Dell EMC Networking N-Series N1100-ON, N1500, N2000, N2100-ON, N3000, N3100-ON, and N4000 Switches CLI Reference Guide Version 6.5.1.x—N2000/N2100-ON/ N3000/N3048EP-ON/N3100-ON/ N4000 Series Switches Version 6.4.x.
Notes NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ____________________ Information in this publication is subject to change without notice. Copyright © 2018 Dell EMC Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell EMC® and the Dell EMC logo are trademarks of Dell EMC Inc.
Contents 1 Dell EMC Networking CLI Introduction . . . . . . . . . . . . . 97 . . . . . . . . . . . . . . . . . . . . 97 Command Groups . Mode Types . 2 Using the CLI . . . . . . . . . . . . . . . . . 98 . . . . . . . . . . . . . . . . . . . . 103 . . . . . . . . . . . . . . . . . . . . . Introduction . 223 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 . . . . . . . . . . . . . . . 237 . . . . . . . . . . . . . . . . . .
deny | permit (Mac-Access-List-Configuration) ip access-group . . 276 . . . . . . . . . . . . . . . . . . 279 mac access-group . . . . . . . . . . . . . . . . . mac access-list extended . . . . . . . . . . . . . mac access-list extended rename . remark 281 283 . . . . . . . . 283 . . . . . . . . . . . . . . . . . . . . . . . 284 service-acl input . . . . . . . . . . . . . . . . . . 286 show service-acl interface . . . . . . . . . . . . . 287 show access-lists interface . . . . . . . .
show mac address-table address show mac address-table count . . . . . . . . . 308 . . . . . . . . . . 309 show mac address-table dynamic . . . . . . . . . show mac address-table interface . . . . . . . . . 311 . . . . . . . . . . 312 . . . . . . . . . . . 313 . . . . . . . . . . . . . . . . . 314 show mac address-table static. show mac address-table vlan show port-security 310 Auto-VoIP Commands . . . . . . . . . . . . . . . . . . . . . . . . .
show isdp neighbors show isdp traffic . . . . . . . . . . . . . . . . 328 . . . . . . . . . . . . . . . . . . 329 DHCP Layer 2 Relay Commands . . . . . . . . . . . . . . . . .331 Commands in this Section . . . . . . . . . . . . . dhcp l2relay (Global Configuration) . . . . . . . . dhcp l2relay (Interface Configuration) 331 332 . . . . . . . 332 dhcp l2relay circuit-id . . . . . . . . . . . . . . . 333 dhcp l2relay remote-id . . . . . . . . . . . . . . . 334 . . . . . . . . . . . . . . . .
ip dhcp snooping . . . . . . . . . . . . . . . . . . ip dhcp snooping binding . . . . . . . . . . . . . . ip dhcp snooping database . . . . . . . . . . . . . ip dhcp snooping database write-delay ip dhcp snooping limit 346 347 . . . . . . 348 . . . . . . . . . . . . . . . 349 ip dhcp snooping log-invalid ip dhcp snooping trust 345 . . . . . . . . . . . . 350 . . . . . . . . . . . . . . . 351 ip dhcp snooping verify mac-address show ip dhcp snooping . . . . . . . . 352 . . . . . . . . .
ipv6 dhcp snooping limit . . . . . . . . . . . . . . ipv6 dhcp snooping log-invalid . ipv6 dhcp snooping trust 364 . . . . . . . . . . 365 . . . . . . . . . . . . . . 366 ipv6 dhcp snooping verify mac-address . . . . . . 366 ipv6 verify binding . . . . . . . . . . . . . . . . . 367 ipv6 verify source . . . . . . . . . . . . . . . . . . 368 show ipv6 dhcp snooping. . . . . . . . . . . . . . show ipv6 dhcp snooping binding . . . . . . . . . show ipv6 dhcp snooping database . . . . . . .
ip arp inspection validate . ip arp inspection vlan . . . . . . . . . . . . . . 381 . . . . . . . . . . . . . . . 382 permit ip host mac host . show arp access-list . . . . . . . . . . . . . . 383 . . . . . . . . . . . . . . . . 383 show ip arp inspection . . . . . . . . . . . . . . . 384 Ethernet Configuration Commands . . . . . . . . . . . . . .388 Commands in this Section . . . . . . . . . . . . . 389 . . . . . . . . . . . . . . . . . . . 389 . . . . . . . . . . . . . . . . . . . . .
show interfaces description show interfaces detail . . . . . . . . . . . . 411 . . . . . . . . . . . . . . . 412 show interfaces status . . . . . . . . . . . . . . . show interfaces transceiver . . . . . . . . . . . . 416 . . . . . . . . . . . . . . . 417 . . . . . . . . . . . . . . . . . . . 418 show interfaces trunk show statistics show statistics switchport show storm-control . . . . . . . . . . . . . . 421 . . . . . . . . . . . . . . . . 423 . . . . . . . . . . . . . 424 . . . . .
ethernet cfm mep level . . . . . . . . . . . . . . . ethernet cfm mep enable . ethernet cfm mep active . . . . . . . . . . . . . 437 . . . . . . . . . . . . . . 438 ethernet cfm mep archive-hold-time . . . . . . . . 438 . . . . . . . . . . . . . . . 439 . . . . . . . . . . . . . . . . . 440 ethernet cfm mip level ping ethernet cfm . 436 traceroute ethernet cfm . . . . . . . . . . . . . . show ethernet cfm errors . . . . . . . . . . . . . show ethernet cfm domain . . . . . . . . . . . .
show green-mode interface-id . show green-mode . . . . . . . . . . 455 . . . . . . . . . . . . . . . . . 458 show green-mode eee-lpi-history interface . . . . 460 GMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .462 Commands in this Section gmrp enable . . . . . . . . . . . . . 463 . . . . . . . . . . . . . . . . . . . . 463 clear gmrp statistics . . . . . . . . . . . . . . . . show gmrp configuration . . . . . . . . . . . . . . 464 464 GVRP Commands . . . . . . . . .
show ip igmp snooping . . . . . . . . . . . . . . . 479 show ip igmp snooping groups . . . . . . . . . . . 480 show ip igmp snooping mrouter . . . . . . . . . . 481 ip igmp snooping vlan immediate-leave . . . . . . 482 ip igmp snooping vlan groupmembership-interval . 483 ip igmp snooping vlan last-member-query-interval 484 ip igmp snooping vlan mcrtrexpiretime ip igmp snooping report-suppression . . . . . . 485 . . . . . . . 485 . . . . . . 486 . . . . . . . . . .
show errdisable recovery . . . . . . . . . . . . . show interfaces status err-disabled . . . . . . . . 501 503 IPv6 Access List Commands . . . . . . . . . . . . . . . . . . . .506 Commands in this Section . . . . . . . . . . . . . 506 . . . . . . . . . . . . . . 507 . . . . . . . . . . . . . . . . . . 513 deny | permit (IPv6 ACL) ipv6 access-list . ipv6 access-list rename ipv6 traffic-filter . . . . . . . . . . . . . . . 514 . . . . . . . . . . . . . . . . . . 515 show ipv6 access-lists .
Commands in this Section . . . . . . . . . . . . . 530 ipv6 mld snooping querier . . . . . . . . . . . . . 530 ipv6 mld snooping querier (VLAN mode) . ipv6 mld snooping querier address . . . . . . 531 . . . . . . . . 532 ipv6 mld snooping querier election participate . . 532 . . . . . 533 . . . . . . 534 . . . . . . . . . . 535 ipv6 mld snooping querier query-interval ipv6 mld snooping querier timer expiry . show ipv6 mld snooping querier IP Source Guard Commands . . . . . . . . . . . .
action . . . . . . . . . . . . . . . . . . . . . . . . link-dependency group . add 549 . . . . . . . . . . . . . . 550 . . . . . . . . . . . . . . . . . . . . . . . . . 551 depends-on . . . . . . . . . . . . . . . . . . . . . show link-dependency . . . . . . . . . . . . . . . 551 552 LLDP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554 Commands in this Section . . . . . . . . . . . . . 555 . . . . . . . . . . . . . . . 555 . . . . . . . . . . . . . . . . .
lldp transmit-tlv . show lldp . . . . . . . . . . . . . . . . . . 565 . . . . . . . . . . . . . . . . . . . . . . 566 show lldp interface . . . . . . . . . . . . . . . . . show lldp local-device show lldp med 567 . . . . . . . . . . . . . . . 568 . . . . . . . . . . . . . . . . . . . 569 show lldp med interface . . . . . . . . . . . . . . show lldp med local-device detail . . . . . . . . . 571 . . . . . . . . . . . 572 . . . . . . . . . . . . . 574 . . . . . . . . . . . . . . . .
peer detection interval . . . . . . . . . . . . . . . peer-keepalive destination . peer-keepalive enable . . . . . . . . . . . . 589 . . . . . . . . . . . . . . . 591 peer-keepalive timeout . . . . . . . . . . . . . . . 592 . . . . . . . . . . . . . . . . . . . . . 593 . . . . . . . . . . . . . . . . . . . . . . 594 role priority show vpc show vpc brief . . . . . . . . . . . . . . . . . . . show vpc consistency-parameters 597 . . . . . . . . . . 599 . . . . . . . . . . . . . 600 . . .
mvr mode . . . . . . . . . . . . . . . . . . . . . . mvr querytime. mvr vlan . . . . . . . . . . . . . . . . . . . . 613 . . . . . . . . . . . . . . . . . . . . . . 614 mvr immediate mvr type . . . . . . . . . . . . . . . . . . . . 615 . . . . . . . . . . . . . . . . . . . . . . 616 mvr vlan group show mvr 612 . . . . . . . . . . . . . . . . . . . 617 . . . . . . . . . . . . . . . . . . . . . . 618 show mvr members . . . . . . . . . . . . . . . . . 619 show mvr interface . . . . . . .
interface range port-channel . hashing-mode. . . . . . . . . . . . 630 . . . . . . . . . . . . . . . . . . . 631 lacp port-priority . . . . . . . . . . . . . . . . . . lacp system-priority lacp timeout . . . . . . . . . . . . . . . . . 633 . . . . . . . . . . . . . . . . . . . . 634 port-channel local-preference . port-channel min-links . . . . . . . . . . 635 . . . . . . . . . . . . . . . 636 show interfaces port-channel show lacp . 632 . . . . . . . . . . . 637 . . . . . . . . . . . .
Layer 2 ACLs . . . . . . . . . . . . . . . . . . . . Layer 3/4 IPv4 ACLs . . . . . . . . . . . . . . . . . Class of Service (CoS) 664 . . . . . . . . . . . . . . . . . . 665 . . . . . . . . . . . . . . . . . . . . . . . 666 Commands in this Section . . . . . . . . . . . . . 666 . . . . . . . . . . . . . . . . . . . 667 . . . . . . . . . . . . . . . . . . . . . . . . 668 assign-queue . class 664 . . . . . . . . . . . . . . . Queue Mapping . DiffServ 664 class-map . . . . . . . . . . .
mark ip-precedence . . . . . . . . . . . . . . . . 688 match access-group . . . . . . . . . . . . . . . . 689 . . . . . . . . . . . . . . . . . . 691 . . . . . . . . . . . . . . . . . . . . . 692 match class-map match cos . match destination-address mac . . . . . . . . . . 693 match any . . . . . . . . . . . . . . . . . . . . . . 694 match dstip . . . . . . . . . . . . . . . . . . . . . 695 match dstip6 . . . . . . . . . . . . . . . . . . . . 696 match dstl4port . . . . . . . . . . .
police-simple . . . . . . . . . . . . . . . . . . . . police-single-rate . . . . . . . . . . . . . . . . . . 710 . . . . . . . . . . . . . . . . . . 711 . . . . . . . . . . . . . . . . . . . . . 713 police-two-rate . policy-map random-detect queue-parms . . . . . . . . . . . . random-detect exponential-weighting-constant. redirect 708 714 . 719 . . . . . . . . . . . . . . . . . . . . . . . 720 service-policy . . . . . . . . . . . . . . . . . . . . show class-map . . . . . . . . . . . .
vlan priority . . . . . . . . . . . . . . . . . . . . . 737 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . .739 Commands in this Section . . . . . . . . . . . . . clear spanning-tree detected-protocols . exit (mst) 740 . . . . . 741 . . . . . . . . . . . . . . . . . . . . . . 742 instance (mst) . name (mst) . . . . . . . . . . . . . . . . . . . 742 . . . . . . . . . . . . . . . . . . . . . 744 revision (mst) . . . . . . . . . . . . . . . . . . . . show spanning-tree . . .
spanning-tree max-age . . . . . . . . . . . . . . . 765 spanning-tree max-hops . . . . . . . . . . . . . . 766 . . . . . . . . . . . . . . . . 767 spanning-tree mode spanning-tree mst configuration . spanning-tree mst cost . . . . . . . . . . 768 . . . . . . . . . . . . . . 769 spanning-tree mst port-priority . . . . . . . . . . . 770 . . . . . . . . . . . . . 771 . . . . . . . . . . . . . . . 772 spanning-tree mst priority spanning-tree portfast . . . . . 773 . . . . . . . . . . .
spanning-tree vlan priority . . . . . . . . . . . . . 785 UDLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .787 Detecting Unidirectional Links on a Device Port . . 787 . . . . . 788 . . . . . . . . . . . . . . . 788 Processing UDLD Traffic from Neighbors UDLD in Normal-mode UDLD in Aggressive-mode . . . . . . . . . . . . . 788 Commands in this Section . . . . . . . . . . . . . 789 udld enable (Global Configuration) . udld reset . . . . . . . . . 789 . . . . . . . . .
interface vlan . . . . . . . . . . . . . . . . . . . . interface range vlan . . . . . . . . . . . . . . . . name (VLAN Configuration) private-vlan . 804 . . . . . . . . . . . . 805 . . . . . . . . . . . . . . . . . . . . 806 protocol group . . . . . . . . . . . . . . . . . . . protocol vlan group . . . . . . . . . . . . . . . . . protocol vlan group all show dot1q-tunnel show port protocol 808 809 . . . . . . . . . . . . . . . 810 . . . . . . . . . . . . . . . . . 811 . . . . . . . . .
switchport general acceptable-frame-type tagged-only . . . . . . . . . . . . . . . . . . . . . switchport general allowed vlan . . . . . . . . . . switchport general ingress-filtering disable . 827 . . . 828 . . . . . . . . . . . . . . 829 . . . . . . . . . . . . . . . . . . 830 switchport general pvid switchport mode 826 switchport mode dot1q-tunnel . . . . . . . . . . . 831 switchport mode private-vlan . . . . . . . . . . . 833 . . . . . . . . . . . . . . 834 . . . . . . . . . . . .
switchport voice vlan . 845 . . . . . . . . . . . . . . . switchport voice vlan (Interface) . switchport voice vlan priority . . . . . . . . . 846 . . . . . . . . . . . 850 authentication event server dead action authorize voice show voice vlan. 4 851 . . . . . . . . . . . . . . . . . . . 853 . . . . . . . . . . . . . . . . . . Security Commands . . . . . . . . . . . . . . . . 855 AAA Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .856 Administrative Authentication . .
