and DCBx to handle converged Ethernet traffic that is assigned to an egress queue according to the following QoS methods: Honor dot1p dot1p priorities in ingress traffic are used at the port or global switch level. Layer 2 class maps dot1p priorities are used to classify traffic in a class map and apply a service policy to an ingress port to map traffic to egress queues.
Troubleshooting PFC, ETS, and DCBx Operation In the show interfaces pfc | ets | dcbx output, the DCBx operational status may be down for any of the reasons described in the following table. When DCBx is down, the following values display in the show output field for DCBx Oper status: • PFC DCBx Oper status: Down • ETS DCBx Oper status: Down • DCBx Oper status: Disabled. Reason Description Port Shutdown Port is shut down. All other reasons for DCBx inoperation, if any, are ignored.
Reason Description PFC is down (show One of the following PFC-specific errors has occurred: interfaces pfc • No MBC support. output) • Configured PFC priorities exceed maximum PFC capability limit. • New dot1p-to-queue mapping violates the allowed system limit for PFC Enable status per priority ETS is down (show One of the following ETS-specific errors occurred in ETS validation: interfaces ets • Unsupported PGID output) • A priority group exceeds the maximum number of supported priorities.
15 Dynamic Host Configuration Protocol (DHCP) The Aggregator is auto-configured to operate as a dynamic host configuration protocol (DHCP) client. The DHCP server, DHCP relay agent, and secure DHCP features are not supported. The DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network endstations (hosts) based on configuration policies determined by network administrators.
Assigning an IP Address using DHCP The following section describes DHCP and the client in a network. When a client joins a network: 1 The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters. 2 Servers unicast or broadcast a DHCPOFFER message in response to the DHCPDISCOVER that offers to the client values for the requested parameters.
DHCPRELEASE A DHCP client sends this message when it is stopped forcefully to return its IP address to the server. Figure 32. Assigning Network Parameters using DHCP Dell Networking OS Behavior: DHCP is implemented in Dell Networking OS based on RFC 2131 and 3046. Debugging DHCP Client Operation To enable debug messages for DHCP client operation, enter the following debug commands: • Enable the display of log messages for all DHCP packets sent and received on DHCP client interfaces.
• Enable the display of log messages for the following events on DHCP client interfaces: IP address acquisition, IP address release, Renewal of IP address and lease time, and Release of an IP address. EXEC Privilege [no] debug ip dhcp client events [interface type slot/port] The following example shows the packet- and event-level debug messages displayed for the packet transmissions and state transitions on a DHCP client interface.
CMD Received in state BOUND 1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_PKT: DHCP RELEASE sent in Interface Ma 0/0 1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_EVT: Interface Ma 0/0 :Transitioned to state STOPPED 1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_EVT: Interface Ma 0/0 :DHCP IP RELEASED CMD sent to FTOS in state STOPPED Dell# renew dhcp int Ma 0/0 Dell#1w2d23h: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_EVT: Interface Ma 0/0 :DHCP R
DHCP Client An Aggregator is auto-configured to operate as a DHCP client. The DHCP client functionality is enabled only on the default VLAN and the management interface. A DHCP client is a network device that requests an IP address and configuration parameters from a DHCP server.
IMPORTANT: To verify the currently configured dynamic IP address on an interface, enter the show ip dhcp lease command. The show running-configuration command output only displays ip address dhcp; the currently assigned dynamic IP address is not displayed. DHCP Client on a Management Interface These conditions apply when you enable a management interface to operate as a DHCP client. • The management default route is added with the gateway as the router IP address received in the DHCP ACK packet.
DHCP Packet Format and Options DHCP uses the user datagram protocol (UDP) as its transport protocol. The server listens on port 67 and transmits to port 68; the client listens on port 68 and transmits to port 67. The configuration parameters are carried as options in the DHCP packet in Type, Length, Value (TLV) format; many options are specified in RFC 2132.
Option Number and Description • 4: DHCPDECLINE • 5: DHCPACK • 6: DHCPNACK • 7: DHCPRELEASE • 8: DHCPINFORM Parameter Request Option 55 List Clients use this option to tell the server which parameters it requires. It is a series of octets where each octet is DHCP option code. Renewal Time Option 58 Specifies the amount of time after the IP address is granted that the client attempts to renew its lease with the original server.
To insert Option 82 into DHCP packets, follow this step. • Insert Option 82 into DHCP packets. CONFIGURATION mode int ma 0/0 ip add dhcp relay information-option remote-id For routers between the relay agent and the DHCP server, enter the trust-downstream option. Releasing and Renewing DHCP-based IP Addresses On an Aggregator configured as a DHCP client, you can release a dynamically-assigned IP address without removing the DHCP client operation on the interface.
View the statistics about DHCP client interfaces with the show ip dhcp client statistics command and the lease information about the dynamic IP address currently assigned to a DHCP client interface with the show ip dhcp lease command.
16 Equal Cost Multi-Path (ECMP) Dell Networking OS supports equal cost multi-path (ECMP). ECMP for Flow-Based Affinity Dell Networking OS supports ECMP for flow-based affinity. NOTE: IPv6 /128 routes having multiple paths do not form ECMPs. The /128 route is treated as a host entry and finds its place in the host table. NOTE: Using XOR algorithms results in imbalanced loads across an ECMP/LAG when the number of members in said ECMP/LAG is a multiple of 4.
Link Bundle Monitoring Monitoring linked ECMP bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time. A threshold of 60% is defined as an acceptable amount of traffic on a member link. Links are monitored in 15second intervals for three consecutive instances. Any deviation within that time causes a syslog to be sent and an alarm event to be generated. When the deviation clears, another syslog is sent and a clear alarm event is generated.
Example of the ip ecmp-group maximum-paths Command Dell(conf)#ip ecmp-group maximum-paths 3 User configuration has been changed.
17 FC FPORT Dell Networking OS supports FC FPort on Combo port card.
FC FPORT FC FPort can be configured on ports 9 and 10 of Combo port card in Dell FX2 chassis.
Configuring Switch Mode to FCF Port Mode To configure switch mode to Fabric services, use the following commands. 1 Configure Switch mode to FCF Port. CONFIGURATION mode feature fc fport domain id 2 NOTE: Enable remote-fault-signaling rx off command in FCF FPort mode on interfaces connected to the Compellent and MDF storage devices. 2 Create an FCoE map with the parameters used in the communication between servers and a SAN fabric.
maintains the correlation between the port address and the WWN address of the device on that port. This function of the switch is implemented by using a name server, a database of objects in which the fabric attached device registers its values. FC-ID: 24-bit port address. Consists of three parts: • Domain: Address of the switch itself. There are only 239 addresses available for switches in your SAN environment. • Area: Identifies a group of F_Ports.
When you configure a switch as an NPG, FCoE transit with FIP snooping is automatically enabled and configured using the parameters in the FCoE map applied to server-facing Ethernet and fabric-facing FC interfaces. After you apply an FCoE map on an FC port, when you enable the port (using the no shutdown command), the NPG starts sending FIP multicast advertisements on behalf of the FC port to downstream servers to advertise the availability of a new FCF port on the FCoE VLAN.
The maximum is 32 characters. 4 Specify the FC-MAP value used to generate a fabric-provided MAC address, which is required to send FCoE traffic from a server on the FCoE VLAN to the FC fabric specified in Step 2. FCoE MAP mode fc-map fc-map-value You must enter a unique MAC address prefix as the FC-MAP value for each fabric. The range is from 0EFC00 to 0EFCFF. The default is none. 5 Configure the priority used by a server CNA to select the FCF for a fabric login (FLOGI).
• • • WWPN: End device's port WWN name. FC-ID: Switch assigned 24-bit device FC address. Alias: User-defined name of a zone member. NOTE: Dell Networking OS does not support using WWNN or Domain/Port as members of a zone. Creating Zone and Adding Members To create a zone and add members to the zone, use the following commands. 1 Create a zone. CONFIGURATION mode fc zone zonename 2 Add members to a zone.
Dell(conf)#fc zone z1 Dell(conf-fc-zone-z1)#member al1 Dell(conf-fc-zone-z1)#exit Creating Zonesets A zoneset is a grouping or configuration of zones. To create a zoneset and zones into the zoneset, use the following steps. 1 Create a zoneset. CONFIGURATION mode fc zoneset zoneset_name 2 Add zones into a zoneset.
Displaying the Fabric Parameters To display information on switch-wide and interface-specific fabric parameters, use the show commands in the following table. Examples of these show commands follow this table. Command Description show config Displays the fabric parameters. show fcoe-map Displays the fcoe-map. show fc ns switch Display all the devices in name server database of the switch. show fc ns switch brief Display all the devices in name server database of the switch - brief version.
DomainID 2 ======================================================= Switch Zoning Parameters ======================================================= Default Zone Mode: Deny Active Zoneset: set ======================================================= Members Fc 0/9 Te 0/2 ======================================================= ======================================================= Example of the show fc ns switch Command Dell(conf)#do show fc ns sw Total number of devices = Switch Name Domain Id Switch Port F
Dell# 20:02:00:11:0d:03:00:00 Example of the show fc zone Command Dell#show fc zone ZoneName ZoneMember ============================== brcd_sanb brcd_cna1_wwpn1 sanb_p2tgt1_wwpn Dell# Example of the show fc alias Command Dell(conf)#do show fc alias ZoneAliasName ZoneMember ======================================================= test 20:02:d4:ae:52:44:38:4f 20:34:78:2b:cb:6f:65:57 Example of the show fc switch Command Dell(conf)#do show fc switch Switch Mode : FPORT Switch WWN : 10:00:aa:00:00:00:00:ac Del
18 FCoE Transit Dell Networking OS supports the Fibre Channel over Ethernet (FCoE) Transit feature. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FCoE transit is not supported on Fibre Channel interfaces.
Ensure Robustness in a Converged Ethernet Network Fibre Channel networks used for SAN traffic employ switches that operate as trusted devices. To communicate with other end devices attached to the Fibre Channel network, end devices log into the switch to which they are attached. Because Fibre Channel links are point-to-point, a Fibre Channel switch controls all storage traffic that an end device sends and receives over the network.
FIP Function Description Initialization FCoE devices learn ENodes from the FLOGI and FDISC to allow immediate login and create a virtual link with an FCoE switch. Maintenance A valid virtual link between an FCoE device and an FCoE switch is maintained and the LOGO functions properly. Figure 34. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF.
transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB). On a FIP snooping bridge, ACLs are created dynamically as FIP login frames are processed. The ACLs are installed on switch ports configured for ENode mode for server-facing ports and FCF mode for a trusted port directly connected to an FCF. Enable FIP snooping on the switch and configure the FIP snooping parameters.
transmitted between the ToR switch and an FN IOM switch. The FN IOM switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the FCF switch. Figure 35.
• Process FIP VLAN discovery requests and responses, advertisements, solicitations, FLOGI/FDISC requests and responses, FLOGO requests and responses, keep-alive packets, and clear virtual-link messages. FIP Snooping in a Switch Stack FIP snooping supports switch stacking as follows: • A switch stack configuration is synchronized with the standby stack unit. • Dynamic population of the FCoE database (ENode, Session, and FCF tables) is synchronized with the standby stack unit.
Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configuring FIP Snooping procedure. As soon as you enable the FCoE transit feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied. The FCoE database is populated when the switch connects to a converged network adapter (CNA) or FCF port and compatible DCB configurations are synchronized.
Configure a Port for a Bridge-to-Bridge Link If a switch port is connected to another FIP snooping bridge, configure the FCoE-Trusted Port mode for bridge-bridge links. Initially, all FCoE traffic is blocked. Only FIP frames with the ALL_FCF_MAC and ALL_ENODE_MAC values in their headers are allowed to pass. After the switch learns the MAC address of a connected FCF, it allows FIP frames destined to or received from the FCF MAC address.
FIP Snooping Prerequisites Before you enable FCoE transit and configure FIP snooping on a switch, ensure that certain conditions are met. A FIP snooping bridge requires data center bridging exchange protocol (DCBx) and priority-based flow control (PFC) to be enabled on the switch for lossless Ethernet connections (refer to theData Center Bridging (DCB) chapter). Dell Networking recommends also enabling enhanced transmission selection (ETS); however, ETS is recommended but not required.
feature fip-snooping 2 Enable FIP snooping on all VLANs or on a specified VLAN. CONFIGURATION mode or VLAN INTERFACE mode. fip-snooping enable By default, FIP snooping is disabled on all VLANs. 3 Configure the FC-MAP value used by FIP snooping on all VLANs. CONFIGURATION VLAN or INTERFACE mode fip-snooping fc-map fc-map-value The default is 0x0EFC00. The valid values are from 0EFC00 to 0EFCFF. 4 Enter interface configuration mode to configure the port for FIP snooping links.
Command Output show fip-snooping enode [enode-macaddress] Displays information on the ENodes in FIP-snooped sessions, including the ENode interface and MAC address, FCF MAC address, VLAN ID and FC-ID. show fip-snooping fcf [fcf-mac-address] Displays information on the FCFs in FIP-snooped sessions, including the FCF interface and MAC address, FCF interface, VLAN ID, FC-MAP value, FKA advertisement period, and number of ENodes connected.
Table 19. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/ port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/ port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FCoE MAC MAC address of the FCoE session assigned by the FCF. FC-ID Fibre Channel ID assigned by the FCF. Port WWPN Worldwide port name of the CNA port.
Example of the show fip-snooping fcf Command Dell# show fip-snooping fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No. of Enodes ------------------- ---- ------------------- ------------54:7f:ee:37:34:40 Po 22 100 0e:fc:00 4000 2 The following table describes the show fip-snooping fcf command fields. Table 21. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected.
Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number of of of of of of of of of of of of of of of of of of Unicast Discovery Solicits FLOGI FDISC FLOGO Enode Keep Alive VN Port Keep Alive Multicast Discovery Advertisement Unicast Discovery Advertisement FLOGI Accepts FLOGI Rejects FDISC Accepts FDISC Rejects FLOGO Accepts FLOGO Rejects CVL FCF Discovery Timeouts VN Port Session Timeouts Session failures due to Hardware Config :0 :1
Field Description Number of FLOGI Number of FIP-snooped FLOGI request frames received on the interface. Number of FDISC Number of FIP-snooped FDISC request frames received on the interface. Number of FLOGO Number of FIP-snooped FLOGO frames received on the interface. Number of ENode Keep Alives Number of FIP-snooped ENode keep-alive frames received on the interface. Number of VN Port Keep Alives Number of FIP-snooped VN port keep-alive frames received on the interface.
NOTE: NPIV sessions are included in the number of FIP-snooped sessions displayed.
FCoE Transit Configuration Example The following illustration shows an FN IOM switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. In this example, DCBx and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch. On the FIP snooping bridge, DCBx is configured as follows: Figure 36.
The DCBx configuration on the FCF-facing port is detected by the server-facing port and the DCB PFC configuration on both ports is synchronized. For more information about how to configure DCBx and PFC on a port, refer to the Data Center Bridging (DCB) chapter. The following example shows how to configure FIP snooping on FCoE VLAN 10, on an FCF-facing port (0/50), on an ENode server-facing port (0/1), and to configure the FIP snooping ports as tagged members of the FCoE VLAN enabled for FIP snooping.
19 FIPS Cryptography Dell Networking OS supports federal information processing standard (FIPS) cryptography. This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.
• All open SSH and Telnet sessions, as well as all SCP and FTP file transfers, are closed. • Any existing host keys (both RSA and RSA1) are deleted from system memory and NVRAM storage. • FIPS mode is enabled. • If you enable the SSH server when you enter the fips mode enable command, it is re-enabled for version 2 only. • If you re-enable the SSH server, a new RSA host key-pair is generated automatically. You can also manually create this key-pair using the crypto key generate command.
Example of the show fips status Command Example of the show system Command Dell#show fips status FIPS Mode : Enabled for the system using the show system command. Dell#show system Stack MAC : 00:01:e8:8a:ff:0c Reload Type : normal-reload [Next boot : normal-reload] -- Unit 0 -Unit Type Status Next Boot Required Type Current Type Master priority Hardware Rev Num Ports Up Time Dell Version Jumbo Capable POE Capable FIPS Mode Burned In MAC No Of MACs ...
all configured host keys.
20 Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) may require 4 to 5 seconds to reconverge.
Each Transit node is also configured with a Primary port and a Secondary port on the ring, but the port distinction is ignored as long as the node is configured as a Transit node. If the ring is complete, the Master node logically blocks all data traffic in the transmit and receive directions on the Secondary port to prevent a loop. If the Master node detects a break in the ring, it unblocks its Secondary port and allows data traffic to be transmitted and received through it.
Ring Checking At specified intervals, the Master node sends a ring health frame (RHF) through the ring. If the ring is complete, the frame is received on its secondary port and the Master node resets its fail-period timer and continues normal operation. If the Master node does not receive the RHF before the fail-period timer expires (a configurable timer), the Master node moves from the Normal state to the Ring-Fault state and unblocks its Secondary port.
Member VLAN Spanning Two Rings Connected by One Switch A member VLAN can span two rings interconnected by a common switch, in a figure-eight style topology. A switch can act as a Master node for one FRRP group and a Transit for another FRRP group, or it can be a Transit node for both rings. In the following example, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups.
Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks. The Master node originates a high-speed frame that circulates around the ring. This frame, appropriately, sets up or breaks down the ring. • The Master node transmits ring status check frames at specified intervals. • You can run multiple physical rings on the same switch. • One Master node per ring — all other nodes are Transit.
Concept Explanation port transitions through this state during ring bring-up. All ports transition through this state when a port comes up. Ring Protocol Timers Ring Status • Pre-Forwarding State — A transition state before moving to the Forward state. Control traffic is forwarded but data traffic is blocked. The Master node Secondary port transitions through this state during ring bring-up. All ports transition through this state when a port comes up.
• The control VLAN cannot have members that are not ring ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP.
• All ports on the ring must use the same VLAN ID for the control VLAN. • You cannot configure a VLAN as both a control VLAN and member VLAN on the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the Master node. 1 Create a VLAN with this ID number.
VLAN-ID, Range: VLAN IDs for the ring’s member VLANS. 6 Enable FRRP. CONFIG-FRRP mode. no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to the Layer 2 chapter. Be sure to follow these guidelines: • All VLANS must be in Layer 2 mode. • Tag control VLAN ports.
• For a SONET interface, enter the keyword sonet then the slot/port information. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. Slot/Port, Range: Slot and Port ID for the interface. Range is entered Slot/Port-Port. VLAN ID: Identification number of the Control VLAN. 4 Configure a Transit node. CONFIG-FRRP mode. mode transit 5 Identify the Member VLANs for this FRRP group. CONFIG-FRRP mode.
clear frrp Viewing the FRRP Configuration To view the configuration for the FRRP group, use the following command. • Show the configuration for this FRRP group. CONFIG-FRRP mode. show configuration Viewing the FRRP Information To view general FRRP information, use one of the following commands. • Show the information for the identified FRRP group. EXEC or EXEC PRIVELEGED mode. show frrp ring-id Ring ID: the range is from 1 to 255. Show the state of all FRRP groups. • EXEC or EXEC PRIVELEGED mode.
Sample Configuration and Topology The following example shows a basic FRRP topology. Figure 39.
interface primary GigabitEthernet 1/24 secondary GigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master no disable interface GigabitEthernet 2/14 no ip address switchport no shutdown ! interface GigabitEthernet 2/31 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! interface Vlan 201 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! protocol frrp 101 interface primary GigabitEthernet 2/14 secondary GigabitEthernet 2/31 co
21 GARP VLAN Registration Protocol (GVRP) Dell Networking OS supports GARP VLAN registration protocol (GVRP). Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches. GVRP-compliant switches use GARP to register and de-register attribute values, such as VLAN IDs, with each other.
• Configure GVRP • Enabling GVRP Globally • Enabling GVRP on a Layer 2 Interface • Configure GVRP Registration • Configure a GARP Timer Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged.
Basic GVRP configuration is a two-step process: 1 Enabling GVRP Globally 2 Enabling GVRP on a Layer 2 Interface Related Configuration Tasks • • Configure GVRP Registration Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch.
To inspect the interface configuration, use the show config command from INTERFACE mode or use the show gvrp interface command in EXEC or EXEC Privilege mode. Configure GVRP Registration Configure GVRP registration. There are three GVRP registration modes: • Normal Registration — Allows dynamic creation, registration, and de-registration of VLANs (if you enabled dynamic VLAN creation). By default, the registration mode is set to Normal when you enable GVRP on a port.
information is de-registered. The Leave timer must be greater than or equal to 3x the Join timer. The default is 600ms. • LeaveAll — After startup, a GARP device globally starts a LeaveAll timer. After expiration of this interval, it sends out a LeaveAll message so that other GARP devices can re-register all relevant attribute information. The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The default is 10000ms.
22 FIP Snooping This chapter describes about the FIP snooping concepts and configuration procedures.
zoning configurations, ensure that end devices use their assigned addresses, and secure the network from unauthorized access and denial-of-service attacks. To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, the Fibre Channel over Ethernet initialization protocol (FIP) establishes virtual point-to-point links between FCoE enddevices (server ENodes and target storage devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges.
• Maintenance: A valid virtual link between an FCoE device and an FCoE switch is maintained and the link termination logout (LOGO) functions properly. Figure 41. FIP Discovery and Login between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF.
You must enable FIP snooping on an Aggregator and configure the FIP snooping parameters. When you enable FIP snooping, all ports on the switch by default become ENode ports. Dynamic ACL generation on an Aggregator operating as a FIP snooping bridge functions as follows: • Global ACLs are applied on server-facing ENode ports. • Port-based ACLs are applied on ports directly connected to an FCF and on server-facing ENode ports. • Port-based ACLs take precedence over global ACLs.
• Set the FCoE MAC address prefix (FC-MAP) value used by an FCF to assign a MAC address to an ECoE end-device (server ENode or storage device) after a server successfully logs in. • Set the FCF mode to provide additional port security on ports that are directly connected to an FCF. • Check FIP snooping-enabled VLANs to ensure that they are operationally active.
Impact on other Software Features FIP snooping affects other software features on an Aggregator as follows: • MAC address learning: MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically created by FIP snooping in server-facing ports in ENode mode. • MTU auto-configuration: MTU size is set to mini-jumbo (2500 bytes) when a port is in Switchport mode, the FIP snooping feature is enabled on the switch, and the FIP snooping is enabled on all or individual VLANs.
Configuring FIP Snooping FIP snooping is auto-configured on an Aggregator in standalone mode. You can display information on FIP snooping operation and statistics by entering show commands. You can enable FIP snooping globally on all FCoE VLANs on a switch or on an individual FCoE VLAN. By default, FIP snooping is disabled. To enable FCoE transit on the switch and configure the FCoE transit parameters on ports, follow these steps. 1 Enable the FCoE transit feature on a switch. CONFIGURATION mode.
Displaying FIP Snooping Information Use the show commands from the table below, to display information on FIP snooping. Command Output show fipsnooping sessions [interface vlan vlan-id] Displays information on FIP-snooped sessions on all VLANs or a specified VLAN, including the ENode interface and MAC address, the FCF interface and MAC address, VLAN ID, FCoE MAC address and FCoE session ID number (FC-ID), worldwide node name (WWNN) and the worldwide port name (WWPN).
Command Output port-type port/slot | interface port-channel port-channelnumber] show fipsnooping system Display information on the status of FIP snooping on the switch (enabled or disabled), including the number of FCoE VLANs, FCFs, ENodes, and currently active sessions. show fipsnooping vlan Display information on the FCoE VLANs on which FIP snooping is enabled.
--------d4:ae:52:1b:e3:cd Te 0/1 100 62:00:11 54:7f:ee:37:34:40 show fip-snooping enode Command Description Field Description ENode MAC MAC address of the ENode. ENode Interface Slot/ port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. VLAN VLAN ID number used by the session. FC-ID Fibre Channel session ID assigned by the FCF.
Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Number of CVL Number of FCF Discovery Timeouts Number of VN Port Session Timeouts Number of Session failures due to Hardware Config Dell(conf)# :0 :0 :0 :0 :0 :0 :0 Dell# show fip-snooping statistics int tengigabitethernet 0/1 Number of Vlan Requests :1 Number of Vlan Notifications :0 Number of Multicast Discovery Solicits :1 Number of Unicast Discovery Solicits :0 Number of FLOGI :1 Number of FDISC :16 Number of FLOGO :0 Number of En
Field Description Number of Vlan Requests Number of FIP-snooped VLAN request frames received on the interface. Number of VLAN Notifications Number of FIP-snooped VLAN notification frames received on the interface. Number of Multicast Discovery Solicits Number of FIP-snooped multicast discovery solicit frames received on the interface. Number of Unicast Number of FIP-snooped unicast discovery solicit frames received on the interface.
Field Description Number of Session Number of session failures due to hardware configuration that occurred on the failures due to interface. Hardware Config show fip-snooping system Command Example Dell# show fip-snooping system Global Mode FCOE VLAN List (Operational) FCFs Enodes Sessions : : : : : Enabled 1, 100 1 2 17 NOTE: NPIV sessions are included in the number of FIP-snooped sessions displayed.
FIP Snooping Example The following figure shows an Aggregator used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 43. FIP Snooping on an Aggregator In tbe above figure, DCBX and PFC are enabled on the Aggregator (FIP snooping bridge) and on the FCF ToR switch. On the FIP snooping bridge, DCBX is configured as follows: • A server-facing port is configured for DCBX in an auto-downstream role.
Debugging FIP Snooping To enable debug messages for FIP snooping events, enter the debug fip-snooping command.. 1 Enable FIP snooping debugging on for all or a specified event type, where: • all enables all debugging options. • acl enables debugging only for ACL-specific events. • error enables debugging only for error conditions. • ifm enables debugging only for IFM events. • info enables debugging only for information events. • ipc enables debugging only for IPC events.
23 Internet Group Management Protocol (IGMP) On an Aggregator, IGMP snooping is auto-configured. You can display information on IGMP by using show ip igmp command. Multicast is based on identifying many hosts by a single destination IP address. Hosts represented by the same IP address are a multicast group. The internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
To receive multicast traffic from a particular source, a host must join the multicast group to which the source is sending traffic. A host that is a member of a group is called a “receiver.” A host may join many groups, and may join or leave any group at any time. A host joins and leaves a multicast group by sending an IGMP message to its IGMP querier. The querier is the router that surveys a subnet for multicast receivers and processes survey responses to populate the multicast routing table.
a specified period and sends another query. If it still receives no response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences: • Version 3 adds the ability to filter by multicast source, which helps the multicast routing protocols avoid forwarding traffic to subnets where there are no interested receivers.
Joining and Filtering Groups and Sources The below illustration shows how multicast routers maintain the group and source information from unsolicited reports. • The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. • The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
• The querier, before making any state changes, sends a group-and-source query to see if any other host is interested in these two sources; queries for state-changes are retransmitted multiple times. If any are interested, they respond with their current state information and the querier refreshes the relevant state information. • Separately in the below figure, the querier sends a general query to 224.0.0.1.
• IGMP snooping is not supported on the default VLAN interface. • Flooding of unregistered multicast traffic is enabled by default. • Queries are not accepted from the server side ports and are only accepted from the uplink LAG. • Reports and Leaves are flooded by default to the uplink LAG irrespective of whether it is an mrouter port or not.
Command Output address | interface] show ip igmp snooping groups Command Example Dell# show ip igmp snooping groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Reporter 226.0.0.1 Vlan 1500 226.0.0.1 Vlan 1600 Dell#show ip igmp snooping groups detail Interface Group Uptime Expires Router mode Last reporter Last reporter mode Last report received Group source list Source address 1.1.1.2 Member Ports: Po 1 Vlan 1500 226.0.0.1 00:00:21 Never INCLUDE 1.1.1.
IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is disabled on this interface --More-show ip igmp snooping mrouter Command Example Dell# show ip igmp snooping mrouter Interface Router Ports Vlan 1000 Po 128 Dell# Internet Group Management Protocol (IGMP) 399
24 Interfaces This chapter describes 100/1000/10000 Mbps Ethernet, 10 Gigabit Ethernet, and 40 Gigabit Ethernet interface types, both physical and logical, and how to configure them with the Dell Networking operating software (OS).
• View Basic Interface Information • Configuring the Default Interface • Enabling a Physical Interface • Physical Interfaces • Management Interfaces • VLAN Interfaces • Loopback Interfaces • Null Interfaces • VLAN Membership • Port Channel Interfaces • Load Balancing through Port Channels • Changing the Hash Algorithm • Server Ports • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Splitting QSFP Ports to SFP+ Ports • Configur
Interface Type Modes Possible Default Mode Requires Creation Default State VLAN L2, L3 L2 Yes (except default) L2 - No Shutdown (enabled) L3 - Shutdown (disabled) View Basic Interface Information To view basic interface information, use the following command. You have several options for viewing interface status and configuration parameters. • Lists all configurable interfaces on the chassis.
8659 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 21984 Multicasts, 12577 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 44329 packets, 4722779 bytes, 0 underruns 0 64-byte pkts, 44329 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 44329 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 collisions Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.
interface GigabitEthernet 9/8 no ip address shutdown ! interface GigabitEthernet 9/9 no ip address shutdown Configuring the Default Interface You can reset the configurations applied on an interface to its factory default state. To reset the configuration, perform the following steps: 1 View the configurations applied on an interface.
CONFIGURATION mode interface interface-type 2 • For the Management interface on the RPM, enter the keyword ManagementEthernet then the slot/port information. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Enable the interface. INTERFACE mode no shutdown To confirm that the interface is enabled, use the show config command in INTERFACE mode.
Overview of Layer Modes On all systems running the Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode. Table 24.
Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface. INTERFACE mode • no shutdown Place the interface in Layer 2 (switching) mode. INTERFACE mode switchport For information about enabling and configuring the Spanning Tree Protocol, refer to Spanning Tree Protocol (STP). To view the interfaces in Layer 2 mode, use the show interfaces switchport command in EXEC mode.
switchport no shutdown Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Gi 1/2. Dell(conf-if)# To determine the configuration of an interface, use the show config command in INTERFACE mode or the various show interface commands in EXEC mode. Configuring Layer 3 (Interface) Mode To assign an IP address, use the following commands. • Enable the interface. INTERFACE mode • no shutdown Configure a primary IP address and mask on the interface.