aaa authentication enable . . . . . . . . . . . . . 866 . . . . . . . . . . . . . . 868 . . . . . . . . . . . . . . . . . 870 aaa authentication login aaa authorization . aaa authorization network default radius . . . . . 873 . . . . . . . . . . . . . . 874 . . . . . . . . . . . . . . . . . . 875 aaa ias-user username . aaa new-model . aaa server radius dynamic-author . . . . . . . . . 876 . . . . . . . . . . . . . . . 878 . . . . . . . . . . . . . . . .
show accounting methods show authentication . . . . . . . . . . . . . 889 . . . . . . . . . . . . . . . . 890 show authentication authentication-history . . . . 891 show authentication methods . . . . . . . . . . . 892 show authentication statistics . . . . . . . . . . . 893 . . . . . . . . . . . . 894 . . . . . . . . . . . . . . . 895 show authorization methods show users accounts . show users login-history username . . . . . . . . . . . . . . . 896 . . . . . . . . . . . . . . . . . .
logging email message-type to-addr . logging email from-addr . . . . . . . 911 . . . . . . . . . . . . . . 912 logging email message-type subject . logging email logtime . . . . . . . . 913 . . . . . . . . . . . . . . . 914 logging email test message-type . . . . . . . . . . 915 show logging email statistics . . . . . . . . . . . . 915 clear logging email statistics . . . . . . . . . . . . 916 . . . . . . . . . . . . . . . . . . . . . . .
attribute 31 . . . . . . . . . . . . . . . . . . . . . authentication event fail retry auth-port . . . . . . . . . . . 931 . . . . . . . . . . . . . . . . . . . . . . 933 automate-tester. . . . . . . . . . . . . . . . . . . 933 . . . . . . . . . . . . . . . . . . . . . . 935 . . . . . . . . . . . . . . . . . . . . . . . . . 936 deadtime key 930 msgauth . . . . . . . . . . . . . . . . . . . . . . . 937 primary . . . . . . . . . . . . . . . . . . . . . . . 938 priority . . . . . . . . .
retransmit . . . . . . . . . . . . . . . . . . . . . . show aaa servers . . . . . . . . . . . . . . . . . . show radius statistics 953 . . . . . . . . . . . . . . . 956 . . . . . . . . . . . . . . . . . . . . . . 960 . . . . . . . . . . . . . . . . . . . . . . . 960 . . . . . . . . . . . . . . . . . . . . . . . . 961 source-ip timeout usage 952 TACACS+ Commands . . . . . . . . . . . . . . . . . . . . . . . . . .963 Commands in this Section . . . . . . . . . . . . . 963 key . . . . . . .
dot1x initialize . mab . . . . . . . . . . . . . . . . . . . 977 . . . . . . . . . . . . . . . . . . . . . . . . . 977 default mab . . . . . . . . . . . . . . . . . . . . . mab request format . . . . . . . . . . . . . . . . . dot1x max-reauth-req. dot1x max-req. 978 980 . . . . . . . . . . . . . . . 981 . . . . . . . . . . . . . . . . . . . 982 dot1x max-users . . . . . . . . . . . . . . . . . . dot1x port-control . . . . . . . . . . . . . . . . . . 983 983 dot1x re-authenticate . . . .
server-key . . . . . . . . . . . . . . . . . . . . . 997 show dot1x . . . . . . . . . . . . . . . . . . . . . 999 show dot1x authentication-history . show dot1x clients . . . . . . . 1001 . . . . . . . . . . . . . . . . 1003 show dot1x interface . . . . . . . . . . . . . . . show dot1x interface statistics . show dot1x users . . . . . . . . . . 1006 . . . . . . . . . . . . . . . . 1007 clear dot1x authentication–history . dot1x guest-vlan 1004 . . . . . . . 1008 . . . . . . . . . . . .
block . . . . . . . . . . . . . . . . . . . . . . . configuration . . . . . . . . . . . . . . . . . . . 1021 . . . . . . . . . . . . . . . . . . . . . . 1022 . . . . . . . . . . . . . . . . . . . . . . . 1023 enable . group interface locale 1021 . . . . . . . . . . . . . . . . . . . . . 1023 . . . . . . . . . . . . . . . . . . . . . . . 1024 name (Captive Portal) . . . . . . . . . . . . . . . 1025 . . . . . . . . . . . . . . . . . . . . . 1025 . . . . . . . . . . . . . . . . . . . . . .
user-logout . . . . . . . . . . . . . . . . . . . . 1036 user name . . . . . . . . . . . . . . . . . . . . . 1037 user password . . . . . . . . . . . . . . . . . . user session-timeout . . . . . . . . . . . . . . . show captive-portal configuration . . . . . . . . show captive-portal configuration interface . 1038 1039 . . 1040 . . . 1041 . . . . 1042 . . . . . . . . . . . . . . . . . . . . 1043 show captive-portal configuration locales .
show system internal pktmgr . . . . . . . . . . . 1054 storm-control broadcast . . . . . . . . . . . . . 1055 storm-control multicast . . . . . . . . . . . . . . 1056 . . . . . . . . . . . . . . 1058 storm-control unicast . Management ACL Commands . . . . . . . . . . . . . . . . .1060 Commands in this Section deny (management) . . . . . . . . . . . . 1060 . . . . . . . . . . . . . . . 1061 management access-class . management access-list . . . . . . . . . . . 1062 . . . . . . . . . . . .
passwords lock-out . . . . . . . . . . . . . . . . passwords min-length . . . . . . . . . . . . . . passwords strength-check . 1073 1074 . . . . . . . . . . . 1075 passwords strength minimum uppercase-letters 1076 passwords strength minimum lowercase-letters 1077 passwords strength minimum numeric-characters . . . . . . . . . . . . . . . 1078 passwords strength minimum special-characters 1078 passwords strength max-limit consecutive-characters . . . . . . . . . . . . .
crypto key pubkey-chain ssh . . . . . . . . . . . crypto key zeroize pubkey-chain . . . . . . . . . 1090 . . . . . . . . . . . 1091 . . . . . . . . . . . . . . . . . . . . 1092 crypto key zeroize {rsa|dsa} ip ssh port . ip ssh pubkey-auth . . . . . . . . . . . . . . . . 1093 . . . . . . . . . . . . . . . . . . . 1094 . . . . . . . . . . . . . . . . . . . . 1095 ip ssh server key-string . show crypto key mypubkey . . . . . . . . . . . . show ip ssh . 1096 . . . . . . . 1097 . . . . .
Multiple VLAN Registration Protocol Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1109 Commands in this Section . . . . . . . . . . . . 1109 . . . . . . . . . . . . . . . 1109 . . . . . . . . . . . . . . . . . . . . . . . 1110 clear mvrp statistics mvrp . mvrp global . . . . . . . . . . . . . . . . . . . . mvrp periodic state machine . show mvrp 1111 . . . . . . . . . . 1112 . . . . . . . . . . . . . . . . . . . . 1113 show mvrp statistics . . . . . . . . . . .
show msrp reservations . . . . . . . . . . . . . 1129 . . . . . . . . . . . . . . . 1130 . . . . . . . . . . . . . . . . 1132 show msrp statistics show msrp stream 802.1AS Timesync Commands . . . . . . . . . . . . . . . . .1135 Commands in this Section clear dot1as statistics . . . . . . . . . . . . 1135 . . . . . . . . . . . . . . 1135 dot1as (Global Configuration) . . . . . . . . . . dot1as (Interface Configuration) dot1as priority. . . . . . . . . . 1137 . . . . . . . . . . . . . . . .
Interoperability with IEEE DCBX Port Roles . . . . . . . . . . 1160 . . . . . . . . . . . . . . . . . . . . 1160 Commands in this Section . . . . . . . . . . . . 1164 Data Center Bridging Capability Exchange Commands . . . . . . . . . . . . . . . . . . . . datacenter-bridging lldp dcbx version . . . . . . . . . . . . . . . 1164 . . . . . . . . . . . . . . . . . 1165 lldp tlv-select dcbxp (dcb enable) lldp dcbx port-role . . . . . . . . 1166 . . . . . . . . . . . . . . . .
OpenFlow Commands . . . . . . . . . . . . . . . . . . . . . . . .1186 Commands in this Section controller . . . . . . . . . . . . 1186 . . . . . . . . . . . . . . . . . . . . . 1186 hardware profile openflow . . . . . . . . . . . . 1188 . . . . . . . . . . . . . . . . . . . 1189 . . . . . . . . . . . . . . . . . . . . . . . 1191 ipv4 address mode . . . . . . . . . . . . . . . . . . . . . 1193 . . . . . . . . . . . . . . . . . . . . . .
arp cachesize . . . . . . . . . . . . . . . . . . . arp dynamicrenew arp purge 1217 . . . . . . . . . . . . . . . . 1218 . . . . . . . . . . . . . . . . . . . . . 1219 arp resptime . . . . . . . . . . . . . . . . . . . 1220 arp retries . . . . . . . . . . . . . . . . . . . . . 1221 arp timeout . . . . . . . . . . . . . . . . . . . . 1221 clear arp-cache. . . . . . . . . . . . . . . . . . clear arp-cache management . . . . . . . . . . 1223 . . . . . . . . . . . . . . . . 1224 . . . .
Commands in this Section router bgp . . . . . . . . . . . . . 1238 . . . . . . . . . . . . . . . . . . . . 1241 address-family . . . . . . . . . . . . . . . . . . address-family ipv4 vrf address-family ipv6 . . . . . . . . . . . . . . . 1244 . . . . . . . . . . . . . . . 1245 address-family vpnv4 unicast aggregate-address . 1242 . . . . . . . . . . 1245 . . . . . . . . . . . . . . . 1247 bgp aggregate-different-meds (BGP Router Configuration) . . . . . . . . . . . . . . . . . . .
bgp log-neighbor-changes . . . . . . . . . . . . 1259 . . . . . . . . . . . . . . . . . 1259 bgp router-id . . . . . . . . . . . . . . . . . . . 1260 clear ip bgp . . . . . . . . . . . . . . . . . . . . 1261 bgp maxas-limit . clear ip bgp counters . . . . . . . . . . . . . . . 1263 default-information originate (BGP Router Configuration) . . . . . . . . . . . . . . . . . . . 1263 default-information originate (IPv6 Address Family Configuration) . . . . . . . . . . . . . . .
ip bgp-community new-format . . . . . . . . . . 1277 . . . . . . . . . . . 1277 . . . . . . . . . . . . . . . . . 1278 ip bgp fast-external-fallover ip community-list ip extcommunity-list . . . . . . . . . . . . . . . 1280 match extcommunity . . . . . . . . . . . . . . . 1282 maximum-paths (BGP Router Configuration) . . . 1283 . . . . . . . . . . . . . . . . . . 1285 maximum-paths (IPv6 Address Family Configuration) .
neighbor default-originate (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . . neighbor description . . . . . . . . . . . . . . . neighbor ebgp-multihop . . . . . . . . . . . . . neighbor filter-list (BGP Router Configuration) . 1295 1297 1298 . 1300 . . . . . . . . . . . . . . . . . . 1302 neighbor filter-list (IPv6 Address Family Configuration) . neighbor inherit peer . neighbor local-as . . . . . . . . . . . . . . . 1303 . . . . . . . . . . . . . . . .
neighbor remote-as . . . . . . . . . . . . . . . . neighbor remove-private-as 1315 . . . . . . . . . . . 1316 . . . . . . . . . . . . 1317 neighbor route-map (BGP Router Configuration) 1319 neighbor rfc5549-support . neighbor route-map (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . . 1320 neighbor route-reflector-client (BGP Router Configuration) . . . . . . . . . . . . . . . . . . . 1321 neighbor route-reflector-client (IPv6 Address Family Configuration) . . . . .
redistribute (BGP IPv6) . route-target . . . . . . . . . . . . . . 1337 . . . . . . . . . . . . . . . . . . . 1339 set extcommunity rt . . . . . . . . . . . . . . . . set extcommunity soo show bgp ipv6. 1340 . . . . . . . . . . . . . . 1342 . . . . . . . . . . . . . . . . . . 1343 show bgp ipv6 aggregate-address . show bgp ipv6 community . . . . . . . 1345 . . . . . . . . . . . . 1346 show bgp ipv6 community-list . . . . . . . . . . 1348 . . . . . . . . . . . 1349 . . . . . . . . . .
show ip bgp extcommunity-list . . . . . . . . . . 1374 . . . . . . . . . . . . . 1375 . . . . . . . . . . . . . . 1376 show ip bgp listen range show ip bgp neighbors show ip bgp neighbors advertised-routes . . . . 1383 . . . . . 1385 show ip bgp neighbors policy . . . . . . . . . . 1387 show ip bgp route-reflection . . . . . . . . . . . 1388 show ip bgp statistics. . . . . . . . . . . . . . . 1389 show ip bgp summary . . . . . . . . . . . . . . 1391 show ip bgp template . . . . . .
ip prefix-list description . . . . . . . . . . . . . 1416 ipv6 prefix-list . . . . . . . . . . . . . . . . . . . 1417 match as-path . . . . . . . . . . . . . . . . . . 1420 match community . . . . . . . . . . . . . . . . . match ip address prefix-list . . . . . . . . . . . match ipv6 address prefix-list 1423 . . . . . . . . . . . 1424 . . . . . . . . . . . . . 1425 . . . . . . . . . . . . . . . . 1426 show ip community-list . show ipv6 prefix-list clear ip prefix-list . . . . . . . .
ip dvmrp . . . . . . . . . . . . . . . . . . . . . . ip dvmrp metric . show ip dvmrp 1440 . . . . . . . . . . . . . . . . . 1441 . . . . . . . . . . . . . . . . . . 1442 show ip dvmrp interface . . . . . . . . . . . . . 1443 show ip dvmrp neighbor . . . . . . . . . . . . . 1443 show ip dvmrp nexthop . . . . . . . . . . . . . . 1444 . . . . . . . . . . . . . . 1445 . . . . . . . . . . . . . . . 1446 show ip dvmrp prune . show ip dvmrp route IGMP Commands . . . . . . . . . . . . . . . .
show ip igmp interface . . . . . . . . . . . . . . show ip igmp membership . . . . . . . . . . . . show ip igmp interface stats . . . . . . . . . . . 1457 1458 1459 IGMP Proxy Commands . . . . . . . . . . . . . . . . . . . . . . .1461 Commands in this Section ip igmp proxy-service . . . . . . . . . . . . . 1461 . . . . . . . . . . . . . . 1461 ip igmp proxy-service reset-status . . . . . . . . ip igmp proxy-service unsolicit-rprt-interval . show ip igmp proxy-service . . 1463 . . . . . . .
ip helper-address (interface configuration) ip helper enable. . . . 1479 . . . . . . . . . . . . . . . . . 1481 show ip helper-address show ip dhcp relay . . . . . . . . . . . . . 1482 . . . . . . . . . . . . . . . . 1483 show ip helper statistics . . . . . . . . . . . . . 1484 IP Routing Commands . . . . . . . . . . . . . . . . . . . . . . . .1487 Static Routes/ECMP Static Routes . . . . . . . . 1487 . . . . . . . . . . . . . . . 1488 . . . . . . . . . . . . . . . . . .
ip unnumbered gratuitous-arp accept . . . . . . 1504 ip unreachables. . . . . . . . . . . . . . . . . . 1505 match ip address . . . . . . . . . . . . . . . . . 1506 . . . . . . . . . . . . . . . . . . . 1509 match length match mac-list route-map . . . . . . . . . . . . . . . . . . . 1510 . . . . . . . . . . . . . . . . . . . . 1511 set interface null0 . . . . . . . . . . . . . . . . . set ip default next-hop set ip next-hop . . . . . . . . . . . . . . 1514 . . . . . . . . . . . . . . .
show routing heap summary . . . . . . . . . . . 1535 IPv6 Routing Commands . . . . . . . . . . . . . . . . . . . . . .1537 IPv6 Limitations & Restrictions . . . . . . . . . . 1537 . . . . . . . . . . . . 1537 clear ipv6 neighbors . . . . . . . . . . . . . . . 1538 clear ipv6 statistics . . . . . . . . . . . . . . . . 1539 . . . . . . . . . . . . . . . . . . . 1540 . . . . . . . . . . . . . . . . . . . . 1541 Commands in this Section ipv6 address ipv6 enable ipv6 hop-limit ipv6 host . .
ipv6 nd ns-interval . . . . . . . . . . . . . . . . ipv6 nd nud max-multicast-solicits . . . . . . . . 1552 . . . . . . . . 1553 . . . . . . . . . . . . . . . . . 1554 ipv6 nd nud max-unicast-solicits . ipv6 nd nud retry ipv6 nd other-config-flag ipv6 nd prefix 1551 . . . . . . . . . . . . . 1555 . . . . . . . . . . . . . . . . . . . 1556 ipv6 nd raguard attach-policy . . . . . . . . . . 1557 ipv6 nd ra-interval . . . . . . . . . . . . . . . . 1558 ipv6 nd ra-lifetime . . . . . . . .
show ipv6 mld host-proxy groups . . . . . . . . show ipv6 mld host-proxy groups detail . . . . . 1576 . . . . . . . 1578 . . . . . . . . . . . . . . . 1579 show ipv6 mld host-proxy interface show ipv6 mld traffic 1575 show ipv6 nd raguard policy . . . . . . . . . . . 1580 show ipv6 neighbors . . . . . . . . . . . . . . . 1582 show ipv6 protocols . . . . . . . . . . . . . . . 1582 . . . . . . . . . . . . . . . . . 1584 show ipv6 route . . . . . . . . . . . 1585 . . . . . . . . . . .
ip mroute . . . . . . . . . . . . . . . . . . . . . ip multicast-routing . . . . . . . . . . . . . . . . ip multicast ttl-threshold ip pim 1598 1599 . . . . . . . . . . . . . 1601 . . . . . . . . . . . . . . . . . . . . . . . 1601 ip pim bsr-border . . . . . . . . . . . . . . . . . ip pim bsr-candidate . . . . . . . . . . . . . . . 1603 . . . . . . . . . . . . . . . . 1604 . . . . . . . . . . . . . . . . . 1605 ip pim dense-mode ip pim dr-priority 1602 ip pim hello-interval . . . . . .
show ip mroute static . show ip pim . . . . . . . . . . . . . . . 1616 . . . . . . . . . . . . . . . . . . . 1617 show ip pim bsr-router . . . . . . . . . . . . . . 1618 show ip pim interface . . . . . . . . . . . . . . . 1619 show ip pim neighbor . . . . . . . . . . . . . . . 1621 . . . . . . . . . . . . . . . 1622 show ip pim rp-hash show ip pim rp mapping show ip pim statistics . . . . . . . . . . . . . . 1623 . . . . . . . . . . . . . . 1624 IPv6 Multicast Commands . . . . . . . .
ipv6 pim ssm . . . . . . . . . . . . . . . . . . . show ipv6 pim . . . . . . . . . . . . . . . . . . . show ipv6 pim bsr-router . show ipv6 mroute group 1636 1636 . . . . . . . . . . . . 1637 . . . . . . . . . . . . . 1641 show ipv6 mroute source . . . . . . . . . . . . . 1642 show ipv6 pim interface . . . . . . . . . . . . . 1643 show ipv6 pim neighbor . . . . . . . . . . . . . 1644 . . . . . . . . . . . . . . 1645 show ipv6 pim rp-hash . . . . . . . . . . . . 1645 . . . . . . . . .
area nssa default-info-originate (Router OSPF Config) . . . . . . . . . . . . . . . . . . . . . . area nssa no-redistribute. area nssa no-summary . . . . . . . . . . . . . 1657 . . . . . . . . . . . . . 1657 area nssa translator-role . . . . . . . . . . . . . area nssa translator-stab-intv 1658 . . . . . . . . . . 1659 . . . . . . . . . . . . 1660 . . . . . . . . . . . . . . . . . . . . . 1662 area range (Router OSPF) area stub 1656 . . . . . . . . . . . . . . 1663 . . . . . . . . . . .
compatible rfc1583 . . . . . . . . . . . . . . . . 1677 default-information originate (Router OSPF Configuration) . . . . . . . . . . . . . . . . . . . 1677 default-metric . . . . . . . . . . . . . . . . . . . 1679 . . . . . . . . . . . . . . . . . . . 1679 distance ospf distribute-list out enable . . . . . . . . . . . . . . . . . . 1680 . . . . . . . . . . . . . . . . . . . . . . 1681 exit-overflow-interval . . . . . . . . . . . . . . . 1682 . . . . . . . . . . . . . . . . 1683 . . .
max-metric router-lsa . . . . . . . . . . . . . . 1693 . . . . . . . . . . . . . . . . . 1695 . . . . . . . . . . . . . . . . . . . 1696 . . . . . . . . . . . . . . . . . . . . . . . . 1697 maximum-paths . network area nsf . nsf helper . . . . . . . . . . . . . . . . . . . . . nsf helper strict-lsa-checking nsf restart-interval 1698 . . . . . . . . . . 1699 . . . . . . . . . . . . . . . . 1699 passive-interface default . . . . . . . . . . . . . 1700 passive-interface . . . . . . . . .
show ip ospf lsa-group . . . . . . . . . . . . . . 1723 . . . . . . . . . . . . . . 1725 . . . . . . . . . . . . . . . . 1729 show ip ospf neighbor show ip ospf range show ip ospf statistics . . . . . . . . . . . . . . show ip ospf stub table . show ip ospf traffic . . . . . . . . . . . . . . 1732 . . . . . . . . . . . . . . . 1733 show ip ospf virtual-links . . . . . . . . . . . . . show ip ospf virtual-links brief timers pacing flood . 1735 . . . . . . . . . . 1736 . . . . . . . . . .
area stub . . . . . . . . . . . . . . . . . . . . . area stub no-summary area virtual-link . 1749 . . . . . . . . . . . . . . 1750 . . . . . . . . . . . . . . . . . 1750 area virtual-link dead-interval . . . . . . . . . . 1752 area virtual-link hello-interval . . . . . . . . . . 1753 area virtual-link retransmit-interval area virtual-link transmit-delay . . . . . . . . 1754 . . . . . . . . . 1755 default-information originate (Router OSPFv3 Configuration) . . . . . . . . . . . . . . . .
ipv6 ospf priority . . . . . . . . . . . . . . . . . ipv6 ospf retransmit-interval 1766 . . . . . . . . . . . 1767 . . . . . . . . . . . . . 1768 ipv6 router ospf . . . . . . . . . . . . . . . . . . 1768 maximum-paths . . . . . . . . . . . . . . . . . . 1769 . . . . . . . . . . . . . . . . . . . . . . . . 1770 ipv6 ospf transmit-delay nsf . nsf helper . . . . . . . . . . . . . . . . . . . . . nsf helper strict-lsa-checking 1771 . . . . . . . . . . 1772 nsf restart-interval . . . . .
show ipv6 ospf interface brief . . . . . . . . . . 1787 show ipv6 ospf interface stats . . . . . . . . . . 1788 show ipv6 ospf interface vlan . . . . . . . . . . 1789 . . . . . . . . . . . . . 1790 . . . . . . . . . . . . . . 1791 show ipv6 ospf neighbor show ipv6 ospf range . show ipv6 ospf stub table. . . . . . . . . . . . . show ipv6 ospf virtual-links . . . . . . . . . . . . show ipv6 ospf virtual-link brief timers throttle spf . 1792 1793 . . . . . . . . . 1794 . . . . . . . . . .
default-information originate (Router RIP Configuration) . . . . . . . . . . . . . . . . . . . 1806 default-metric . . . . . . . . . . . . . . . . . . . 1807 . . . . . . . . . . . . . . . . . . . 1808 distance rip . distribute-list out enable . . . . . . . . . . . . . . . . . . 1808 . . . . . . . . . . . . . . . . . . . . . . 1809 hostroutesaccept . ip rip . . . . . . . . . . . . . . . . . 1810 . . . . . . . . . . . . . . . . . . . . . . . 1811 ip rip authentication . . . . . . . . . . .
tunnel destination . . . . . . . . . . . . . . . . . 1822 tunnel mode ipv6ip . . . . . . . . . . . . . . . . 1823 . . . . . . . . . . . . . . . . . . 1823 tunnel source . Virtual Router Commands . . . . . . . . . . . . . . . . . . . . .1825 Commands in this Section . . . . . . . . . . . . 1826 . . . . . . . . . . . . . . . . . . . . 1827 . . . . . . . . . . . . . . . . . . . . . . . 1828 description ip vrf . ip vrf forwarding . . . . . . . . . . . . . . . . . 1829 maximum routes . . . .
vrrp preempt vrrp priority . . . . . . . . . . . . . . . . . . . 1842 . . . . . . . . . . . . . . . . . . . . 1843 vrrp timers advertise vrrp timers learn . . . . . . . . . . . . . . . 1843 . . . . . . . . . . . . . . . . . 1844 vrrp track interface . . . . . . . . . . . . . . . . 1845 . . . . . . . . . . . . . . . . 1846 . . . . . . . . . . . . . . . . . . . . 1847 vrrp track ip route . show vrrp . show vrrp interface . 8 . . . . . . . . . . . . . . . Switch Management Commands . . .
boot host dhcp . . . . . . . . . . . . . . . . . . boot host retry-count . . . . . . . . . . . . . . . 1864 . . . . . . . . . . . . . . . 1865 . . . . . . . . . . . . . . . . . . . . 1865 show auto-copy-sw show boot . 1863 CLI Macro Commands . . . . . . . . . . . . . . . . . . . . . . . .1867 Commands in this Section macro name . . . . . . . . . . . . 1868 . . . . . . . . . . . . . . . . . . . 1868 macro global apply . . . . . . . . . . . . . . . . 1870 macro global trace . . . . . . . .
sntp authentication-key . . . . . . . . . . . . . . sntp broadcast client enable . . . . . . . . . . . 1881 . . . . . . . . . . . . . . . 1881 . . . . . . . . . . . . . . . . . . . . 1882 sntp client poll timer sntp server sntp source-interface . sntp trusted-key . . . . . . . . . . . . . . . 1883 . . . . . . . . . . . . . . . . . 1884 sntp unicast client enable clock set. 1880 . . . . . . . . . . . . 1885 . . . . . . . . . . . . . . . . . . . . . 1886 . . . . . . . . . . . 1886 . . .
Configuration and Image File Commands . . . . . . .1897 File System Commands . . . . . . . . . . . . . . Command Line Interface Scripting . 1897 . . . . . . . 1897 . . . . . . . . . . . . 1897 boot system . . . . . . . . . . . . . . . . . . . . 1898 clear config . . . . . . . . . . . . . . . . . . . . 1899 . . . . . . . . . . . . . . . . . . . . . . . 1899 Commands in this Section copy . delete . dir . . . . . . . . . . . . . . . . . . . . . . . 1909 . . . . . . . . . . . . . . . . . .
DHCP Server Commands . . . . . . . . . . . . . . . . . . . . . .1924 Commands in this Section . . . . . . . . . . . . 1925 . . . . . . . . . . . . . . . . . . . 1925 . . . . . . . . . . . . . . . . . . . . . . 1928 ip dhcp pool . bootfile clear ip dhcp binding . . . . . . . . . . . . . . . 1928 clear ip dhcp conflict . . . . . . . . . . . . . . . 1929 . . . . . . . . . . . . . . . . . . 1930 . . . . . . . . . . . . . . . . . . . 1930 client-identifier client-name . default-router . . . .
next-server option . . . . . . . . . . . . . . . . . . . . . 1941 . . . . . . . . . . . . . . . . . . . . . . 1942 service dhcp sntp . . . . . . . . . . . . . . . . . . . 1947 . . . . . . . . . . . . . . . . . . . . . . . . 1947 show ip dhcp binding . . . . . . . . . . . . . . . 1948 show ip dhcp conflict . . . . . . . . . . . . . . . 1949 show ip dhcp global configuration . show ip dhcp pool . . . . . . . 1949 . . . . . . . . . . . . . . . . 1950 show ip dhcp server statistics . . . .
show ipv6 dhcp interface (Privileged Exec) show ipv6 dhcp pool . . . 1962 . . . . . . . . . . . . . . . 1965 show ipv6 dhcp statistics . . . . . . . . . . . . . 1966 HiveAgent Commands . . . . . . . . . . . . . . . . . . . . . . . .1968 Commands in this Section . . . . . . . . . . . . 1968 . . . . . . . . . . . . . . . . . . . 1968 . . . . . . . . . . . . . . . . . . . . . 1969 server . . . . . . . . . . . . . . . . . . . . . . . 1970 debug . . . . . . . . . . . . . . . . . . . . . . .
ip address . . . . . . . . . . . . . . . . . . . . . ip address (Out-of-Band) . . . . . . . . . . . . . ip address-conflict-detect run . . . . . . . . . . ip address dhcp (Interface Configuration) . 1983 1985 1986 . . . 1987 . . . . . . . . . . . . . . . . 1988 ip domain-lookup . . . . . . . . . . . . . . . . . 1989 ip domain-name. . . . . . . . . . . . . . . . . . 1990 . . . . . . . . . . . . . . . . . . . . . . 1991 ip default-gateway ip host . ip name-server . . . . . . . . . . . .
Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2006 accounting . . . . . . . . . . . . . . . . . . . . authorization . . . . . . . . . . . . . . . . . . . enable authentication 2006 2007 . . . . . . . . . . . . . . 2008 exec-banner . . . . . . . . . . . . . . . . . . . 2009 exec-timeout . . . . . . . . . . . . . . . . . . . 2010 . . . . . . . . . . . . . . . . . . . . . . 2011 history . history size line . . . . . . . . . . . . . . . . . . . . 2011 . . . . . . .