Management Interfaces The IOM management interface has both a public IP and private IP address on the internal fabric D interface. The public IP address is exposed to the outside world for Web GUI configurations/WSMAN and other proprietary traffic. You can statically configure the public IP address or obtain the IP address dynamically using the dynamic host configuration protocol (DHCP). NOTE: When you shut down a management interface, connectivity to the interface’s private IP address is disabled.
• Enter the slot and the port (0) to configure a Management interface. CONFIGURATION mode interface managementethernet interface • The slot range is 0–0. Configure an IP address and mask on a Management interface. INTERFACE mode ip address ip-address mask • ip-address mask: enter an address in dotted-decimal format (A.B.C.D). The mask must be in / prefix format (/x).
VLAN Interfaces VLANs are logical interfaces and are, by default, in Layer 2 mode. Physical interfaces and port channels can be members of VLANs. For more information about VLANs and Layer 2, refer to Layer 2 and Virtual LANs (VLANs). NOTE: To monitor VLAN interfaces, use Management Information Base for Network Management of TCP/IP-based internets: MIB-II (RFC 1213). NOTE: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN.
To configure, view, or delete a Loopback interface, use the following commands. • Enter a number as the Loopback interface. CONFIGURATION mode interface loopback number The range is from 0 to 16383. View Loopback interface configurations. • EXEC mode show interface loopback number Delete a Loopback interface. • CONFIGURATION mode no interface loopback number Many of the same commands found in the physical interface are also found in the Loopback interfaces.
for individual ports by using the vlan tagged or vlan untagged commands in INTERFACE configuration mode (Configuring VLAN Membership). Physical Interfaces and port channels can be members of VLANs. NOTE: You can assign a static IP address to default VLAN 1 using the ip address command. To assign a different VLAN ID to the default VLAN, use the default vlan-id vlan-id command. Following table lists out the VLAN defaults in Dell Networking OS: Table 25.
source MAC addresses. The information that is preserved as the frame moves through the network. The below figure shows the structure of a frame with a tag header. The VLAN ID is inserted in the tag header. Figure 49. Tagged Frame Format The tag header contains some key information used by Dell Networking OS: • The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes). • Tag control information (TCI) includes the VLAN ID (2 bytes total).
INTERFACE mode vlan untagged {vlan-id} If you configure additional VLAN membership and save it to the startup configuration, the new VLAN configuration takes place immediately.
port-channel 1 mode active ! protocol lldp advertise management-tlv system-name dcbx port-role auto-downstream no shutdown Dell(conf-if-te-0/2)# Except for hybrid ports, only a tagged interface can be a member of multiple VLANs. You can assign hybrid ports to two VLANs if the port is untagged in one VLAN and tagged in all others. NOTE: When you remove a tagged interface from a VLAN (using the no vlan tagged command), it remains tagged only if it is a tagged interface in another VLAN.
Dell(conf-if-te-0/1)#portmode hybrid Dell(conf-if-te-0/1)#switchport 2 Configure the tagged VLANs 10 through 15 and untagged VLAN 20 on this port. Dell(conf-if-te-0/1)#vlan tagged 10-15 Dell(conf-if-te-0/1)#vlan untagged 20 Dell(conf-if-te-0/1)# 3 Show the running configurations on this port.
14 Active 15 Active 20 Active Dell# T Te 0/1 T Po128(Te 0/4-5) T Te 0/1 T Po128(Te 0/4-5) T Te 0/1 U Po128(Te 0/4-5) U Te 0/1 You can remove the inactive VLANs that have no member ports using the following command: Dell#configure Dell(conf)#no interface vlan vlan-id vlan-id — Inactive VLAN with no member ports You can remove the tagged VLANs using the no vlan tagged vlan-range command. You can remove the untagged VLANs using the no vlan untagged command in the physical port/portchannel.
With this feature, you can create larger-capacity interfaces by utilizing a group of lower-speed links. For example, you can build a 40-Gigabit interface by aggregating four 10-Gigabit Ethernet interfaces together. If one of the five interfaces fails, traffic is redistributed across the three remaining interfaces. Port Channel Implementation The Dell Networking OS supports static and dynamic port channels. • Static — Port channels that are statically configured.
speed of the port channel is 100 Mb/s. The system disables those interfaces configured with speed 1000 Mb/s or whose speed is 1000 Mb/s as a result of auto-negotiation. In this example, you can change the common speed of the port channel by changing its configuration so the first enabled interface referenced in the configuration is a 1000 Mb/s speed interface. You can also change the common speed of the port channel here by setting the speed of the TenGig 0/0 interface to 1000 Mb/s.
Adding a Physical Interface to a Port Channel You can add any physical interface to a port channel if the interface configuration is minimal. NOTE: Port channels can contain a mix of 100/1000/10000 Ethernet interfaces and 10 Gigabit Ethernet interface, but the Dell Networking OS disables the interfaces that are not the same speed of the first channel member in the port channel (refer to 100/1000/10000 Mbps Interfaces in Port Channels).
The following example shows the port channel’s mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2-port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel.
Reassigning an Interface to a New Port Channel An interface can be a member of only one port channel. If the interface is a member of a port channel, remove it from the first port channel and then add it to the second port channel. To reassign an interface to a new port channel, use the following commands. 1 Remove the interface from the first port channel. INTERFACE PORT-CHANNEL mode no channel-member interface 2 Change to the second port channel INTERFACE mode.
minimum-links number The default is 1. Example of Configuring the Minimum Oper Up Links in a Port Channel Dell#config t Dell(conf)#int po 1 Dell(conf-if-po-1)#minimum-links 5 Dell(conf-if-po-1)# Adding or Removing a Port Channel from a VLAN As with other interfaces, you can add Layer 2 port channel interfaces to VLANs. To add a port channel to a VLAN, place the port channel in Layer 2 mode (by using the switchport command).
INTERFACE mode ip address ip-address mask [secondary] • ip-address mask: enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). • secondary: the IP address is the interface’s backup IP address. You can configure up to eight secondary IP addresses. Deleting or Disabling a Port Channel To delete or disable a port channel, use the following commands. • Delete a port channel. CONFIGURATION mode • no interface portchannel channel-number Disable a port channel.
• Change the default (0) to another algorithm and apply it to ECMP, LAG hashing, or a particular line card.
Server Ports By default, the MXL switch allows the server ports to come up as switch ports in no shut mode, ready to switch traffic. Default Configuration without Start-up Config This feature is enabled by default and can be enabled on reload by deleting the start-up config file. On reload, all the server ports (1-32) come up as switch ports in No Shut mode. Uplinks remain in Shut mode ensuring that there are no network loops.
Bulk Configuration Bulk configuration allows you to determine if interfaces are present for physical interfaces or configured for logical interfaces. Interface Range An interface range is a set of interfaces to which other commands may be applied and may be created if there is at least one valid interface within the range. Bulk configuration excludes from configuration any non-existing interfaces from an interface range.
• • • Overlap Port Ranges Commas Add Ranges Create a Single-Range The following is an example of a single range. Example of the interface range Command (Single Range) Dell(conf)# interface range tengigabitethernet 5/1 - 23 Dell(conf-if-range-te-5/1-23)# no shutdown Dell(conf-if-range-te-5/1-23)# Create a Multiple-Range The following is an example of multiple range.
Dell(conf-if-range-te-5/1-23)# no shutdown Dell(conf-if-range-te-5/1-23)# Add Ranges The following example shows how to use commas to add VLAN and port-channel interfaces to the range.
Monitoring and Maintaining Interfaces Monitor interface statistics with the monitor interface command. This command displays an ongoing list of the interface status (up/down), number of packets, traffic statistics, and so on. To view the interface’s statistics, use the following command. • View the interface’s statistics.
Input CRC: Input IP checksum: Input overrun: Output underruns: Output throttles: m l T q - 0 0 0 0 0 Change mode Page up Increase refresh interval Quit 0 0 0 0 0 pps pps pps pps pps 0 0 0 0 0 c - Clear screen a - Page down t - Decrease refresh interval Dell Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers.
Splitting QSFP Ports to SFP+ Ports The MXL 10/40GbE switch supports splitting a 40GbE port on the base module or a 2-Port 40GbE QSFP+ module into four 10GbE SFP+ ports using a 4x10G breakout cable. NOTE: By default, the 40GbE ports on a 2-Port 40GbE QSFP+ module come up in 4x10GbE (quad) mode as eight 10GbE ports. On the base module, you must convert the 40GbE ports to 4x10GbE mode as described in the following section.
• 2 portmode quad: Identifies the uplink port as a split 10GbE SFP+ port. Save the configuration and reload the switch. CONFIGURATION mode write memory reload Important Points to Remember • You cannot use split ports as stack-link to stack an MXL Switch. • Split ports cannot be a part of any stacked system. • The quad port must be in a default configuration before it can be split into 4x10G ports.
INTERFACE mode wavelength 1529.0 • The wavelength range is from 1528.3 nm to 1568.77nm. Verify configuration changes. INTERFACE mode show config Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port You can convert a QSFP or QSFP+ port to an SFP or SFP+ port using the Quad to Small Form Factor Pluggable Adapter (QSA). QSA provides smooth connectivity between devices that use Quad Lane Ports (such as the 40 Gigabit Ethernet adapters) and 10 Gigabit hardware that uses SFP+ based cabling.
Important Points to Remember • Before using the QSA to convert a 40 Gigabit Ethernet port to a 10 Gigabit SFP or SFP+ port, enable 40 G to 4*10 fan-out mode on the device. • When you insert a QSA into a 40 Gigabit port, you can use only the first 10 Gigabit port in the fan-out mode to plug-in SFP or SFP+ cables. The remaining three 10 Gigabit ports are perceived to be in Link Down state and are unusable. • You cannot use QSFP Optical cables on the same port where QSA is used.
The globally assigned 48-bit Multicast address 01-80-C2-00-00-01 is used to send and receive pause frames. To allow full duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with a destination address equal to this multicast address. The pause frame is defined by IEEE 802.3x and uses MAC Control frames to carry the pause commands. Ethernet pause frames are supported on full duplex only.
Configure MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be enough to include the Layer 2 header. For example, for VLAN packets, if the IP MTU is 1400, the Link MTU must be no less than 1422: 1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The MTU range is from 592 to 12000, with a default of 1500. IP MTU automatically configures.
Port-Pipes A high-speed data bus connection used to switch traffic between front-end ports is known as the port pipe. A port pipe is a Dell Networking-specific term for the hardware path that packets follow through a system. The MXL switch supports single port pipe only. Auto-Negotiation on Ethernet Interfaces By default, auto-negotiation of speed and duplex mode is enabled on 100/1000/10000 Base-T Ethernet interfaces. Only 10GE interfaces do not support auto-negotiation.
4 Access the port. CONFIGURATION mode interface interface slot/port 5 Set the local port speed. INTERFACE mode speed {100 | 1000 | 10000 | auto} NOTE: If you use an active optical cable (AOC), you can convert the QSFP+ port to a 10 Gigabit SFP + port or 1 Gigabit SFP port. You can use the speed command to enable the required speed. 6 Optionally, set full- or half-duplex. INTERFACE mode duplex {half | full} 7 Disable auto-negotiation on the port.
Dell(conf-if-te-0/1)#speed 100 Dell(conf-if-te-0/1)#duplex full Dell(conf-if-te-0/1)#no negotiation auto Dell(conf-if-te-0/1)#show config ! interface TenGigabitEthernet 0/1 no ip address speed 100 duplex full no shutdown Set Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave after you enable auto-negotiation.
View Advanced Interface Information The following options have been implemented for the show [ip | running-config] interfaces commands. When you use the configured keyword, only interfaces that have non-default configurations display.
The following example shows how to configure rate interval when changing the default value. To configure the number of seconds of traffic statistics to display in the show interfaces output, use the following command. • Configure the number of seconds of traffic statistics to display in the show interfaces output. INTERFACE mode rate-interval Example of the rate-interval Command The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100.
Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h42m Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, the system automatically turns on counting when you enable the application, and is turned off when you disable the application. NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance.
• (OPTIONAL) To clear unknown source address (SA) drop counters when you configure the MAC learning limit on the interface, enter the keywords learning-limit. Example of the clear counters Command When you enter this command, confirm that you want the Dell Networking OS to clear the interface counters for that interface.
25 Internet Protocol Security (IPSec) IPSec is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and file transfer protocols (FTPs) and can operate in Transport mode. In Transport mode, IPSec encrypts only the packet payload; the IP header is unchanged. This is the default mode.
CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption des 2 Define the crypto policy. CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXform-set session-key inbound esp 256 auth encrypt session-key outbound esp 257 auth encrypt match 0 tcp a::1 /128 0 a::2 /128 21 match 1 tcp a::1 /128 21 a::2 /128 0 match 2 tcp 1.1.1.1 /32 0 1.1.1.2 /32 21 match 3 tcp 1.1.1.1 /32 21 1.1.1.
26 IPv4 Routing The Dell Networking OS supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking operating system (OS).
At its most basic level, an IP address is 32-bits composed of network and host portions and represented in dotted decimal format. For example, 00001010110101100101011110000011 is represented as 10.214.87.131. For more information about IP addressing, refer to RFC 791, Internet Protocol. Implementation Information In the Dell Networking OS, you can configure any IP address as a static route except IP addresses already assigned to interfaces. NOTE: The Dell Networking OS versions 7.7.1.
• 2 For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Enable the interface. INTERFACE mode no shutdown 3 Configure a primary IP address and mask on the interface. INTERFACE mode ip address ip-address mask [secondary] • ip-address mask: the IP address must be in dotted decimal format (A.B.C.D). The mask must be in slash prefix-length format (/24). • secondary: add the keyword secondary if the IP address is the interface’s backup IP address.
• ip-address: enter an address in dotted decimal format (A.B.C.D). • mask: enter a mask in slash prefix-length format (/X). • interface: enter an interface type then the slot/port information. • distance: the range is from 1 to 255. (optional) • permanent: keep the static route in the routing table (if you use the interface option) even if you disable the interface with the route. (optional) • tag tag-value: the range is from 1 to 4294967295.
CONFIGURATION mode management route ip-address mask {forwarding-router-address | ManagementEthernet slot/port} Example of the show ip route static Command To view the configured static routes for the management port, use the show ip management-route command in EXEC privilege mode. Dell#show ip management-route all Destination ----------1.1.1.0/24 172.16.1.0/24 172.31.1.0/24 Gateway ------172.31.1.250 172.31.1.
Using the Configured Source IP Address in ICMP Messages ICMP error or unreachable messages are now sent with the configured IP address of the source interface instead of the front-end port IP address as the source IP address. Enable the generation of ICMP unreachable messages through the ip unreachable command in Interface mode. When a ping or traceroute packet from an endpoint or a device arrives at the null 0 interface configured with a static route, it is discarded.
To configure the duration for which the device waits for the ACK packet to be sent from the requesting host to establish the TCP connection, perform the following steps: 1 Define the wait duration in seconds for the TCP connection to be established. CONFIGURATION mode Dell(conf)#ip tcp reduced-syn-ack-wait <9-75> You can use the no ip tcp reduced-syn-ack-wait command to restore the default behavior, which causes the wait period to be set as 8 seconds.
• Enable dynamic resolution of host names. CONFIGURATION mode • ip domain-lookup Specify up to six name servers. CONFIGURATION mode ip name-server ip-address [ip-address2 ... ip-address6] The order you entered the servers determines the order of their use. Example of the show hosts Command To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.
Configure this command up to six times to specify a list of possible domain names. The Dell Networking OS searches the domain names in the order they were configured until a match is found or the list is exhausted. Configuring DNS with Traceroute To configure your switch to perform DNS with traceroute, use the following commands. • Enable dynamic resolution of host names. CONFIGURATION mode • ip domain-lookup Specify up to six name servers. CONFIGURATION mode ip name-server ip-address [ip-address2 ...
ARP The Dell Networking OS uses two forms of address resolution: address resolution protocol (ARP) and Proxy ARP. ARP runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network. Over time, the system creates a forwarding table mapping the MAC addresses to their corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time.
Example of the show arp Command These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command. To view the static entries in the ARP cache, use the show arp static command in EXEC privilege mode. Dell#show arp Protocol Address Age(min) Hardware Address Interface VLAN CPU ---------------------------------------------------------------------------------------Internet 10.11.68.14 94 00:01:e9:45:00:03 Ma 0/0 CP Internet 10.11.209.
ARP Learning via Gratuitous ARP Gratuitous ARP can mean an ARP request or reply. In the context of ARP learning via gratuitous ARP on the system, the gratuitous ARP is a request. A gratuitous ARP request is an ARP request that is not needed according to the ARP specification, but one that hosts may send to.
Beginning with the Dell Networking OS version 8.3.1.0, when you enable ARP learning via gratuitous ARP, the system installs a new ARP entry, or updates an existing entry for all received ARP requests. Figure 51. ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable ARP learning via gratuitous ARP, the system does not look up the target IP. It only updates the ARP entry for the Layer 3 interface with the source IP of the request.
• Display all ARP entries learned via gratuitous ARP. EXEC Privilege mode show arp retries ICMP For diagnostics, the internet control message protocol (ICMP) provides routing information to end stations by choosing the best route (ICMP redirect messages) or determining if a router is reachable (ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic.
1 Enable UDP helper and specify the UDP ports for which traffic is forwarded. Refer to Enabling UDP Helper. Important Points to Remember • The existing ip directed broadcast command is rendered meaningless if you enable UDP helper on the same interface. • The broadcast traffic rate should not exceed 200 packets per second when you enable UDP helper. • You may specify a maximum of 16 UDP ports.
• UDP Helper with Subnet Broadcast Addresses • UDP Helper with Configured Broadcast Addresses • UDP Helper with No Configured Broadcast Addresses UDP Helper with Broadcast-All Addresses When the destination IP address of an incoming packet is the IP broadcast address, the system rewrites the address to match the configured broadcast address. In the following illustration: 1 Packet 1 is dropped at ingress if you did not configure UDP helper address.
UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching interface. In the following illustration, Packet 1 has the destination IP address 1.1.1.255, which matches the subnet broadcast address of VLAN 101.
the destination address unchanged because the forwarding process is Layer 2. If you enabled UDP helper, the packet is flooded on VLAN 100 as well. Figure 54. UDP Helper with Configured Broadcast Addresses UDP Helper with No Configured Broadcast Addresses The following describes UDP helper with no broadcast addresses configured. • If the incoming packet has a broadcast destination IP address, the unaltered packet is routed to all Layer 3 interfaces.
2005-11-05 11:59:35 %RELAY-I-PACKET, BOOTP REQUEST (Unicast) received at interface 172.21.50.193 BOOTP Request, XID = 0x9265f901, secs = 0 hwaddr = 00:02:2D:8D: 46:DC, giaddr = 0.0.0.0, hops = 2 2005-11-05 11:59:35 %RELAY-I-BOOTREQUEST, Forwarded BOOTREQUEST for 00:02:2D:8D: 46:DC to 137.138.17.6 2005-11-05 11:59:36 %RELAY-I-PACKET, BOOTP REPLY (Unicast) received at interface 194.12.129.98 BOOTP Reply, XID = 0x9265f901, secs = 0 hwaddr = 00:02:2D:8D:46:DC, giaddr = 172.21.50.
27 IPv6 Routing Internet protocol version 6 (IPv6) routing is the successor to IPv4. Due to the rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
Extended Address Space The address format is extended from 32 bits to 128 bits. This not only provides room for all anticipated needs, it allows for the use of a hierarchical address space structure to optimize global addressing. Stateless Autoconfiguration When a booting device comes up in IPv6 and asks for its network prefix, the device can get the prefix (or prefixes) from an IPv6 router on its link.
IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This fixed length provides 16 bytes each for source and destination information and 8 bytes for general header information. The IPv6 header includes the following fields: • Version (4 bits) • Traffic Class (8 bits) • Flow Label (20 bits) • Payload Length (16 bits) • Next Header (8 bits) • Hop Limit (8 bits) • Source Address (128 bits) • Destination Address (128 bits) IPv6 provides for extension headers.
Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet Source. Sending and forwarding routers use this field to identify different IPv6 classes and priorities. Routers understand the priority settings and handle them appropriately during conditions of congestion.
Value Description 41 IPv6 43 Routing header 44 Fragmentation header 50 Encrypted Security 51 Authentication header 59 No Next Header 60 Destinations option header NOTE: This table is not a comprehensive list of Next Header field values. For a complete and current listing, refer to the Internet Assigned Numbers Authority (IANA) web page. Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing.
However, if the Destination Address is a Hop-by-Hop options header, the Extension header is examined by every forwarding router along the packet’s route. The Hop-by-Hop options header must immediately follow the IPv6 header, and is noted by the value 0 (zero) in the Next Header field. Extension headers are processed in the order in which they appear in the packet header. Hop-by-Hop Options Header The Hop-by-Hop options header contains information that is examined by every router along the packet’s path.
2001:0db8:0000:0000:0000:0000:1428:57ab can be shortened to 2001:0db8::1428:57ab. Only one set of double colons is supported in a single address. Any number of consecutive 0000 groups may be reduced to two colons, as long as there is only one double colon used in an address. Leading and/or trailing zeros in a group can also be omitted (as in ::1 for localhost, 1:: for network addresses and :: for unspecified addresses). All the addresses in the following list are all valid and equivalent.
Implementing IPv6 with the Dell Networking OS The Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform. The sections following the table give greater detail about the feature. Table 28. Feature Details Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location FN IOM Basic IPv6 Commands 9.9(0.
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide. ISIS for IPv6 support for distribute lists and administrative distance 9.9(0.0) Intermediate System to Intermediate System (IS-IS) OSPF for IPv6 (OSPFv3) 9.9(0.0) Equal Cost Multipath for IPv6 9.9(0.0) IPv6 Services and Management 9.9(0.0) Telnet client over IPv6 (outbound Telnet) 9.9(0.
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location MLDv2 Snooping N/A IPv6 Multicast in this chapter Multicast IPv6 in the Dell Networking OS Command Line Reference Guide. IPv6 QoS trust DSCP values N/A IPv6 Multicast in this chapter ICMPv6 Dell Networking OS supports ICMPv6. ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4.
The recommended MTU for IPv6 is 1280. Greater MTU settings increase processing efficiency because each packet carries more data while protocol overheads (for example, headers) or underlying per-packet delays remain fixed. Figure 56. Path MTU Discovery Process IPv6 Neighbor Discovery Dell Networking OS supports IPv6 neighbor discovery protocol (NDP). NDP is a top-level protocol for neighbor discovery on an IPv6 network.
a multicast address with the unicast address used as the last 24 bits. Other hosts on the link do not participate in the process, greatly increasing network bandwidth efficiency. Figure 57. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets With the Dell Networking OS version 8.3.1.0, you can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers.
Configuring the IPv6 Recursive DNS Server You can configure up to four Recursive DNS Server (RDNSS) addresses to be distributed via IPv6 router advertisements to an IPv6 device, using the ipv6 nd dns-server ipv6-RDNSS-address {lifetime | infinite} command in INTERFACE CONFIG mode. The lifetime parameter configures the amount of time the IPv6 host can use the IPv6 RDNSS address for name resolution. The lifetime range is 0 to 4294967295 seconds.
Debugging IPv6 RDNSS Information Sent to the Host To verify that the IPv6 RDNSS information sent to the host is configured correctly, use the debug ipv6 nd command in EXEC Privilege mode. Example of Debugging IPv6 RDNSS Information Sent to the Host The following example debugs IPv6 RDNSS information sent to the host. The last 3 lines indicate that the IPv6 RDNSS information was configured correctly.
• SNMP over IPv6 • Showing IPv6 Information • Clearing IPv6 Routes Adjusting Your CAM-Profile Dell Networking OS supports the cam-acl command. Although adjusting your CAM-profile is not a mandatory step, if you plan to implement IPv6 ACLs, adjust your CAM settings. The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. There are 16 FP blocks, but the System Flow requires three blocks that cannot be reallocated.
Assigning an IPv6 Address to an Interface Dell Networking OS supports IPv6 addresses. Essentially, IPv6 is enabled in the Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully. To assign an IPv6 address to an interface, use the ipv6 address command.
• For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/ port information. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a Loopback interface, enter the keyword loopback then the loopback number. • For a port-channel interface, enter the keywords port-channel then the port-channel number. • For a VLAN interface, enter the keyword vlan then the VLAN ID.
Showing IPv6 Information Dell Networking OS supports all of the following show commands. View specific IPv6 configuration with the following commands. • List the IPv6 show options.
Showing IPv6 Routes To view the global IPv6 routing information, use the following command. • Show IPv6 routing information for the specified route type. EXEC mode show ipv6 route type The following keywords are available: • To display information about a network, enter ipv6 address (X:X:X:X::X). • To display information about a host, enter hostname. • To display information about all IPv6 routes (including non-active routes), enter all.
C 2003::/120 [0/0] Direct, Gi 1/1, 00:28:49 Dell#show ipv6 route static Destination Dist/Metric, Gateway, Last Change ----------------------------------------------------S 8888:9999:5555:6666:1111:2222::/96 [1/0] via 2222:2222:3333:3333::1, Gi 9/1, 00:03:16 S 9999:9999:9999:9999::/64 [1/0] via 8888:9999:5555:6666:1111:2222:3333:4444, 00:03:16 Showing the Running-Configuration for an Interface To view the configuration for any interface, use the following command.
• mask: the prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. Secure Shell (SSH) Over an IPv6 Transport Dell Networking OS supports IPv6 secure shell (SSH). The Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing.
28 iSCSI Optimization An Aggregator enables internet small computer system interface (iSCSI) optimization with default iSCSI parameter settings(Default iSCSI Optimization Values) and is auto-provisioned to support: iSCSI Optimization: Operation To display information on iSCSI configuration and sessions, use show commands. iSCSI optimization enables quality-of-service (QoS) treatment for iSCSI traffic.
iSCSI optimization allows you to reduce deployment time and management complexity in data centers. In a data center network, Dell EqualLogic and Compellent iSCSI storage arrays are connected to a converged Ethernet network using the data center bridging exchange protocol (DCBx) through Ethernet switches. iSCSI session monitoring over virtual link trunking (VLT) synchronizes the iSCSI session information between the VLT peers, allowing session information to be available in both VLT peers.
to ensure that iSCSI traffic in these sessions receives priority treatment when forwarded on Aggregator hardware. Figure 58. iSCSI Optimization Example Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets.
Information Monitored in iSCSI Traffic Flows iSCSI optimization examines the following data in packets and uses the data to track the session and create the classifier entries that enable QoS treatment: • Initiator’s IP Address • Target’s IP Address • ISID (Initiator defined session identifier) • Initiator’s IQN (iSCSI qualified name) • Target’s IQN • Initiator’s TCP Port • Target’s TCP Port If no iSCSI traffic is detected for a session during a user-configurable aging period, the session data
The following message displays when you enable iSCSI on a switch and describes the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_ENABLE: iSCSI has been enabled causing flow control to be enabled on all interfaces. EQL detection and enabling iscsi profile-compellent on an interface may cause some automatic configurations to occur like jumbo frames on all ports and no storm control and spanning tree port-fast on the port of detection.
• disable: disables the application of preferential QoS treatment to iSCSI frames. • dot1p vlan-priority-value: specifies the virtual local area network (VLAN) priority tag assigned to incoming packets in an iSCSI session. The range is from 0 to 7. The default is: the dot1p value in ingress iSCSI frames is not changed and the same priority is used in iSCSI TLV advertisements if you do not enter the iscsi priority-bits command (Step 10).
Displaying iSCSI Optimization Information To display information on iSCSI optimization, use the show commands detailed in the below table: Table 29. Displaying iSCSI Optimization Information Command Output show iscsi Displays the currently configured iSCSI settings. show iscsi sessions Displays information on active iSCSI sessions on the switch that have been established since the last reload.
show iscsi sessions detailed Command Example Dell# show iscsi sessions detailed Session 0 : ----------------------------------------------------------------------------Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 33345 10.10.0.
29 Intermediate System to Intermediate System Dell Networking OS supports intermediate system to intermediate system (IS-IS). • The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. • The IS-IS protocol standards are listed in the Standards Compliance chapter.
To establish adjacencies, each IS-IS router sends different protocol data units (PDU). For IP traffic, the IP addressing information is included in the IS-IS hello PDUs and the link state PDUs (LSPs). This brief overview is not intended to provide a complete understanding of IS-IS; for that, consult the documents listed in Multi-Topology IS-IS. IS-IS Addressing IS-IS PDUs require ISO-style addressing called network entity title (NET).
All routers on a LAN or point-to-point must have at least one common supported topology when operating in Multi-Topology IS-IS mode. If IPv4 is the common supported topology between those two routers, adjacency can be formed. All topologies must share the same set of L1-L2 boundaries.
Graceful Restart Dell Networking OS supports Graceful Restart for both Helper and Restart modes. Graceful restart is a protocol-based mechanism that preserves the forwarding table of the restarting router and its neighbors for a specified period to minimize the loss of packets. A graceful-restart router does not immediately assume that a neighbor is permanently down and so does not trigger a topology change.
information required for IPv6 routing. The new TLVs are IPv6 Reachability and IPv6 Interface Address. Also, a new IPv6 protocol identifier has also been included in the supported TLVs. The new TLVs use the extended metrics and up/down bit semantics. Multi-topology IS-IS adds TLVs: • MT TLV — contains one or more Multi-Topology IDs in which the router participates. This TLV is included in IIH and the first fragment of an LSP. • MT Intermediate Systems TLV — appears for every topology a node supports.
ROUTER ISIS mode configure IS-IS globally, while commands executed in INTERFACE mode enable and configure IS-IS features on that interface only. Commands in the ADDRESS-FAMILY mode are specific to IPv6. NOTE: When using the IS-IS routing protocol to exchange IPv6 routing information and to determine destination reachability, you can route IPv6 along with IPv4 while using a single intra-domain routing protocol.
net network-entity-title Specify the area address and system ID for an IS-IS routing process. The last byte must be 00. For more information about configuring a NET, refer to IS-IS Addressing. 3 Enter the interface configuration mode. CONFIGURATION mode interface interface Enter the keyword interface then the type of interface and slot/port information: • 4 For the Loopback interface on the RPM, enter the keyword loopback then a number from 0 to 16383.
To view the IS-IS configuration, enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode. Example of Viewing IS-IS Configuration ( EXEC Privilege Mode) Dell#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.
Configuring Multi-Topology IS-IS (MT IS-IS) To configure multi-topology IS-IS (MT IS-IS), use the following commands. 1 Enable multi-topology IS-IS for IPv6. ROUTER ISIS AF IPV6 mode multi-topology [transition] Enter the keyword transition to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.
The range is from 1 to 120 minutes. • The default is 5 minutes. Enable the graceful restart maximum wait time before a restarting peer comes up. ROUTER-ISIS mode graceful-restart restart-wait seconds When implementing this command, be sure to set the T3 timer to adjacency on the restarting router. The range is from 1 to 120 minutes. • The default is 30 seconds.
Example of the show isis graceful-restart detail Command Example of the show isis interface Command NOTE: If this timer expires before the synchronization has completed, the restarting router sends the overload bit in the LSP. The overload bit is an indication to the receiving router that database synchronization did not complete at the restarting router. To view all graceful restart-related configurations, use the show isis graceful-restart detail command in EXEC Privilege mode.
Restart Capable Neighbors: 2, In Start: 0, In Restart: 0 Dell# Changing LSP Attributes IS-IS routers flood link state PDUs (LSPs) to exchange routing information. LSP attributes include the generation interval, maximum transmission unit (MTU) or size, and the refresh interval. You can modify the LSP attribute defaults, but it is not necessary. To change the defaults, use any or all of the following commands. • Set interval between LSP generation.
Configuring the IS-IS Metric Style All IS-IS links or interfaces are associated with a cost that is used in the shortest path first (SPF) calculations. The possible cost varies depending on the metric style supported. If you configure narrow, transition, or narrow transition metric style, the cost can be a number between 0 and 63. If you configure wide or wide transition metric style, the cost can be a number between 0 and 16,777,215.
Example of Viewing IS-IS Metric Types Dell#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.
Metric Sytle Correct Value Range narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 To view the interface’s current metric, use the show config command in INTERFACE mode or the show isis interface command in EXEC Privilege mode. Configuring the Distance of a Route To configure the distance for a route, use the following command. • Configure the distance for a route.
LSPID LSP Seq Num B233.00-00 0x00000006 eljefe.00-00 * 0x0000000D eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Dell.00-00 0x00000004 LSP Checksum 0xC38A 0x51C6 0x68DF 0x2E7F 0xCDA9 LSP Holdtime 1124 1129 1122 1113 1107 ATT/P/OL 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 Dell# Controlling Routing Updates To control the source of IS-IS route information, use the following command. • Disable a specific interface from sending or receiving IS-IS routing information.
• • For a VLAN, enter the keyword vlan then a number from 1 to 4094. Apply a configured prefix list to all outgoing IPv4 IS-IS routes. ROUTER ISIS mode distribute-list prefix-list-name out [bgp as-number | connected | ospf processid | rip | static] You can configure one of the optional parameters: • • connected: for directly connected routes. • ospf process-id: for OSPF routes only. • rip: for RIP routes only. • static: for user-configured routes. • bgp: for BGP routes only.
• • bgp: for BGP routes only. Deny RTM download for pre-existing redistributed IPv6 routes. ROUTER ISIS-AF IPV6 mode distribute-list redistributed-override in Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process. With the redistribute command syntax, you can include BGP, OSPF, RIP, static, or directly connected routes in the IS-IS process.
Redistributing IPv6 Routes To add routes from other routing instances or protocols, use the following commands. NOTE: These commands apply to IPv6 IS-IS only. To apply prefix lists to IPv4 routes, use the ROUTER ISIS mode previously shown. • Include BGP, directly connected, RIP, or user-configured (static) routes in IS-IS.
The Dell Networking OS supports HMAC-MD5 authentication. • This password is inserted in Level 1 LSPs, Complete SNPs, and Partial SNPs. Set the authentication password for a routing domain. ROUTER ISIS mode domain-password [encryption-type | hmac-md5] password The Dell Networking OS supports both DES and HMAC-MD5 authentication methods. This password is inserted in Level 2 LSPs, Complete SNPs, and Partial SNPs.
Dell.00-00 Dell# 0x00000004 0xCDA9 1093 0/0/0 Debugging IS-IS To debug IS-IS processes, use the following commands. • View all IS-IS information. EXEC Privilege mode • debug isis View information on all adjacency-related activity (for example, hello packets that are sent and received).
To disable a specific debug command, enter the keyword no then the debug command. For example, to disable debugging of IS-IS updates, use the no debug isis updates-packets command. To disable all IS-IS debugging, use the no debug isis command. To disable all debugging, use the undebug all command. IS-IS Metric Styles The following sections provide additional information about the IS-IS metric styles.
Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all other metric styles support a range of 0 to 0xFE000000. Change the IS-IS Metric Style in One Level Only By default, the IS-IS metric style is narrow. When you change from one IS-IS metric style to another, the IS-IS metric value (configured with the isis metric command) could be affected.
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value transition narrow original value transition wide transition original value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narrow transition transition original value wide transition wide original value wide transition narrow default value (10) if the original value is greater than 63. A message is sent to the console.
Leaks from One Level to Another In the following scenarios, each IS-IS level is configured with a different metric style. Table 34.
You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. NOTE: Whenever you make IS-IS configuration changes, clear the IS-IS process (re-started) using the clear isis command. The clear isis command must include the tag for the ISIS process. The following example shows the response from the router: Dell#clear isis * % ISIS not enabled.
R1(conf-if-lo-0)#ipv6 address 2001:db8:9999:1::/48 R1(conf-if-lo-0)#ip router isis 9999 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#router isis 9999 R1(conf-router_isis)#is-type level-1 R1(conf-router_isis)#net FF.F101.0002.0C00.1111.00 R1(conf-router_isis)#ipv6 route 2001:db8:9999:2::/128 2001:db8:1021:2:: R1(conf)#ipv6 route 2001:db8:9999:3::/128 2001:db8:1022:3:: R1(conf)#ip route 192.168.1.2/32 10.0.12.2 R1(conf)#ip route 192.168.1.3/32 10.0.13.
R2(conf-if-lo-0)#router isis 9999 R2(conf-router_isis)#int gi 2/11 R2(conf-if-gi-2/11)#ip address 10.0.12.2/24 R2(conf-if-gi-2/11)#ipv6 address 2001:db8:9999:2::/48 R2(conf-if-gi-2/11)#ip router isis 9999 R2(conf-if-gi-2/11)#isis network point-to-point R2(conf-if-gi-2/11)#no shutdown R2(conf-if-gi-2/11)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.0.23.
R3(conf)#ipv6 route 2001:db8:9999:2::/128 2001:db8:1023:2:: R3(conf)#ip route 192.168.1.1/32 10.0.13.1 R 3(conf)#interface GigabitEthernet 3/14 R3(conf-if-gi-3/14)#ip address 10.0.13.3/24 R3(conf-if-gi-3/14)#ipv6 address 2001:db8:1022:3::/48 R3(conf-if-gi-3/14)#ip router isis 9999 R3(conf-if-gi-3/14)#isis circuit-type level-1 R3(conf-if-gi-3/14)#isis network point-to-point R3(conf-if-gi-3/14)#no shutdown R3(conf-if-gi-3/14)#interface GigabitEthernet 3/21 R3(conf-if-gi-3/21)#ip address 10.0.23.
30 Isolated Networks for Aggregators An Isolated Network is an environment in which servers can only communicate with the uplink interfaces and not with each other even though they are part of same VLAN. If the servers in the same chassis need to communicate with each other, it requires a non-isolated network connectivity between them or it needs to be routed in the TOR. Isolated Networks can be enabled on per VLAN basis.
31 Link Aggregation Unlike IOA Automated modes (Standalone and VLT modes), the IOA Programmable MUX (PMUX) can support multiple uplink LAGs. You can provision multiple uplink LAGs. The I/O Aggregator auto-configures with link aggregation groups (LAGs) as follows: • All uplink ports are automatically configured in a single port channel (LAG 128).
How the LACP is Implemented on an Aggregator The LACP provides a means for two systems (also called partner systems) to exchange information through dynamic negotiations to aggregate two or more ports with common physical characteristics to form a link aggregation group. NOTE: A link aggregation group is referred to as a port channel by the Dell Networking OS. A LAG provides both load-sharing and port redundancy across stack units. An Aggregator supports LACP for auto-configuring dynamic LAGs.
The benefit of supporting a dynamic LAG is that the Aggregator's server-facing ports can toggle between participating in the LAG or acting as individual ports based on the dynamic information exchanged with a server NIC. LACP supports the exchange of messages on a link to allow their LACP instances to: • • • • Reach agreement on the identity of the LAG to which the link belongs. Attach the link to that LAG. Enable the transmission and reception functions in an orderly manner.
• Reassigning an Interface to a New Port Channel (optional) • Configuring VLAN Tags for Member Interfaces (optional) • Deleting or Disabling a Port Channel (optional) Creating a Port Channel You can create up to 128 port channels with four port members per group on the Aggregator. To configure a port channel, use the following commands. 1 Create a port channel. CONFIGURATION mode interface port-channel id-number 2 Ensure that the port channel is active.
To add a physical interface to a port, use the following commands. 1 Add the interface to a port channel. INTERFACE PORT-CHANNEL mode channel-member interface This command is applicable only in PMUX mode. The interface variable is the physical interface type and slot/port information. 2 Double check that the interface was added to the port channel.
0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 0 packets, 0 bytes, 0 underruns 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.
interface port-channel id number This command is applicable only in PMUX mode. 3 Add the interface to the second port channel. INTERFACE PORT-CHANNEL mode channel-member interface Example of Moving an Interface to a New Port Channel The following example shows moving the TenGigabitEthernet 0/8 interface from port channel 4 to port channel 3.
Configuring VLAN Tags for Member Interfaces To configure and verify VLAN tags for individual members of a port channel, perform the following: 1 Configure VLAN membership on individual ports INTERFACE mode Dell(conf-if-te-0/2)#vlan tagged 2,3-4 2 Use the switchport command in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell(conf-if-te-0/2)#switchport This switchport configuration is allowed only in PMUX mode.
Configuring Auto LAG You can enable or disable auto LAG on the server-facing interfaces. By default, auto LAG is enabled. This functionality is supported on the Aggregator in Standalone, Stacking, and VLT modes. To configure auto LAG, use the following commands: 1 Enable the auto LAG on all the server ports. CONFIGURATION mode io-aggregator auto-lag enable Dell(config)# io-aggregator auto-lag enable To disable the auto LAG on all the server ports, use the no io-aggregator auto-lag enable command.
Interface index is 15274753 Internet address is not set Mode of IPv4 Address Assignment : NONE DHCP Client-ID :f8b156071d8e MTU 12000 bytes, IP MTU 11982 bytes LineSpeed auto Auto-lag is disabled Flowcontrol rx on tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:12:53 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 B
Configuring the Minimum Number of Links to be Up for Uplink LAGs to be Active You can activate the LAG bundle for uplink interfaces or ports (the uplink port-channel is LAG 128) on the I/O Aggregator only when a minimum number of member interfaces of the LAG bundle is up. For example, based on your network deployment, you may want the uplink LAG bundle to be activated only if a certain number of member interface links is also in the up state.
0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.
The following log message appears when LACP link fallback is removed: Feb 26 15:53:32: %STKUNIT0-M:CP %SMUX-5-SMUX_LACP_PDU_RECEIVED_FROM_PEER: LACP PDU received from PEER and connectivity to PEER will be restored to Uplink Portchannel 128.
Table 35.
Created by LACP protocol Hardware address is 00:01:e8:e1:e1:c1, Current address is 00:01:e8:e1:e1:c1 Interface index is 1107755136 Minimum number of links to bring Port-channel up is 1 Internet address is not set Mode of IP Address Assignment : NONE DHCP Client-ID :lag1280001e8e1e1c1 MTU 12000 bytes, IP MTU 11982 bytes LineSpeed 40000 Mbit Members in this channel: Te0/9 Te0/10 Te 0/11 Te0/12 ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:11:50 Queueing strategy: fifo Inpu
Port State: Bundle Actor Admin: State Oper: State Partner Admin: State Oper: State ADEHJLMP ADEGIKNP BDFHJLMP ACEGIKNP Key Key Key Key 128 Priority 32768 128 Priority 32768 0 Priority 0 128 Priority 32768 show interfaces port-channel 1 Command Example Dell# show interfaces port-channel 1 Port-channel 1 is up, line protocol is up Created by LACP protocol Hardware address is 00:01:e8:e1:e1:c1, Current address is 00:01:e8:e1:e1:c1 Interface index is 1107755009 Minimum number of links to bring Port-channel
Partner Admin: State BDFHJLMP Key 0 Priority 0 Oper: State ADEGIKNP Key 33 Priority 255 Multiple Uplink LAGs with 10G Member Ports The following sample commands configure multiple dynamic uplink LAGs with 10G member ports based on LACP. 1 Bring up all the ports. Dell#configure Dell(conf)#int range tengigabitethernet 0/1 - 12 Dell(conf-if-range-te-0/1-12)#no shutdown 2 Associate the member ports into LAG-10 and 11.
Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C - Community, I - Isolated O - Openflow Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged o - OpenFlow untagged, O - OpenFlow tagged G - GVRP tagged, M - Vlan-stack, H - VSN tagged i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged * 1 NUM 1000 1001 Dell# 5 Status Active Active Active Description Q Ports U Po10(Te 0/4-5) U Po11(Te 0/6) T Po10(Te 0/4-5) T Po11(Te 0/6) Show L
32 Layer 2 The Aggregator supports CLI commands to manage the MAC address table: • • Clearing the MAC Address Entries Displaying the MAC Address Table The Aggregator auto-configures with support for Network Interface Controller (NIC) Teaming. NOTE: On an Aggregator, all ports are configured by default as members of all (4094) VLANs, including the default VLAN. All VLANs operate in Layer 2 mode.
destination address within the timer period, the address is removed from the table. The default aging time is 1800 seconds in PMUX mode and 300 seconds in Standalone and VLT modes. You can manually clear the MAC address table of dynamic entries. To clear a MAC address table, use the following command: 1 Clear a MAC address table of dynamic entries. EXEC Privilege mode clear mac-address-table dynamic {all | interface {tengigabitethernet <0–5> | SLOT/ PORT} } • all: deletes all dynamic entries.
• Disable source MAC address learning from LACP and LLDP BPDUs. CONFIGURATION mode mac-address-table disable-learning If you don’t use any option, the mac-address-table disable-learning command disables source MAC address learning from both LACP and LLDP BPDUs. NOTE: You can use the mac-address-table disable-learning command only in Full–Switch mode.
The below fig shows a topology where two NICs have been teamed together. In this case, if the primary NIC fails, traffic switches to the secondary NIC, because they are represented by the same set of addresses. Figure 61. Redundant NOCs with NIC Teaming MAC Address Station Move When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (see figure below). If the NIC fails, the same MAC address is learned on Port 0/5 of the switch.
MAC address is disassociated with one port and re-associated with another in the ARP table; in other words, the ARP entry is “moved”. The Aggregator is auto-configured to support MAC Address station moves. Figure 62. MAC Address Station Move MAC Move Optimization Station-move detection takes 5000ms because this is the interval at which the detection algorithm runs.
33 Link Layer Discovery Protocol (LLDP) Link layer discovery protocol (LLDP) advertises connectivity and management from the local station to the adjacent stations on an IEEE 802 LAN. LLDP facilitates multi-vendor interoperability by using standard management tools to discover and make available a physical topology for network management. The Dell Networking operating software implementation of LLDP is based on IEEE standard 801.1ab.
Protocol Data Units Configuration information is exchanged in the form of type, length, value (TLV) segments. The below figure shows the chassis ID TLV. • Type — Indicates the type of field that a part of the message represents. • Length — Indicates the size of the value field (in byte). • Value — Indicates the data for this part of the message. Figure 63.
3 Time to Live The Time To Live TLV indicates the number of seconds that the recipient LLDP agent considers the information associated with this MSAP identifier to be valid. — Optional Includes sub-types of TLVs that advertise specific configuration information. These sub-types are Management TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 64. LLDPDU Frame Configure LLDP Configuring LLDP is a two-step process. 1 Enable LLDP globally.
CONFIGURATION versus INTERFACE Configurations All LLDP configuration commands are available in PROTOCOL LLDP mode, which is a sub-mode of the CONFIGURATION mode and INTERFACE mode. • Configurations made at the CONFIGURATION level are global; that is, they affect all interfaces on the system. • Configurations made at the INTERFACE level affect only the specific interface; they override CONFIGURATION level configurations.
protocol lldp 2 Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP To disable or undo LLDP, use the following command. • Disable LLDP globally or for an interface. disable To undo an LLDP configuration, precede the relevant command with the keyword no. Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • If you configure the system globally, all interfaces send LLDPDUs with the specified TLVs.
• power-via-mdi • softphone-voice • streaming-video • video-conferencing • video-signaling • voice • voice-signaling In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 65. Configuring LLDP Optional TLVs The Dell Networking Operating System (OS) supports the following optional TLVs: Management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs.
• OUI Sub-type—These sub-types indicate the kind of information in the following data field. The subtypes are determined by the owner of the OUI. Figure 66. Organizationally Specific TLVs IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs. Table 37.
Type TLV Description 127 Port and Protocol VLAN ID On Dell Networking systems, indicates the tagged VLAN to which a port belongs (and the untagged VLAN to which a port belongs if the port is in Hybrid mode). 127 VLAN Name Indicates the user-defined alphanumeric string that identifies the VLAN. 127 Protocol Identity Indicates the protocols that the port can process. The Dell Networking OS does not currently support this TLV.
LLDP-MED Capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must transmit the Network Policies TLV. • The value of the LLDP-MED capabilities field in the TLV is a 2–octet bitmap, each bit represents an LLDP-MED capability (as shown in the following table). • The possible values of the LLDP-MED device type are shown in the following.
LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations. LLDP-MED network policies TLV include: • VLAN ID • VLAN tagged or untagged status • Layer 2 priority • DSCP value An integer represents the application type (the Type integer shown in the following table), which indicates a device function for which a unique network policy is defined.
Type Application Description 7 Streaming Video Specify this application type for dedicated video conferencing and other similar appliances supporting real-time interactive video. 8 Video Signaling Specify this application type only if video control packets use a separate network policy than video data. 9–255 Reserved — Figure 68.
LLDP Operation On an Aggregator, LLDP operates as follows: • LLDP is enabled by default. • LLDPDUs are transmitted and received by default. LLDPDUs are transmitted periodically. The default interval is 30 seconds. • LLDPDU information received from a neighbor expires after the default Time to Live (TTL) value: 120 seconds. • Dell Networking OS supports up to eight neighbors per interface. • Dell Networking OS supports a maximum of 8000 total neighbors per system.
Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • Display brief information about adjacent devices. • show lldp neighbors Display all of the information that neighbors are advertising.
======================================================================== Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval.
protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#multiplier ? <2-10> Multiplier (default=4) R1(conf-lldp)#multiplier 5 R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description multiplier 5 no disable R1(conf-lldp)#no multiplier R1(co
debug lldp detail Figure 70. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networkings OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • Received and transmitted TLVs • LLDP configuration on the local agent • IEEE 802.
Table 41. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplier Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs. txInfoTTL lldpTxInfoTTL Time to live for transmitted TLVs.
Table 42.
TLV Type TLV Name TLV Variable System LLDP MIB Object interface numbering subtype Local lldpLocManAddrIfSub type Remote lldpRemManAddrIfSu btype Local lldpLocManAddrIfId Remote lldpRemManAddrIfId Local lldpLocManAddrOID Remote lldpRemManAddrOID interface number OID Table 43. LLDP 802.
Table 44.
TLV Sub-Type TLV Name TLV Variable 3 Location Data Format Local Location Identifier Location ID Data 4 Extended Power via MDI Power Device Type Power Source System LLDP-MED MIB Object lldpXMedLocLocation Subtype Remote lldpXMedRemLocatio nSubtype Local lldpXMedLocLocation Info Remote lldpXMedRemLocatio nInfo Local lldpXMedLocXPoEDe viceType Remote lldpXMedRemXPoED eviceType Local lldpXMedLocXPoEPS EPowerSource lldpXMedLocXPoEPD PowerSource Remote lldpXMedRemXPoEPS EPowerSource lldpX
34 Microsoft Network Load Balancing Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
With NLB, the data frame is forwarded to all the servers for them to perform load-balancing. NLB Multicast Mode Scenario Consider a sample topology in which four servers, namely S1 through S4, are configured as a cluster or a farm. This set of servers is connected to a Layer 3 switch, which in turn is connected to the end-clients. They contain a single multicast MAC address (MAC-Cluster: 03-00-5E-11-11-11).
To preserve failover and balancing, the switch forwards the traffic destined for the server cluster to all member ports in the VLAN connected to the cluster. To ensure that this happens, you must configure the ip vlan-flooding command on the Dell switch at the time that the Microsoft cluster is configured. The server MAC address is given in the Ethernet frame header of the ARP reply, while the virtual MAC address representing the cluster is given in the payload.
INTERFACE mode arp ip-address multicast-mac-address interface 2 Associate specific MAC or hardware addresses to VLANs.
35 Multicast Source Discovery Protocol (MSDP) Dell Networking OS supports multicast source discovery protocol (MSDP). Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
3 When an MSDP peer receives an SA message, it determines if there are any group members within the domain interested in any of the advertised sources. If there are, the receiving RP sends a join message to the originating RP, creating a shortest path tree (SPT) to the source. Figure 71.
RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 72.
Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows you to configure two or more RPs with the same IP address on Loopback interfaces. The Anycast RP Loopback address are configured with a 32-bit mask, making it a host address.
Related Configuration Tasks The following lists related MSDP configuration tasks.
• MSDP Sample Configurations Figure 73.
Figure 74.
Figure 75.
Figure 76. Configuring MSDP Enabling MSDP Enable MSDP by peering RPs in different administrative domains. 1 Enable MSDP.
ip multicast-msdp 2 Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Example of Configuring MSDP Example of Viewing Peer Information R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr Local Addr State Source 192.168.0.1 192.168.0.
show ip msdp sa-cache Example of the show ip msdp sa-cache Command R3_E600#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom 239.0.0.1 10.11.4.2 192.168.0.1 192.168.0.1 Expire UpTime 76 00:10:44 Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking operating system caches. The default active source limit is 500K messages.
Accept Source-Active Messages that Fail the RFP Check A default peer is a peer from which active sources are accepted even though they fail the RFP check. Referring to the following illustrations: • In Scenario 1, all MSPD peers are up. • In Scenario 2, the peership between RP1 and RP2 is down, but the link (and routing protocols) between them is still up.
• In Scenario 4, RP1 has a default peer plus an access list. The list permits RP4 so the RPF check is disregarded for active sources from it, but RP5 (and all others because of the implicit deny all) are subject to the RPF check and fail, so those active sources are rejected. Figure 77.
Figure 78.
Figure 79.
Figure 80. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check.
Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.
CONFIGURATION mode ip msdp cache-rejected-sa 2 Prevent the system from caching local SA entries based on source and group using an extended ACL. CONFIGURATION mode ip msdp redistribute list Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache.
Example of Verifying the System is not Caching Remote Sources As shown in the following example, R1 is advertising source 10.11.4.2. It is already in the SA cache of R3 when an ingress SA filter is applied to R3. The entry remains in the SA cache until it expires and is not stored in the rejected SA cache. [Router 3] R3_E600(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168.0.1 connect-source Loopback 0 ip msdp sa-filter in 192.168.0.
seq 5 deny ip host 239.0.0.1 host 10.11.4.2 seq 10 deny ip any any R1_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom 239.0.0.1 10.11.4.2 192.168.0.1 local R3_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom 239.0.0.1 10.11.4.2 192.168.0.1 192.168.0.
[Router 1] R1_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics.
Example of the debug ip msdp Command R1_E600(conf)#do debug ip msdp All MSDP debugging has been turned on R1_E600(conf)#03:16:08 : MSDP-0: Peer 03:16:09 : MSDP-0: Peer 192.168.0.3, 03:16:27 : MSDP-0: Peer 192.168.0.3, 03:16:38 : MSDP-0: Peer 192.168.0.3, 03:16:39 : MSDP-0: Peer 192.168.0.3, 03:17:09 : MSDP-0: Peer 192.168.0.3, 03:17:10 : MSDP-0: Peer 192.168.0.3, 03:17:27 : MSDP-0: Peer 192.168.0.3, Input (S,G) filter: none Output (S,G) filter: none 192.168.0.
3 RPs use MSDP to peer with each other using a unique address. Figure 81. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. 1 In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2 Make this address the RP for the group.
CONFIGURATION mode ip pim rp-address 3 In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address. CONFIGURATION mode interface loopback 4 Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connectsource. CONFIGURATION mode ip msdp peer 5 Advertise the network of each of the unique Loopback addresses throughout the network.
interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.
network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.22/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.11 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.11 ip msdp originator-id Loopback 1 ! ip route 192.168.0.
MSDP Sample Configurations The following examples show the running-configurations described in this chapter. For more information, refer to the illustrations in the Related Configuration Tasks section. MSDP Sample Configuration: R1 Running-Config MSDP Sample Configuration: R2 Running-Config MSDP Sample Configuration: R3 Running-Config MSDP Sample Configuration: R4 Running-Config ip multicast-routing ! interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.
no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.2/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 update-source Loopback 0 neighbor 192.168.0.3 no shutdown ! ip route 192.168.0.3/32 10.11.0.32 ! ip pim rp-address 192.168.0.
! ip route 192.168.0.2/32 10.11.0.23 ip multicast-routing ! interface GigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface GigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown ! interface GigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown ! interface Loopback 0 ip address 192.168.0.4/32 no shutdown ! router ospf 1 network 10.11.5.0/24 area 0 network 10.11.6.0/24 area 0 network 192.168.0.4/32 area 0 ! ip pim rp-address 192.168.0.
36 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). Protocol Overview MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances. In contrast, PVST+ allows a spanning tree instance for each VLAN.
In the following illustration, three VLANs are mapped to two multiple spanning tree instances (MSTI). VLAN 100 traffic takes a different path than VLAN 200 and 300 traffic. The behavior demonstrates how you can use MSTP to achieve load balancing. Figure 82.
Spanning Tree Variations The Dell Networking operating system (OS) supports four variations of spanning tree, as shown in the following table. Table 45. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multicast Source Discovery Protocol (MSDP) 802 .1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information The following describes the MSTP implementation information.
Related Configuration Tasks The following are the related configuration tasks for MSTP.
Creating Multiple Spanning Tree Instances To create multiple spanning tree instances, use the following command. A single MSTI provides no more benefit than RSTP. To take full advantage of MSTP, create multiple MSTIs and map VLANs to them. • Create an MSTI. PROTOCOL MSTP mode msti Specify the keyword vlan then the VLANs that you want to participate in the MSTI.
Designated port id is Number of transitions BPDU (MRecords): sent The port isnot in the 128.384, designated path cost 2000 to forwarding state 1 39291, received 7547 Edge port mode, bpdu filter is disabled Influencing MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it becomes the root bridge. To change the bridge priority, use the following command. • Assign a number as the bridge priority.
For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for name and revision match on all Dell Networking OS equipment. If you have non-Dell Networking OS equipment that participates in MSTP, ensure these values match on all the equipment. NOTE: Some non-Dell Networking OS equipment may implement a non-null default region name. SFTOS, for example, uses the Bridge ID, while others may use a MAC address.
NOTE: Dell Networking recommends that only experienced network administrators change MSTP parameters. Poorly planned modification of MSTP parameters can negatively affect network performance. To change the MSTP parameters, use the following commands on the root bridge. 1 Change the forward-delay parameter. PROTOCOL MSTP mode forward-delay seconds The range is from 4 to 30. The default is 15 seconds. 2 Change the hello-time parameter.
MSTI 2 bridge-priority 4096 Dell(conf)# Enable BPDU Filtering Globally The enabling of BPDU Filtering stops transmitting of BPDUs on the operational port fast enabled ports by default. When BPDUs are received, the spanning tree is automatically prepared. By default global bpdu filtering is disabled. Enable BPDU Filter globally to filter transmission of BPDU port fast enabled interfaces. PROTOCOL MSTP mode edge-port bpdu filter default Figure 83.
The following lists the default values for port cost by interface. Table 46.
CAUTION: Configure EdgePort only on links connecting to an end station. EdgePort can cause loops if you enable it on an interface connected to a network. To enable EdgePort on an interface, use the following command. • Enable EdgePort on an interface.
MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 84. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2 Assign Layer-2 interfaces to the MSTP topology.
interface GigabitEthernet 1/31 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged GigabitEthernet 1/21,31 no shutdown ! interface Vlan 200 no ip address tagged GigabitEthernet 1/21,31 no shutdown ! interface Vlan 300 no ip address tagged GigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs.
no ip address tagged GigabitEthernet 2/11,31 no shutdown Router 3 Running-Configuration This example uses the following steps: 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2 Assign Layer-2 interfaces to the MSTP topology. 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
spanning-tree spanning-tree spanning-tree spanning-tree spanning-tree spanning-tree spanning-tree configuration name Tahiti configuration revision 123 MSTi instance 1 MSTi vlan 1 100 MSTi instance 2 MSTi vlan 2 200 MSTi vlan 2 300 (Step 2) interface 1/0/31 no shutdown spanning-tree port mode enable switchport protected 0 exit interface 1/0/32 no shutdown spanning-tree port mode enable switchport protected 0 exit (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31
To show various portions of the MSTP configuration, use the show spanning-tree mst commands. To view the overall MSTP configuration on the router, use the show running-configuration spanningtree mstp in EXEC Privilege mode. To monitor and verify that the MSTP configuration is connected and communicating as desired, use the debug spanning-tree mstp bpdu command. Key items to look for in the debug report include: • • • MSTP flags indicate communication received from the same region.
INST 2: Flags: 0x78, Reg Root: 32768:0001.e806.953e, Int Root Cost: 0 Brg/Port Prio: 32768/128, Rem Hops: 19 The bold line in the following example shows that the MSTP routers are in different regions and are not communicating with each other. 4w0d4h : MSTP: Received BPDU on TenGig 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x78Different Region CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 Regional Bridge Id: 32768:0001.e806.
37 Multicast Features Dell Networking OS supports multicast features.
Protocol Ethernet Address OSPF 01:00:5e:00:00:05 01:00:5e:00:00:06 RIP 01:00:5e:00:00:09 NTP 01:00:5e:00:01:01 VRRP 01:00:5e:00:00:12 PIM-SM 01:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fennertraceroute-ipm. • Multicast is not supported on secondary IP addresses. • Egress L3 ACL is not applied to multicast data traffic if you enable multicast routing.
IPv4 Multicast Policies The following sections describe IPv4 multicast policies.