Commands in this Section power inline . . . . . . . . . . . . . 2025 . . . . . . . . . . . . . . . . . . . 2025 power inline detection . . . . . . . . . . . . . . power inline four-pair forced . power inline limit 2026 . . . . . . . . . . 2027 . . . . . . . . . . . . . . . . . 2028 power inline management . . . . . . . . . . . . power inline powered-device . . . . . . . . . . 2032 . . . . . . . . . . . . . . . 2033 . . . . . . . . . . . . . . . .
show rmon collection history . show rmon events . . . . . . . . . . 2048 . . . . . . . . . . . . . . . . 2049 show rmon hcalarm . . . . . . . . . . . . . . . 2050 . . . . . . . . . . . . . . . . 2051 . . . . . . . . . . . . . . . . . . 2054 show rmon history show rmon log show rmon statistics . . . . . . . . . . . . . . . 2055 Serviceability Commands . . . . . . . . . . . . . . . . . . . . .2059 Commands in this Section . . . . . . . . . . . . 2059 . . . . . . . . . . . . . . 2060 . . .
debug igmpsnooping . . . . . . . . . . . . . . . 2073 debug ip acl . . . . . . . . . . . . . . . . . . . . 2074 debug ip bgp . . . . . . . . . . . . . . . . . . . 2074 debug ip dvmrp . debug ip igmp . . . . . . . . . . . . . . . . . . 2076 . . . . . . . . . . . . . . . . . . 2077 debug ip mcache . . . . . . . . . . . . . . . . . 2078 debug ip pimdm packet . . . . . . . . . . . . . . 2078 debug ip pimsm packet . . . . . . . . . . . . . . 2079 . . . . . . . . . . . . . . . . .
debug spanning-tree . . . . . . . . . . . . . . . 2090 debug udld . . . . . . . . . . . . . . . . . . . . 2091 debug vpc . . . . . . . . . . . . . . . . . . . . 2092 debug vrrp . . . . . . . . . . . . . . . . . . . . 2093 exception core-file exception dump . . . . . . . . . . . . . . . . . 2093 . . . . . . . . . . . . . . . . . 2094 exception protocol . . . . . . . . . . . . . . . . exception switch-chip-register . . . . . . . . . 2099 . . . . . . . . . . . . . . 2099 . . . . . . . .
show sflow agent . . . . . . . . . . . . . . . . . show sflow destination . show sflow polling 2118 . . . . . . . . . . . . . 2119 . . . . . . . . . . . . . . . . 2120 show sflow sampling . . . . . . . . . . . . . . . show sflow source-interface . . . . . . . . . . . 2121 2122 SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .2124 Commands in this Section show snmp . . . . . . . . . . . . 2124 . . . . . . . . . . . . . . . . . . . . 2125 show snmp engineid . . . . . . .
snmp-server host . . . . . . . . . . . . . . . . . snmp-server location . 2144 . . . . . . . . . . . . . . 2146 snmp-server user . . . . . . . . . . . . . . . . . 2147 snmp-server view . . . . . . . . . . . . . . . . . 2149 snmp-server v3-host . . . . . . . . . . . . . . . snmp-server source-interface . . . . . . . . . . 2150 2152 SupportAssist Commands . . . . . . . . . . . . . . . . . . . . .2154 Commands in this Section eula-consent . . . . . . . . . . . . 2154 . . . . . . . . . . . .
clear logging file . . . . . . . . . . . . . . . . . description (Logging) . level . 2169 . . . . . . . . . . . . . . 2170 . . . . . . . . . . . . . . . . . . . . . . . 2171 logging cli-command . logging . . . . . . . . . . . . . . 2171 . . . . . . . . . . . . . . . . . . . . . . 2173 logging audit . . . . . . . . . . . . . . . . . . . 2175 logging buffered . . . . . . . . . . . . . . . . . 2176 logging console . . . . . . . . . . . . . . . . . . 2177 . . . . . . . . . . . . . . . . .
terminal monitor . . . . . . . . . . . . . . . . . 2191 System and Stack Management Commands . . . . .2193 asset-tag . . . . . . . . . . . . . . . . . . . . . 2194 banner exec . . . . . . . . . . . . . . . . . . . 2195 banner login . . . . . . . . . . . . . . . . . . . 2195 banner motd . . . . . . . . . . . . . . . . . . . 2196 banner motd acknowledge . buffers . . . . . . . . . . . 2197 . . . . . . . . . . . . . . . . . . . . . . 2199 clear checkpoint statistics . . . . . . . . . . . .
memory free low-watermark . . . . . . . . . . . 2213 nsf . . . . . . . . . . . . . . . . . . . . . . . . . 2214 ping . . . . . . . . . . . . . . . . . . . . . . . . 2214 process cpu threshold quit . . . . . . . . . . . . . . 2218 . . . . . . . . . . . . . . . . . . . . . . . . 2219 reload . . . . . . . . . . . . . . . . . . . . . . . service unsupported-transceiver . . . . . . . . 2222 . . . . . . . . . . . . . . . . . . 2222 . . . . . . . . . . . . . . . . . . . . . . . .
show process app-list . . . . . . . . . . . . . . show process app-resource-list . show process cpu . . . . . . . . 2242 . . . . . . . . . . . . . . . . 2243 show process proc-list . . . . . . . . . . . . . . 2244 . . . . . . . . . . . . . . 2246 . . . . . . . . . . . . . . . . . . 2247 . . . . . . . . . . . . . . . . . . . . . 2248 show router-capability show sessions show slot 2240 show supported cardtype . . . . . . . . . . . . 2250 . . . . . . . . . . . 2252 show switch . . . . .
standby . . . . . . . . . . . . . . . . . . . . . . switch renumber telnet 2274 . . . . . . . . . . . . . . . . . 2275 . . . . . . . . . . . . . . . . . . . . . . . 2276 traceroute . . . . . . . . . . . . . . . . . . . . . traceroute ipv6 . . . . . . . . . . . . . . . . . . update bootcode . . . . . . . . . . . . . . . . . 2277 2280 2282 Telnet Server Commands . . . . . . . . . . . . . . . . . . . . .2283 Telnet Client Behaviors . . . . . . . . . . . . . . Commands in this Section . . . .
Downloading and Uploading of Files . . . . . . . 2295 . . . . . . . . . . . . 2295 . . . . . . . . . . . . . . . . . . . 2295 . . . . . . . . . . . . . . . . . . . . . 2296 dir usb . . . . . . . . . . . . . . . . . . . . . . . 2297 recover . . . . . . . . . . . . . . . . . . . . . . 2299 Commands in this Section unmount usb show usb User Interface Commands . . . . . . . . . . . . . . . . . . . .2300 configure terminal do . . . . . . . . . . . . . . . . 2300 . . . . . . . . . . . . . . . .
ip http port . . . . . . . . . . . . . . . . . . . . ip http server . . . . . . . . . . . . . . . . . . . ip http secure-certificate . ip http secure-port 2317 . . . . . . . . . . . . . . . . 2317 . . . . . . . . . . . . . . 2318 . . . . . . . . . . . . . . . . . . . 2319 . . . . . . . . . . . . . . . . . . . . . . 2320 key-generate no crypto certificate organization-unit . . . . . . . . . . . . . . . 2320 . . . . . . . . . . . . . . . . .
Contents 98
Dell EMC Networking CLI 1 Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Introduction The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility. The CLI is a basic command-line interpreter with command-line completion, in-line syntax help, and prior command recall.
Command Groups The system commands can be broken down into three sets of functional groups: Layer 2, Layer 3, and Utility. Table 1-1. System Command Groups Command Group Description Layer 2 Commands ACL Configures and displays ACL information. MAC Address Table Configures bridging address tables. Auto-VoIP Configures Auto VoIP for IP phones on a switch. CDP Interoperability Configures Cisco® Discovery Protocol (CDP). DHCP L2 Relay Enables the Layer 2 DHCP Relay agent for an interface.
Table 1-1. System Command Groups (continued) Command Group Description IPv6 ACL Configures and displays ACL information for IPv6. IPv6 MLD Snooping Configures IPv6 MLD Snooping. IPv6 MLD Snooping Querier Configures IPv6 Snooping Querier and displays IPv6 Snooping Querier information. IP Source Guard Configures IP source guard and displays IP source guard information. iSCSI Optimization Configures special QoS treatment for traffic between iSCSI initiators and target systems.
Table 1-1. System Command Groups (continued) Command Group Description TACACS+ Configures and displays TACACS+ information. 802.1x Configures and displays commands related to 802.1x security protocol. Captive Portal Blocks clients from accessing network until user verification is established. Denial of Service Provides several Denial of Service options. Management ACL Configures and displays management access-list information. Password Management Provides password management.
Table 1-1. System Command Groups (continued) Command Group Description DHCP Server and Relay Agent (IPv4) Manages DHCP/BOOTP operations on the system. DHCPv6 Configures IPv6 DHCP functions. DHCPv6 Snooping Configures DHCP v6 snooping and whether an interface is trusted or untrusted. DVMRP (Mcast) Configures DVMRP operations. GMRP Configures GMRP and displays GMRP information. IGMP (Mcast) Configures IGMP operations. IGMP Proxy (Mcast) Manages IGMP Proxy on the system.
Table 1-1. System Command Groups (continued) Command Group Description Auto-Install Automatically configures switch when a configuration file is not found. CLI Macro Configures CLI Macro and displays CLI Macro information. Clock Configures the system clock. Command Line Configuration Scripting Manages the switch configuration files. Configuration and Image Manages file system and Command Line Interface Files scripting commands. DHCP Client Configures an interface to obtain an IP address via DHCP.
Table 1-1. System Command Groups (continued) Command Group Description User Interface Describes user commands used for entering CLI commands. Web Server Configures web-based access to the switch. Mode Types The tables on the following pages use these abbreviations for Command Mode names.
• L — Logging • LC — Line Configuration • LD — Link Dependency • MA — Management Access-level • MC — MST Configuration • MD —MLAG Domain Configuration • MDC — Maintenance Domain Configuration • ML — MAC-List Configuration • MSC — Mail Server Configuration • MT — MAC-acl • OFC—OpenFlow Configuration • OG — OSPFv2 Global Configuration • OR—OSPFv2 Router Configuration • PE — Privileged Exec • PM — Policy Map Configuration • PCGC — Policy Map Global Configuration • PCMC — Policy
• TC — TACACS Configuration • TRC — Time Range Configuration • UB—U-boot • UE — User Exec • VC — VLAN Configuration (reached via vlan command) • VRC—VRF Configuration • VR—Virtual Router Configuration • v6ACL — IPv6 Access List Configuration • v6CMC — IPv6 Class-Map Configuration • v6DP — IPv6 DHCP Pool Configuration Layer 2 Commands ACL Command Description Modea ip access-list Creates an Access Control List (ACL) that is identified by the parameter accesslistnumber.
Command Description Modea mac access-list extended Creates the MAC Access Control List (ACL) identified by the name parameter. GC mac access-list extended rename Renames the existing MAC Access Control List GC (ACL) name. remark Adds a comment to an ACL rule. IPAF4, IPAF, ML, ARPA service-acl input Blocks Link Local Protocol Filtering (LLPF) protocol(s) on a given port. IC show access-lists interface Displays interface ACLs.
Command Description Modea show mac address-table Displays dynamically created entries in the bridge-forwarding database. PE show mac address-table address Displays all entries in the bridge-forwarding database for the specified MAC address. UE or PE show mac address-table count Displays the number of addresses present in the PE Forwarding Database. show mac address-table dynamic Displays all entries in the bridge-forwarding database.
Command Description Modea isdp advertise-v2 Enables the sending of ISDP version 2 packets from the device. GC isdp enable Enables ISDP on the switch. GC or IC isdp holdtime Configures the hold time for ISDP packets that GC the switch transmits. isdp timer Sets period of time between sending new ISDP GC packets. show isdp Displays global ISDP settings. PE show isdp entry Displays ISDP entries. PE show isdp interface Displays ISDP settings for the specified interface.
Command Description Modea show dhcp l2relay all Displays the summary of DHCP L2 Relay configuration. PE or GC show dhcp l2relay interface Displays DHCP L2 Relay configuration specific PE to interfaces. show dhcp l2relay stats interface Displays DHCP L2 Relay statistics specific to interfaces. PE or GC show dhcp l2relay agentoption vlan Displays DHCP L2 Relay Option-82 configuration specific to VLANs.
Modea Command Description ip dhcp snooping database write-delay Configures the interval in seconds at which the GC DHCP Snooping database will be stored in persistent storage. ip dhcp snooping limit Controls the maximum rate of DHCP messages. ip dhcp snooping log-invalid Enables logging of DHCP messages filtered by the DHCP Snooping application. ip dhcp snooping trust IC IC Configure a port as trusted for DHCP snooping.
Command Description Modea ip arp inspection limit Configures the rate limit and burst interval values for an interface. IC ip arp inspection trust Configures an interface as trusted for Dynamic IC ARP Inspection. ip arp inspection validate Enables additional validation checks like source GC MAC address validation, destination MAC address validation or IP address validation on the received ARP packets. ip arp inspection vlan Enables Dynamic ARP Inspection on a single VLAN or a range of VLANs.
Command Description Modea interface Enters the interface configuration mode to configure parameters for an interface. GC or IC interface range Enters the interface configuration mode to execute a command on multiple ports at the same time. GC or IC or IR link debounce time Configures the debounce timer for one or multiple interfaces. IC or IR rate-limit cpu Reduces the amount of unknown unicast/multicast packets forwarded to the CPU.
Modea Command Description show storm-control action Displays the storm control action configuration PE for one or all interfaces. shutdown Disables interfaces. IC speed Configures the speed of a given Ethernet interface when not using auto-negotiation. IC switchport protected Sets the port to Protected mode. IC switchport protected name Configures a name for a protected group. GC show switchport protected Displays protected group/port information.
Command Description Modea ethernet cfm mip level Creates a Maintenance Intermediate Point (MIP) at the specified level. IC ping ethernet cfm Generates a loopback message (LBM) from PE traceroute ethernet cfm Generates a link trace message (LTM) from the PE configured MEP. show ethernet cfm errors Displays the cfm errors. PE show ethernet cfm domain Displays the configured parameters in a maintenance domain.
Command Modea Description PE show green-mode interface- Displays the green-mode configuration and id operational status of the port. This command is also used to display the per port configuration and operational status of the green-mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled. show green-mode Displays the green-mode configuration for the PE whole system.
a. For the meaning of each Mode abbreviation, see Mode Types. IGMP Snooping Modea Command Description ip igmp snooping In Global Configuration mode, Enables GC Internet Group Management Protocol (IGMP) snooping. show ip igmp snooping groups Displays Multicast groups learned by IGMP snooping. UE show ip igmp snooping mrouter Displays information on dynamically learned Multicast router interfaces.
IGMP Snooping Querier Modea Command Description ip igmp snooping Enables/disables IGMP Snooping Querier on GC or the system (Global Configuration mode) or on VC a VLAN. ip igmp snooping querier election participate Enables the Snooping Querier to participate in VC the Querier Election process when it discovers the presence of another Querier in the VLAN. ip igmp snooping querier query-interval Sets the IGMP Querier Query Interval time.
IP Addressing Command Description Modea clear host Deletes entries from the host name-to-address cache. PE clear ip address-conflictdetect Clears the address conflict detection status in the switch. PE interface out-of-band Enters into OOB interface configuration mode. GC ip address Configures an IP address on an in-band interface. ip address (Out-of-Band) Sets an IP address for the out-of-band interface.