NOTE: The IN-L3-McastFib CAM partition is used to store multicast routes and is a separate hardware limit that exists per port-pipe. Any software-configured limit may supersede by this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the systemwide route limit the ip multicast-limit command sets is reached. Preventing a Host from Joining a Group You can prevent a host from joining a particular group by blocking specific IGMP reports.
limiting Receiver 1, so both IGMP reports are accepted, and two corresponding entries are created in the routing table. Figure 85. Preventing a Host from Joining a Group Table 47. Preventing a Host from Joining a Group — Description Location 1/21 Description • • • Interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.12.
Location Description • no shutdown 1/31 • • • • Interface GigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown 2/1 • • • • Interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11 • • • • Interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31 • • • • Interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.
Location Description • • • • • ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp access-group igmpjoinfilR2G2 no shutdown Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied.
In the following example, Source 1 and Source 2 are both transmitting packets for groups 239.0.0.1 and 239.0.0.2. R3 has a PIM register filter that only permits packets destined for group 239.0.0.2. An entry is created for group 239.0.0.1 in the routing table, but no outgoing interfaces are listed. R2 has no filter, so it is allowed to forward both groups. As a result, Receiver 1 receives only one transmission, while Receiver 2 receives duplicate transmissions. Figure 86.
Location Description • • ip address 10.11.12.1/24 no shutdown 1/31 • • • • Interface GigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown 2/1 • • • • Interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11 • • • • Interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31 • • • • Interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.
Location Receiver 2 Description • • • • • Interface VLAN 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 no shutdown Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router.
38 Open Shortest Path First (OSPFv2 and OSPFv3) Dell Networking OS supports open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6). This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking operating system (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3.
Autonomous System (AS) Areas OSPF operates in a type of hierarchy. The largest entity within the hierarchy is the autonomous system (AS), which is a collection of networks under a common administration that share a common routing strategy. OSPF is an intra-AS (interior gateway) routing protocol, although it is capable of receiving routes from and sending routes to other ASs. You can divide an AS into a number of areas, which are groups of contiguous networks and attached hosts.
Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. An OSPF backbone is responsible for distributing routing information between areas. It consists of all area border routers, networks not wholly contained in any area, and their attached routers. The backbone is the only area with a default area number. All other areas can have their Area ID assigned in the configuration.
The following example shows different router designations. Figure 88. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example.
Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An ABR takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to. An ABR can connect to many areas in an AS, and is considered a member of each area it connects to.
• Type 3: Summary LSA (OSPFv2), Inter-Area-Prefix LSA (OSPFv3) — An ABR takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to. The link-state ID of the Type 3 LSA is the destination network number. • Type 4: AS Border Router Summary LSA (OSPFv2), Inter-Area-Router LSA (OSPFv3) — In some cases, Type 5 External LSAs are flooded to areas where the detailed next-hop information may not be available.
Router Priority and Cost Router priority and cost is the method the system uses to “rate” the routers. For example, if not assigned, the system selects the router with the highest priority as the DR. The second highest priority is the BDR. • • Priority is a numbered rating 0 to 255. The higher the number, the higher the priority. Cost is a numbered rating 1 to 65535. The higher the number, the greater the cost. The cost assigned reflects the cost should the router fail.
On OSPFv3, the system supports only one process at a time for all platforms. Prior to the Dell Networking OS version 7.8.1.0, the system supported one OSPFv2 and one OSPFv3 process ID per system. OSPFv2 and OSPFv3 can coexist but you must configure them individually. The Dell Networking OS supports stub areas, totally stub (no summary) and not so stubby areas (NSSAs) and supports the following LSAs, as described earlier.
• Restarting role in which an enabled router performs its own graceful restart. • Helper role in which the router's graceful restart function is to help a restarting neighbor router in its graceful restarts. • Helper-reject role in which OSPF does not participate in the graceful restart of a neighbor. • OSPFv2 supports helper-only and restarting-only roles. By default, both helper and restarting roles are enabled. OSPFv2 supports the helper-reject role globally on a router.
Processing SNMP and Sending SNMP Traps Only the process in default vrf can process the SNMP requests and send SNMP traps. OSPF ACK Packing The OSPF ACK packing feature bundles multiple LS acknowledgements in a single packet, significantly reducing the number of ACK packets transmitted when the number of LSAs increases. This feature also enhances network utilization and reduces the number of small ACK packets sent to a neighboring router. OSPF ACK packing is enabled by default and non-configurable.
Timer intervals configured, Hello 20, Dead 80, Wait 20, Retransmit 5 Hello due in 00:00:04 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 1.1.1.1 (Backup Designated Router) Dell (conf-if-gi-2/2)# Configuration Information The interfaces must be in Layer-3 mode (assigned an IP address) and enabled so that they can send and receive traffic. The OSPF process must know about these interfaces. To make the OSPF process aware of these interfaces, they must be assigned to OSPF areas.
Example Dell# Dell#conf Dell(conf)#router ospf 1 Dell(conf-router_ospf-1)#timer spf 2 5 Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#show config ! router ospf 1 timers spf 2 5 Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#end Dell# For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback).
Assigning a Router ID In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described. • Assign the router ID for the OSPFv2 process. CONFIG-ROUTER-OSPF-id mode • router-id ip address Disable OSPF. CONFIGURATION mode • no router ospf process-id Reset the OSPFv2 process.
network ip-address mask area area-id The IP Address Format is A.B.C.D/M. The area ID range is from 0 to 65535 or A.B.C.D/M. Enable OSPFv2 on Interfaces Enable and configure OSPFv2 on each interface (configure for Layer 3 protocol), and not shutdown. You can also assign OSPFv2 to a Loopback interface as a virtual interface. OSPF functions and features, such as MD5 Authentication, Grace Period, Authentication Wait Time, are assigned on a per interface basis.
Designated Router (ID) 11.1.2.1, Interface address 10.2.2.1 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.0 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:04 Neighbor Count is 0, Adjacent neighbor count is 0 TenGigabitEthernet 12/21 is up, line protocol is up Internet Address 10.2.3.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.1.2.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 13.1.1.
3 Enter ROUTER OSPF mode. CONFIGURATION mode router ospf process-id Process ID is the ID assigned when configuring OSPFv2 globally. 4 Configure the area as a stub area. CONFIG-ROUTER-OSPF-id mode area area-id stub [no-summary] Use the keywords no-summary to prevent transmission into the area of summary ASBR LSAs. Area ID is the number or IP address assigned when creating the area.
• arrival-time: set the interval between receiving the same LSA repeatedly, to allow sufficient time for the system to accept the LSA. The range is from 0 to 600,000 milliseconds. Enabling Passive Interfaces A passive interface is one that does not send or receive routing information. Enabling passive interface suppresses routing updates on an interface.
Designated Router (ID) 10.1.2.100, Interface address 10.1.3.100 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.0 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 No Hellos (Passive interface) Neighbor Count is 0, Adjacent neighbor count is 0 Loopback 45 is up, line protocol is up Internet Address 10.1.1.23/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.
Dell##show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 0 Min LSA origination 0 msec, Min LSA arrival 1000 msec Number of area in this router is 0, normal 0 stub 0 nssa 0 Dell# Changing OSPFv2 Parameters on Interfaces In the Dell Networking OS, you can modify the OSPF settings on the interfaces.
• Change the priority of the interface, which is used to determine the Designated Router for the OSPF broadcast network. CONFIG-INTERFACE mode ip ospf priority number • • number: the range is from 0 to 255 (the default is 1). Change the retransmission interval between LSAs. CONFIG-INTERFACE mode ip ospf retransmit-interval seconds • • seconds: the range is from 1 to 65535 (the default is 5 seconds). The retransmit interval must be the same on all routers in the OSPF network.
Enabling OSPFv2 Authentication To enable or change various OSPF authentication parameters, use the following commands. • Set a clear text authentication scheme on the interface. CONFIG-INTERFACE mode ip ospf authentication-key key Configure a key that is a text string no longer than eight characters. All neighboring routers must share password to exchange OSPF information. Set the authentication change wait time in seconds between 0 and 300 for the interface.
This setting is the time that an OSPFv2 router’s neighbors advertises it as fully adjacent, regardless of the synchronization state, during a graceful restart. OSPFv2 terminates this process when the grace period ends. 2 Enter the Router ID of the OSPFv2 helper router from which the router does not accept graceful restart assistance. CONFIG-ROUTEROSPF- id mode graceful-restart helper-reject router-id • Planned-only — the OSPFv2 router supports graceful-restart for planned restarts only.
Creating Filter Routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing routes. Incoming routes must meet the conditions of the prefix lists. If they do not, OSPF does not add the route to the routing table. Configure the prefix list in CONFIGURATION PREFIX LIST mode prior to assigning it to the OSPF process. • Create a prefix list and assign it a unique name. CONFIGURATION mode ip prefix-list prefix-name • You are in PREFIX LIST mode.
redistribute {bgp | connected | rip | ospf | static} [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] Configure the following required and optional parameters: • bgp, connected, ospf, rip, static: enter one of the keywords to redistribute those routes. • metric metric-value: the range is from 0 to 4294967295. • metric-type metric-type: 1 for OSPF external route type 1. 2 for OSPF external route type 2.
• View the summary information of the IP routes. EXEC Privilege mode • show ip route summary View the summary information for the OSPF database. EXEC Privilege mode • show ip ospf database View the configuration of OSPF neighbors connected to the local router. EXEC Privilege mode • show ip ospf neighbor View the LSAs currently in the queue. EXEC Privilege mode • show ip ospf timers rate-limit View debug messages.
default-information originate always router-id 10.10.10.10 Dell# Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes.
OSPF Area 0 — Gl 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 ! interface Loopback 30 ip address 192.168.100.100/24 no shutdown ! interface GigabitEthernet 3/1 ip address 10.1.13.3/24 no shutdown ! interface GigabitEthernet 3/2 ip address 10.2.13.3/24 no shutdown OSPF Area 0 — Gl 2/1 and 2/2 router ospf 22222 network 192.168.100.0/24 area 0 network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0 ! interface Loopback 20 ip address 192.
The OSPFv3 ipv6 ospf area command enables OSPFv3 on the interface and places the interface in an area. With OSPFv2, two commands are required to accomplish the same tasks — the router ospf command to create the OSPF process, then the network area command to enable OSPF on an interface. NOTE: The OSPFv2 network area command enables OSPF on multiple interfaces with the single command. Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3.
ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits; separate each group by a colon (:). The format is A:B:C::F/128. 2 Bring up the interface. CONF-INT-type slot/port mode no shutdown Assigning Area ID on an Interface To assign the OSPFv3 process to an interface, use the following command. The ipv6 ospf area command enables OSPFv3 on an interface and places the interface in the specified area.
NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode • no ipv6 router ospf process-id Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Configuring Stub Areas To configure IPv6 stub areas, use the following command. • Configure the area as a stub area. CONF-IPV6-ROUTER-OSPF mode area area-id stub [no-summary] • no-summary: use these keywords to prevent transmission in to the area of summary ASBR LSAs.
Redistributing Routes You can add routes from other routing instances or protocols to the OSPFv3 process. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command. • Specify which routes are redistributed into the OSPF process.
By default, OSPFv3 graceful restart is disabled and functions only in a helper role to help restarting neighbor routers in their graceful restarts when it receives a Grace LSA. To enable OSPFv3 graceful restart, enter the ipv6 router ospf process-id command to enter OSPFv3 configuration mode. Then configure a grace period using the graceful-restart grace-period command. The grace period is the time that the OSPFv3 neighbors continue to advertise the restarting router as though it is fully adjacent.
• Display the graceful-restart configuration for OSPFv2 and OSPFv3 (shown in the following example). EXEC Privilege mode • show run ospf Display the Type-11 Grace LSAs sent and received on an OSPFv3 router (shown in the following example). EXEC Privilege mode • show ipv6 ospf database grace-lsa Display the currently configured OSPFv3 parameters for graceful restart (shown in the following example).
Inter Area Rtr LSA Count 0 Group Mem LSA Count 0 Dell#show ipv6 ospf database grace-lsa ! Type-11 Grace LSA (Area 0) LS Age Link State ID Advertising Router LS Seq Number Checksum Length Associated Interface Restart Interval Restart Reason : : : : : : : : : 10 6.16.192.66 100.1.1.1 0x80000001 0x1DF1 36 Gi 5/3 180 Switch to Redundant Processor OSPFv3 Authentication Using IPsec Dell Networking OS supports OSPFv3 authentication using IP security (IPsec). Starting in Dell Networking OS version 8.4.2.
In OSPFv3 communication, IPsec provides security services between a pair of communicating hosts or security gateways using either AH or ESP. In an authentication policy on an interface or in an OSPF area, AH and ESP are used alone; in an encryption policy, AH and ESP may be used together. The difference between the two mechanisms is the extent of the coverage. ESP only protects IP header fields if they are encapsulated by ESP.
• To configure an IPsec security policy for authenticating or encrypting OSPFv3 packets on a physical, port-channel, or VLAN interface or OSPFv3 area, perform any of the following tasks: • Configuring IPsec Authentication on an Interface • Configuring IPsec Encryption on an Interface • Configuring IPSec Authentication for an OSPFv3 Area • Configuring IPsec Encryption for an OSPFv3 Area • Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface To configure, remov
NOTE: When you configure encryption using the ipv6 ospf encryption ipsec command, you enable both IPsec encryption and authentication. However, when you enable authentication on an interface using the ipv6 ospf authentication ipsec command, you do not enable encryption at the same time. The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. Configure the same authentication policy (the same SPI and key) on each OSPFv3 interface in a link.
If you have enabled IPSec encryption in an OSPFv3 area using the area encryption command, you cannot use the area authentication command in the area at the same time. The configuration of IPSec authentication on an interface-level takes precedence over an area-level configuration. If you remove an interface configuration, an area authentication policy that has been configured is applied to the interface. • Enable IPSec authentication for OSPFv3 packets in an area.
• • • • • • • • area area-id: specifies the area for which OSPFv3 traffic is to be encrypted. For area-id, enter a number or an IPv6 prefix. spi number: is the security policy index (SPI) value. The range is from 256 to 4294967295. esp encryption-algorithm: specifies the encryption algorithm used with ESP. The valid values are 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. key: specifies the text string used in the encryption.
Example of the show crypto ipsec policy Command Dell#show crypto ipsec policy Crypto IPSec client security policy data Policy name Policy refcount Inbound ESP SPI Outbound ESP SPI Inbound ESP Auth Key Outbound ESP Auth Key Inbound ESP Cipher Key Outbound ESP Cipher Key Transform set : : : : : : : : : OSPFv3-1-502 1 502 (0x1F6) 502 (0x1F6) 123456789a123456789b123456789c12 123456789a123456789b123456789c12 123456789a123456789b123456789c123456789d12345678 123456789a123456789b123456789c123456789d12345678 esp-3
replay detection support : N STATUS : ACTIVE inbound esp sas outbound esp sas Interface: TenGigabitEthernet 0/1 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE
• View the summary information of the IPv6 routes. EXEC Privilege mode • show ipv6 route summary View the summary information for the OSPFv3 database. EXEC Privilege mode • show ipv6 ospf database View the configuration of OSPFv3 neighbors. EXEC Privilege mode • show ipv6 ospf neighbor View debug messages for all OSPFv3 interfaces. EXEC Privilege mode debug ipv6 ospf [event | packet] {type slot/port} • event: View OSPF event messages. • packet: View OSPF packets.
39 Policy-based Routing (PBR) Dell Networking OS supports policy-based routing.
To enable a PBR, you create a Redirect List. Redirect lists are defined by rules, or routing policies.
interface user needs to provide tunnel id mandatory. Instead if user provides the tunnel destination IP as next hop, that would be treated as IPv4 next hop and not tunnel next hop. PBR with Multiple Tacking Option: Policy based routing with multiple tracking option extends and introduces the capabilities of object tracking to verify the next hop IP address before forwarding the traffic to the next hop. The verification method is made transparent to the user.
• Create a Rule for a Redirect-list • Create a Track-id list. For complete tracking information, refer to Object Tracking chapter. • Apply a Redirect-list to an Interface using a Redirect-group Create a Redirect List Use the following command in CONFIGURATION mode: 1 Create a redirect list by entering the list name. Format: 16 characters CONFIGURATION mode ip redirect-list redirect-list-name Delete the redirect list with the no ip redirect-list command.
• • • IP protocol number Source address with mask information Destination address with mask information Creating a Rule Example: Dell(conf-redirect-list)#redirect ? A.B.C.D Forwarding router's address Dell(conf-redirect-list)#redirect 3.3.3.3 ? <0-255> An IP protocol number icmp Internet Control Message Protocol ip Any Internet Protocol tcp Transmission Control Protocol udp User Datagram Protocol Dell(conf-redirect-list)#redirect 3.3.3.3 ip ? A.B.C.
destination address and specify a different next-hop IP address. In this way, the recursive routes are used as different forwarding routes for dynamic failover. If the primary path goes down and the recursive route is removed from the routing table, the seq redirect statement is ignored and the next statement in the list with a different route is used. PBR Exceptions (Permit) Use the command permit to create an exception to a redirect list.
Applying a Redirect-list to an Interface Example: Dell(conf-if-te-4/0)#ip redirect-group xyz Dell(conf-if-te-4/0)# Applying a Redirect-list to an Interface Example: Dell(conf-if-te-1/0)#ip redirect-group test Dell(conf-if-te-1/0)#ip redirect-group xyz Dell(conf-if-te-1/0)#show config ! interface TenGigabitEthernet 1/0 no ip address ip redirect-group test ip redirect-group xyz shutdown Dell(conf-if-te-1/0)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are su
Track 200 [up], Next-hop reachable (via Te 1/32) , Track 200 [up], Next-hop reachable (via Vl 20) , Track 200 [up], Next-hop reachable (via Po 5) , Track 200 [up], Next-hop reachable (via Po 7) , Track 200 [up], Next-hop reachable (via Te 2/18) , Track 200 [up], Next-hop reachable (via Te 2/19) Use the show ip redirect-list (without the list name) to display all the redirect-lists configured on the device. Dell#show ip redirect-list IP redirect-list rcl0: Defined as: seq 5 permit ip 200.200.200.
• seq 15 permit ip any PBR Sample Configuration examples are shown below: Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-3/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.
EDGE_ROUTER(conf-if-Te-2/11)# EDGE_ROUTER(conf-if-Te-2/11)#ip redirect-group GOLD EDGE_ROUTER(conf-if-Te-2/11)#no shut EDGE_ROUTER(conf-if-Te-2/11)#end EDGE_ROUTER(conf-redirect-list)#end EDGE_ROUTER# View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23), ARP resolved seq 10 redirect 10.99.99.254 ip 192.168.2.
Apply the Redirect Rule to an Interface: Dell# Dell(conf)#int TenGigabitEthernet 2/28 Dell(conf-if-te-2/28)#ip redirect-group redirect_list_with_track Dell(conf-if-te-2/28)#end Verify the Applied Redirect Rules: Dell#show ip redirect-list redirect_list_with_track IP redirect-list redirect_list_with_track Defined as: seq 5 redirect 42.1.1.2 track 3 tcp 155.55.2.0/24 222.22.2.0/24, Track 3 [up], Next-hop reachable (via Vl 20) seq 10 redirect 42.1.1.
Verify the Status of the Track Objects (Up/Down): Dell#show track brief ResId 1 2 Dell# Resource Interface ip routing Interface ipv6 routing Parameter Tunnel 1 Tunnel 2 State Up Up LastChange 00:00:00 00:00:00 Create a Redirect-list with Track Objects pertaining to Tunnel Interfaces: Dell#configure terminal Dell(conf)#ip redirect-list explicit_tunnel Dell(conf-redirect-list)#redirect tunnel 1 track Dell(conf-redirect-list)#redirect tunnel 1 track Dell(conf-redirect-list)#redirect tunnel 1 track 144.
40 PIM Sparse-Mode (PIM-SM) Dell Networking OS supports protocol-independent multicast sparse-mode (PIM-SM). PIM-SM is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM-Dense mode, which forwards multicast traffic to all subnets until a request to stop.
Protocol Overview PIM-SM initially uses unidirectional shared trees to forward multicast traffic; that is, all multicast traffic must flow only from the rendezvous point (RP) to the receivers. After a receiver receives traffic from the RP, PM-SM switches to SPT to forward multicast traffic. Every multicast group has an RP and a unidirectional shared tree (group-specific shared tree).
Send Multicast Traffic With PIM-SM, all multicast traffic must initially originate from the RP. A source must unicast traffic to the RP so that the RP can learn about the source and create an SPT to it. Then the last-hop DR may create an SPT directly to the source. 1 The source gateway router (first-hop DR) receives the multicast packets and creates an (S,G) entry in its multicast routing table. The first-hop DR encapsulates the initial multicast packets in PIM Register packets and unicasts them to the RP.
ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. • Configuring S,G Expiry Timers • Configuring a Static Rendezvous Point • Configuring a Designated Router • Creating Multicast Boundaries and Domains Enable PIM-SM You must enable PIM-SM on each participating interface. 1 Enable multicast routing on the system. CONFIGURATION mode ip multicast-routing 2 Enable PIM-Sparse mode.
127.87.50.5 Dell# Gi 7/13 00:03:08/00:01:37 v2 1 / S To display the PIM routing table, use the show ip pim tib command from EXEC privilege mode. Dell#show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 192.1.2.1), uptime 00:29:36, expires 00:03:26, RP 10.87.2.
[seq sequence-number] permit ip source-address/mask | any | host sourceaddress} {destination-address/mask | any | host destination-address} 4 Set the expiry time for a specific (S,G) entry (as shown in the following example). CONFIGURATION mode ip pim sparse-mode sg-expiry-timer seconds sg-list access-list-name The range is from 211 to 86,400 seconds. The default is 210.
Overriding Bootstrap Router Updates PIM-SM routers must know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration. Use the following command if you have configured a static RP for a group. If you do not use the override option with the following command, the RPs advertised in the BSR updates take precedence over any statically configured RPs.
show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs). PMBRs connect each PIM domain to the rest of the Internet. Create multicast boundaries and domains by filtering inbound and outbound bootstrap router (BSR) messages per interface. The following command is applied to the subsequent inbound and outbound updates.
41 PIM Source-Specific Mode (PIMSSM) Dell Networking OS supports PIM source-specific mode (PIM-SSM). PIM-SSM is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but from all sources sending to that group.
Related Configuration Tasks • Use PIM-SSM with IGMP Version 2 Hosts Implementation Information • • The Dell Networking implementation of PIM-SSM is based on RFC 3569. The Dell Networking operating system (OS) reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. Important Points to Remember • • • The default SSM range is 232/8 always. Applying an SSM range does not overwrite the default range.
Group Address 239.0.0.2 / MaskLen / 32 Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using the ip igmp ssm-map acl command source from CONFIGURATION mode. In a standard access list, specify the groups or the group ranges that you want to map to a source. Then, specify the multicast source.
239.0.0.1 Vlan 400 INCLUDE 00:00:10 Never 10.11.4.2 R1(conf)#do show ip igmp ssm-map IGMP Connected Group Membership Group Address Interface Mode Uptime Expires 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:36 Never Member Ports: Gi 1/1 R1(conf)#do show ip igmp ssm-map 239.0.0.2 SSM Map Information Group : 239.0.0.2 Source(s) : 10.11.5.2 R1(conf)#do show ip igmp groups detail Interface Group Uptime Expires Router mode Last reporter Last reporter mode Last report Group source Source address 10.11.5.
42 Port Monitoring The Aggregator supports user-configured port monitoring. See Configuring Port Monitoring for the configuration commands to use. Port monitoring copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG).
MONITOR SESSION mode source Dell(conf)#monitor session 1 Dell(conf-mon-sess-1)#source tengig 0/1 destination tengig 0/8 direction both NOTE: By default, all uplink ports are assigned to port-channel (LAG) 128 and the destination port in a port monitoring session must be an uplink port. When you configure the destination port using the source command, the destination port is removed from LAG 128. To display the uplink ports currently assigned to LAG 128, enter the show lag 128 command.
In the following example, the host and server are exchanging traffic which passes through the uplink interface 0/1. Port 0/1 is the monitored port and port 0/8 is the destination port, which is configured to only monitor traffic received on tengigabitethernet 0/1 (host-originated traffic). Figure 91.
Dell(conf-mon-sess-1)#do show monitor session SessionID --------1 Source -----TenGig 0/1 Destination ----------TenGig 0/8 Direction --------both Mode ---interface Type ---Port-based Dell(conf-mon-sess-1)#mon ses 2 Dell(conf-mon-sess-2)#source tengig 0/1 destination tengig 0/8 direction both % Error: MD port is already being monitored. NOTE: There is no limit to the number of monitoring sessions per system, provided that there are only four destination ports per port-pipe.
43 Private VLANs (PVLAN) Dell Networking OS supports private VLAN (PVLAN) feature. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide. Private VLANs extend the Dell Networking operating system (OS) security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN).
• • A switch can have one or more primary VLANs, and it can have none. • A primary VLAN has one or more secondary VLANs. • A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. • A primary VLAN has one or more promiscuous ports. • A primary VLAN might have one or more trunk ports, or none. Secondary VLAN — a subdomain of the primary VLAN. • There are two types of secondary VLAN — community VLAN and isolated VLAN.
• Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode [no] private-vlan mapping secondary-vlan vlan-list Display type and status of PVLAN interfaces. • EXEC mode or EXEC Privilege mode show interfaces private-vlan [interface interface] Display PVLANs and/or interfaces that are part of a PVLAN. • EXEC mode or EXEC Privilege mode show vlan private-vlan [community | interface | isolated | primary | primary_vlan | interface interface] Display primary-secondary VLAN mapping.
3 Set the port in Layer 2 mode. INTERFACE mode switchport 4 Select the PVLAN mode. INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • host (isolated or community VLAN port) • promiscuous (intra-VLAN communication port) • trunk (inter-switch PVLAN hub port) Example of the switchport mode private-vlan Command For interface details, refer to Enabling a Physical Interface in the Interfaces chapter.
private-vlan mode primary 4 Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list 5 The list of secondary VLANs can be: • Specified in comma-delimited (VLAN-ID,VLAN-ID) or hyphenated-range format (VLAN-IDVLAN-ID). • Specified with this command even before they have been created. • Amended by specifying the new secondary VLAN to be added to the list. Add promiscuous ports as tagged or untagged interfaces.
4 Add one or more host ports to the VLAN. INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited (slot/ port,port,port) or hyphenated (slot/ port-port). You can only add host (isolated) ports to the VLAN. Creating an Isolated VLAN An isolated VLAN is a secondary VLAN of a primary VLAN. An isolated VLAN port can only talk with the promiscuous ports in that primary VLAN.
Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 92. Sample Private VLAN Topology The following configuration is based on the example diagram for the FN IOM switch: • • • • • TenGig 0/0 and TenGig 0/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000. TenGig 0/25 is configured as a PVLAN trunk port, also assigned to the primary VLAN 4000.
• The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports. • The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000. • All the ports in the secondary VLANs (both community and isolated VLANs) can only communicate with ports in the other secondary VLANs of that PVLAN over Layer 3, and only when the ip local-proxyarp command is invoked in the primary VLAN.
20 Dell# 30 40 Primary Community Isolated Yes Yes Yes Te 1/1,5 Te 1/2 Te 1/3 Example of the show vlan private-vlan mapping Command S50-1#show vlan private-vlan mapping Private Vlan: Primary : 4000 Isolated : 4003 Community : 4001 NOTE: In the following example, notice the addition of the PVLAN codes – P, I, and C – in the left column.
private-vlan mode primary private-vlan mapping secondary-vlan 30,40 no ip address tagged TenGigabitEthernet 1/1,5 shutdown ! interface Vlan 30 private-vlan mode community no ip address tagged TenGigabitEthernet 1/2 no shutdown ! Private VLANs (PVLAN) 709
44 Per-VLAN Spanning Tree Plus (PVST +) Dell Networking OS supports per-VLAN spanning tree plus (PVST+). Protocol Overview PVST+ is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). For more information about spanning tree, refer to the Spanning Tree Protocol (STP) chapter. Figure 93.
The Dell Networking operating system (OS) supports three other variations of spanning tree, as shown in the following table. Table 49. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .
Enabling PVST+ When you enable PVST+, the Dell Networking OS instantiates STP on each active VLAN. 1 Enter PVST context. PROTOCOL PVST mode protocol spanning-tree pvst 2 Enable PVST+. PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode • disable Disable PVST+ on an interface, or remove a PVST+ parameter configuration.
Influencing PVST+ Root Selection As shown in the previous per-VLAN spanning tree illustration, all VLANs use the same forwarding topology because R2 is elected the root, and all TenGigabitEthernet ports have the same cost. The following per-VLAN spanning tree illustration changes the bridge priority of each bridge so that a different forwarding topology is generated for each VLAN. This behavior demonstrates how you can use PVST + to achieve load balancing. Figure 94.
vlan bridge-priority The range is from 0 to 61440. The default is 32768. Example of the show spanning-tree pvst vlan Command To display the PVST+ forwarding topology, use the show spanning-tree pvst [vlan vlan-id] command from EXEC Privilege mode. Dell(conf-if-te-5/41)#do show spanning-tree pvst vlan 2 VLAN 2 Root Identifier has priority 32768, Address 001e.c9f1.00f3 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 32768, Address 001e.c9f1.
To change PVST+ parameters on the root bridge, use the following commands. • Change the forward-delay parameter. PROTOCOL PVST mode vlan forward-delay The range is from 4 to 30. The default is 15 seconds. Change the hello-time parameter. • PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. Change the max-age parameter.
Table 50. Default Values for Port Cost Port Cost Default Value 1000-Mb/s Ethernet interfaces 20000 10-Gigabit Ethernet interfaces 2000 40-Gigabit Ethernet interfaces 1400 Port Channel with one 10-Gigabit Ethernet interface 2000 Port Channel with one 40-Gigabit Ethernet interface 1400 Port Channel with two 10-Gigabit Ethernet interfaces 1800 Port Channel with two 40-Gigabit Ethernet interfaces 600 NOTE: The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs.
This feature is the same as PortFast mode in spanning tree. CAUTION: Configure EdgePort only on links connecting to an end station. EdgePort can cause loops if you enable it on an interface connected to a network. To enable EdgePort on an interface, use the following command. • Enable EdgePort on an interface.