Command Description Modea ipv6 enable (OOB Configuration) Enables IPv6 operation on the out-of-band interface. IC ipv6 gateway (OOB Configuration) Configures the address of the IPv6 gateway. IC show hosts Displays the default domain name, a list of UE name server hosts, static and cached list of host names and addresses. show ip address-conflict Displays the status information corresponding to the last detected address conflict.
IPv6 MLD Snooping Command Description Modea ipv6 mld snooping vlan groupmembership-interval Sets the MLD Group Membership Interval time on a VLAN or interface. VC ipv6 mld snooping vlan immediate-leave Enables or disables MLD Snooping immediate- VC leave admin mode on a selected interface or VLAN. ipv6 mld snooping vlan last- Sets the MLD Maximum Response time for an IC or listener-query-interval interface or VLAN.
Modea Command Description ipv6 mld snooping querier election participate Enables the Snooping Querier to participate in VC the Querier Election process when it discovers the presence of another Querier in the VLAN. ipv6 mld snooping querier query-interval Sets the MLD Querier Query Interval time. ipv6 mld snooping querier timer expiry Sets the MLD Querier timer expiration period. GC show ipv6 mld snooping querier Displays MLD Snooping Querier information. a.
Link Dependency Modea Command Description action Indicates if the link-dependency group should LD mirror or invert the status of the depended on interfaces. link-dependency group Enters the link-dependency mode to configure GC a link-dependency group. add Adds member gigabit Ethernet port(s) to the LD dependency list. depends-on Adds the dependent Ethernet ports or port channels list. show link-dependency Shows the link dependencies configured on a PE particular group. a.
Command Description Modea lldp receive Enables the LLDP receive capability. IC lldp timers Sets the timing parameters for local data transmission on ports enabled for LLDP. GC lldp transmit Enables the LLDP advertise capability. IC lldp transmit-mgmt Specifies that transmission of the local system management address information in the LLDPDUs is included. IC lldp transmit-tlv Specifies which optional TLVs in the 802.1AB IC basic management set will be transmitted in the LLDPDUs.
Command Description Modea keepalive (Global Config) Globally enable loop protection and optionally configure the loop protection timer and packet count. GC keepalive action Configure the action taken when a loop is detected on an interface. IC show keepalive Displays the global loop protect configuration. PE show keepalive statistics Displays the loop protect status for one or all PE interfaces. a. For the meaning of each Mode abbreviation, see Mode Types.
Command Description Modea role priority Configures the priority value used on a switch for primary/secondary role selection. MD show vpc Displays information about an MLAG. PE show vpc brief Displays the MLAG global status. PE show vpc consistencyparameters Displays MLAG-related configuration information in a format suitable for comparison with the other MLAG peer.
Multicast VLAN Registration Command Description Modea mvr Enables MVR. GC or IC mvr group Adds an MVR membership group. GC mvr mode Changes the MVR mode type. GC mvr querytime Sets the MVR query response time. GC mvr vlan Sets the MVR multicast VLAN. GC mvr immediate Enables MVR Immediate Leave mode. IC mvr type Sets the MVR port type. IC mvr vlan group Use to participate in the specific MVR group. IC show mvr Displays global MVR settings.
Command Description Modea lacp port-priority Configures the priority value for Ethernet ports. IC lacp system-priority Configures the system LACP priority. GC lacp timeout Assigns an administrative LACP timeout. IC port-channel min-links Sets the minimum number of links that must IC be up in order for the port channel interface to be declared up. show interfaces portchannel Displays port-channel information. PE show lacp Displays LACP information for ports.
QoS Modea Command Description assign-queue Modifies the queue ID to which the associated PCMC traffic stream is assigned. class Creates an instance of a class definition within PMC the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements. class-map Defines a new DiffServ class of type match-all. GC class-map rename Changes the name of a DiffServ class. GC classofservice dot1pmapping Maps an 802.
Command Description Modea mark ip-dscp Marks all packets for the associated traffic stream with the specified IP DSCP value. PCMC mark ip-precedence Marks all packets for the associated traffic PCMC stream with the specified IP precedence value. match access-group Adds ACL match criteria to a class map. CMC match class-map Adds add to the specified class definition the set of match conditions defined for another class.
Command Description Modea match ip precedence Adds to the specified class definition a match condition based on the value of the IP. CMC match ip tos Adds to the specified class definition a match condition based on the value of the IP TOS field in a packet. CMC match protocol Adds to the specified class definition a match CMC condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation.
Modea Command Description random-detect queueparms Configures the green, yellow and red TCP and GC, IC, or IR non-TCP packet minimum and maximum thresholds and corresponding drop probabilities on an interface or all interfaces. random-detect exponential- Configures the decay in the calculation of the GC, IC, weighting-constant average queue size user for WRED on an or IR interface or all interfaces.
Modea Command Description show policy-map interface Displays policy-oriented statistics information PE for the specified interface and direction. show service-policy Displays a summary of policy-oriented statistics information for all interfaces. PE traffic-shape Specifies the maximum transmission bandwidth limit for the interface as a whole. GC or IC vlan priority Assigns a default VLAN priority tag for untagged frames ingressing an interface. IC a.
Command Modea Description spanning-tree bpdu flooding Allows flooding of BPDUs received on nonspanning-tree ports to all other nonspanning-tree ports. GC spanning-tree bpduprotection Enables BPDU protection on a switch. GC spanning-tree cost Configures the spanning tree path cost for a port. IC spanning-tree disable Disables spanning tree on a specific port. IC spanning-tree forward-time Configures the spanning tree bridge forward time.
Command Description Modea spanning-tree port-priority (Interface Configuration) Configures port priority. IC spanning-tree priority Configures the spanning tree priority. GC spanning-tree tcnguard Prevents a port from propagating topology change notifications. IC spanning-tree transmit hold- Set the maximum number of BPDUs that a count bridge is allowed to send within a hello time window (2 seconds).
Modea Command Description udld message time Configures the interval between the GC transmission of UDLD probe messages on ports that are in the advertisement phase. udld timeout interval Configures the interval for the receipt of ECHO GC replies. udld enable (Interface Configuration) Enables UDLD on a specific interface. udld port Selects the UDLD operating mode on a specific IC interface. show udld Displays the global settings for UDLD. a.
Modea Command Description show port protocol Displays the Protocol-Based VLAN information PE for either the entire system or for the indicated group. show switchport ethertype Displays the configured Ethertype for each interface. PE show vlan Displays detailed information, including interface information and dynamic vlan type, for a specific VLAN. PE show vlan association mac Displays the VLAN associated with a specific configured MAC address.
Command Description Modea switchport mode privatevlan Defines a private VLAN association for an isolated or community interface or a mapping for a promiscuous interface. IC switchport mode dot1qtunnel Enables QinQ tunneling on customer edge (CE) interfaces. IC switchport private-vlan Defines a private VLAN association for an isolated or community port or a mapping for a promiscuous port. IC switchport trunk Adds or removes VLANs from a trunk port.
Command Description Modea switchport voice vlan priority Trusts or not trusts the data traffic arriving on the voice VLAN port. IC switchport voice vlan dot1p Configure voice VLAN 802.1p priority tagging for voice traffic. IC switchport voice vlan dscp IC Configure dscp value for voice traffic on the voice VLAN port. switchport voice vlan none Allow the IP phone to use its own configuration IC to send untagged voice traffic.
Modea Command Description aaa ias-user username Configures IAS users and their attributes. Also GC changes the mode to aa user Configuration mode. aaa new-model This command is a no-op command. It is present only for compatibility purposes. GC aaa server radius dynamicauthor Enters radius dynamic authorization mode. GC authentication enable Globally enables the Authentication Manager. GC authentication order Sets the order of authentication methods used IC on a port.
Command Description Modea show authentication Shows information about authentication methods. PE show authentication authentication-history Displays the authentication history on one or more interfaces. PE show authentication methods Displays information about the authentication PE methods. show authentication statistics Displays the Authentication Manager statistics PE on one or more interfaces. show authorization methods Displays the configured authorization method lists.
Modea Command Description show users Shows which administrative profiles have been PE assigned to local user accounts and to show which profiles are active for logged-in users. username Optionally allows the specification of an Administrative Profile for a local user. a. GC For the meaning of each Mode abbreviation, see Mode Types. E-mail Alerting Command Description Modea logging email Enables e-mail alerting and sets the lowest severity level for which log messages are emailed.
Modea Command Description mail-server ip-address | hostname Configures the SMTP server IP address and GC changes the mode to Mail Server Configuration Mode. port (Mail Server Configuration Mode) Configures the TCP port to use for communication with the SMTP servers. MSC username (Mail Server Configuration Mode) Configures the username required by the authentication. MSC password (Mail Server Configuration Mode) Configures the password required to authenticate to the e-mail server.
Modea Command Description attribute 31 R Alters the format of the MAC address sent in the Calling-Station-Id attribute to the RADIUS server when authenticating using 802.1X MAC based authentication for an interface. authentication event fail retry Sets the number of times authentication may be reattempted by the user for the RADIUS method for an IEEE 802.1X supplicant. auth-port Sets the port number for authentication requests R of the designated radius server.
Modea Command Description radius server attribute 25 GC Globally enables the switch to send the RADIUS Class attribute as supplied by the RADIUS server in accounting messages sent to the accounting server. radius server attribute 31 GC Globally enables the switch to send the RADIUS Class attribute as supplied by the RADIUS server in accounting messages sent to the accounting server. radius server deadtime Improves RADIUS response times when servers GC are unavailable.
Command Description Modea timeout Sets the timeout value in seconds for the designated RADIUS server. R usage Specifies the usage type of the server. R a. For the meaning of each Mode abbreviation, see Mode Types. TACACS+ Modea Command Description key Specifies the authentication and encryption key TC for all TACACS communications between the device and the TACACS server. port Specifies a server port number. TC priority Specifies the order in which servers are used.
Command Description Modea dot1x eapolflood Enables the flooding of received IEEE 802.1x frames in the VLAN. GC dot1x initialize Begins the initialization sequence on the specified port. PE mab Enables MAB on an interface. IC default mab Configures the switch to transmit EAP or CHAP credentials to the RADIUS server for MAB-authenticated devices connected to the interface. IC mab request format Configures the format of the MAC address sent IC, in the User-Name attribute.
Command Modea Description dot1x timeout quiet-period Sets the number of seconds the switch remains IC in the quiet state following a failed authentication attempt. dot1x timeout re-authperiod Sets the number of seconds between reauthentication attempts. dot1x timeout servertimeout IC Sets the number of seconds the switch waits for IC a response from the authentication server before resending the request.
Command Description Modea show dot1x interface Shows the status of MAC Authentication Bypass. PE show dot1x interface statistics Displays 802.1X statistics for the specified interface. PE show dot1x users Displays active 802.1X authenticated users for the switch. PE clear dot1x authentication– Clears the authentication history table captured PE history during successful and unsuccessful authentication. dot1x guest-vlan Sets the guest VLAN on a port.
Command Description Modea group Configures the group number for a captive portal configuration. CPI interface Associates an interface with a captive portal configuration. CPI locale Associates an interface with a captive portal configuration. CPI name (Captive Portal) Configures the name for a captive portal configuration. CPI protocol Configures the protocol mode for a captive portal configuration. CPI redirect Enables the redirect mode for a captive portal configuration.
Command Description Modea no user Deletes a user from the local user database. CP show captive-portal user Displays all configured users or a specific user in PE the captive portal local user database. user group Associates a group with a captive portal user. CP user-logout Enables captive portal users to log out of the portal. CPI user name Modifies the user name for a local captive portal CP user. user password Creates a local user or changes the password for CP an existing user.
Command Description Modea dos-control icmp Enables Maximum ICMP Packet Size Denial of Service protections. GC dos-control l4port Enables L4 Port Denial of Service protection. GC dos-control sipdip Enables Source IP Address = Destination IP GC Address (SIP=DIP) Denial of Service protection. dos-control tcpflag Enables TCP Flag Denial of Service protections. GC dos-control tcpfrag Enables TCP Fragment Denial of Service protection.
Command Description Modea permit (management) Defines a permit rule. MA show management accessclass Displays the active management access-list. PE show management accesslist Displays management access-lists. PE a. For the meaning of each Mode abbreviation, see Mode Types. Password Management Command Description Modea passwords aging Implements aging on the passwords such that users are required to change passwords when they expire.
Command Modea Description passwords strength maxEnforces a maximum number of consecutive limit consecutive-characters characters that a password can contain. GC passwords strength maxlimit repeated-characters Enforces a maximum repeated characters that a GC password should contain. passwords strength minimum character-classes GC Enforces the minimum number of character classes (uppercase letters, lowercase letters, numeric characters and special characters) that a password must contain.
Modea Command Description ip ssh server Enables the switch to be configured from a SSH GC server connection. key-string Manually specifies a SSH public key. show crypto key mypubkey Displays its own SSH public keys stored on the PE switch. show crypto key pubkeychain ssh Displays SSH public keys stored on the switch. PE show ip ssh Displays the SSH server configuration. a. SK PE For the meaning of each Mode abbreviation, see Mode Types.
MVRP Modea Command Description clear mmrp statistics Clears the MVRP statistics for an interface or PE all interfaces. mmrp Enables MVRP on a specific interface. IC IR mmrp global Globally enables MVRP. GC mmrp periodic state machine Globally enables the MVRP periodic state machine. GC show mmrp Displays the MVRP configuration for an interface or globally. PE Displays the MVRP statistics for an interface or globally. PE show mmrp statistics a.
Command Description Modea msrp talker-pruning Enables source pruning. GC show msrp Displays the MSRP configuration for an interface or globally. PE or GC show msrp reservations Displays the MSRP reservation information for PE or an interface. GC show msrp statistics Displays the MSRP statistics for an interface or globally. PE or GC show msrp stream Displays MSRP stream information. PE or GC a. For the meaning of each Mode abbreviation, see Mode Types. 802.
Command Description Modea dot1as pdelay-threshold Configures the propagation delay threshold in nanoseconds, above which an interface is not considered capable of participating in the 802.1AS protocol. IC dot1as interval pdelay-loss Configures the number of Pdelay_Req messages IC for which a valid response has not been received, above which a port is considered to not be exchanging peer delay messages with its neighbor. show dot1as Displays the IEEE 802.
Modea Command Description show lldp dcbx Displays the Traffic Class to Traffic Class Group PE mapping. classofservice traffic-classgroup Maps the internal Traffic Class to an internal Traffic Class Group (TCG). GC or IC traffic-class-group maxbandwidth Specifies the maximum transmission bandwidth limit for each TCG as a percentage of the interface rate.
Modea Command Description openflow Enables OpenFlow on the switch (if disabled) GC and enters into OpenFlow configuration mode. passive Sets the switch to wait for the controller to initiate the connection. OFC protocol-version Selects the version of the protocol in which to operate. OFC show openflow Displays OpenFlow configuration and status. PE, GC a. For the meaning of each Mode abbreviation, see Mode Types.
Command Description Modea arp cachesize Configures the maximum number of entries in the ARP cache. GC arp dynamicrenew Enables the ARP component to automatically renew dynamic ARP entries when they age out. GC arp purge Causes the specified IP address to be removed from the ARP cache. PE arp resptime Configures the ARP request response timeout. GC arp retries Configures the ARP count of maximum request GC for retries. arp timeout Configures the ARP entry age-out time.
Command Description Modea ipv6 ospf bfd Enables sending of BFD events to OSPF on a VLAN routing interface. IC neighbor fall-over bfd Enables BFD support for a BGP neighbor. RBC show bfd neighbor Displays the neighbors for which BFD has established adjacencies. PE or GC a. For the meaning of each Mode abbreviation, see Mode Types. BGP Command Description Modea router bgp Enables BGP and identify the autonomous system (AS) number for the router.
Command Description Modea bgp cluster-id Specifies the cluster ID of a route reflector. BR bgp default local-preference Enables the network operator to specify the default local preference. BR bgp fast-external-fallover Configures BGP to immediately reset the adjacency with an external peer if the routing interface to the peer goes down.
Command Description Modea distance bgp (BGP Router Configuration) Sets the preference of BGP routes. BR distance bgp (IPv6 Address Family Configuration) Sets the preference of BGP routes. IPAF distribute-list prefix in Configures a filter that restricts the routes that BR BGP accepts from all neighbors based on IPAF destination prefix. distribute-list prefix out (BGP Router Configuration) Configures a filter that restricts the advertisement of routes based on destination prefix.
Command Modea Description maximum-paths ibgp (BGP Specifies the maximum number of next hops Router Configuration) BGP may include in an Equal Cost Multipath (ECMP) route derived from paths received from neighbors within the local autonomous system. BR maximum-paths ibgp (IPv6 Limits the number of ECMP next hops in IPv6 IPAF Address Family routes from internal peers. Configuration) neighbor activate Enables the exchange of IPv6 routes with a neighbor.
Modea Command Description neighbor inherit peer Configures a BGP peer to inherit peer BR configuration parameters from a peer template. neighbor local-as Configures BGP to advertise the local-as instead BR, of the router’s own AS in the routes advertised IPAF to the neighbor. neighbor maximum-prefix (BGP Router Configuration) Configures the maximum number of IPv4 prefixes that BGP will accept from a specified neighbor.
Modea Command Description neighbor route-map (IPv6 Address Family Configuration) Specifies a route map to be applied to inbound IPAF or outbound IPv6 routes. neighbor route-reflectorclient (BGP Router Configuration) Configures an internal peer as an IPv4 route reflector client. neighbor route-reflectorConfigures an internal peer as an IPv4 route client (IPv6 Address Family reflector client.
Command Description Modea route-target Creates a list of export, import, or both route target (RT) extended communities for the specified VRF instance. PE set extcommunity rt Sets BGP extended community attributes for the route target. RMC set extcommunity soo Sets BGP extended community attributes for the site of origin. RMC show bgp ipv6 Displays IPv6 routes in the BGP routing table.
Command Modea Description show bgp ipv6 update-group Reports the status of IPv6 outbound groups and PE their members. show bgp ipv6 routereflection Displays a summary of BGP route reflection. PE show ip bgp Displays BGP routes. UE show ip bgp aggregateaddress Lists the aggregate addresses that have been configured and indicates whether each is currently active. PE show ip bgp community Displays a BGP community.
Modea Command Description show ip bgp traffic Lists the routes that are allowed by the specified UE community list. show ip bgp update-group Reports the status of IPv4 outbound update groups and their members. PE show ip bgp vpn4 Displays the VPNv4 address information from the BGP table. PE, GC template peer Creates a BGP peer template and enters peer template configuration mode.
Command Description Modea match ipv6 address prefixlist Configures a route map to match based on an IPv6 destination prefix. RM show ip as-path-access-list Displays the contents of AS path access lists. PE or GC show ip community-list Displays the contents of AS path access lists. PE or GC show ip prefix-list Displays the contents of IPv4 prefix lists. PE or GC show ipv6 prefix-list Displays the contents of IPv6 prefix lists.
Command Description Modea bootfile Sets the name of the image for the DHCP client to load. DP clear ip dhcp binding Removes automatic DHCP server bindings. PE clear ip dhcp conflict Removes DHCP server address conflicts. PE client-identifier Identifies a a Microsoft® DHCP client to be manually assigned an address. DP client-name Specifies the host name of a DHCP client. DP default-router Sets the IPv4 address of one or more routers for DP the DHCP client to use.
Modea Command Description network Defines a pool of IPv4 addresses for distributing DP to clients. next-server Sets the IPv4 address of the TFTP server to be used during auto-install. option Supplies arbitrary configuration information to DP a DHCP client. service dhcp Enables local IPv4 DHCP server on the switch. GC sntp Sets the IPv4 address of the NTP server to be used for time synchronization of the client. DP show ip dhcp binding Displays the configured DHCP bindings.
Modea Command Description ipv6 dhcp server Configures DHCPv6 server functionality on an IC interface. prefix-delegation Defines Multiple IPv6 prefixes within a pool for v6DP distributing to specific DHCPv6 Prefix delegation clients. service dhcpv6 Enables DHCPv6 configuration on the router. GC show ipv6 dhcp Displays the DHCPv6 server name and status. PE show ipv6 dhcp binding Displays the configured DHCP pool.
Command Description Modea ipv6 dhcp snooping limit Configures an interface to disable itself if the rate of received DHCP messages exceeds the configured limit. IC ipv6 dhcp snooping loginvalid Configures the port to log invalid received DHCP messages. IC ipv6 dhcp snooping trust Configures the port as trusted. IC ipv6 dhcp snooping verify mac-address Enables the additional verification of the source GC MAC address with the client hardware address in the received DHCP message.
DVMRP Command Description Modea router bgp Sets the administrative mode of DVMRP in the router to active. GC or IC ip dvmrp metric Configures the metric for an interface. IC show ip dvmrp Displays the system-wide information for DVMRP. PE show ip dvmrp interface Displays the interface information for DVMRP PE on the specified interface. show ip dvmrp neighbor Displays the neighbor information for DVMRP.
IGMP Command Description Modea ip igmp last-member-querycount Sets the number of Group-Specific Queries sent before the router assumes that there are no local members on the interface. IC ip igmp last-member-queryinterval Configures the Maximum Response Time inserted in Group-Specific Queries which are sent in response to Leave Group messages. IC ip igmp mroute-proxy Configures downstream IGMP proxy on the selected VLAN interface associated with multicast hosts.
Command Description Modea show ip igmp interface stats Displays the IGMP statistical information for the interface. PE a. For the meaning of each Mode abbreviation, see Mode Types. IGMP Proxy Command Description Modea arp Enables the IGMP Proxy on the router. IC ip igmp proxy-service reset- Resets the host interface status parameters of status the IGMP Proxy router. IC ip igmp proxy-service unsolicit-rprt-interval Sets the unsolicited report interval for the IGMP Proxy router.
Command Description Modea ip dhcp relay information check Enables DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is valid. GC ip dhcp relay information check-reply Enables DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is valid. IC ip dhcp relay information option Enables the circuit ID option and remote agent GC ID mode for BootP/DHCP Relay on the system (also called option 82).
Modea Command Description ip netdirbcast Enables the forwarding of network-directed IC broadcasts. ip policy route-map Applies a route map on an interface. IC ip redirects Enables the generation of ICMP Redirect messages. IC ip route Configures a static route. Use the no form of the command to delete the static route. GC ip route default Configures the default route. Use the no form of the command to delete the default route.
Command Description Modea set ip next-hop Specifies the adjacent next-hop router in the path toward the destination to which the packets should be forwarded. RM set ip precedence Sets the IP precedence bits in the IP packet header. RM show ip brief Displays all the summary information of the IP. PE Maximum Next Hops.............................. 16 Displays all pertinent information about the IP PE interface.
Modea Command Description clear ipv6 statistics Clears IPv6 statistics for all interfaces or for a PE specific interface, including loopback and tunnel interfaces. ipv6 address Configures an IPv6 address on an interface (including tunnel and loopback interfaces). ipv6 enable IC Enables IPv6 routing on an interface (including tunnel and loopback interfaces) that has not been configured with an explicit IPv6 address.
Modea Command Description ipv6 nd managed-configflag Sets the managed address configuration flag IC in router advertisements. ipv6 nd ns-interval Sets the interval between router advertisements for advertised neighbor solicitations. IC ipv6 nd nud maxmulticast-solicits Configures the maximum number of multicast neighbor solicitations sent during neighbor resolution or during NUD (neighbor unreachability detection).
Command Description Modea ipv6 nd suppress-ra Suppresses router advertisement transmission on an interface. IC ipv6 redirect Enables sending IPv6 ICMP redirect IC messages to peers/hosts when a better firsthop node exists on the path to a destination. ipv6 route Configures an IPv6 static route GC ip route distance Sets the default distance (preference) for static routes. GC ipv6 unicast-routing Enables forwarding of IPv6 unicast datagrams.
Command Description Modea show ipv6 protocols Displays information about the configured IPv6 routing protocols. PE or GC show ipv6 route Displays the IPv6 routing table. PE show ipv6 route preferences Shows the preference value associated with the type of route. PE show ipv6 route summary Displays a summary of the routing table. PE show ipv6 snooping counters Displays the RA guard dropped packet counters. PE show ipv6 traffic Shows traffic and statistics for IPv6 and ICMPv6.
Command Description Modea ip multicast-routing Sets the administrative mode of the IP multicast forwarder in the router to active. GC ip multicast ttl-threshold Applies a ttlvalue to a routing interface. IC ip pim Administratively configures PIM mode for IP multicast routing on a VLAN interface. IC ip pim bsr-border Administratively disables bootstrap router (BSR) messages from being sent or received through an interface.
Command Description Modea show ip multicast interface Displays the multicast information for the specified interface. PE show ip mroute Displays a summary or all the details of the multicast table. PE show ip mroute group Displays the multicast configuration settings of PE entries in the multicast mroute table. show ip mroute source Displays the multicast configuration settings of PE entries in the multicast mroute table.
Command Description Modea ipv6 pim (VLAN Interface config) Administratively enables PIM-SM multicast routing mode on a particular IPv6 router interface. IC ipv6 pim bsr-border Prevents bootstrap router (BSR) messages from IC being sent or received through an interface. ipv6 pim bsr-candidate Configures the router to announce its candidacy as a bootstrap router (BSR). GC ipv6 pim dense-mode Administratively configures PIM dense mode for IPv6 multicast routing.
Command Description Modea show ipv6 pim interface Displays interface config parameters. PE or GC show ipv6 pim neighbor Displays IPv6 PIMSM neighbors learned on the PE or routing interfaces. GC show ipv6 pim rp-hash Displays which rendezvous point (RP) is being PE or selected for a specified group. GC show ipv6 pim rp mapping Displays all group-to-RP mappings of which the PE or router is aware (either configured or learned GC from the bootstrap router (BSR). a.
Command Description Modea area stub no-summary Prevents Summary LSAs from being advertised into the NSSA. ROSPF area virtual-link Creates the OSPF virtual interface for the specified area-id and neighbor router. ROSPF area virtual-link authentication Configures the authentication type and key for ROSPF the OSPF virtual interface identified by the area ID and neighbor ID.
Command Description Modea distance ospf Sets the route preference value of OSPF in the router. ROSPF distribute-list out Specifies the access list to filter routes received from the source protocol. ROSPF enable Resets the default administrative mode of OSPF ROSPF in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF. ROSPF external-lsdb-limit Configures the external LSDB limit for OSPF.
Command Description Modea maximum-paths Sets the number of paths that OSPF can report for a given destination. ROSPF network area Enables OSPFv2 on an interface and sets its area ROSPF ID if the IP address of an interface is covered by this network command. nsf Enables OSPF graceful restart. ROSPF nsf helper Allow OSPF to act as a helpful neighbor for a restarting router. ROSPF nsf helper strict-lsachecking Set an OSPF helpful neighbor exit helper mode whenever a topology change occurs.
Command Description Modea show ip ospf database database-summary Displays the number of each type of LSA in the database for each area and for the router. PE show ip ospf interface Displays the information for the IFO object or virtual interface tables. PE show ip ospf interface brief Displays brief information for the IFO object or virtual interface tables. PE show ip ospf interface stats Displays the statistics for a specific interface.
Modea Command Description area nssa (Router OSPFv3) Configures the specified areaid to function as an ROSV3 NSSA. area nssa default-infooriginate (Router OSPFv3 Config) Configures the metric value and type for the default route advertised into the NSSA. ROSV3 area nssa no-redistribute Configures the NSSA ABR so that learned external routes will not be redistributed to the NSSA. ROSV3 area nssa no-summary Configures the NSSA so that summary LSAs are ROSV3 not advertised into the NSSA.
Command Description Modea default-information originate (Router OSPFv3 Configuration) Controls the advertisement of default routes. ROSV3 default-metric Sets a default for the metric of distributed routes. ROSV3 distance ospf Sets the route preference value of OSPF in the router. enable Resets the default administrative mode of OSPF ROSV3 in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF.
Command Description Modea nsf Enables OSPF graceful restart. ROSV3 nsf helper Allows OSPF to act as a helpful neighbor for a restarting router. ROSV3 nsf helper strict-lsachecking Requires that an OSPF helpful neighbor exit ROSV3 helper mode whenever a topology change occurs. nsf restart-interval Configures the length of the grace period on the ROSV3 restarting router. passive-interface Sets the interface or tunnel as passive.
Command Description Modea show ipv6 ospf interface brief Displays brief information for the IFO object or virtual interface tables. PE show ipv6 ospf interface stats Displays the statistics for a specific interface. UE show ipv6 ospf interface vlan Displays OSPFv3 configuration and status information for a specific VLAN. PE show ipv6 ospf neighbor Displays information about OSPF neighbors. PE show ipv6 ospf range Displays information about the area ranges for the specified area identifier.
Command Description Modea ip irdp preference Configures the preference of the address as a default router address relative to other router addresses on the same subnet. IC show ip irdp Displays the router discovery information for all PE interfaces, or for a specified interface. a. For the meaning of each Mode abbreviation, see Mode Types. Routing Information Protocol Command Description Modea auto-summary Enables the RIP auto-summarization mode.
Command Description Modea redistribute (RIP) Configures OSPF protocol to allow redistribution of routes from the specified source protocol/routers. PIP router rip Enters Router RIP mode. GC show ip rip Displays information relevant to the RIP router. PE show ip rip interface Displays information related to a particular RIP PE interface. show ip rip interface brief Displays general information for each RIP interface. PE split-horizon Sets the RIP split horizon mode. RIP a.
Modea Command Description ip vrf Creates a virtual router with a specified name GC and enters Virtual Router Configuration mode. ip vrf forwarding Associates an interface with a VRF instance. maximum routes Reserves the number of routes allowed and sets VR the maximum limit on the number of routes for a virtual router instance in the total routing table space for the router. show ip vrf Shows the interfaces associated with a VRF instance. a.
Modea Command Description vrrp timers advertise Sets the frequency, in seconds, that an interface IC on the specified virtual router sends a virtual router advertisement. vrrp timers learn IC Configures the router, when it is acting as backup virtual router for a VRRR group, to learn the advertisement interval used by the master virtual router. vrrp track interface Alters the priority of the VRRP router based on IC the availability of its interfaces. vrrp track ip route Tracks route reachability.