To keep both ports in a Forwarding state, use extend system ID. Extend system ID augments the bridge ID with a VLAN ID to differentiate BPDUs on each VLAN so that PVST+ does not detect a loop and both ports can remain in a Forwarding state. Figure 95. PVST+ with Extend System ID • Augment the bridge ID with the VLAN ID.
switchport no shutdown ! interface TenGigabitEthernet 1/32 no ip address switchport no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface Vlan 100 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface TenGigabitEthernet 2/1
interface TenGigabitEthernet 3/22 no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096 Enable BPDU Filtering globally The enabling of BPDU Filtering stops transmitting of BPDUs on the operational port fast enabled
edge-port bpdu filter default Figure 96.
45 Quality of Service (QoS) Dell Networking OS supports quality of service (QoS). Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. The switch traffic has four data queues per port. All queues are serviced using the Weighted Round Robin scheduling algorithm. You can only manage prioritize queuing on egress.
Feature Direction Create Policy Maps Ingress + Egress Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress QoS Rate Adjustment Strict-Priority Queueing Weighted Random Early Detection Egress Create WRED Profiles Egress Figure 97.
• Port-Based QoS Configurations • Guidelines for Configuring ECN for Classifying and Color-Marking Packets • Policy-Based QoS Configurations • Enabling QoS Rate Adjustment • Enabling Strict-Priority Queueing • Weighted Random Early Detection Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication.
dot1p Queue Number 3 1 4 2 5 3 6 3 7 3 • Change the priority of incoming traffic on the interface. dot1p-priority Example of Configuring a dot1p Priority on an Interface NOTE: The dot1p-priority command marks all incoming traffic on an interface with a specified dot1p priority and maps all incoming traffic to the corresponding queue. When you enable PFC and/or ETS on an interface, incoming traffic with a specified dot1p priority can be distributed across different queues.
Priority-Tagged Frames on the Default VLAN Priority-tagged frames are 802.1Q tagged frames with VLAN ID 0. For VLAN classification, these packets are treated as untagged. However, the dot1p value is still honored when you configure service-class dynamic dot1p or trust dot1p. When priority-tagged frames ingress an untagged port or hybrid port, the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if you configure service-class dynamic dotp or trust dot1p.
Example of rate—shape Command Dell#config Dell(conf)#interface tengigabitethernet 1/0 Dell(conf-if)#rate shape 500 50 Dell(conf-if)#end Dell# Guidelines for Configuring ECN for Classifying and Color-Marking Packets Keep the following points in mind while configuring the marking and mapping of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: • ACK • FIN • SYN • PSH • RST • URG In the existing software, ECE/CWR TCP
Sample configuration to mark non-ecn packets as “yellow” with Multiple traffic class Consider the example where there are no different traffic classes that is all the packets are egressing on the default ‘queue0’. Dell Networking OS can be configured as below to mark the non-ecn packets as yellow packets.
Dell Networking OS support different types of match qualifiers to classify the incoming traffic. Match qualifiers can be directly configured in the class-map command or it can be specified through one or more ACL which in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of the IPv4 packet.
• Classification based on ECN only • Classification based on ECN and DSCP concurrently You can now use the set-color yellow keyword with the match ip access-group command to mark the color of the traffic as ‘yellow’ would be added in the ‘match ip’ sequence of the class-map configuration. By default, all packets are considered as ‘green’ (without the rate-policer and trust-diffserve configuration) and hence support would be provided to mark the packets as ‘yellow’ alone will be provided.
seq 5 permit any dscp 40 ecn 0 ! class-map match-any class_dscp_40 match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40 ! class-map match-any class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard dscp_50_ecn seq 5 permit any dscp 50
Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 98. Constructing Policy-Based QoS Configurations DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configuration.
• Displaying Color Maps • Display Color Map Configuration Creating a DSCP Color Map You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, yellow, red) for the input traffic.
Create the DSCP color map profile, bat-enclave-map, with a yellow drop precedence , and set the DSCP values to 9,10,11,13,15,16 Dell(conf)# qos dscp-color-map bat-enclave-map Dell(conf-dscp-color-map)# dscp yellow 9,10,11,13,15,16 Dell (conf-dscp-color-map)# exit Assign the color map, bat-enclave-map to interface . Displaying DSCP Color Maps To display DSCP color maps, use the show qos dscp-color-map command in EXEC mode. Examples for Creating a DSCP Color Map Display all DSCP color maps.
Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, the Dell Networking OS matches packets against match criteria in the order that you configure them. Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value or IP precedence, and characteristics defined in an IP ACL.
Dell(conf-class-map)#match ip access-group acl2 Dell(conf-class-map)#exit Dell(conf)#policy-map-input pmap Dell(conf-policy-map-in)#service-queue 0 to 3 class-map cmap1 Dell(conf-policy-map-in)#service-queue 1 class-map cmap2 Dell(conf-policy-map-in)#exit Dell(conf)#interface tengig 1/0 Dell(conf-if-te-1/0)#service-policy input pmap Examples f Creating a Layer 3 IPv6 Class Map The following example matches IPv6 traffic with a DSCP value of 40.
Determining the Order in Which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, the system matches the classmaps according to queue priority (queue numbers closer to 0 have lower priorities). For example, as described in the previous example, class-map cmap2 is matched against ingress packets before cmap1. ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8.
Displaying Configured Class Maps and Match Criteria To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. In the following example, traffic is classified in two Queues, 1 and 2. Class-map ClassAF1 is “match any,” and ClassAF2 is “match all”.
In the previous example, the ClassAF1 does not classify traffic as intended. Traffic matching the first match criteria is classified to Queue 1, but all other traffic is classified to Queue 0 as a result of CAM entry 20419. When you remove the explicit “deny any” rule from all three ACLs, the CAM reflects exactly the desired classification. The following example shows correct traffic classifications.
Setting a dot1p Value for Egress Packets Configuring Policy-Based Rate Policing To configure policy-based rate policing, use the following command. • Configure rate police ingress traffic. QOS-POLICY-IN mode rate-police Setting a DSCP Value for Egress Packets Set the DSCP value for egress packets based on ingress QOS classification. The 6 bits that are used for DSCP are also used to identify the queue in which traffic is buffered.
Configuring Policy-Based Rate Shaping To configure policy-based rate shaping, use the following command. • Configure rate shape egress traffic. QOS-POLICY-OUT mode rate-shape Allocating Bandwidth to Queue The Dell Networking recommends pre-calculating your bandwidth requirements before creating them. Make sure you apply the QoS policy to all the four queues and that the sum of the bandwidths allocated through them is exactly 100.
match ip access-group test set-ip-dscp 2 match ip access-group test1 set-ip-dscp 4 match ip precedence 7 set-ip-dscp 1 Dell#show run qos-policy-input ! qos-policy-input flowbased set ip-dscp 3 Dell# Specifying WRED Drop Precedence • Specify a WRED profile to yellow and/or green traffic. QOS-POLICY-OUT mode wred For more information, refer to Applying a WRED Profile to Traffic. Create Policy Maps There are two types of policy maps: input and output.
Applying a Class-Map or Input QoS Policy to a Queue To apply a class-map or input QoS policy to a queue, use the following command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following command. • Apply an input QoS policy to an input policy map.
trust diffserv Honoring dot1p Values on Ingress Packets The Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature. The following table specifies the queue to which the classified traffic is sent based on the dot1p value. Table 54. Default dot1p to Queue Mapping dot1p Queue ID 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 The dot1p value is also honored for frames on the default VLAN. For more information, refer to Priority-Tagged Frames on the Default VLAN.
class-map match-any qos-AF3 match ip dscp 24 match ip access-group qos-AF3-ACL ! class-map match-any qos-AF4 match ip dscp 32 match ip access-group qos-AF4-ACL ! class-map match-all qos-BE1 match ip dscp 0 match ip access-group qos-BE1-ACL The packet classification logic for the configuration shown is as follows: 1 Match packets against match-any qos-AF4. If a match exists, queue the packet as AF4 in Queue 4, and if no match exists, go to the next class map. 2 Match packets against match-any qos-AF3.
Guaranteeing Bandwidth to dot1p-Based Service Queues To guarantee bandwidth to dot1p-based service queues, use the following command. Apply this command in the same way as the bandwidth-percentage command in an output QoS policy (refer to Allocating Bandwidth to Queue). The bandwidth-percentage command in QOS-POLICY-OUT mode supersedes the service-class bandwidth-percentage command. • Guarantee a minimum bandwidth to queues globally.
INTERFACE mode service-queue Specifying an Aggregate QoS Policy To specify an aggregate QoS policy, use the following command. • Specify an aggregate QoS policy. POLICY-MAP-OUT mode policy-aggregate Applying an Output Policy Map to an Interface To apply an output policy map to an interface, use the following command. • Apply an input policy map to an interface.
For example, to include the Preamble and SFD, enter qos-rate-adjust 8. For variable length overhead fields, know the number of bytes you want to include. The default is disabled. Enabling Strict-Priority Queueing Strict-priority means that the Dell Networking OS de-queues all packets from the assigned queue before servicing any other queues. • • The strict-priority supersedes bandwidth-percentage and bandwidth-weight percentage configurations.
example, 2000KB, is reached, all incoming packets are dropped until the buffer space consumes less than 2000KB of the specified traffic. Figure 99. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 55.
Applying a WRED Profile to Traffic After you create a WRED profile, you must specify to which traffic the system should apply the profile. The Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it. DSCP is a 6–bit field. Dell Networking uses the first 3 bits of this field (DP) to determine the drop precedence. • • • DP values of 110, 100, and 101 map to yellow; all other values map to green.
Interface Te 0/20 Drop-statistic Green Yellow Out of Profile Dropped Pkts 11234 12484 0 Dell# Displaying egress-queue Statistics To display egress-queue statistics of both transmitted and dropped packets and bytes, use the following command. • Display the number of packets and number of bytes on the egress-queue profile.
To apply a Layer 2 policy on Layer 3 interfaces, perform the following: 1 Configure an interface with an IP address or a VLAN subinterface CONFIGURATION mode Dell(conf)# int fo 0/0 INTERFACE mode Dell(conf-if-fo-0/0)# ip address 90.1.1.1/16 2 Configure the Layer 2 policy with Layer 2 (Dot1p or source MAC-based) classification rules. CONFIGURATION mode Dell(conf)# policy-map-input l2p layer2 3 Apply the Layer 2 policy on the Layer 3 interface.
Dell (conf)#class-map match-all pp_classmap 2 Use a DSCP value as a match criterion. CLASS-MAP mode Dell (conf-class-map)#match ip dscp 5 3 Configure a match criterion for a class map based on the VLAN ID. CLASS-MAP mode Dell (conf-class-map)#match ip vlan 5 4 Create a QoS input policy on the device. CONFIGURATION mode Dell(conf)#qos-policy-input pp_qospolicy 5 Specify the DSCP value to be set on the matched traffic.
46 Routing Information Protocol (RIP) The routing information protocol (RIP) is based on a distance-vector algorithm and tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter. Topics: • Protocol Overview • Implementation Information • Configuration Information Protocol Overview RIP is the oldest interior gateway protocol.
RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet masks, and next hop addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9.
Configuration Task List The following is the configuration task list for RIP.
When the RIP process has learned the RIP routes, use the show ip rip database command in EXEC mode to view those routes. Dell#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 0/0 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 0/0 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 0/0 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 0/0 8.0.0.0/8 auto-summary 12.0.0.
ROUTER RIP mode neighbor ip-address • You can use this command multiple times to exchange RIP information with as many RIP networks as you want. Disable a specific interface from sending or receiving RIP routing information. ROUTER RIP mode passive-interface interface Adding RIP Routes from Other Instances In addition to filtering routes, you can add routes from other routing instances or protocols to the RIP process.
• Assign a configured prefix list to all incoming RIP routes. ROUTER RIP mode • distribute-list prefix-list-name in Assign a configured prefix list to all outgoing RIP routes. ROUTER RIP mode distribute-list prefix-list-name out To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Setting the Send and Receive Version To change the RIP version globally or on an interface in the system, use the following command.
Incoming filter for all interfaces is Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface Recv Send GigabitEthernet 0/0 2 2 Routing for Networks: 10.0.0.0 Routing Information Sources: Gateway Distance Last Update Distance: (default is 120) Dell# To configure an interface to receive or send both versions of RIP, include 1 and 2 in the command syntax.
default-information originate [always] [metric value] [route-map route-map-name] • always: Enter the keyword always to always generate a default route. • value The range is from 1 to 16. • route-map-name: The name of a configured route map. To confirm that the default route configuration is completed, use the show config command in ROUTER RIP mode.
ROUTER RIP mode offset-list access-list-name {in | out} offset [interface] Configure the following parameters: • prefix-list-name: the name of an established Prefix list to determine which incoming routes are modified • offset: the range is from 0 to 16. • interface: the type, slot, and number of an interface. To view the configuration changes, use the show config command in ROUTER RIP mode. Debugging RIP The debug ip rip command enables RIP debugging.
• RIP Configuration Summary Figure 100. RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-gi-2/31)# Core2(conf-if-gi-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.
192.168.1.0/24 [120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/31 192.168.1.0/24 auto-summary 192.168.2.0/24 [120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/31 192.168.2.
RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf-if-gi-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.0 Core3(conf-router_rip)#show config ! router rip network 10.0.0.0 network 192.168.1.0 network 192.168.2.
Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- --------------------R 10.11.10.0/24 via 10.11.20.2, TenGig 3/21 120/1 00:01:14 C 10.11.20.0/24 Direct, TenGig 3/21 0/0 00:01:53 C 10.11.30.0/24 Direct, TenGig 3/11 0/0 00:06:00 R 10.200.10.0/24 via 10.11.20.2, TenGig 3/21 120/1 00:01:14 R 10.300.10.0/24 via 10.11.20.2, TenGig 3/21 120/1 00:01:14 C 192.168.1.0/24 Direct, TenGig 3/43 0/0 00:06:53 C 192.168.2.
router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 ! interface TenGigabitEthernet 3/11 ip address 10.11.30.1/24 no shutdown ! interface TenGigabitEthernet 3/21 ip address 10.11.20.1/24 no shutdown ! interface TenGigabitEthernet 3/43 ip address 192.168.1.1/24 no shutdown ! interface TenGigabitEthernet 3/44 ip address 192.168.2.1/24 no shutdown ! router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.168.1.0 network 192.168.2.
47 Remote Monitoring (RMON) RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment. RMON monitors traffic passing through the router and segment traffic not destined for the router.
Fault Recovery RMON provides the following fault recovery functions. Interface Down — When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes. NOTE: A network management system (NMS) should be ready to interpret a down interface and plot the interface performance graph accordingly.
• event-number: event number to trigger when the falling threshold exceeds its limit. This value is identical to the alarmFallingEventIndex in the alarmTable of the RMON MIB. If there is no corresponding falling-threshold event, the value should be zero. • owner string: (Optional) specifies an owner for the alarm, this setting is the alarmOwner object in the alarmTable of the RMON MIB. Default is a null-terminated string.
Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode. • Enable RMON MIB statistics collection. CONFIGURATION INTERFACE (config-if) mode [no] rmon collection statistics {controlEntry integer} [owner owner-string] • controlEntry: specifies the RMON group of statistics using a value. • integer: a value from 1 to 65,535 that identifies the RMON Statistics Table.
• seconds: (Optional) the number of seconds in each polling cycle. The value is ranged from 5 to 3,600 (Seconds). The default is 1,800 (as defined in RFC-2819). Example of the rmon collection history Command To remove a specified RMON history group of statistics collection, use the no form of this command.
48 Rapid Spanning Tree Protocol (RSTP) Dell Networking OS supports rapid spanning tree protocol (RSTP). Protocol Overview RSTP is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell operating system (OS) supports three other variations of spanning tree, as shown in the following table. Table 57.
• SNMP Traps for Root Elections and Topology Changes • Configure Spanning Tree • Configuring Fast Hellos for Link State Detection • Flush MAC Addresses after a Topology Change Important Points to Remember • RSTP is disabled by default. • The Dell Networking OS supports only one Rapid Spanning Tree (RST) instance. • All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology.
Enabling Rapid Spanning Tree Protocol Globally Enable RSTP globally on all participating bridges; it is not enabled by default. When you enable RSTP, all physical and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the RST topology. • Only one path from any bridge to any other bridge is enabled. • Bridges block a redundant path by disabling one of the link ports. To enable RSTP globally for all Layer 2 interfaces, use the following commands.
no disable Dell(conf-rstp)# Figure 101. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Example of the show spanning-tree rstp Command Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.
Port path cost 20000, Port priority 128, Port Identifier 128.378 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.378, designated path cost 0 Number of transitions to forwarding state 1 BPDU : sent 121, received 2 The port is not in the Edge port mode, bpdu filter is disabled Port 379 (TenGigabitethernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.
Adding and Removing Interfaces To add and remove interfaces, use the following commands. To add an interface to the Rapid Spanning Tree topology, configure it for Layer 2 and it is automatically added. If you previously disabled RSTP on the interface using the command no spanning-tree 0 command, re-enable it using the spanning-tree 0 command. • Remove an interface from the Rapid Spanning Tree topology.
RSTP Parameter Default Value Port Priority 128 To change these parameters, use the following commands. • Change the forward-delay parameter. PROTOCOL SPANNING TREE RSTP mode forward-delay seconds The range is from 4 to 30. • The default is 15 seconds. Change the hello-time parameter. PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10.
edge-port bpdu filter default Figure 102. BPDU Filtering Enabled Globally Modifying Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port priority values. • Port cost — a value that is based on the interface type. The previous table lists the default values. The greater the port cost, the less likely the port is selected to be a forwarding port.
The default is 128. To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise; it does not go through the Learning and Listening states.
spanning-tree rstp edge-port shutdown Dell(conf-if-te-2/0)# Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge. To change the bridge priority, use the following command. • Assign a number as the bridge priority or designate it as the primary or secondary root. PROTOCOL SPANNING TREE RSTP mode bridge-priority priority-value • priority-value The range is from 0 to 65535.
RSTP fast hellos decrease the hello interval to the order of milliseconds and all timers derived from the hello timer are adjusted accordingly. This feature does not inter-operate with other vendors, and is available only for RSTP. • Configure a hello time on the order of milliseconds. PROTOCOL RSTP mode hello-time milli-second interval The range is from 50 to 950 milliseconds.
49 Security Security features are supported on the I/O Aggregator. This chapter describes several ways to provide access security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell PowerEdge FN I/O Aggregator Command Line Reference Guide. Supported Modes Standalone, PMUX, VLT, Stacking NOTE: You can also perform some of the configurations using the Web GUI - Dell Blade IO Manager.
system, the message-of-the-day (MOTD) banner is displayed first, followed by the login banner and prompts. After you log in to the system with valid authentication credentials, the EXEC banner is shown. You can use the MOTD banner to alert users of critical upcoming events so that they can plan and schedule their accessibility to the device. You can modify the banner messages depending on the requirements or conditions.
Enabling AAA Accounting The aaa accounting command allows you to create a record for any or all of the accounting functions monitored. To enable AAA accounting, use the following command. • Enable AAA accounting and create a record for monitoring the accounting function. CONFIGURATION mode aaa accounting {commands | exec | suppress | system level} {default | name} {start-stop | wait-start | stop-only} {tacacs+} The variables are: • system: sends accounting information of any other AAA configuration.
aaa accounting command 15 default start-stop tacacs+ System accounting can use only the default method list. Example of Configuring AAA Accounting to Track EXEC and EXEC Privilege Level Command Use In the following sample configuration, AAA accounting is set to track all usage of EXEC commands and commands on privilege level 15.
AAA Authentication Dell Networking OS supports a distributed client/server system implemented through authentication, authorization, and accounting (AAA) to help secure networks against unauthorized access.
and does so to ensure that users are not locked out of the system if network-wide issue prevents access to these servers. 1 Define an authentication method-list (method-list-name) or specify the default. CONFIGURATION mode aaa authentication login {method-list-name | default} method1 [... method4] The default method-list is applied to all terminal lines.
If you do not set the default list, only the local enable is checked. This setting has the same effect as issuing an aaa authentication enable default enable command. Enabling AAA Authentication — RADIUS To enable authentication from the RADIUS server, and use TACACS as a backup, use the following commands. 1 Enable RADIUS and set up TACACS as backup. CONFIGURATION mode aaa authentication enable default radius tacacs 2 Establish a host address and password. CONFIGURATION mode radius-server host x.x.x.
AAA Authorization The Dell Networking OS enables AAA new-model by default. You can set authorization to be either local or remote. Different combinations of authentication and authorization yield different results. By default, the system sets both to local. Privilege Levels Overview Limiting access to the system is one method of protecting the system and your network. However, at times, you might need to allow others access to the router and you can limit that access to a subset of commands.
• Configuring the Enable Password Command (mandatory) • Configuring Custom Privilege Levels (mandatory) • Specifying LINE Mode Password and Privilege (optional) • Enabling and Disabling Privilege Levels (optional) For a complete listing of all commands related to privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide.
To view the configuration for the enable secret command, use the show running-config command in EXEC Privilege mode. In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered, you can enter the enable 15 command to access and configure all CLIs. Configuring Custom Privilege Levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels.
• • • level level: the range is from 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. command: an Dell CLI keyword (up to five keywords allowed). reset: return the command to its default privilege mode. To view the configuration, use the show running-config command in EXEC Privilege mode. The following example shows a configuration to allow a user john to view only EXEC mode commands and all snmp-server commands.
show terminal traceroute Dell#confi Dell(conf)#? end Show running system information Set terminal line parameters Trace route to destination Exit from Configuration mode Specifying LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines. The user’s privilege level is the same as the privilege level assigned to the terminal line, unless a more specific privilege level is assigned to the user.
RADIUS Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to the RADIUS server and requests authentication of the user and password. The RADIUS server returns one of the following responses: • Access-Accept — the RADIUS server authenticates the user.
Idle Time Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values (configured or default) is used. The idle-time value is updated if both of the following happens: • The administrator changes the idle-time of the line on which the user has logged in.
Configure this value on the client system. Configuration Task List for RADIUS To authenticate users using RADIUS, you must specify at least one RADIUS server so that the system can communicate with and configure RADIUS as one of your authentication methods. The following list includes the configuration tasks for RADIUS.
• Enter LINE mode. CONFIGURATION mode • line {aux 0 | console 0 | vty number [end-number]} Enable AAA login authentication for the specified RADIUS method list. LINE mode login authentication {method-list-name | default} • This procedure is mandatory if you are not using default lists. To use the method list.
To delete a RADIUS server host, use the no radius-server host {hostname | ip-address} command. Setting Global Communication Parameters for all RADIUS Server Hosts You can configure global communication parameters (auth-port, key, retransmit, and timeout parameters) and specific host communication parameters on the same system. However, if you configure both global and specific host parameters, the specific host parameters override the global parameters for that RADIUS server host.
TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support for login authentication. Configuration Task List for TACACS+ The following list includes the configuration task for TACACS+ functions.
login authentication {method-list-name | default} Example of a Failed Authentication To view the configuration, use the show config in LINE mode or the show running-config tacacs+ command in EXEC Privilege mode. If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method.
configured a deny10 ACL on the TACACS+ server, the system downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, the system also immediately closes the Telnet connection. Note, that no matter where the user is coming from, they see the login prompt. When configuring a TACACS+ server host, you can set different communication parameters, such as the key password.
Enabling SCP and SSH Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use authentication. SSH is enabled by default. For details about the command syntax, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide.
Using SCP with SSH to Copy a Software Image To use secure copy (SCP) to copy a software image through an SSH connection from one switch to another, use the following commands. 1 On Switch 1, set the SSH port number ( port 22 by default). CONFIGURATION MODE ip ssh server port number 2 On Switch 1, enable SSH. CONFIGURATION MODE copy ssh server enable 3 On Switch 2, invoke SCP.
• show crypto : display the public part of the SSH host-keys. • show ip ssh client-pub-keys : display the client public keys used in host-based authentication. • show ip ssh rsa-authentication : display the authorized-keys for the RSA authentication. Dell#copy scp: flash: Address or name of remote host []: 10.10.10.1 Port number of the server [22]: 99 Source file name []: test.
Configuring the SSH Client Cipher List To configure the cipher list supported by the SSH client, use the ip ssh cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers the SSH Client supports. The following ciphers are available. • 3des-cbc • aes128-cbc • aes192-cbc • aes256-cbc • aes128-ctr • aes192-ctr • aes256-ctr The default cipher list is in the given order: aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc.
VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 59. VTY Access Authentication Method VTY access-class support? Username access-class support? Remote authorization support? Line YES NO NO Local NO YES NO TACACS+ YES NO YES (with Dell Networking OS version 5.2.1.0 and later) RADIUS YES NO YES (with Dell Networking OS version 6.1.1.
always see a login prompt even if you have excluded them from the VTY line with a deny-all access class. After users identify themselves, Dell Networking OS retrieves the access class from the local database and applies it. (Dell Networking OS then can close the connection if a user is denied access.) NOTE: If a VTY user logs in with RADIUS authentication, the privilege level is applied from the RADIUS server only if you configure RADIUS authentication.
50 Service Provider Bridging Dell Networking OS supports service provider bridging. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks. VLAN stacking enables service providers to use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider. Using only 802.
forward the frame traffic across its network. At the egress edge, the provider removes the S-Tag, so that the customer receives the frame in its original condition, as shown in the following illustration. Figure 103. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLANStack-enabled VLAN.
Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1 Creating Access and Trunk Ports 2 Assign access and trunk ports to a VLAN (Creating Access and Trunk Ports). 3 Enable VLAN-Stacking for a VLAN.
switchport vlan-stack access no shutdown Dell#show run interface gi 7/12 ! interface GigabitEthernet 7/12 no ip address switchport vlan-stack trunk no shutdown Enable VLAN-Stacking for a VLAN To enable VLAN-Stacking for a VLAN, use the following command. • Enable VLAN-Stacking for the VLAN. INTERFACE VLAN mode vlan-stack compatible Example of Viewing VLAN Stack Member Status To display the status and members of a VLAN, use the show vlan command from EXEC Privilege mode.
Configuring Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic. You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port. To configure trunk ports, use the following commands. 1 Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making it a hybrid port.
101 103 Inactive Inactive T Gi 0/1 M Gi 0/1 Debugging VLAN Stacking To debug VLAN stacking, use the following command. • Debug the internal state and membership of a VLAN and its ports. debug member Example of Debugging a VLAN and its Ports The port notations are as follows: • MT — stacked trunk • MU — stacked access port • T — 802.1Q trunk port • U — 802.
treated as the same TPID, as shown in the following illustration. The Dell Networking OS Versions 8.2.1.0 and later differentiate between 0x9100 and 0x91XY, also shown in the following illustration. You can configure the first 8 bits of the TPID using the vlan-stack protocol-type command. The TPID is global. Ingress frames that do not match the system TPID are treated as untagged. This rule applies for both the outer tag TPID of a double-tagged frame and the TPID of a single-tagged frame.
Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Figure 104.
Figure 105.
Figure 106. Single and Double-Tag TPID Mismatch Table 60. Behaviors for Mismatched TPID Network Position Incoming Packet TPID System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.
Network Position Core Egress Access Point Incoming Packet TPID System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.
Ingress Egress DEI Disabled DEI Enabled Access Port Trunk Port Retain inner tag CFI Retain inner tag CFI Set outer tag CFI to 0 Set outer tag CFI to 0 To enable drop eligibility globally, use the following command. • Make packets eligible for dropping based on their DEI value. CONFIGURATION mode dei enable By default, packets are colored green, and DEI is marked 0 on egress.
Marking Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress. For ingress information, refer to Honoring the Incoming DEI Value. To mark egress packets, use the following command. • Set the DEI value on egress according to the color currently assigned to the packet.
When configuring Dynamic Mode CoS, you have two options: • Mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. In this case, you must have other dot1p QoS configurations; this option is classic dot1p marking. • Mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p. For example, if frames with C-Tag dot1p values 0, 6, and 7 are mapped to an S-Tag dot1p value 0, all such frames are sent to the queue associated with the S-Tag 802.1p value 0.
Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly, use the following commands. 1 Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. CONFIGURATION mode cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number {vman-qos | vman-qos-dual-fp} number • vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p.
traverse the intermediate network might be consumed and later dropped because the intermediate network itself might be using spanning tree (shown in the following illustration). Figure 108. VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region.
Dell Networking OS Behavior: In the Dell Networking OS versions prior to 8.2.1.0, the MAC address that Dell Networking systems use to overwrite the Bridge Group Address on ingress was non-configurable. The value of the L2PT MAC address was the Dell Networking-unique MAC address, 01-01-e8-00-00-00.
Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. • No protocol packets are tunneled when you enable VLAN stacking. • L2PT requires the default CAM profile. Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1 Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode show cam-profile 2 Enable protocol tunneling globally on the system.
To set the rate-lime BPDUs, use the following commands. 1 Create at least one FP group for L2PT. CONFIGURATION mode cam-acl l2acl For details about this command, refer to CAM Allocation. 2 Save the running-config to the startup-config. EXEC Privilege mode copy running-config startup-config 3 Reload the system. EXEC Privilege mode reload 4 Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting.
01-80-C2-00-00-0D, to exchange GARP PDUs instead of the GVRP Address, 01-80-C2-00-00-21, specified in 802.1Q. Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs originating from the customer network as normal data frames, rather than consuming them. Provider backbone bridging through IEEE 802.
51 sFlow Dell Networking OS supports configuring sFlow. Topics: • Overview • Implementation Information • Enabling and Disabling sFlow • Enabling sFlow Max-Header Size Extended • sFlow Show Commands • Configuring Specify Collectors • Changing the Polling Intervals • Changing the Sampling Rate • Back-Off Mechanism • sFlow on LAG ports • Enabling Extended sFlow Overview The Dell Networking operating system (OS) supports sFlow version 5.
Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe. If you do not enable sFlow on any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe’s lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe’s hardware sampling rate.
• Enable sFlow globally. CONFIGURATION mode [no] sflow enable Enabling and Disabling sFlow on an Interface By default, sFlow is disabled on all interfaces. This CLI is supported on physical ports and link aggregation group (LAG) ports. To enable sFlow on a specific interface, use the following command. • Enable sFlow on an interface. INTERFACE mode [no] sflow enable To disable sFlow on an interface, use the no version of this command.
The bold line shows the sFlow default maximum header size: Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 20 Global default extended maximum header size: 128 bytes Global extended information enabled: none 1 collectors configured Collector IP addr: 100.1.1.1, Agent IP addr: 1.1.1.
sFlow Show Commands The Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Global • Displaying Show sFlow on an Interface • Displaying Show sFlow on a Stack Unit Displaying Show sFlow Global To view sFlow statistics, use the following command. • Display sFlow configuration information and statistics. EXEC mode show sflow Example of Viewing sFlow Configuration (Global) The first bold line indicates sFlow is globally enabled.
Samples rcvd from h/w :33 Samples dropped for sub-sampling :6 Displaying Show sFlow on a Stack Unit To view sFlow statistics on a specified stack unit, use the following command. • Display sFlow configuration information and statistics on the specified interface.
sflow polling-interval interval value • interval value: in seconds. The range is from 15 to 86400 seconds. The default is 20 seconds. Changing the Sampling Rate The sflow sample-rate command, when issued in CONFIGURATION mode, changes the default sampling rate. By default, the sampling rate of an interface is set to the same value as the current global default sampling rate.
NOTE: Sampling rate backoff can change the sampling rate value that is set in the hardware. This equation shows the relationship between actual sampling rate, sub-sampling rate, and the hardware sampling rate for an interface: Actual sampling rate = sub-sampling rate * hardware sampling rate Note the absence of a configured rate in the equation.
Example of Verifying Extended sFlow is Enabled Example of Verifying Extended sFlow Disabled The bold line shows that extended sFlow settings are enabled on all three types. Dell#show sflow sFlow services are enabled Global default sampling rate: 4096 Global default counter polling interval: 15 Global extended information enabled: switch 1 collectors configured Collector IP addr: 10.10.10.3, Agent IP addr: 10.10.0.
52 Simple Network Management Protocol (SNMP) Network management stations use SNMP to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a managed object can be static or variable. Network elements store managed objects in a database called a management information base (MIB).
Implementation Information The Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901. Configuring the Simple Network Management Protocol NOTE: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This is only one of many RFC-compliant SNMP utilities you can use to manage the Aggregator using SNMP. Also, these configurations use SNMP version 2c.
The Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message. You must specify whether members of the community may retrieve values in Read-Only mode. Read-write access is not supported. 22:31:23: %RPM1-P:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START. To create an SNMP community: • Choose a name for the community.
Example of Reading the Value of the Next Managed Object > snmpgetnext -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1.3.0 SNMPv2-MIB::sysContact.0 = STRING: > snmpgetnext -v 2c -c mycommunity 10.11.131.161 sysContact.0 SNMPv2-MIB::sysName.0 = STRING: Example of Reading the Value of Many Managed Objects at Once > snmpwalk -v 2c -c mycommunity 10.16.130.148 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Networking OS Operating System Version: 1.
• Seven hex pairs represent a stack unit. Seven pairs accommodate the greatest number of ports available on an Aggregator, 12 ports. The last stack unit is assigned eight pairs, the eight pair is unused. The first hex pair, 00 in the previous example, represents ports 1 to 7 in Stack Unit 0. The next pair to the right represents ports 8 to 15. To resolve the hex pair into a representation of the individual ports, convert the hex pair to binary.
NOTE: The 802.1q Q-BRIDGE MIB defines VLANs regarding 802.1d, as 802.1d itself does not define them. As a switchport must belong a VLAN (the default VLAN or a configured VLAN), all MAC address learned on a switchport are associated with a VLAN. For this reason, the Q-Bridge MIB is used for MAC address query.
In the following example, TenGigabitEthernet 0/7 is moved to VLAN 1000, a non-default VLAN. To fetch the MAC addresses learned on non-default VLANs, use the object dot1qTpFdbTable. The instance number is the VLAN number concatenated with the decimal conversion of the MAC address.
and 0/0s Ifindex is unused and Ifindex creation logic is not changed. Because Zero is reserved for logical interfaces, it starts from 1. For the first interface, port number is set to 1. Adding it causes an increment by 1 for the next interfaces, so it only starts from 2. Therefore, the port number is set to 4 for 0/3.
SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.4.1.0.0.0.0.0.1.1 = INTEGER: 1 << Status active, 2 – status inactive For L3 LAG, you do not have this support. SNMPv2-MIB::sysUpTime.0 = Timeticks: (8500842) 23:36:48.42 SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkDown IF-MIB::ifIndex.33865785 = INTEGER: 33865785 SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_DN: Changed interface state to down: Tengig 0/1" 2010-02-10 14:22:39 10.16.130.4 [10.16.130.4]: SNMPv2-MIB::sysUpTime.
Dell# The status of the MIBS is as follows: $ snmpwalk -c public -v 2c 10.16.150.162 .1.3.6.1.2.1.47.1.1.1.1.2 SNMPv2-SMI::mib-2.47.1.1.1.1.2.1 = "" SNMPv2-SMI::mib-2.47.1.1.1.1.2.2 = STRING: "PowerEdge-FN-410S-IOA" SNMPv2-SMI::mib-2.47.1.1.1.1.2.3 = STRING: "Chassis 0 container" SNMPv2-SMI::mib-2.47.1.1.1.1.2.4 = STRING: "Module 0" SNMPv2-SMI::mib-2.47.1.1.1.1.2.5 = STRING: "Unit: 0 Port 1 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.6 = STRING: "Unit: 0 Port 2 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.
Fetching the Switchport Configuration and the Logical Interface Configuration Important Points to Remember • The SNMP should be configured in the chassis and the chassis management interface should be up with the IP address. • If a port is configured in a VLAN, the respective bit for that port will be set to 1 in the specific VLAN. • In the aggregator, all the server ports and uplink LAG 128 will be in switchport. Hence, the respective bits are set to 1. The following output is for the default VLAN.
00 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory. Table 63. MIB Objects for Displaying the Available Memory Size on Flash via SNMP MIB Object OID Description chStackUnitFlashUsageUtil 1.3.6.1.4.1.6027.3.19.1.2.8.1.
MIB Object OID Description chSysCoresInstance 1.3.6.1.4.1.6027.3.19.1.2.9.1.1 Stores the indexed information about the available software core files. chSysCoresFileName 1.3.6.1.4.1.6027.3.19.1.2.9.1.2 Contains the core file names and the file paths. chSysCoresTimeCreated 1.3.6.1.4.1.6027.3.19.1.2.9.1.3 Contains the time at which core files are created. chSysCoresStackUnitNumber 1.3.6.1.4.1.6027.3.19.1.2.9.1.
53 Stacking An Aggregator auto-configures to operate in standalone mode. To use an Aggregator in a stack, you must manually configure it using the CLI to operate in stacking mode. Stacking is supported on the FN410S and FN410T Aggregators with ports 9 and 10 as the stack ports. The Aggregator supports both ring and daisy-chain topology and stacking of the same type. FN 410S and FN 410T Aggregators support two-unit in-chassis stacking and up to six units stacking across the chassis.
Stacking Prerequisites Before you cable and configure a stack of the Aggregators, review the following prerequisites. • All Aggregators in the stack must be powered up with the initial or startup configuration before you attach the cables. • All stacked Aggregators must run the same Dell Networking OS version. To check the version that a switch is running, use the show version command. To download a Dell Networking OS version, go to http://support.dell.com.
Setting the priority will determine which switch will become the management (Master) switch. The switch with the highest priority number is elected Master. The default priority is 0. NOTE: It is best practice to assign priority values to all switches before stacking them in order to acquire and retain complete control over each units role in the stack. 2 Configure the stack-group for each stack-unit.
Accessing the CLI To configure a stack, you must access the stack master in one of the following ways. • For remote out-of-band management (OOB), enter the OOB management interface IP address into a Telnet or secure shell (SSH) client and log in to the switch using the user ID and password to access the CLI. • For local management, use the attached console connection to the master switch to log in to the CLI. Console access to the stack CLI is available on the master only.
In stack mode, all VLAN membership are removed and the port is assigned only to the default VLAN1. You must configure additional VLAN membership, as required. Adding a Stack Unit You can add a new unit to an existing stack both when the unit has no stacking ports (stack groups) configured and when the unit already has stacking ports configured. If the units to be added to the stack have been previously used, they are assigned the smallest available unit ID in the stack.
Resetting a Unit on a Stack Use the following reset command to reload any of the member units or the standby in a stack. If you try to reset the stack master, the following error message is displayed: % Error: Reset of master unit is not allowed. To reset a unit on a stack, use the following command: • Reset any designated stack member, except the management unit. EXEC Privilege mode reset stack-unitunit-number {hard} Hard reset any stack unit including master unit.
3 Completely cable the stacking connections, making sure the redundant link is also in place. Two operational stacks can also be merged by reconnecting stack cables without powering down units in either stack. Connecting a powered-up standalone unit to an existing stack leads to same behavior as when merging two operational stacks. In such cases, Manager re-election is done and the Manager with the higher MAC address wins the election. The losing stack manager resets itself and all its member units.
show redundancy 3 Displays input and output flow statistics on a stacked port. 4 Clears statistics on the specified stack unit. The valid stack-unit numbers are from 0 to 5. show hardware stack-unit unit-number stack-port port-number clear hardware stack-unit unit-number counters 5 Displays the current operational mode of the Aggregator (standalone or stacking) and the mode in which the Aggregator will operate at the next reload.
2 The standby switch takes the master role. Data traffic on the new master switch is uninterrupted. Protocol traffic is managed by the control plane. 3 A member switch is elected as the new standby. Data traffic on the new standby is uninterrupted. The control plane prepares for operation in Warm Standby mode. Stack-Link Flapping Error Problem/Resolution: Stacked Aggregators monitor their own stack ports and disable any stack port that flaps five times within 10 seconds.
0 1 2 3 4 5 Management online PE-FN-410S-IOA PE-FN-410S-IOA Standby card problem PE-FN-410S-IOA unknown Member not present Member not present Member not present Member not present 1-0(0-1864) 12 12 Card Problem — Resolved Dell#show system brief Stack MAC : 00:1e:c9:f1:04:82 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports ---------------------------------------------------------------------0 Management online PE-FN-410S-IOA PE-FN-410S-IOA 1-0(0-1864) 12 1 Standby online PE-FN-410S-IOA PE-F
4 Save the configuration. EXEC Privilege write memory 5 Reload the stack unit to activate the new Dell Networking OS version. CONFIGURATION mode reload Example of Upgrading all Stacked Switches The following example shows how to upgrade all switches in a stack, including the master switch. Dell# upgrade system ftp: A: Address or name of remote host []: 10.11.200.241 Source file name []: //FTOS-XL-8.3.17.0.
CONFIGURATION mode boot system stack-unit unit-number primary system partition 3 Save the configuration. EXEC Privilege mode write memory 4 Reset the stack unit to activate the new Dell Networking OS version. EXEC Privilege mode power-cycle stack-unit unit-number Example of Upgrading a Single Stack Unit The following example shows how to upgrade an individual stack unit.
54 Storm Control Storm control is supported on the Dell networking OS. The storm control feature allows you to control unknown-unicast, muticast, and broadcast control traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking OS Behavior: The Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic. The minimum number of packets per second (PPS) that storm control can limit is two.
Configuring Storm Control from INTERFACE Mode To configure storm control, use the following command. You can only configure storm control for ingress traffic in INTERFACE mode. If you configure storm control from both INTERFACE and CONFIGURATION mode, the INTERFACE mode configurations override the CONFIGURATION mode configurations. • Configure storm control. • INTERFACE mode Configure the percentage of broadcast traffic allowed on an interface (ingress only).
• Configure the packets per second of unknown-unicast traffic allowed in or out of the network.
55 Broadcast Storm Control On the Aggregator, the broadcast storm control feature is enabled by default on all ports, and disabled on a port when an iSCSI storage device is detected. Broadcast storm control is re-enabled as soon as the connection with an iSCSI device ends. Broadcast traffic on Layer 2 interfaces is limited or suppressed during a broadcast storm. You can view the status of a broadcast-storm control operation by using the show io-aggregator broadcast stormcontrol status command.
Displaying Broadcast-Storm Control Status To display the status of a current storm control operation, use the show io-aggregator broadcast storm-control status command from EXEC Privilege mode. Configuring Storm Control The following configurations are available only in PMUX mode. 1 To configure the percentage of broadcast traffic allowed on an interface, use the storm-control broadcast [packets_per_second in] command from INTERFACE mode.
56 Spanning Tree Protocol (STP) Dell Networking OS supports spanning tree protocol (STP).
Dell Networking Term IEEE Specification Per-VLAN Spanning Tree Plus (PVST+) Third Party Configure Spanning Tree Configuring spanning tree is a two-step process.
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 110. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. 1 If the interface has been assigned an IP address, remove it. INTERFACE mode no ip address 2 Place the interface in Layer 2 mode.
switchport 3 Enable the interface. INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally; it is not enabled by default.
• Bridges block a redundant path by disabling one of the link ports. Figure 111. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1 Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2 Enable STP. PROTOCOL SPANNING TREE mode no disable To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode.
To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Example of Viewing Spanning Tree Configuration R2#show spanning-tree 0 Executing IEEE compatible Spanning Tree Protocol Bridge Identifier has priority 32768, address 0001.e826.
Adding an Interface to the Spanning Tree Group To add a Layer 2 interface to the spanning tree topology, use the following command. • Enable spanning tree on a Layer 2 interface. INTERFACE mode spanning-tree 0 Removing an Interface from the Spanning Tree Group To remove a Layer 2 interface from the spanning tree topology, use the following command. • Disable spanning tree on a Layer 2 interface. INTERFACE mode no spanning-tree 0 Modifying Global Parameters You can modify the spanning tree parameters.
STP Parameters • • Port Channel with 40-Gigabit Ethernet interfaces Port Channel with 10-Gigabit Ethernet interfaces Port Priority • Default Value • 1 8 Change the forward-delay parameter (the wait time before the interface enters the Forwarding state). PROTOCOL SPANNING TREE mode forward-delay seconds The range is from 4 to 30. The default is 15 seconds. Change the hello-time parameter (the BPDU transmission interval).
• Change the port cost of an interface. INTERFACE mode spanning-tree 0 cost cost The range is from 0 to 65535. • The default values are listed in Modifying Global Parameters. Change the port priority of an interface. INTERFACE mode spanning-tree 0 priority priority-value The range is from 0 to 15. The default is 8. To view the current values for interface parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally.
spanning-tree 0 portfast no shutdown Dell#(conf-if-te-1/1)# Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an edgeport does receive a BPDU, it likely means that it is connected to another part of the network, which can negatively affect the STP topology.
• Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 112. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering (refer to Removing an Interface from the Spanning Tree Group) both block BPDUs, but are two separate features. BPDU guard is used on edgeports and blocks all traffic on edgeport if it receives a BPDU.
TenGigabitEthernet 3/20 unassigned YES None up up Dell# Global BPDU Filtering When BPDU Filtering is enabled globally, it stops transmitting BPDUs on the operational port fast enabled ports by default. When it receives BPDUs, it automatically participates in the spanning tree. By default global bpdu filtering is disabled. Figure 113.
Add your section content here. Figure 114. BPDU Filtering Enabled Globally Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. You can also specify that a bridge is the root or the secondary root. To change the bridge priority or specify that a bridge is the root or secondary root, use the following command. • Assign a number as the bridge priority or designate it as the root or secondary root.
We are the root of the spanning tree Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the bridgepriority command) is selected as the root bridge. If two switches have the same priority, the switch with the lower MAC address is selected as the root.
If you enable a root guard on all STP ports on the links where the root bridge should not appear, you can ensure a stable STP network topology and avoid bridging loops. Figure 115. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis.
To enable the root guard on an STP-enabled port or port-channel interface in instance 0, use the following command. • Enable root guard on a port or port-channel interface. INTERFACE mode or INTERFACE PORT-CHANNEL mode spanning-tree {0 | mstp | rstp | pvst} rootguard • 0: enables root guard on an STP-enabled port assigned to instance 0. • mstp: enables root guard on an MSTP-enabled port. • rstp: enables root guard on an RSTP-enabled port. • pvst: enables root guard on a PVST-enabled port.
Tengig 0/3 Dell# 0 EDS (Shut) Bpduguard No Spanning Tree Protocol (STP) 885
57 System Time and Date The Aggregator auto-configures the hardware and software clocks with the current time and date. If necessary, you can manually set and maintain the system time and date using the CLI commands described in this chapter.
• year: Enter a four-digit number as the year. The range is from 1993 to 2035. Example of the clock set Command Dell#clock set 12:11:00 21 may 2012 Dell# Setting the Timezone Universal time coordinated (UTC) is the time standard based on the International Atomic Time standard, commonly known as Greenwich Mean time. When determining system time, you must include the differentiator between the UTC and your local timezone. For example, San Jose, CA is the Pacific Timezone with a UTC offset of -8.
• time-zone: Enter the three-letter name for the time zone. This name displays in the show clock output. • start-month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year. • start-day: enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to time day month year. • start-year: enter a four-digit number as the year.
• start-year: Enter a four-digit number as the year. The range is from 1993 to 2035. • start-time: Enter the time in hours:minutes. For the hour variable, use the 24-hour format; example, 17:15 is 5:15 pm. • end-week: If you entered a start-week, enter the one of the following as the week that daylight saving ends: • week-number: Enter a number from 1 to 4 as the number of the week in the month to end daylight saving time.
The range for threshold-value is from 0 to 999.
58 Tunneling Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Topics: • • • • • Configuring a Tunnel Configuring Tunnel keepalive Configuring the ip and ipv6 unnumbered Configuring the Tunnel allow-remote Configuring the Tunnel Source Anylocal Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP mode.
Dell(conf-if-tu-2)#tunnel mode ipv6ip Dell(conf-if-tu-2)#ipv6 address 2::1/64 Dell(conf-if-tu-2)#no shutdown Dell(conf-if-tu-2)#show config ! interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.
ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel destination 40.1.1.2 tunnel source 40.1.1.1 tunnel keepalive 1.1.1.2 attempts 4 interval 6 tunnel mode ipip no shutdown Configuring the ip and ipv6 unnumbered Dell Networking OS supports configuring the tunnel interface. You can configure the tunnel in ip unnumbered and ipv6 unnumbered command. To configure the tunnel interface to operate without a unique explicit ip/ ipv6 address, select the interface from which the tunnel will borrow its address.
Dell(conf-if-tu-1)#ip address 1.1.1.1/24 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#tunnel allow-remote 40.1.1.2 Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config ! interface Tunnel 1 ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel source 40.1.1.1 tunnel allow-remote 40.1.1.
59 Uplink Failure Detection (UFD) Supported Modes Standalone, PMUX, VLT, Stacking Topics: • Feature Description • How Uplink Failure Detection Works • UFD and NIC Teaming • Important Points to Remember • Uplink Failure Detection (SMUX mode) • Configuring Uplink Failure Detection (PMUX mode) • Clearing a UFD-Disabled Interface (in PMUX mode) • Displaying Uplink Failure Detection • Sample Configuration: Uplink Failure Detection Feature Description UFD provides detection of the loss of upstr
• In Step C, UFD on S1 disables the link to the server. The server then stops using the link to S1 and switches to using its link to S2 to send traffic upstream to R1. NOTE: In Standalone and VLT modes, the UFD group number is 1 by default and cannot be changed. Figure 116. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group.
downstream devices can execute the protection or recovery procedures they have in place to establish alternate connectivity paths, as shown in the following illustration. Figure 117. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state.
Using UFD, you can configure the automatic recovery of downstream ports in an uplink-state group when the link status of an upstream port changes. The tracking of upstream link status does not have a major impact on central processing unit (CPU) usage. UFD and NIC Teaming To implement a rapid failover solution, you can use uplink failure detection on a switch with network adapter teaming on a server. For more information, refer to Network Interface Controller (NIC) Teaming.
• To turn off debugging event messages, use the no debug uplink-state-group [group-id] command. • For an example of debug log message, refer to . Uplink Failure Detection (SMUX mode) In Standalone or VLT modes, by default, all the server-facing ports are tracked by the operational status of the uplink LAG. If the uplink LAG goes down, the aggregator loses its connectivity and is no longer operational.
CONFIGURATION mode uplink-state-group group-id • group-id: values are from 1 to 16. To delete an uplink-state group, use the no uplink-state-group group-id command. 2 Assign a port or port-channel to the uplink-state group as an upstream or downstream interface.
• all: brings down all downstream links in the group. The default is no downstream links are disabled when an upstream link goes down. To revert to the default setting, use the no downstream disable links command. 5 (Optional) Enable auto-recovery so that UFD-disabled downstream ports in the uplink-state group come up when a disabled upstream port in the group comes back up. UPLINK-STATE-GROUP mode downstream auto-recover The default is auto-recovery of UFD-disabled downstream ports is enabled.
EXEC mode clear ufd-disable {interface interface | uplink-state-group group-id} For interface, enter one of the following interface types: • 10 Gigabit Ethernet: enter tengigabitethernet {slot/port | slot/port-range} • Port channel: enter port-channel {1-128 | port-channel-range} • Where port-range and port-channel-range specify a range of ports separated by a dash (-) and/or individual ports/port channels in any order; for example: tengigabitethernet 0/1-2,5,9,11-12 port-channel 1-3,5 • A comma is re
00:11:51: %STKUNIT0-M:CP error-disabled: Te 0/6 00:11:51: %STKUNIT0-M:CP 00:11:51: %STKUNIT0-M:CP 00:11:51: %STKUNIT0-M:CP %IFMGR-5-OSTATE_UP: Downstream interface cleared from UFD %IFMGR-5-OSTATE_UP: Changed interface state to up: Te 0/4 %IFMGR-5-OSTATE_UP: Changed interface state to up: Te 0/5 %IFMGR-5-OSTATE_UP: Changed interface state to up: Te 0/6 Displaying Uplink Failure Detection To display information on the UFD feature, use any of the following commands.
(Up): Interface up (Dwn): Interface down Uplink State Group Defer Timer Upstream Interfaces Downstream Interfaces : : : : 1 10 Po Te Te (Dis): Interface disabled Status: Enabled, Up sec 128(Up) 0/1(Dwn) Te 0/2(Dwn) Te 0/3(Up) Te 0/4(Dwn) Te 0/5(Up) 0/6(Dwn) Te 0/7(Up) Te 0/8(Up) Dell# Example of Viewing Interface Status with UFD Information Dell#show interfaces tengigabitethernet 0/7 TenGigabitEthernet 0/7 is up, line protocol is down (error-disabled[UFD]) Hardware is Force10Eth, address is 00:01:e8:
Sample Configuration: Uplink Failure Detection The following example shows a sample configuration of UFD on a switch/router in which you configure as follows. • • • • • • Configure uplink-state group 3. Add downstream links Gigabitethernet 0/1, 0/2, 0/5, 0/9, 0/11, and 0/12. Configure two downstream links to be disabled if an upstream link fails. Add upstream links Gigabitethernet 0/3 and 0/4. Add a text description for the group. Verify the configuration with various show commands.
Dell#show uplink-state-group detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled Uplink State Group : 3 Status: Enabled, Up Upstream Interfaces : Te 0/3(Dwn) Te 0/4(Up) Downstream Interfaces : Te 0/1(Dis) Te 0/2(Dis) Te 0/5(Up) Te 0/9(Up) Te 0/11(Up) Te 0/12(Up) Uplink Failure Detection (UFD) 906
60 PMUX Mode of the IO Aggregator This chapter provides an overview of the PMUX mode. I/O Aggregator (IOA) Programmable MUX (PMUX) Mode IOA PMUX is a mode that provides flexibility of operation with added configurability. This involves creating multiple LAGs, configuring VLANs on uplinks and the server side, configuring data center bridging (DCB) parameters, and so forth. By default, IOA starts up in IOA Standalone mode.
4 Reboot the IOA by entering the reload command. Dell# reload 5 Repeat the above steps for each member of the IOA in PMUX mode. After system is up, you can see the PMUX mode status: Dell#sh system stack-unit 0 iom-mode Unit Boot-Mode Next-Boot ------------------------------------------------------0 programmable-mux programmable-mux Dell# The IOA is now ready for PMUX operations. Configuring the Commands without a Separate User Account Starting with Dell Networking OS version 9.3(0.
NOTE: When you launch the VLT link, the VLT peer-ship is not established if any of the following is TRUE: • The VLT System-MAC configured on both the VLT peers do not match. • The VLT Unit-Id configured on both the VLT peers are identical. • The VLT System-MAC or Unit-Id is configured only on one of the VLT peers. • The VLT domain ID is not the same on both peers. If the VLT peer-ship is already established, changing the System-MAC or Unit-Id does not cause VLT peer-ship to go down.
coordinating between the two VLT chassis. IGMP and VLT configurations must be identical on both sides of the trunk to ensure the same behavior on both sides. Setting up VLT The following figure shows the sample VLT topology. Figure 118. Sample VLT Topology In PMUX VLT, you can choose any uplink ports for configuring VLT. NOTE: Ensure the connectivity to ToR from each Aggregator. To enable VLT and verify the configuration, follow these steps. 1 Enable VLT in node 1 and 2.
EXEC mode Dell# show interfaces port brief Codes: L - LACP Port-channel O - OpenFlow Controller Port-channel LAG L 127 Mode L2 Status up Uptime 00:18:22 128 L2 up 00:00:00 Ports Fo 0/33 Fo 0/37 Fo 0/41 (Up)<<<<<<<
Configuration Notes When you configure VLT, the following conditions apply. • • VLT domain • A VLT domain supports two chassis members, which appear as a single logical device to network access devices connected to VLT ports through a port channel. • A VLT domain consists of the two core chassis, the interconnect trunk, backup link, and the LAG members connected to attached devices. • Each VLT domain has a unique MAC address that you create or VLT creates automatically.
• When you change the default VLAN ID on a VLT peer switch, the VLT interconnect may flap. • In a VLT domain, the following software features are supported on VLTi: link layer discovery protocol (LLDP), flow control, port monitoring, jumbo frames, and data center bridging (DCB). • When you enable the VLTi link, the link between the VLT peer switches is established if the following configured information is true on both peer switches: • the VLT system MAC address matches.
• • For information about configuring IGMP Snooping in a VLT domain, refer to VLT and IGMP Snooping. • All system management protocols are supported on VLT ports, including SNMP, RMON, AAA, ACL, DNS, FTP, SSH, Syslog, NTP, RADIUS, SCP, TACACS+, Telnet, and LLDP. • Enable Layer 3 VLAN connectivity VLT peers by configuring a VLAN network interface for the same VLAN on both switches. • Dell Networking does not recommend enabling peer-routing if the CAM is full.
role and the other peer must be reassigned as a Secondary Peer. Peer role changes are reported as SNMP traps. VLT Bandwidth Monitoring When bandwidth usage of the VLTi (ICL) exceeds 80%, a syslog error message (shown in the following message) and an SNMP trap are generated. %STKUNIT0-M:CP %VLTMGR-6-VLT-LAG-ICL: Overall Bandwidth utilization of VLT-ICL-LAG (port-channel 25) crosses threshold.
Additionally, ARP entries resulting from station movements from VLT to non-VLT ports or to different nonVLT ports are learned on the non-VLT port and synced with the peer node. The peer node is updated to use the new non-VLT port. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with VLT peers. Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches.
VLT Backup Link ----------------Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.11.200.18 Up 1 3 34998 1026 1025 Dell_VLTpeer2# show vlt backup-link VLT Backup Link ----------------Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.11.200.
Example of the show vlt detail Command Dell_VLTpeer1# show vlt detail Local LAG Id -----------100 127 Peer LAG Id ----------100 2 Local Status Peer Status Active VLANs ------------ ----------- ------------UP UP 10, 20, 30 UP UP 20, 30 Dell_VLTpeer2# show vlt detail Local LAG Id -----------2 100 Peer LAG Id ----------127 100 Local Status -----------UP UP Peer Status ----------UP UP Active VLANs ------------20, 30 10, 20, 30 Example of the show vlt role Command Dell_VLTpeer1# show vlt role VLT Role --
ICL Hello's Sent: ICL Hello's Received: 148 98 Dell_VLTpeer2# show vlt statistics VLT Statistics ---------------HeartBeat Messages Sent: HeartBeat Messages Received: ICL Hello's Sent: ICL Hello's Received: 994 978 89 89 VLT Sample Configurations To configure VLT, configure a backup link and interconnect trunk, create a VLT domain, configure a backup link and interconnect trunk, and connect the peer switches in a VLT domain to an attached access device (switch or server).
NUM Status Description Q Ports 10 Active U Po110(Te 0/5) T Po100(Te 0/6,7) Configuring Virtual Link Trunking (VLT Peer 2) Configure the backup link. Dell_VLTpeer2(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer2(conf-if-ma-0/0)#ip address 10.11.206.35/ Dell_VLTpeer2(conf-if-ma-0/0)#no shutdown Dell_VLTpeer2(conf-if-ma-0/0)#exit Configure the VLT interconnect (VLTi).
channel-member TenGigE 0/1,2 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 67.
Description Behavior at Peer Up Behavior During Run Time Action to Take A syslog error message is generated. A syslog error message is generated. must be sequential on peer units; for example, if Peer 1 is unit ID “0”, Peer 2 unit ID must be “1’. Version ID mismatch A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated. Verify the Dell Networking OS software versions on the VLT peers is compatible.
61 NPIV Proxy Gateway The N-port identifier virtualization (NPIV) Proxy Gateway (NPG) feature provides FCoE-FC bridging capability on the FN 2210S Aggregator, allowing server CNAs to communicate with SAN fabrics over the FN 2210S Aggregator.
An FX2 chassis FC port is configured as an N (node) port that logs in to an F (fabric) port on the upstream FC core switch and creates a channel for N-port identifier virtualization. NPIV allows multiple N-port fabric logins at the same time on a single, physical Fibre Channel link. Converged Network Adapter (CNA) ports on servers connect to the FX2 chassis Ten-Gigabit Ethernet ports and log in to an upstream FC core switch through the N port.
NPIV Proxy Gateway Functionality The Aggregator with the NPG provides the following functionality in a storage area network: • FIP Snooping bridge that provides security for FCoE traffic using ACLs. • FCoE gateway that provides FCoE-to-FC bridging. N-port virtualization using FCoE maps exposes upstream F ports as FCF ports to downstream server-facing ENode ports on the NPG. NPIV Proxy Gateway: Terms and Definitions The following table describes the terms used in an NPG configuration on the Aggregator.
Term Description FC-MAP FCoE MAC-address prefix — The unique 24-bit MAC address prefix in FCoE packets used to generate a fabric-provided MAC address (FPMA). The FPMA is required to send FCoE packets from a server to a SAN fabric. FCoE map Template used to configure FCoE and FC parameters on Ethernet and FC ports in a converged fabric. FCoE VLAN VLAN dedicated to carrying only FCoE traffic between server CNA ports and a SAN fabric. (FCoE traffic must travel in a VLAN.