Auto-Install Command Description Modea boot auto-copy-sw Enables or disables Stack Firmware Synchronization. GC boot auto-copy-sw allowdowngrade Enables downgrading the firmware version on GC the stack member if the firmware version on the manager is older than the firmware version on the member. boot host auto-reboot Enables rebooting the device (no administrative GC intervention) when the auto-image is successfully downloaded.
a. For the meaning of each Mode abbreviation, see Mode Types. Clock Command Description Modea show sntp configuration Displays the SNTP configuration. PE show sntp server Displays the preconfigured SNTP servers. PE show sntp status Displays the SNTP status. PE sntp authenticate Set to require authentication for received NTP GC traffic from servers. sntp authentication-key Defines an authentication key for SNTP. GC sntp broadcast client enable Enables SNTP Broadcast clients.
Command Line Configuration Scripting Command Description Modea script apply Applies commands in the script to the switch. PE script delete Deletes a specific script. PE script list Lists all scripts present in the switch. PE script show Displays the contents of a script file. PE script validate Validates a script file. PE a. For the meaning of each Mode abbreviation, see Mode Types.
a. For the meaning of each Mode abbreviation, see Mode Types. DHCP Client Command Description Modea release dhcp Forces the DHCPv4 client to release a leased address. PE renew dhcp Forces the DHCP client to immediately renew PE an IPv4 address lane. show dhcp lease Displays IPv4 addresses leased from a DHCP server. a. PE For the meaning of each Mode abbreviation, see Mode Types.
Command Description Modea show hiveagent sourceinterface Displays the configured HiveAgent source interface. PE, GC show hiveagent status Displays information on the HiveAgent configuration. PE, GC show eula-consent hiveagent Reviews the EULA details. a. PE, GC For the meaning of each Mode abbreviation, see Mode Types. Line Modea Command Description accounting Applies an accounting method to a line config. LC authorization Applies a command authorization method to a LC line config.
Command Description Modea nsf Enables display of the message of the day banner on the console, telnet, or SSH connection. LC password (Line Configuration) Specifies a password on a line. LC show line Displays line parameters. UE speed Sets the serial port BAUD rate. LC terminal length Sets the terminal length. PE a. For the meaning of each Mode abbreviation, see Mode Types.
power inline limit Configure the type of power limit. IC power inline management Sets the power management type. GC power inline powereddevice Adds a comment or description of the powered device type. IC (Ethernet) power inline priority Configures the port priority level for the delivery of power to an attached device. IC (Ethernet) power inline reset Use to reset the port.
Command Description Modea show rmon log Displays the RMON logging table. UE show rmon statistics Displays RMON Ethernet Statistics. UE a. For the meaning of each Mode abbreviation, see Mode Types. Serviceability Tracing Command Description Modea debug aaa accounting Enables debugging for accounting. PE debug arp Enables tracing of ARP packets. PE debug authentication interface Enables Authentication Manager debug traces for the interface.
Command Description Modea debug ip dvmrp Traces DVMRP packet reception and transmission. PE debug ip igmp Traces IGMP packet reception and transmission. PE debug ip mcache Traces MDATA packet reception and transmission. PE debug ip pimdm packet Traces PIMDM packet reception and transmission. PE debug ip pimsm packet Traces PIMSM packet reception and transmission.
Command Description Modea debug sflow Enables sFlow debug packet trace. PE debug spanning-tree Traces spanning tree BPDU packet reception and transmission. PE debug spanning-tree Traces spanning tree BPDU packet reception and transmission. PE debug udld Enables the display of UDLD packets or event processing. PE debug vpc Enables debug traces for the specified protocols GC debug vrrp Enables VRRP debug protocol messages. PE exception core-file Configures the core dump file name.
sFlow Command Description Modea sflow destination Configures sFlow collector parameters (owner string, receiver timeout, ip address, and port). GC sflow polling Enables a new sflow poller instance for the data GC source if rcvr_idx is valid. sflow polling (Interface Mode) Enable a new sflow poller instance for this data IC source if rcvr_idx is valid. sflow sampling Enables a new sflow sampler instance for this data source if rcvr_idx is valid.
Command Description Modea show snmp user Displays the configuration of users. PE show snmp views Displays the configuration of views. PE show trapflags Displays SNMP traps globally or displays specific SNMP traps. PE snmp-server community Sets up the community access string to permit GC access to SNMP protocol. snmp-server communitygroup Maps SNMP v1 and v2 security models to the group name. GC snmp-server contact Sets up a system contact (sysContact) string.
Support Assist Modea Command Description eula-consent Accepts or rejects the end-user license GC agreement (EULA) for the SupportAssist server. contact-company Configures the contact information to be sent to the SupportAssist server. SAC contact-person Configures the contact information to be sent to the SupportAssist server. SAC enable Enables a SupportAssist server. SAC proxy-ip-address Configures a proxy server to be used to contact SAC the SupportAssist servers.
Command Description Modea logging cli-command Enables CLI command logging. GC logging Configures a SYSLOG server GC logging audit Enables switch auditing. GC logging buffered Enables logging to the in-memory log. GC logging console Enables logging to the console. GC logging facility Configures the facility to be used in SYSLOG messages. GC logging file Enables logging to the persistent (on flash) log.
System Management Command Description Modea asset-tag Specifies the switch asset-tag. GC banner exec Sets the message that is displayed after a successful login. GC banner login Sets the message that is displayed just before the login prompt. GC banner motd Specifies message-of-the-day banner. GC banner motd acknowledge Acknowledges message-of-the-day banner.
Command Description Modea member Preconfigures a stack member. SG memory free lowwatermark GC Configures the notification of a low memory condition on the switch for the issuance of the CPU overload SNMP trap and notification via a SYSLOG message. nsf Specifies non-stop forwarding. GC ping Sends ICMP echo request packets to another node on the network.
Command Description Modea show interfaces utilization Displays the interface utilization. PE show memory cpu Checks the total and available RAM space on the switch. PE show nsf Shows non-stop forwarding status. PE show power-usagehistory Shows the history of unit power consumption PE for the unit specified in the command and total stack power consumption. show process app-list Displays the system applications.
Modea Command Description show users PE Displays information about the active users, including which profiles have been assigned to local user accounts and which profiles are active for logged-in users. show version Displays the system version information. UE stack Sets the mode to Stack Configuration mode. GC stack-port Sets the mode to Stack Configuration mode to GC configure Stack ports as either Stacking ports or as Ethernet ports.
Time Ranges Modea Command Description time-range [name] Creates a time range identified by name, GC consisting of one absolute time entry and/or one or more periodic time entries. absolute Adds an absolute time entry to a time range. TRC periodic Adds a periodic time entry to a time range. TRC show time-range Displays a time range and all the absolute/periodic time entries that are defined for the time range. PE a. For the meaning of each Mode abbreviation, see Mode Types.
Modea Command Description end Gets the CLI user control back to the privileged Any execution mode or user execution mode. exit Exits any configuration mode to the previously (All) highest mode in the CLI mode hierarchy. quit|exit|logout Closes an active terminal session by logging off UE the switch. a. For the meaning of each Mode abbreviation, see Mode Types. Web Server Command Description Modea common-name Specifies the common-name for the device. CC country Specifies the country.
Command Description Modea organization-unit Specifies the organization-unit or department name. CC show crypto certificate mycertificate Displays the SSL certificates of your switch. PE show ip http server status Displays the HTTP server status information. PE show ip http server secure status Displays the HTTP secure server status information. UE or PE state Specifies the state or province name. CC a. For the meaning of each Mode abbreviation, see Mode Types.
Dell EMC Networking CLI 222
2 Using the CLI Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Introduction This section describes the basics of entering and editing the Dell EMC Networking N1100-ON, N1500, N2000, N2100-ON, N3000, N3100-ON, and N4000 Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
Two instances where the help information can be displayed are: • Keyword lookup — The key is entered in place of a command. A list of all valid commands and corresponding help messages is displayed. • Partial keyword lookup — A command is incomplete and the key is entered in place of a parameter. The matched parameters for this command are displayed.
Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands. + Down-arrow key + Returns to more recent commands in the history buffer after recalling commands with the up-arrow key. Repeating the key sequence recalls more recent commands in succession.
console(config)#interface Gi1/0/1 console(config-if-Gi1/0/1)#show interface status Port Name Duplex Speed State Neg Status Link Flow Control --------- ------------------------- --------- ------------- --------- --------- -----------Gi1/0/1 N/A Unknown Auto Down Inactive Gi1/0/2 N/A Unknown Auto Down Inactive Gi1/0/3 N/A Unknown Auto Down Inactive Gi1/0/4 N/A Unknown Auto Down Inactive Gi1/0/5 N/A Unknown Auto Down Inactive Gi1/0/6 N/A Unknown Auto Down Inactive Command Completi
Table 2-2. CLI Shortcuts Keyboard Key Description Delete previous character + Go to beginning of line + Go to end of line + Go forward one character + Go backward one character + Delete current character + Delete to beginning of line + Delete to the end of the line.
) or a blank. In these cases, it may be necessary to enclose the entire string in double or single quotes for the command line parser to properly interpret the parameter. Command Scripting The CLI can be used as a programmable management interface. To facilitate this function, any characters entered after the character are treated as a comment and ignored by the CLI. Also, the CLI allows the user to disable session timeouts.
Table 2-3. CLI Command Notation Conventions Convention Description [] {} In a command line, square brackets indicate an optional entry. Italic Indicates a variable. Any individual key on the keyboard. + Any combination of keys pressed simultaneously on the keyboard. Screen Display Indicates system messages and prompts appearing on the console. all Indicates a literal parameter, entered into the command as it is.
• Slot# — The slot number is an integer number assigned to a particular slot. Front panel ports have a slot number of 0. Rear panel ports are numbered from 1 and can be identified by the lexan on the rear panel. Use the show slot command to retrieve information for a particular slot. • Port # — The port number is an integer number assigned to the physical port on the switch and corresponds to the lexan printed next to the port on the front or back panel.
Table 2-4.
Loopback Interfaces Loopback interfaces are represented in the CLI by the keyword loopback followed by the variable loopback-id, which can assume values from 0–7. Port Channel Interfaces Port-channel (or LAG) interfaces are represented in the CLI by the keyword port-channel followed by the variable port-channel-number. When listed in command line output, port channel interfaces are preceded by the characters Po.
to the left of the hyphen must always be less than or equal to the number to the right of the hyphen, e.g. interface range Gi1/0/10-1 is not valid. (#, #, #) — a list of interfaces. For example, (1/0/1, 1/0/1,1/0/3, 1/0/5) indicates that the operation applies to the Ethernet interfaces 1, 3, and 5 on unit 1. The interfaces may or may not be consecutive, nor must the interfaces be of the same type. (#, #-#, #) — ranges and non-consecutive interfaces listed together.
tunnel 7 loopback 3 Example #2 console(config-if-Gi1/0/23)#show vlan VLAN ----1 Name --------------default Ports ------------Po1-128, Gi1/0/1-24, Te1/0/1-2 Type -------------Default RSPAN Vlan --------------------------------------------------------------------None console(config-if-Gi1/0/23)#show slot 2/0 Slot.............................. Slot Status....................... Admin State....................... Power State....................... Configured Card: Model Identifier...............
Card Description............... Configured Card: Model Identifier............... Card Description............... Pluggable......................... Dell 24 Port 10G Fiber Dell Networking N3024F Dell 24 Port 10G Fiber No Entering Network Addresses MAC Addresses MAC addresses are specified in 3 groups of four upper or lower case hexadecimal characters separated by periods with no spaces, e.g. 0011.2233.FFee or by eight pairs of upper or lower case hexadecimal characters separated by colons, e.g.
Any host: 0000:0000:0000:0000:0000:0000:0000:0000 becomes :: The prefix length, if specified, ranges from 1 to 128 and is specified by a forward slash and a decimal number indicating the significant bits of the address, e.g. 3ffe:ffff:100:f101:0:0:0:/64. No spaces are allowed between the last address digit or colon and the forward slash.
CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level.
There are levels beneath the Global Configuration mode for further grouping of commands. The system prompt reflects these sub-Configuration modes. All the parameters are provided with reasonable defaults where possible. When starting a session, the initial mode is the User Exec mode (privilege level 0). Only a limited subset of commands is available in this mode. This level is reserved for tasks that do not change the configuration.
console# Global Configuration Mode Global Configuration commands allow the operator to change the configuration of the switch. The Privileged Exec mode command configure (or configure terminal) is used to enter Global Configuration mode. console(config)# The following are the Global Configuration submodes: • SNMP v3 Host Configuration — Configures the parameters for the SNMP v3 server host. • SNMP Community Configuration — Configures the parameters for the SNMP server community.
• Policy-map — Use the policy-map command to access the QoS policy map configuration mode to configure the QoS policy map. • Policy Class — Use the class command to access the QoS Policy-class mode to attach or remove a diffserv class from a policy and to configure the QoS policy class. • Class-Map — This mode consists of class creation/deletion and matching commands. The class matching commands specify layer 2, layer 3 and general match criteria.
Pre-configuration Nearly all switch features support a pre-configuration capability, even when a feature is not enabled or the required hardware is not present. Pre-configured capabilities become active only when enabled (typically via an admin mode control) or when the required hardware is present (or both). For example, a port can be pre-configured with both trunk and access mode information.
• Interface VLAN— Enables routing on a VLAN and configures routing/L3 parameters on a VLAN. Identifying the Switch and Command Mode from the System Prompt The system prompt provides the user with the name of the switch (hostname) and identifies the command mode.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Privileged Exec console# Use the enable command to enter into this mode. This mode is password protected. Use the exit command, or press + to return to the User Exec mode. Global Configuration console(config)# From Privileged Exec mode, use the configure command. Use the exit command, or press + to return to the Privileged Exec mode.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method IPv6 Address Family Configuration From BGP Router console (config-router-af)# Configuration mode, use the address-family ipv6 command. To exit to BGP Router Configuration mode, use the exit command, or press + to Privileged Exec mode. Management Access-List From Global Configuration mode, use the management access-list command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method MAC Access List From Global Configuration mode, use the mac access-list command. Command Prompt Exit or Access Previous Mode console(config-mac-accesslist)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. console(config-pubkeySSH Public Key- From Global chain)# Chain Configuration mode, use the crypto key pubkeychain ssh command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Radius From Global Configuration mode, use the radius server host command. console(Config-authradius)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. console(config-radius-da)# Radius Dynamic From Global Authorization Configuration, use the aaa server radius dynamic-author command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode SNMP Community Configuration From Global Configuration mode, use the snmp-server community command. console(config-snmp)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode Crypto Certificate Generation From Global Configuration mode, use the crypto certificate number generate command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Logging From Global Configuration mode, use the logging command. console(config-logging)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. MST From Global Configuration mode, use the spanning-tree mst configuration command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Virtual Router Config console(config-vrfFrom Global XXX)#where XXX is the VRF Configuration mode, use the ip vrf name. command. To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode Router RIP Config From Global Configuration mode, use the router rip command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Gigabit Ethernet From Global Configuration mode, use the interface gigabitethernet command. Or, use the abbreviation interface gi. console (config-ifGiunit/slot/port# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. 10 Gigabit Ethernet From Global Configuration mode, use the interface tengigabitethernet command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode VLAN From Global Configuration mode, use the interface vlan command. console(config-if-vlanvlanid)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. Tunnel From Global Configuration mode, use the interface tunnel command. Or, use the abbreviation interface tu.