NOTE: In each FCoE map, the fabric ID, FC-MAP value, and FCoE VLAN must be unique. Use one FCoE map to access one SAN fabric. You cannot use the same FCoE map to access different fabrics. When you configure an Aggregator with the NPG, FCoE transit with FIP snooping is automatically enabled and configured using the parameters in the FCoE map applied to server-facing Ethernet and fabric-facing FC interfaces.
State :Complete PfcMode:ON -------------------PG:0 TSA:ETS BW:30 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS Priorities:4 BW:30 PFC:OFF PG:2 TSA:ETS Priorities:3 BW:40 PFC:ON Default FCoE map Dell(conf)#do show fcoe-map Fabric Name Fabric Id Vlan Id Vlan priority FC-MAP FKA-ADV-Period Fcf Priority Config-State Oper-State Members Fc 0/9 Te 0/4 SAN_FABRIC 1002 1002 3 0efc00 8 128 ACTIVE UP DCB_MAP_PFC_OFF Dell(conf)#do show qos dcb-map DCB_MAP_PFC_OFF ----------------------State :In-Progress PfcMode:O
Creating a DCB Map Configure the priority-based flow control (PFC) and enhanced traffic selection (ETS) settings in a DCB map before you apply them on downstream server-facing ports on an Aggregator. 1 Create a DCB map to specify PFC and ETS settings for groups of dot1p priorities. CONFIGURATION mode dcb-map name 2 Configure the PFC setting (on or off) and the ETS bandwidth percentage allocated to traffic in each priority group.
settings, and apply the new map to the interfaces to override the previous DCB map settings. Then, delete the original dot1p priority-to-priority group mapping. • If you delete the dot1p priority-to-priority group mapping (no priority pgid command) before you apply the new DCB map, the default PFC and ETS parameters are applied on the interfaces. This change may create a DCB mismatch with peer DCB devices and interrupt the network operation.
Creating an FCoE Map An FCoE map consists of: • An association between the dedicated VLAN, used to carry FCoE traffic, and the SAN fabric where the storage arrays are installed. Use a separate FCoE VLAN for each fabric to which the FCoE traffic is forwarded. Any non-FCoE traffic sent on a dedicated FCoE VLAN is dropped. • The FC-MAP value, used to generate the fabric-provided MAC address (FPMA). The FPMA is used by servers to transmit FCoE traffic to the fabric.
6 Enable the monitoring FIP keepalive messages (if it is disabled) to detect if other FCoE devices are reachable. Default: FIP keepalive monitoring is enabled. FCoE MAP mode keepalive 7 Configure the time interval (in seconds) used to transmit FIP keepalive advertisements. Range: 8–90 seconds. Default: 8 seconds. FCoE MAP mode fka-adv-period seconds Applying an FCoE Map on Server-facing Ethernet Ports You can apply multiple FCoE maps on an Ethernet port or port channel.
Applying an FCoE Map on Fabric-facing FC Ports The Aggregator, with the FC ports, are configured by default to operate in N port mode to connect to an F port on an FC switch in a fabric. You can apply only one FCoE map on an FC port. When you apply an FCoE map on a fabric-facing FC port, the FC port becomes part of the FCoE fabric, whose settings in the FCoE map are configured on the port and exported to downstream server CNA ports.
Sample Configuration 1 Configure a DCB map with PFC and ETS settings: Dell(config)# dcb-map SAN_DCB_MAP Dell(config-dcbx-name)# priority-group 0 bandwidth 60 pfc off Dell(config-dcbx-name)# priority-group 1 bandwidth 20 pfc on Dell(config-dcbx-name)# priority-group 2 bandwidth 20 pfc on Dell(config-dcbx-name)# priority-group 4 strict-priority pfc off Dell(conf-dcbx-name)# priority-pgid 0 0 0 1 2 4 4 4 2 Apply the DCB map on a downstream (server-facing) Ethernet port: Dell(config)# interface tengigabiteth
Displaying NPIV Proxy Gateway Information To display information on the NPG operation, use the show commands in the following table: Table 69. Displaying NPIV Proxy Gateway Information Command Description show interfaces status Displays the operational status of Ethernet and Fibre Channel interfaces on the Aggregator with the NPG.
Te 0/11 Te 0/12 Down Down Auto Auto Auto Auto --- Table 70. show interfaces status Field Descriptions Field Description Port Server-facing 10GbE Ethernet (Te), or fabric-facing Fibre Channel (FC) port with slot/port information. Description Text description of port. Status Operational status of port: Ethernet ports - up (transmitting FCoE and LAN storage traffic) or down (not transmitting traffic).
Fc 0/9 Te 0/11 Te 0/12 Table 71. show fcoe-map Field Descriptions Field Description Fabric-Name Name of a SAN fabric. Fabric ID The ID number of the SAN fabric to which FC traffic is forwarded. VLAN ID The dedicated VLAN used to transport FCoE storage traffic between servers and a fabric over the NPG. The configured VLAN ID must be the same as the fabric ID. VLAN priority FCoE traffic uses VLAN priority 3. This setting is not user-configurable.
Table 72. show qos dcb-map Field Descriptions Field Description State Complete: All mandatory DCB parameters are correctly configured. In progress: The DCB map configuration is not complete. Some mandatory parameters are not configured. PFC Mode PFC configuration in the DCB map: On (enabled) or Off. PG Priority group configured in the DCB map. TSA Transmission scheduling algorithm used in the DCB map: Enhanced Transmission Selection (ETS).
Field Description Fabric-Intf Fabric-facing Fibre Channel port (slot/port) on which FC traffic is transmitted to the specified fabric. Fabric-Map Name of the FCoE map containing the FCoE/FC configuration parameters for the server CNA-fabric connection. Login Method Method used by the server CNA to log in to the fabric; for example: FLOGI - ENode logged in using a fabric login (FLOGI). FDISC - ENode logged in using a fabric discovery (FDISC).
Table 74. show npiv devices Field Descriptions Field Description ENode [number] Server CNA that has successfully logged in to a fabric over an Aggregator with the Ethernet port in ENode mode. Enode MAC MAC address of a server CNA port. Enode Intf Port number of a server-facing Ethernet port operating in ENode mode. FCF MAC Fibre Channel forwarder MAC: MAC address of Aggregator with the FCF interface.
Table 75. show fc switch Command Description Field Description Switch Mode Fibre Channel mode of operation of an Aggregator. Default: NPG (configured as an NPIV proxy gateway). Switch WWN Factory-assigned worldwide node (WWN) name of the Aggregator. The Aggregator WWN name is not user-configurable.
62 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes. Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://support.dell.
63 Virtual LANs (VLANs) Dell Networking OS supports virtual LANs (VLANs). VLANs are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices. The Dell Networking operating system (OS) supports up to 4093 port-based VLANs and one default VLAN, as specified in IEEE 802.1Q.
Default VLAN When you configure interfaces for Layer 2 mode, they are automatically placed in the Default VLAN as untagged interfaces. Only untagged interfaces can belong to the Default VLAN. The following example displays the outcome of placing an interface in Layer 2 mode. To configure an interface for Layer 2 mode, use the switchport command.
Port-Based VLANs Port-based VLANs are a broadcast domain defined by different ports or interfaces. In the Dell Networking OS, a port-based VLAN can contain interfaces from different line cards within the chassis. Dell Networking OS supports 4094 port-based VLANs. Port-based VLANs offer increased security for traffic, conserve bandwidth, and allow switch segmentation. Interfaces in different VLANs do not communicate with each other, adding some security to the traffic on those interfaces.
Configuration Task List This section contains the following VLAN configuration tasks. • • • • Creating a Port-Based VLAN (mandatory) Assigning Interfaces to a VLAN (optional) Assigning an IP Address to a VLAN (optional) Enabling Null VLAN as the Default VLAN (optional) Creating a Port-Based VLAN To configure a port-based VLAN, create the VLAN and then add physical interfaces or port channel (LAG) interfaces to the VLAN.
1002 Active Dell# T Te 0/3,13,55-56 Assigning Interfaces to a VLAN You can only assign interfaces in Layer 2 mode to a VLAN using the tagged and untagged commands. To place an interface in Layer 2 mode, use the switchport command. You can further designate these Layer 2 interfaces as tagged or untagged. For more information, refer to the Interfaces chapter and Configuring Layer 2 (Data Link) Mode.
! interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM Status Q Ports * 1 Inactive 2 Active T Po1(So 0/0-1) T Tengig 3/0 3 Active T Po1(So 0/0-1) T Tengig 3/1 4 Active T Po1(So 0/0-1) Dell# When you remove a tagged interface from a VLAN (using the no tagged interface command), it remains tagged only if it is a tagged interface in another VLAN.
Dell(conf)#int vlan 4 Dell(conf-if-vlan)#untagged tengig 3/2 Dell(conf-if-vlan)#show config ! interface Vlan 4 no ip address untagged Tengigabitethernet 3/2 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM Status Q Ports * 1 Inactive 2 Active T Po1(So T Tengig 3 Active T Po1(So T Tengig 4 Active U Tengig Dell# 0/0-1) 3/0 0/0-1) 3/1 3/2 The only way to remove an interface from the Default VLAN is to place the interface in Default mode by using the no switchport command in I
Native VLAN support breaks this barrier so that you can connect a port to both VLAN-aware and VLANunaware stations. Such ports are referred to as hybrid ports. Physical and port-channel interfaces may be hybrid ports. Native VLAN is useful in deployments where a Layer 2 port can receive both tagged and untagged traffic on the same physical port. The classic example is connecting a voice-over-IP (VOIP) phone and a PC to the same port of the switch.
64 Virtual Link Trunking (VLT) Dell Networking OS supports virtual link trunking (VLT). Overview VLT allows physical links between two chassis to appear as a single virtual link to the network core. VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches, and by supporting a loop-free topology. (To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol.
coordinating between the two VLT chassis. IGMP and VLT configurations must be identical on both sides of the trunk to ensure the same behavior on both sides. Figure 120. Virtual Link Trunking Multi-domain VLT A multi-domain VLT (mVLT) configuration creates a port channel between two VLT domains by allowing two different VLT domains, using different VLT Domain ID numbers, connected by a standard LACP LAG to form a loop-free Layer 2 topology in the aggregation layer.
The following figure shows how the core/aggregation port density in the Layer 2 topology is increased using mVLT. For inter-VLAN routing and other Layer 3 routing, a separate Layer 3 router is required. Figure 121. Multi-Domain VLT Example VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches.
Configure Virtual Link Trunking VLT requires that you enable the feature and then configure the same VLT domain, backup link, and VLT interconnect on both peer switches. Important Points to Remember • VLT port channel interfaces must be switch ports. • If you include RSTP on the system, configure it before VLT. Refer to RSTP Configuration. • Ensure that the spanning tree root bridge is at the Aggregation layer.
Configuration Notes When you configure VLT, the following conditions apply. • • VLT domain • A VLT domain supports two chassis members, which appear as a single logical device to network access devices connected to VLT ports through a port channel. • A VLT domain consists of the two core chassis, the interconnect trunk, backup link, and the LAG members connected to attached devices. • Each VLT domain has a unique MAC address that you create or VLT creates automatically.
• ARP entries configured across the VLTi are the same on both VLT peer nodes. • If you shut down the port channel used in the VLT interconnect on a peer switch in a VLT domain in which you did not configure a backup link, the switch’s role displays in the show vlt brief command output as Primary instead of Standalone. • When you change the default VLAN ID on a VLT peer switch, the VLT interconnect may flap.
• • VLT allows multiple active parallel paths from access switches to VLT chassis. • VLT supports port-channel links with LACP between access switches and VLT peer switches. Dell Networking recommends using static port channels on VLTi. • If VLTi connectivity with a peer is lost but the VLT backup connectivity indicates that the peer is still alive, the VLT ports on the Secondary peer are orphaned and are shut down.
the master or backup for all VRRP groups configured on its interfaces. For more information, refer to Setting VRRP Group (Virtual Router) Priority. • • • To verify that a VLT peer is consistently configured for either the master or backup role in all VRRP groups, use the show vrrp command on each peer. • Also configure the same L3 routing (static and dynamic) on each peer so that the L3 reachability and routing tables are identical on both VLT peers.
the root bridge, avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers. • Even with this configuration, if the node has non-VLT ports using RSTP that you did not configure as edge ports and are connected to other Layer 2 switches, spanning tree topology changes are still detected after VLT node recovery. To avoid this scenario, ensure that you configure any non-VLT ports as edge ports or disable RSTP.
PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources. Figure 122.
On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches. This ensures that for first hop routers, the packets from the source are redirected to the designated router (DR) if they are incorrectly hashed.
choose a different VLAN or IP route to reach the PIM neighbor. This can result in issues with multicast route syncing between peers. • Both VLT peers require symmetric Layer 2 and Layer 3 configurations on both VLT peers for any spanned VLAN. • For optimal performance, configure the VLT VLAN routing metrics to prefer VLT VLAN interfaces over non-VLT VLAN interfaces.
VLT unicast is supported on both IPV6 / IPv4 . To enable VLT unicast, both VLT peers must be in L3 mode. Static route and routing protocols such as RIP, OSPF, ISIS, and BGP are supported. However, point-to-point configuration is not supported. To enable VLT unicast, VLAN configuration must be symmetrical on both peers. The same VLAN cannot be configured as Layer 2 on one node and as Layer 3 on the other node.
RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the VLT startup phase. You may also use RSTP for loop prevention in the network outside of the VLT port channel. For information about how to configure RSTP, Rapid Spanning Tree Protocol (RSTP). Run RSTP on both VLT peer switches.
the BPDUs that it receives to the primary VLT switch over the VLT interconnect. Only the primary VLT switch determines the RSTP roles and states on VLT ports and ensures that the VLT interconnect link is never blocked. In the case of a primary VLT switch failure, the secondary switch starts sending BPDUs with its own bridge ID and inherits all the port states from the last synchronization with the primary switch.
Configuring a VLT Interconnect To configure a VLT interconnect, follow these steps. 1 Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command as described in Configuring VLT and Connecting a VLT Domain. NOTE: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned).
{ip address ipv4-address/ mask | ipv6 address ipv6-address/ mask} This is the IP address to be configured on the VLT peer with the back-up destination command. 3 Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 4 Repeat Steps 1 to 3 on the VLT peer switch. To set an amount of time, in seconds, to delay the system from restoring the VLT port, use the delayrestore command at any time. For more information, refer to VLT Port Delayed Restoration.
primary-priority value To reconfigure the primary role of VLT peer switches, use the primary-priority command. To configure the primary role on a VLT peer, enter a lower value than the priority value of the remote peer. The priority values are from 1 to 65535. The default is 32768. 3 (Optional) When you create a VLT domain on a switch, the system automatically creates a VLT-system MAC address used for internal system operations.
3 Place the interface in Layer 2 mode. INTERFACE PORT-CHANNEL mode switchport 4 Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: • 5 10-Gigabit Ethernet: enter tengigabitethernet slot/port. Ensure that the port channel is active.
3 Enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down. VLT DOMAIN CONFIGURATION mode peer-down-vlan vlan interface number The range is from 1 to 4094. Configure Multi-domain VLT (mVLT) (Optional) To configure a multi-domain VLT between two VLT domains on your network, use the following procedure. For a sample configuration, refer to theMulti-domain VLT section.
VLT DOMAIN CONFIGURATION mode system-mac mac-address mac-address Use the system-mac command to explicitly configure the default MAC address for the domain by entering a new MAC address in the format: aaaa.bbbb.cccc. You must also reconfigure the same MAC address on the VLT peer switch. Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots.
INTERFACE mode port-channel-protocol lacp 14 Configure the LACP port channel mode. INTERFACE mode port-channel number mode [active] 15 Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 16 Repeat steps 1 through 15 for the VLT peer node in Domain 1. 17 Repeat steps 1 through 15 for the first VLT node in Domain 2. 18 Repeat steps 1 through 15 for the VLT peer node in Domain 2.
EXEC mode • show spanning-tree rstp Display the current status of a port or port-channel interface used in the VLT domain. EXEC mode show interfaces interface • interface: specify one of the following interface types: • Fast Ethernet: enter fastethernet slot/port. • 10-Gigabit Ethernet: enter tengigabitethernet slot/port. • Port channel: enter port-channel {1-128}.
Example of the show vlt detail Command Dell_VLTpeer1# show vlt detail Local LAG Id -----------100 127 Peer LAG Id ----------100 2 Local Status Peer Status Active VLANs ------------ ----------- ------------UP UP 10, 20, 30 UP UP 20, 30 Dell_VLTpeer2# show vlt detail Local LAG Id -----------2 100 Peer LAG Id ----------127 100 Local Status -----------UP UP Peer Status ----------UP UP Active VLANs ------------20, 30 10, 20, 30 Example of the show vlt role Command Dell_VLTpeer1# show vlt role VLT Role --
Dell_VLTpeer2# show vlt statistics VLT Statistics ---------------HeartBeat Messages Sent: HeartBeat Messages Received: ICL Hello's Sent: ICL Hello's Received: 994 978 89 89 Example of the show spanning-tree rstp Command The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is used in the VLT interconnect trunk (VLTi) to connect to VLT peer2. Port channels 110, 111, and 120 are used to connect to access switches or servers (vlt).
Connecting a VLT Domain To connect a VLT domain to an attached access device, use the following commands. For more information, refer to Verifying a VLT Configuration. 1 Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. VLT DOMAIN vlt domain domain id 2 Configure the VLTi between VLT peer 1 and VLT peer 2. LACP/Static LAG can be configured between the peer units (not shown).
show vlt brief show vlt detail 10 Verify the VLT LAG is running in both VLT peer units. EXEC mode or EXEC Privilege show interfaces interface In the following sample VLT configuration steps, VLT peer 1 is FN IOM-2, VLT peer 2 is FN IOM-4, and the ToR is FN IOM-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if the VLT peers are rebooted.
In the following example, port Te 0/40 in VLT peer 1 is connected to Te 0/48 of TOR and port Te 0/18 in VLT peer 2 is connected to Te 0/50 of TOR. 1 Configure the static LAG/LACP between ports connected from VLT peer 1 and VLT peer 2 to the top of rack unit. 2 Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. 3 In the top of rack unit, configure LACP in the physical ports (shown for VLT peer 1 only. Repeat steps for VLT peer 2.
interface TenGigabitEthernet 0/48 no ip address ! port-channel-protocol LACP port-channel 100 mode active fniom-1#show running-config interface tengigabitethernet 0/50 ! interface TenGigabitEthernet 0/50 no ip address ! port-channel-protocol LACP port-channel 100 mode active no shutdown fniom-1# fniom-1#show running-config interface port-channel 100 ! interface Port-channel 100 no ip address switchport no shutdown fniom-1# fniom-1#show interfaces port-channel 100 brief Codes: L - LACP Port-channel LAG Mode
L 2 L2L3 up 03:43:24 Te 0/40 (Up) fniom-2# fniom-4#show interfaces port-channel 2 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 2 L2L3 up 03:33:31 Te 0/18 (Up) fniom-4# PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during the VLT startup phase. You may also use PVST+ for loop prevention in the network outside of the VLT port channel.
We are the root of Vlan 1000 Configured hello time 2, max age 20, forward delay 15 Interface Designated Name ---------Po 1 Po 2 Te 0/100 Te 0/103 Interface Name ---------Po 1 Po 2 Te 0/100 Te 0/103 Dell# PortID -------128.2 128.3 128.230 128.233 Role -----Desg Desg Desg Desg Prio ---128 128 128 128 Cost -----188 2000 2000 2000 PortID -------128.2 128.3 128.230 128.
mVLT Configuration Example The following example demonstrates the steps to configure multi-domain VLT (mVLT) in a network. In this example there are two domains being configured. Domain 1 consists of Peer 1 and Peer 2; Domain 2 consists of Peer 3 and Peer 4 as shown. Figure 123. mVLT Configuration Example In Domain 1, configure Peer 1 first, then configure Peer 2. When that is complete, perform the same steps for the peer nodes in Domain 2. The interface used in this example is TenGigabitEthernet.
Domain_1_Peer1(conf-vlt-domain)#back-up destination 10.16.130.
In Domain 2, configure the VLT domain and VLTi on Peer 3 Domain_2_Peer3#configure Domain_2_Peer3(conf)#interface port-channel 1 Domain_2_Peer3(conf-if-po-1)#channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer3#no shutdown Domain_2_Peer3(conf)#vlt domain 200 Domain_2_Peer3(conf-vlt-domain)#peer-link port-channel 1 Domain_2_Peer3(conf-vlt-domain)#back-up destination 10.18.130.
Add links to the mVLT port-channel on Peer 4 Domain_2_Peer4(conf)#interface range tengigabitethernet 0/31 - 32 Domain_2_Peer4(conf-if-range-te-0/16-17)#port-channel-protocol LACP Domain_2_Peer4(conf-if-range-te-0/16-17)#port-channel 100 mode active Domain_2_Peer4(conf-if-range-te-0/16-17)#no shutdown PIM-Sparse Mode Configuration Example The following sample configuration shows how to configure the PIM Sparse mode designated router functionality on the VLT domain with two VLT port-channels that are members
Additional VLT Sample Configurations To configure VLT, configure a backup link and interconnect trunk, create a VLT domain, configure a backup link and interconnect trunk, and connect the peer switches in a VLT domain to an attached access device (switch or server). Review the following examples of VLT configurations. Configuring Virtual Link Trunking (VLT Peer 1) Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi).
Configuring Virtual Link Trunking (VLT Peer 2) Enable VLT and create a VLT domain with a backup-link VLT interconnect (VLTi). Dell_VLTpeer2(conf)#vlt domain 999 Dell_VLTpeer2(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer2(conf-vlt-domain)#back-up destination 10.11.206.23 Dell_VLTpeer2(conf-vlt-domain)#exit Configure the backup link. Dell_VLTpeer2(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer2(conf-if-ma-0/0)#ip address 10.11.206.
switchport channel-member tengigabitethernet 1/18,22 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 76.
Description Behavior at Peer Up Behavior During Run Time Spanning tree mismatch at port level A syslog error message is generated. A one-time informational Correct the spanning tree syslog message is configuration on the generated. ports. System MAC mismatch A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated. Verify that the unit ID of VLT peers is not the same on both units and that the MAC address is the same on both units.
ports within the same VLAN. A PVLAN partitions a traditional VLAN into sub-domains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy mechanism, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve maximum VLT resiliency, you should configure the PVLAN IDs and mappings to be identical on both the VLT peer nodes. The association of PVLAN with the VLT LAG must also be identical.
verifying the PVLAN parity on both the peers. In such a case, if a PVLAN is present as a VLT PVLAN on at least one of the peers, then symmetric configuration of the PVLAN is validated to cause the VLTi to be a member of that VLAN. Whenever a change in the VLAN mode on one of the peers occurs, the information is synchronized with the other peer and VLTi is either added or removed from the VLAN based on the validation of the VLAN parity.
PVLAN Operations When a VLT Peer is Restarted When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back online, a verification is performed with the newly received PVLAN configuration from the peer. If any differences are identified, the VLTi link is either added or removed from the VLAN. When the peer node restarts and returns online, all the PVLAN configurations are exchanged across the peers.
Table 77.
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer1 Peer2 - Primary VLAN X - Primary VLAN X Yes Yes Secondary (Isolated) Secondary (Isolated) No No - Primary VLAN X - Primary VLAN Y No No Secondary (Community) Secondary (Community) No No - Primary VLAN Y - Primary VLAN X No No Promiscuou Access s Primary Secondary No No Trunk Primary/Normal Secondary No No Access Access Peer2 Access Access Access Configuring a VLT VLAN or LAG in a
3 Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: • 1-Gigabit Ethernet: Enter gigabitethernet slot/port. • 10-Gigabit Ethernet: Enter tengigabitethernet slot/port. 4 Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 5 To configure the VLT interconnect, repeat Steps 1–4 on the VLT peer switch. 6 Enter VLT-domain configuration mode for a specified VLT domain.
4 Select the PVLAN mode. INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • • • 5 host (isolated or community VLAN port) promiscuous (intra-VLAN communication port) trunk (inter-switch PVLAN hub port) Access INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces. CONFIGURATION mode interface vlan vlan-id 6 Enable the VLAN.
Layer 3 VLT provides a higher resiliency at the Layer 3 forwarding level. VLT peer routing enables you to replace VRRP with routed VLT to route the traffic from Layer 2 access nodes. With proxy ARP, hosts can resolve the MAC address of the VLT node even when VLT node is down.
Proxy ARP is enabled only if peer routing is enabled on both the VLT peers. If you disable peer routing by using the no peer-routingcommand in VLT DOMAIN node, a notification is sent to the VLT peer to disable the proxy ARP. If peer routing is disabled when ICL link is down, a notification is not sent to the VLT peer and in such a case, the VLT peer does not disable the proxy ARP operation.
unit-id 0 Dell# Configure VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 ! interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)
Dell(conf-vlt-domain)#unit-id 1 Dell(conf-vlt-domain)# Dell#show running-config vlt vlt domain 1 peer-link port-channel 1 back-up destination 10.16.151.
65 Virtual Router Redundancy Protocol (VRRP) Dell Networking OS supports virtual router redundancy protocol (VRRP). VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN). The MASTER router is chosen from the virtual routers by an election process and forwards packets sent to the next hop IP address.
For more detailed information about VRRP, refer to RFC 2338, Virtual Router Redundancy Protocol. Figure 124. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single pointof-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables.
Default VRRP settings may affect the maximum number of groups that you can configure and work efficiently, as a result of hardware throttling VRRP advertisement packets reaching the CP on the switch. To avoid throttling VRRP advertisement packets, Dell Networking recommends increasing the VRRP advertisement interval to a value higher than the default value of 1 second.
• Create a virtual router for that interface with a VRID. INTERFACE mode vrrp-group vrid The VRID range is from 1 to 255. NOTE: The interface must already have a primary IP address defined and be enabled, as shown in the second example. Delete a VRRP group.
3 Set all the switches from both to version 3. NOTE: Do not run VRRP version 2 and version 3 in the same group for an extended period of time Example: Migrating an IPv4 VRRP Group from VRRPv2 to VRRPv3 NOTE: Carefully following this procedure, otherwise you might introduce dual master switches issues. To migrate an IPv4 VRRP Group from VRRPv2 to VRRPv3: 1 Set the backup switches to VRRP version to both. 2 Set the master switch to VRRP protocol version 3. 3 Set the backup switches to version 3.
virtual-address ip-address1 [...ip-address12] The range is up to 12 addresses. Example of the virtual-address Command Dell(conf-if-te-1/1-vrid-111)#virtual-address 10.10.10.1 Dell(conf-if-te-1/1-vrid-111)#virtual-address 10.10.10.2 Dell(conf-if-te-1/1-vrid-111)#virtual-address 10.10.10.3 Dell(conf-if-te-1/1-vrid-111)# Example of Verifying the Virtual IP Address Configuration NOTE: In the following example, the primary IP address and the virtual IP addresses are on the same subnet.
Setting VRRP Group (Virtual Router) Priority Setting a virtual router priority to 255 ensures that router is the “owner” virtual router for the VRRP group. VRRP elects the MASTER router by choosing the router with the highest priority. The default priority for a virtual router is 100. The higher the number, the higher the priority. If the MASTER router fails, VRRP begins the election process to choose a new MASTER router based on the next-highest priority.
NOTE: You must configure all virtual routers in the VRRP group the same: you must enable authentication with the same password or authentication is disabled. To configure simple authentication, use the following command. NOTE: Authentication for VRRPv3 is not supported. • Configure a simple text password. INTERFACE-VRID mode authentication-type simple [encryption-type] password Parameters: • encryption-type: 0 indicates unencrypted; 7 indicates encrypted. • password: plain text.
Example of Disabling Preempt Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)#no preempt Dell(conf-if-te-1/1-vrid-111)#show conf Example of Verifying Preempt is Disabled Dell(conf-if-te-1/1-vrid-111)#show conf ! vrrp-group 111 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.
Example of the advertise-interval Command Example of Verifying the Configured Advertisement Interval The following example shows how to change the advertise interval using the advertise-interval command.
Tracking an Interface To track an interface, use the following commands. NOTE: The sum of all the costs for all tracked interfaces must be less than the configured priority of the VRRP group. • Monitor an interface and, optionally, set a value to be subtracted from the interface’s VRRP group priority. INTERFACE-VRID mode track interface [priority-cost cost] The cost range is from 1 to 254. • The default is 10.
5 changes, last change 00:02:16 Metric threshold down 255 up 254 First-hop interface is GigabitEthernet 13/2 Tracked by: VRRP GigabitEthernet 7/30 IPv6 VRID 1 Track 3 IPv6 route 2050::/64 reachability Reachability is Up (STATIC) 5 changes, last change 00:02:16 First-hop interface is GigabitEthernet 13/2 Tracked by: VRRP GigabitEthernet 7/30 IPv6 VRID 1 Example of Viewing VRRP Configuration on an Interface Dell#show running-config interface tengigabitethernet 1/3 ! interface TenGigabitEthernet 1/3 ip address
The seconds range is from 0 to 900. • The default is 0. Set the delay time for VRRP initialization on all the interfaces in the system configured for VRRP. INTERFACE mode vrrp delay reload seconds This time is the gap between system boot up completion and VRRP enabling. The seconds range is from 0 to 900. The default is 0. Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP.
you make the necessary changes. The VRRP topology was created using the CLI configuration shown in the following example. Figure 125. VRRP for IPv4 Topology Example of Configuring VRRP for IPv4 R2(conf)#int tengig 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf ! interface Tengigabitethernet 2/31 ip address 10.1.1.
vrrp-group 99 priority 200 virtual-address 10.1.1.3 no shutdown R2(conf-if-te-2/31)#end R2#show vrrp -----------------Tengigabitethernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.3 Authentication: (none) R2# Router 3 R3(conf)#int tengig 3/21 R3(conf-if-te-3/21)#ip address 10.1.1.
66 Debugging and Diagnostics This chapter contains the following sections:.
Debugging Aggregator Operation This section describes common troubleshooting procedures to use for error conditions that may arise during Aggregator operation. All interfaces on the Aggregator are operationally down This section describes how you can troubleshoot the scenario in which all the interfaces are down. Symptom: All Aggregator interfaces are down. Resolution: Ensure the port channel 128 is up and that the Aggregator-facing port channel on the top-ofrack switch is correctly configured.
Broadcast, unknown multicast, and DLF packets switched at a very low rate Symptom: Broadcast, unknown multicast, and DLF packets are switched at a very low rate. By default, broadcast storm control is enabled on an Aggregator and rate limits the transmission of broadcast, unknown multicast, and DLF packets to 1Gbps. This default behavior is designed to avoid unnecessarily flooding these packets on all (4094) VLANs on all Aggregator interfaces (default configuration).
802.1QTagged: Hybrid SMUX port mode: Auto VLANs enabled Vlan membership: Q Vlans U 1 T 2-4094 Native VlanId: 2 1 Assign the port to a specified group of VLANs (vlan tagged command) and re-display the port mode status..
System Type: PE-FN-410S-IOA Control Processor: MIPS RMI XLP with 2147483648 bytes of memory, core(s) 1. 128M bytes of boot flash memory. 1 12-port GE/TE (FN) 12 Ten GigabitEthernet/IEEE 802.3 interface(s) Dell# Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications.
You cannot enter this command on a MASTER or Standby stack unit. NOTE: The system reboots when the offline diagnostics complete. This is an automatic process. The following warning message appears when you implement the offline stack-unit command: Warning - offline of unit will bring down all the protocols and the unit will be operationally down, except for running Diagnostics. Please make sure that stacking/fanout not configured for Diagnostics execution.
Auto Save on Crash or Rollover Exception information for MASTER or standby units is stored in the flash:/TRACE_LOG_DIR directory. This directory contains files that save trace information when there has been a task crash or timeout. • • On a MASTER unit, you can reach the TRACE_LOG_DIR files by FTP or by using the show file command from the flash://TRACE_LOG_DIR directory. On a Standby unit, you can reach the TRACE_LOG_DIR files only by using the show file command from the flash://TRACE_LOG_DIR directory.
• View the forwarding plane statistics containing the packet buffer usage per port per stack unit. EXEC Privilege mode • show hardware stack-unit {0-5} buffer unit {0-1} port {1-64 | all} buffer-info View the forwarding plane statistics containing the packet buffer statistics per COS per port.
EXEC Privilege mode show hardware stack-unit {0-5} unit {0-0} table-dump {table name} Environmental Monitoring Aggregator components use environmental monitoring hardware to detect transmit power readings, receive power readings, and temperature updates. To receive periodic power updates, you must enable the following command. • Enable environmental monitoring.
When the system detects a genuine over-temperature condition, it powers off the card. To recognize this condition, look for the following system messages: CHMGR-2-MAJOR_TEMP: Major alarm: chassis temperature high (temperature reaches or exceeds threshold of [value]C) CHMGR-2-TEMP_SHUTDOWN_WARN: WARNING! temperature is [value]C; approaching shutdown threshold of [value]C To view the programmed alarm thresholds levels, including the shutdown value, use the show alarms threshold command.
Recognize an Under-Voltage Condition If the system detects an under-voltage condition, it sends an alarm. To recognize this condition, look for the following system message: %CHMGR-1-CARD_SHUTDOWN: Major alarm: Line card 2 down - auto-shutdown due to under voltage. This message indicates that the specified card is not receiving enough power. In response, the system first shuts down Power over Ethernet (PoE).
OID String OID Name Description .1.3.6.1.4.1.6027.3.27.1.6 dellNetFpStatsPerCOSTable View the forwarding plane statistics containing the packet buffer statistics per COS per port. Buffer Tuning Buffer tuning allows you to modify the way your switch allocates buffers from its available memory and helps prevent packet drops during a temporary burst of traffic. The application-specific integrated circuit (ASICs) implement the key functions of queuing, feature lookups, and forwarding lookups in hardware.
• Dynamic Cell Limit Per port = 59040/29 = 2036 cells Figure 126. Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is bursty (and coming from several interfaces). In this case: • Reduce the dedicated buffer on all queues/interfaces.
• buffer-profile csf csqueue Change the dedicated buffers on a physical interface. BUFFER PROFILE mode • buffer dedicated Change the maximum number of dynamic buffers an interface can request. BUFFER PROFILE mode • buffer dynamic Change the number of packet-pointers per queue. BUFFER PROFILE mode • buffer packet-pointers Apply the buffer profile to a CSF to FP link.
Dynamic buffer 194.88 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 2.50 256 1 2.50 256 2 2.50 256 3 2.50 256 4 9.38 256 5 9.38 256 6 9.38 256 7 9.
Dell Networking OS Behavior: After you configure buffer-profile global 1Q, the message displays during every bootup. Only one reboot is required for the configuration to take effect; afterward you may ignore this bootup message. Dell Networking OS Behavior: The buffer profile does not returned to the default, 4Q. If you configure 1Q, save the running-config to the startup-config, and then delete the startup-config and reload the chassis.
! interface TenGigabitEthernet 0/10 Troubleshooting Packet Loss The show hardware stack-unit command is intended primarily to troubleshoot packet loss. To troubleshoot packet loss, use the following commands.
UNIT No: 1 Total Ingress Drops :0 Total IngMac Drops :0 Total Mmu Drops :0 Total EgMac Drops :0 Total Egress Drops :0 Dell#show hardware stack-unit 0 drops unit 0 Port# :Ingress Drops :IngMac Drops :Total Mmu Drops :EgMac Drops :Egress Drops 1 0 0 0 0 0 2 0 0 0 0 0 3 0 0 0 0 0 4 0 0 0 0 0 5 0 0 0 0 0 6 0 0 0 0 0 7 0 0 0 0 0 8 0 0 0 0 0 Example of show hardware drops interface interface Dell#show hardware drops interface tengigabitethernet 2/1 Drops in Interface Te 2/1: --- Ingress Drops --Ingress Drops IBP
IPv4 L3UC Aged & Drops TTL Threshold Drops INVALID VLAN CNTR Drops L2MC Drops PKT Drops of ANY Conditions Hg MacUnderflow TX Err PKT Counter --- Error counters--Internal Mac Transmit Errors Unknown Opcodes Internal Mac Receive Errors : : : : : : : 0 0 0 0 0 0 0 : 0 : 0 : 0 Dataplane Statistics The show hardware stack-unit cpu data-plane statistics command provides insight into the packet types coming to the CPU.
txPkt(COS6) txPkt(COS7) txPkt(UNIT0) :0 :0 :0 The show hardware stack-unit cpu party-bus statistics command displays input and output statistics on the party bus, which carries inter-process communication traffic between CPUs Example of Viewing Party Bus Statistics Dell#show hardware stack-unit 2 cpu party-bus statistics Input Statistics: 27550 packets, 2559298 bytes 0 dropped, 0 errors Output Statistics: 1649566 packets, 1935316203 bytes 0 errors Displaying Stack Port Statistics The show hardware stack-
Dell(conf)#no disable You must enable this utility to be able to configure the parameters for buffer statistics tracking. By default, buffer statistics tracking is disabled. 2 Enable the buffer statistics tracking utility and enter the Buffer Statistics Snapshot configuration mode. CONFIGURATION mode Dell(conf)#buffer-stats-snapshot Dell(conf)#no disable You must enable this utility to be able to configure the parameters for buffer statistics tracking. By default, buffer statistics tracking is disabled.
--------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 29 (interface Fo 1/172) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 33 (interface Fo 1/176) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 37 (interface Fo 1/180) -----------------------
Restoring the Factory Default Settings Restoring factory defaults deletes the existing NVRAM settings, startup configuration and all configured settings such as stacking or fanout. To restore the factory default settings, use the restore factory-defaults stack-unit {0-5 | all} {clear-all | nvram} command in EXEC Privilege mode. CAUTION: There is no undo for this command. Important Points to Remember • When you restore all the units in a stack, all units in the stack are placed into stand-alone mode.
67 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click “Browse and search IETF documents,” enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
RFC and I-D Compliance The Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 81.
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 82.
RFC# Full Name 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2 2024 Definitions of Managed Objects for Data Link Switching using SMIv2 2096 IP Forwarding Table MIB 2570 Introduction and Applicability Statements for Internet Standard Management Framework 2571 An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks 2572 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) 2574 User-based Se
RFC# Full Name 2865 Remote Authentication Dial In User Service (RADIUS) 3273 Remote Network Monitoring Management Information Base for High Capacity Networks (64 bits): Ethernet Statistics High-Capacity Table, Ethernet History High-Capacity Table 3416 Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) 3418 Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) 3434 Remote Monitoring MIB Extensions for High Capacity Alarms, High-Capa
RFC# Full Name FORCE10-FIPS NOOPING-MI B Force10 FIP Snooping MIB (Based on T11-FCoE-MIB mentioned in FC-BB-5) FORCE10-DCB -MIB Force10 DCB MIB IEEE 802.1Qaz Management Information Base extension module for IEEE 802.1 organizationally defined discovery information (LDPEXT-DOT1-DCBX-MIB) IEEE 802.1Qbb Priority-based Flow Control module for managing IEEE 802.1Qbb MIB Location You can find Force10 MIBs under the Force10 MIBs subhead on the Documentation page of iSupport: https://www.force10networks.
68 FC Flex IO Modules This part provides a generic, broad-level description of the operations, capabilities, and configuration commands of the Fiber Channel (FC) Flex IO module. FC Flex IO Module mentioned in this guide refers to FCF Port Combo Card.
Ethernet local area network (LAN) (IP cloud) for data — as well as FC links to one or more storage area network (SAN) fabrics. Although the FN IOM can act as a FIP snooping bridge (FSB) to provide FCoE transit switch capabilities, the salient and significant advantage of deploying the FC Flex IO module is to enable more streamlined and cohesive FCoE N-port identifier virtualization (NPIV) proxy gateway functionalities. The NPIV proxy gateway (NPG) provides FCoE-FC bridging behavior.
You can configure one of the following upstream (fabric-facing) FC ports: • Two 40GbE and eight 8GB FC ports • Four 40GbE and four 8GB FC ports • Two 40GbE, four 10GbE, and four 8GB FC ports • Two 40GbE, four 10GBASE-T, and four 8GB FC ports FC Flex IO Module Capabilities and Operations The FC Flex IO module has the following characteristics: • You can install one or two FC Flex IO modules on the FN IOM. Each module supports four FC ports.
automatically loading pre-defined configurations and boot images that are stored in file servers. You can use BMP on a single switch or on multiple switches. • FC Flex IOM module is a field-replaceable unit (FRU). Its memory type is electrically erasable programmable read-only memory (EEPROM), which enables it to save manufacturing information, such as the serial number. It is hot-swappable, assuming that the module that is removed is replaced by the same type of module in that same slot.
Installing the Optics The following optical ports are supported on the FC Flex IO module using one of the supported breakout cables: • 4G or 8G Fibre Channel small form-factor pluggable plus (SFP+) optics module and LC connectors over a distance of 150 meters. • 4G or 8G Fibre Channel SFP+ optics module and LC connectors over a distance of 4 km. CAUTION: Electrostatic discharge (ESD) damage can occur if the components are mishandled.
from the end-device. In addition, the FIP application periodically sends advertisement packets to the enddevices for each FCF that is part of the NPIV proxy gateway. On FN IOM switches, you can configure the switch to operate in FIP Snooping or NPIV mode. If the FN IOM Switch functions in the NPIV mode and you attempt to set the uplink port to be an FCF or a bridge port, a warning message displays and the settings are not saved.
Installing and Configuring the Switch After you unpack the FN IOM, refer to the flow chart in the following figure for an overview of the steps you must follow to install the blade and perform the initial configuration. Figure 127. Installing and Configuring Flowchart for FC Flex IO Modules To see if a switch is running the latest Dell Networking OS version, use the show version command. To download a Dell Networking OS version, go to http://support.dell.com.
Installation Site Preparation Before installing the switch or switches, make sure that the chosen installation location meets the following site requirements: • Clearance — There is adequate front and rear clearance for operator access. Allow clearance for cabling, power connections, and ventilation. • Cabling — The cabling is routed to avoid sources of electrical noise such as radio transmitters, broadcast amplifiers, power lines, and fluorescent lighting fixtures.
Interconnectivity of FC Flex IO Modules with Cisco MDS Switches In a network topology that contains Cisco MDS switches, FC Flex IO modules that are plugged into the FN IOM switches enable interoperation for a robust, effective deployment of the NPIV proxy gateway and FCoEFC bridging behavior. In an environment that contains FC Flex IO modules and Cisco MDS switches, perform the following steps: • Insert the FC Flex IO module into any of the optional module slots of the FN IOM Switch and reload the switch.
The following figures illustrate two deployment scenarios of configuring FC Flex IO modules: Figure 128. Case 1: Deployment Scenario of Configuring FC Flex IO Modules Figure 129. Case 2: Deployment Scenario of Configuring FC Flex IO Modules Data Center Bridging (DCB) Data center bridging (DCB) is supported on the FC Flex IO module installed in the FN IOM.
Ethernet Enhancements in Data Center Bridging The following section describes DCB. • The device supports the following DCB features: • Data center bridging exchange protocol (DCBx) • Priority-based flow control (PFC) • Enhanced transmission selection (ETS) DCB refers to a set of IEEE Ethernet enhancements that provide data centers with a single, robust, converged network to support multiple traffic types, including local area network (LAN), server, and storage traffic.
• Data Center Bridging Exchange (DCBx) protocol NOTE: In the Dell Networking OS version 8.3.12.0, only the PFC, ETS, and DCBx features are supported in data center bridging. Priority-Based Flow Control In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to congestion.
priorities configured). If you do not enable PFC on an interface, you can enable the 802.3x linklevel pause function. By default, the link-level pause is disabled. • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation. • PFC uses the DCB MIB IEEE802.1azd2.5 and the PFC MIB IEEE802.1bb-d2.2.
Traffic Groupings Description traffic in a group must have the same traffic handling requirements for latency and frame loss. Group ID A 4-bit identifier assigned to each priority group. The range is from 0 to 7. Group bandwidth Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of queue scheduling a priority group uses. In the Dell Networking OS, ETS is implemented as follows: • • • • ETS supports groups of 802.
Example: priority-group priority-group priority-group priority-group 0 1 2 4 bandwidth 60 pfc off bandwidth 20 pfc on bandwidth 20 pfc on strict-priority pfc off Repeat this step to configure PFC and ETS traffic handling for each priority group. 3 Specify the dot1p priority-to-priority group mapping for each priority. Priority-group range: 0 to 7.
dcb-map name Dell# interface tengigabitEthernet 0/0 Dell(config-if-te-0/0)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port.You cannot apply a DCB map on an interface that has been already configured for PFC using thepfc priority command or which is already configured for lossless queues (pfc no-drop queues command).
interfacetengigabitEthernet slot/port 2 Open a DCB map and enter DCB map configuration mode. INTERFACE mode dcb-map name 3 Disable PFC. DCB MAP mode no pfc mode on 4 Return to interface configuration mode. DCB MAP mode exit 5 Apply the DCB map, created to disable the PFC operation, on the interface. INTERFACE mode dcb-map {name | default} 6 Configure the port queues that still function as no-drop queues for lossless traffic.
Data Center Bridging in a Traffic Flow The following figure shows how DCB handles a traffic flow on an interface. Figure 132. DCB PFC and ETS Traffic Handling Enabling Data Center Bridging Data center bridging is enabled by default on an FN IOM to support converged enhanced Ethernet (CEE) in a data center network.
To disable or re-enable DCB on a switch, enter the following commands. 1 Disable DCB. CONFIGURATION mode no dcb enable 2 Re-enable DCB. CONFIGURATION mode dcb enable NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. After you disable DCB, if link-level flow control is not automatically enabled on an interface, to enable flow control, manually shut down the interface (the shutdown command) and re-enable it (the no shutdown command).
dot1p Value in the Incoming Frame Egress Queue Assignment 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 NOTE: If you reconfigure the global dot1p-queue mapping, an automatic re-election of the DCBX configuration source port is performed (refer to Configuration Source Election). Configure Enhanced Transmission Selection ETS provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs.
• • If there is a hardware limitation or TLV error: • DCBx operation on an ETS port goes down. • New ETS configurations are ignored and existing ETS configurations are reset to the previously configured ETS output policy on the port or to the default ETS settings if no ETS output policy was previously applied. ETS operates with legacy DCBx versions as follows: • In the CEE version, the priority group/traffic class group (TCG) ID 15 represents a non-ETS priority group.
Dell(conf-qos-policy-out)#scheduler strict NOTE: You can not use scheduler strict when bandwidth percentage is configured. It displays an error message. Dell(conf-qos-policy-out)#bandwidth-percentage 100 Dell(conf-qos-policy-out)#scheduler strict % Error: Strict priority scheduler mode is not allowed when bandwidthpercentage is configured on qos-policy-output profile. Dell(conf-qos-policy-out)#scheduler strict ? 5 Exit QoS Output Policy Configuration mode.
• Detects DCB mis-configuration in a peer device; that is, when DCB features are not compatibly configured on a peer device and the local switch. Mis-configuration detection is feature-specific because some DCB features support asymmetric configuration. • Reconfigures a peer device with the DCB configuration from its configuration source if the peer device is willing to accept configuration.
administrator must then reconfigure the peer device so that it advertises a compatible DCB configuration. The internally propagated configuration is not stored in the switch’s running configuration. On a DCBX port in an auto-downstream role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. Configuration source The port is configured to serve as a source of configuration information on the switch.
DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced transmission selection (ETS) and priority-based flow control (PFC) DCB features. DCBx uses the following methods to exchange DCB configuration parameters: Asymmetric DCB parameters are exchanged between a DCBx-enabled port and a peer port without requiring that a peer port and the local port use the same configured values for the configurations to be compatible.
NOTE: DCB configurations internally propagated from a configuration source do not overwrite the configuration on a DCBx port in a manual role. When a configuration source is elected, all auto-upstream ports other than the configuration source are marked as willing disabled. The internally propagated DCB configuration is refreshed on all auto-configuration ports and each port may begin configuration negotiation with a DCBx peer again.
On the FN IOM switch, PFC and ETS use DCBx to exchange link-level configuration with DCBx peer devices. Figure 133.
Configuring DCBx To configure DCBx, follow these steps. For DCBx, to advertise DCBx TLVs to peers, enable LLDP. For more information, refer to Link Layer Discovery Protocol (LLDP). Configure DCBx operation at the interface level on a switch or globally on the switch. To configure an FN IOM switch for DCBx operation in a data center network, you must: 1 Configure ToR- and FCF-facing interfaces as auto-upstream ports. 2 Configure server-facing interfaces as auto-downstream ports.
[no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [ets-conf | ets-reco | pfc] • ets-conf: enables the advertisement of ETS Configuration TLVs. • ets-reco: enables the advertisement of ETS Recommend TLVs. • pfc enables: the advertisement of PFC TLVs. The default is All PFC and ETS TLVs are advertised. NOTE: You can configure the transmission of more than one TLV type at a time; for example, advertise DCBx-tlv ets-conf ets-reco.
• cee: configures a port to use CEE (Intel 1.01). cin configures a port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5: configures a port to use IEEE 802.1Qaz (Draft 2.5). The default is Auto. NOTE: To configure the DCBx port role the interfaces use to exchange DCB information, use the DCBx port-role command in INTERFACE Configuration mode (Step 3). 4 Configure the PFC and ETS TLVs that advertise on unconfigured interfaces with a manual port-role.
[no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x10. DCBx Error Messages The following syslog messages appear when an error in DCBx operation occurs. LLDP_MULTIPLE_PEER_DETECTED: DCBx is operationally disabled after detecting more than one DCBx peer on the port interface. LLDP_PEER_AGE_OUT: DCBx is disabled as a result of LLDP timing out on a DCBx peer interface.
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 85. Displaying DCB Configurations Command Output show dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number] Displays the data center bridging status, number of PFC-enabled ports, and number of PFC-enabled queues. On the master switch in a stack, you can specify a stack-unit number. The range is from 0 to 5.
Example of the show dot1p-queue mapping Command Example of the show dcb Command Example of the show interfaces pfc summary Command Example of the show interface pfc statistics Command Example of the show interface ets summary Command Example of the show interface ets detail Command Example of the show stack-unit all stack-ports all pfc details Command Example of the show stack-unit all stack-ports all ets details Command Example of the show interface DCBx detail Command Dell(conf)# show dot1p-queue-mapping
Remote FCOE PriorityMap is 0x8 Remote ISCSI PriorityMap is 0x8 0 Input TLV pkts, 1 Output TLV pkts, 0 Error pkts, 0 Pause Tx pkts, 0 Pause Rx pkts The following table describes the show interface pfc summary command fields. Table 86. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities .
Fields Description Application Priority TLV: FCOE TLV Tx Status Status of FCoE advertisements in application priority TLVs from local DCBx port: enabled or disabled. Application Priority TLV: ISCSI TLV Tx Status Status of ISCSI advertisements in application priority TLVs from local DCBx port: enabled or disabled. Application Priority TLV: Local FCOE Priority Map Priority bitmap used by local DCBx port in FCoE advertisements in application priority TLVs.
1 2 3 4 5 6 7 Remote Parameters: ------------------Remote is disabled Local Parameters : -----------------Local is enabled TC-grp Priority# 0 0,1,2,3,4,5,6,7 1 2 3 4 5 6 7 13% 13% 13% 12% 12% 12% 12% ETS ETS ETS ETS ETS ETS ETS Bandwidth 100% 0% 0% 0% 0% 0% 0% 0% TSA ETS ETS ETS ETS ETS ETS ETS ETS Priority# Bandwidth 0 13% 1 13% 2 13% 3 13% 4 12% 5 12% 6 12% 7 12% Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV 0 Input
1 2 3 4 5 6 7 Remote Parameters: ------------------Remote is disabled Local Parameters : -----------------Local is enabled TC-grp Priority# 0 0,1,2,3,4,5,6,7 1 2 3 4 5 6 7 13% 13% 13% 12% 12% 12% 12% ETS ETS ETS ETS ETS ETS ETS Bandwidth 100% 0% 0% 0% 0% 0% 0% 0% TSA ETS ETS ETS ETS ETS ETS ETS ETS Priority# Bandwidth 0 13% 1 13% 2 13% 3 13% 4 12% 5 12% 6 12% 7 12% Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV 0 Input
Field Description Remote Parameters ETS configuration on remote peer port, including Admin mode (enabled if a valid TLV was received or disabled), priority groups, assigned dot1p priorities, and bandwidth allocation. If the ETS Admin mode is enabled on the remote port for DCBx exchange, the Willing bit received in ETS TLVs from the remote peer is included.
Link Delay 45556 pause quantum 0 Pause Tx pkts, 0 Pause Rx pkts Dell(conf)# show stack-unit all stack-ports all ets details Stack unit 0 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: -------------------Admin is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3,4,5,6,7 100% ETS 1 2 3 4 5 6 7 8 Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Adm
Local DCBX Status ----------------DCBX Operational Version is 0 DCBX Max Version Supported is 0 Sequence Number: 2 Acknowledgment Number: 2 Protocol State: In-Sync Peer DCBX Status: ---------------DCBX Operational Version is 0 DCBX Max Version Supported is 255 Sequence Number: 2 Acknowledgment Number: 2 Total DCBX Frames transmitted 27 Total DCBX Frames received 6 Total DCBX Frame errors 0 Total DCBX Frames unrecognized 0 The following table describes the show interface DCBx detail command fields. Table 88.
Field Description Local DCBx Status: Sequence Number Sequence number transmitted in Control TLVs. Local DCBx Status: Acknowledgment Number Acknowledgement number transmitted in Control TLVs. Local DCBx Status: Protocol State Current operational state of DCBx protocol: ACK or IN-SYNC. Peer DCBx Status: DCBx Operational Version DCBx version advertised in Control TLVs received from peer device.
• One lossless queue is used. Figure 134. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
dot1p Value in Incoming Frame Queue Assignment 2 0 3 1 4 2 5 3 6 3 7 3 The following describes the dot1p-priority class group assignment dot1p Value in the Incoming Frame Priority Group Assignment 0 LAN 1 LAN 2 LAN 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment.
Using PFC and ETS to Manage Converged Ethernet Traffic in a Switch Stack The following example shows how to apply the DCB PFC input policy (ipc_san_lan) and ETS output policy (ets) on all FN IOM switches in a switch stack. This example references the PFC and ETS Configuration Examples section.
PFC available buffer ( in KB): 5694--Indicates remaining available buffers for PFC that are free to be allocated Fibre Channel over Ethernet for FC Flex IO Modules FCoE provides a converged Ethernet network that allows the combination of storage-area network (SAN) and LAN traffic on a Layer 2 link by encapsulating Fibre Channel data into Ethernet frames. The Fibre Channel (FC) Flex IO module is supported on Dell Networking Operating System (OS) FN IOM.
The N-port identifier virtualization (NPIV) proxy gateway (NPG) provides FCoE-FC bridging capability on the FN IOM with the FC Flex IO module. This chapter describes how to configure and use an NPIV proxy gateway on the FN IOM with the FC Flex IO module in a (SAN.
FCoE-to-FC bridging functionality. The upstream N ports on an M1000e can connect to the same or multiple fabrics. Using an FCoE map applied to downstream (server-facing) Ethernet ports and upstream (fabric-facing) FC ports, you can configure the association between a SAN fabric and the FCoE VLAN that connects servers over the NPIV proxy gateway to FC switches in the fabric.
Table 89. FN IOM with the FC Flex IO module NPIV Proxy Gateway: Terms and Definitions Term Description FC port Fibre Channel port on the FN IOM with the FC Flex IO module FC module that operates in autosensing, 2, 4, or 8-Gigabit mode. On an NPIV proxy gateway, an FC port can be used as a downlink for a server connection and an uplink for a fabric connection. F port Port mode of an FC port connected to an end node (N) port on the FN IOM with the FC Flex IO module NPIV proxy gateway.
Term Description principal switch The switch in a fabric with the lowest domain number. The principal switch accesses the master name database and the zone/zone set database. DCB Maps A Data Center Bridging (DCB) map is used to configure DCB functionality, such as PFC and ETS, on FN IOM with the FC Flex IO module Ethernet ports that support CEE traffic and are DCBx-enabled, by default. For more information, on PFC and ETS, see Data Center Bridging (DCB).
Configuring an NPIV Proxy Gateway Prerequisite: Before you configure an NPIV proxy gateway (NPG) with the FC Flex IO module on the FN IOM, ensure that the following features are enabled. • DCB is enabled by default with the FC Flex IO module on the FN IOM. • Autonegotiated DCBx is enabled for converged traffic by default with the FC Flex IO module Ethernet ports on all FN IOM.
serviced first. Afterward, bandwidth allocated to other priority groups is made available and allocated according to the specified percentages. If a priority group does not use its allocated bandwidth, the unused bandwidth is made available to other priority groups. Restriction: You can enable PFC on a maximum of two priority queues.
You cannot apply a DCB map on a port channel. However, you can apply a DCB map on the ports that are members of the port channel. CONFIGURATION mode interface tengigabitEthernet slot/port 2 Apply the DCB map on an Ethernet port or port channel. The port is configured with the PFC and ETS settings in the DCB map. Repeat this step to apply a DCB map to more than one port or port channel.
1 Create an FCoE map that contains parameters used in the communication between servers and a SAN fabric. CONFIGURATION mode fcoe-map map-name 2 Configure the association between the dedicated VLAN and the fabric where the desired storage arrays are installed. The fabric and VLAN ID numbers must be the same. Fabric and VLAN ID range: 2–4094. For example: fabric id 10 vlan 10 FCoE MAP mode fabric-id fabric-num vlan vlan-id 3 Add a text description of the settings in the FCoE map. Maximum: 32 characters.
• The associated FCoE VLAN is enabled on the port or port channel. When you enable a server-facing Ethernet port, the servers respond to the FIP advertisements by performing FLOGIs on upstream virtualized FCF ports. The NPG forwards the FLOGIs as fabric discovery (FDISC) messages to a SAN switch. 1 Configure a server-facing Ethernet port or port channel with an FCoE map.
fabric map-name Dell# interface fi 0/9 Dell(config-if-fc-0/9)# fabric SAN_FABRIC_A 3 Enable the port for FC transmission.
Dell(config-fcoe-name)# description "SAN_FABRIC_A" Dell(config-fcoe-name)# fc-map 0efc00 Dell(config-fcoe-name)# keepalive Dell(config-fcoe-name)# fcf-priority 128 Dell(config-fcoe-name)# fka-adv-period 8 5 Enable an upstream FC port: Dell(config)# interface fibrechannel 0/0 Dell(config-if-fc-0)# no shutdown 6 Enable a downstream Ethernet port: Dell(config)#interface tengigabitEthernet 0/0 Dell(conf-if-te-0)# no shutdown Displaying NPIV Proxy Gateway Information To display information on the NPG operati
Command Description show fc switch Displays the FC mode of operation and worldwide node (WWN) name of the FN IOM with the FC Flex IO module.
Duplex Data transmission mode: Full (allows communication in both directions at the same time), Half (allows communication in both directions but not at the same time), Auto (auto-negotiated transmission). VLAN VLAN IDs of the VLANs in which the port is a member.
Config-State Indicates whether the configured FCoE and FC parameters in the FCoE map are valid: Active (all mandatory FCoE and FC parameters are correctly configured) or Incomplete (either the FC-MAP value, fabric ID, or VLAN ID are not correctly configured).
------------------------------------------------------------------------------------------------------ENode-Intf ENode-WWPN FCoE-Vlan Fabric-Intf Fabric-Map LoginMethod Status ------------------------------------------------------------------------------------------------------Te 0/12 fid_1003 Te 0/13 fid_1003 20:01:00:10:18:f1:94:20 1003 FLOGI LOGGED_IN 10:00:00:00:c9:d9:9c:cb 1003 FDISC LOGGED_IN Fc 0/5 Fc 0/0 Table 94.
Status : LOGGED_IN ENode[1]: ENode MAC ENode Intf FCF MAC Fabric Intf FCoE Vlan Fabric Map ENode WWPN ENode WWNN FCoE MAC FC-ID LoginMethod Secs Status : : : : : : : : : : : : : 00:10:18:f1:94:22 Te 0/13 5c:f9:dd:ef:10:c9 Fc 0/0 1003 fid_1003 10:00:00:00:c9:d9:9c:cb 10:00:00:00:c9:d9:9c:cd 0e:fc:03:01:02:02 01:02:01 FDISC 5593 LOGGED_IN Table 95.
Field Description Secs Number of seconds that the fabric connection is up. State Status of the fabric connection: logged in. show fc switch Command Example Dell# show fc switch Switch Mode : NPG Switch WWN : 10:00:5c:f9:dd:ef:10:c0 Dell# Table 96. show fc switch Command Description Field Description Switch Mode Fibre Channel mode o f operation of the FN IOM with the FC Flex IO module. Default: NPG (configured as an NPIV proxy gateway).