3 When finished, exit the session with the quit or exit command. The switch can be managed over a direct connection to the switch console port or through a Telnet connection. If access is through a Telnet connection, the switch must have a defined IP address, corresponding management access granted, and a connection to the network. Using CLI Functions and Tools The CLI has been designed to manage the switch’s configuration file system and to manage switch security.
Copying Files The copy command not only provides a method for copying files within the file system, but also to and from remote servers. With the copy command and URLs to identify files, the user can back up images to local or remote systems or restore images from local or remote systems. To use the copy command, the user specifies the source file and the destination file.
• running-config — This file refers to the configuration file currently active in the system. It is possible to copy the running-config image to a backupconfig file or to the startup-config file. • startup-config — This file refers to the special configuration image stored in flash memory which is loaded when the system next reboots. The user may copy a particular configuration file (remote or local) to this special file name and reboot the system to force it to use a particular configuration.
• The serial session defaults to 9600 BAUD, eight data bits, one stop bit, no parity and no flow control (115200 for the N1100-ON, N2100-ON, and N3100-ON). User Accounts Management The CLI provides authentication for users either through remote authentication servers supporting TACACS+ or Radius or through a set of locally managed user accounts. The setup wizard asks the user to create the initial administrator account and password at the time the system is booted.
configure the switch. The access to this level cannot be modified. Level 15 is the special access level assigned to the superuser of the switch. This level has full access to all functions within the switch. If the account is created and maintained locally, each account is given an access level at the time of account creation.
• Log messages are implementation-dependent but may contain debug messages, security or fault events. • The switch maintains at most the last 1000 system events in the inmemory log. Security Logs The system log records security events including the following: • User login. • User logout. • Denied login attempts. • User attempt to exceed security access level. • Denied attempts by external management system to access the system.
• HTTPS and the security certificate to be used. • SNMPv1/v2c and the read and read/write community strings to be used. • SNMPv3 and the security information for used this protocol. For each of these management profiles, the administrator defines the list of hosts or subnets from which the management profiles may be used. The management ACL capability only applies to in-band ports and may not be configured on the out-of-band management port.
Extracting Operational Code from .stk file...done. Loading Operational Code...done. Decompressing Operational Code...done. Scanning devshell symbols file... 47544 symbols, loading... Done. PCI unit 0: Dev 0xb842, Rev 0x02, Chip BCM56842_A0, Driver BCM56840_B0 SOC unit 0 attached to PCI device BCM56842_A0 Adding BCM transport pointers Configuring CPUTRANS TX Configuring CPUTRANS RX <186> Aug 26 08:18:23 0.0.0.0-1 General[72162340]: bootos.
11 12 - Activate Backup Image - Start Password Recovery Enter Choice# 4 Creating tmpfs filesystem on /mnt/download for download...done. Current Active Image# /dev/mtd7 Which Image to Update Active (/dev/mtd7) OR Back-Up (/dev/mtd6)? Select (A/B): B You selected to update Back-Up Image /dev/mtd6... Select Mode of Transfer (Press T/X/Y/Z for TFTP/XMODEM/YMODEM/ZMODEM) []:T Please ensure TFTP server is running to begin Transfer... Enter Server IP []:10.27.9.99 Enter Host IP []:10.27.22.
Boot Menu Rev: 6.0 Operational Code -- Boot Main Menu 1 2 3 4 5 9 10 11 12 - Start Operational Code Select Baud Rate Retrieve Logs Load New Operational Code Display Operational Code Details Reboot Restore Configuration to Factory Defaults Activate Backup Image Start Password Recovery Enter Choice# 11 Current Active Image# /dev/mtd7 Checking for valid back-up image at /dev/mtd6...done. Activating Back-Up Image /dev/mtd6...done.
wizard, and enter CLI mode to manually configure the switch. You must respond to the next question to run the setup wizard within 60 seconds, otherwise the system will continue with normal operation using the default system configuration. Note: You can exit the setup wizard at any point by entering [ctrl+z]. Would you like to run the setup wizard (you must answer this question within 60 seconds)? [Y/N] n Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode.
AeroHive HiveManager NG EULA This switch includes a feature that enables it to work with HiveManager (an optional management suite), by sending the switch’s service tag number to HiveManager to authenticate your entitlement to use HiveManager. If you wish to disable this feature, you should run command “eula-consent hiveagent reject” immediately upon powering up the switch for the first time, or at any time thereafter.
Password = ******** Out-of-band IP address = DHCP VLAN1 Router Interface IP = 0.0.0.0 0.0.0.0 Proxy Server Address: 192.168.0.3 Proxy Server Port: 443 Proxy Server User Name: Proxy Server Password: Monitoring Traps from CLI It is possible to connect to the CLI session and monitor the events or faults that are being sent as traps from the system. This feature is equivalent to the alarm-monitoring window in a typical network management system.
Layer 2 Switching Commands 3 The sections that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.
ACL Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
particular classifier rule. The ACL logging feature allows these hardware "hit" counts to be collected on a per-rule basis and reported periodically to the network administrator using the system logging facility and an SNMP trap. The Dell EMC Networking ACL syntax supports a log parameter that enables hardware hit count collection and reporting.
Table 3-1. Common Ethertypes EtherType Protocol 0x0800 Internet Protocol version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – 802.
Commands in this Section This section explains the following commands: ip access-list mac access-list extended rename deny | permit (IP ACL) remark deny | permit (Mac-Access-ListConfiguration) service-acl input ip access-group show service-acl interface mac access-group show ip access-lists mac access-list extended show mac access-lists ip access-list Use the ip access-list command in Global Configuration mode to create an Access Control List (ACL) that is identified by the parameter list-name a
ACL names are global. An IPv6 access list cannot have the same name as an IPv4 access list. Access list names can consist of any printable character except a question mark. Names can be up to 31 characters in length. ACLs referenced in a route map may not be edited. Instead, create a new ACL with the desired changes and refer to the new ACL in the route map. deny | permit (IP ACL) Use this command in Ipv4-Access-List Configuration mode to create a new rule for the current IP access list.
• • – IPv4 protocols: eigrp, gre, icmp, igmp, ip, ipinip, ospf, tcp, udp, pim, arp, sctp – number: a protocol number in decimal, for example, 8 for EGP – every: Match any protocol (don’t care) srcip srcmask | any | host srcip—Specifies a source IP address and netmask to match for the IP ACL rule. – Specifying “any” implies specifying srcip as “0.0.0.0” and srcmask as “255.255.255.255” for IPv4. – Specifying “host A.B.C.D” implies srcip as “A.B.C.D” and srcmask as “0.0.0.0”.
• – When “neq” is specified, IP ACL rule matches only if the layer 4 destination port number is not equal to the specified port number or portkey. – IPv4 TCP/UDP port names: domain, echo, ftp, ftp-data, http, smtp, snmp, telnet, tftp, www, bgp, pop2, pop3, ntp, rip, time, who dstip dstmask | any | host dstip—Specifies a destination IP address and netmask for match condition of the IP ACL rule. – Specifying “any” implies specifying dstip as “0.0.0.0” and dstmask as “255.255.255.255”.
– When icmp-type is specified, IP ACL rule matches on the specified ICMP message type, a number from 0 to 255. – When icmp-code is specified, IP ACL rule matches on the specified ICMP message code, a number from 0 to 255. – Specifying icmp-message implies both icmp-type and icmp-code are specified. – ICMP message is decoded into corresponding ICMP type and ICMP code within that ICMP type. This option is visible only if the protocol is “icmp”.
• assign-queue queue-id—Specifies the assign-queue, which is the queue identifier to which packets matching this rule are assigned. The queue ID is the internal queue number (traffic class), not the CoS value. Use the show classofservice command to display the assignment of CoS and DSCP values to internal queue numbers. • {mirror | redirect} interface-id—Specifies the mirror or redirect Ethernet interface to which packets matching this rule are copied or forwarded, respectively.
Ethertype Protocol 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – IEEE 802.
The command accepts the optional time-range parameter. The time-range parameter allows imposing a time limitation on the IP ACL rule as defined by the parameter time-range-name. If a time range with the specified name does not exist, and the IP ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied immediately.
specified name does not exist, and the MAC ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied immediately. If a time range with the specified name exists, and the MAC ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied when the time-range with a specified name becomes active. The ACL rule is removed when the time-range with a specified name becomes inactive.
• 0x0600-0xFFFF—Specify custom EtherType value (hexadecimal range 0x0600-0xFFFF). • vlan eq—VLAN identifier. (Range 0-4095). This matches the outer VLAN of a single or double-tagged packet. It does not match untagged packets. • secondary-vlan eq—VLAN identifier. (Range 0-4095). This matches the inner VLAN of a double-tagged packet. It does not match single or untagged packets. • cos—Class of service.
Command Mode Mac-Access-List Configuration mode User Guidelines The assign-queue and redirect parameters are only valid for permit commands. An implicit deny all condition is added by the system after the last MAC or IP/IPv6 access group if no route-map is configured on the interface. Every permit/deny rule that does not have a rate-limit parameter is assigned a counter. If counter resources become exhausted, a warning is issued and the rule is applied to the hardware without the counter.
• name — Access list name. (Range: Valid IP access-list name up to 31 characters in length) • in — The access list is applied to ingress packets. • out—The access list is applied to egress packets. • control-plane—The access list is applied to egress control plane packets only. This is only available in Global Configuration mode. • seqnum — Precedence for this interface and direction. A lower sequence number has higher precedence. Range: 1 – 4294967295. Default is 1.
An implicit deny-all rule is added after the end of the last access group in each direction (in or out).
Command Mode Global Configuration mode or Interface Configuration (Ethernet, VLAN or Port Channel) mode User Guidelines If the access-list specified in the command does not exist, an error is given. The ACLs in the access-group are configured in hardware when the interface becomes active. Resource contention issues will only become apparent at that time. It is recommended that ACLs be configured on an active interface as a check prior to deployment in the network.
mac access-list extended Use the mac access-list extended command in Global Configuration mode to create the MAC Access Control List (ACL) identified by the name parameter and enter MAC Access-list Configuration mode. Syntax mac access-list extended name no mac access-list extended name • name — Name of the access list. (Range: 1-31 characters) Default Configuration This command has no default configuration.
• newname — New name of the access list. (Range: 1-31 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Command fails if the new name is the same as the old one. Example The following example shows the mac access-list extended rename command.
Command Mode IPv4 Access-list Configuration mode, IPv6 Access-list Configuration mode, MAC Access-list Configuration mode, ARP Access-list Configuration mode The no form of the command is executed in Global Configuration mode. User Guidelines The administrator can use the remark keyword to add comments to ACL rule entries belonging to an IPv4, IPv6, MAC or ARP ACL. Remarks are associated with the ACL rule that is created immediately after the remarks are created.
service-acl input Use the service-acl input command in Interface Configuration mode to block Link Local Protocol Filtering (LLPF) protocol(s) on a given port. Use the no form of this command to unblock link-local protocol(s) on a given port. Syntax service-acl input {blockcdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall} no service-acl input [blockcdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall] • blockcdp—To block CDP PDU’s from being forwarded.
show service-acl interface This command displays the status of LLPF rules configured on a particular port or on all the ports. Syntax show service-acl interface {interface-id | all} • interface-id—An Ethernet interface identifier or a port channel interface identifier. See Interface Naming Conventions for interface representation. Default Configuration UDLD is blocked by default. No other protocol is blocked by default.
show access-lists interface Use the show access-lists interface command to display interface ACLs. Syntax show access-lists interface {interface-id {in | out}} | control-plane • interface-id—The interface identifier (Ethernet, port-channel, or VLAN). • in—Show the ingress ACLs. • out—Show the egress ACLs. • control-plane—Show the control plane ACLs. Default Configuration No ACLs are configured by default.
• accesslistname—The name used to identify the IP ACL. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays information about the attributes “icmp-type”, “icmpcode”, “igmp-type,” “fragments,” “routing,” and “source and destination L4 port ranges.” It displays the committed rate, committed burst size and the ACL rule hit count of packets matching the ACL rule.
Examples The following example displays the configured IP ACLs. console(config)#show ip access-lists Current number of ACLs: 4 Maximum number of ACLs: 100 ACL Name Rules Count Interface(s) Direction ---------------- ----- ---------- ------------------------- --------TO_FRM 2 437 Gi1/0/26 Inbound UPLINKS 5 0 Gi1/0/26 Outbound Allow-192-168-0-x 3 7617636 Gi1/0/29 Inbound The following example displays the IP ACLs configured on a device.
TCP Flags...................................... FIN SYN RST PSH ACK URG ACL Hit Count.................................. 1 (Ignore) (Set) (Ignore) (Ignore) (Ignore) (Ignore) show mac access-lists Use the show mac access-lists command to display a MAC access list and all the rules that are defined for the MAC ACL. Use the [name] parameter to identify a specific MAC ACL to display. Syntax show mac access-lists name • name—Use this parameter to identify the specific MAC ACL to display.
MAC ACL Name --------------DELL123 ipv4-multicast Rules ----1 2 Count ---------0 14666 Interface(s) ------------------------Gi1/0/1 Po1-64,Gi1/0/1-24, Direction --------Inbound Inbound console#show mac access-lists mac-acl MAC ACL Name: mac-acl Outbound Interface(s): Gi1/0/8 Rule Number: 1 Action......................................... Source MAC Address............................. Source MAC Mask................................ EtherType...................................... VLAN...................
MAC Address Table Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Dell EMC Networking switches implement a MAC Learning Bridge is compliance with IEEE 802.1Q. The switches implement independent VLAN learning (IVL).
Commands in this Section This section explains the following commands: clear mac address-table show mac address-table multicast show mac address-table dynamic mac address-table agingtime show mac address-table show mac address-table interface mac address-table multicast show mac address-table forbidden address address show mac address-table static mac address-table static vlan show mac address-table count show mac address-table vlan switchport port-security (Interface Configuration) show mac add
User Guidelines This command has no user guidelines. Example In this example, the mac address-table tables are cleared. console#clear mac address-table dynamic mac address-table aging-time Use the mac address-table aging-time command in Global Configuration mode to set the aging time of the address. To restore the default, use the no form of the mac address table aging-time command.
mac address-table multicast forbidden address Use the mac address-table multicast forbidden address command in Global Configuration mode to forbid adding a specific Multicast address to specific ports. To return to the system default, use the no form of this command. If routers exist on the VLAN, do not change the unregistered multicast addresses state to drop on the routers ports.
Examples In this example the MAC address 0100.5e02.0203 is forbidden on port 2/0/9 within VLAN 8. console(config)#mac address-table multicast forbidden address vlan 8 0100.5e02.0203 add interface gigabitethernet 2/0/9 mac address-table static vlan Use the mac address table static vlan command in Global Configuration mode to add a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the mac address table static command.
The maximum number of static MAC addresses that may be configured on a port is limited by the switchport port-security maximum command. This command may be invoked multiple times with different interfaces (and the same VLAN) when used with a multicast MAC address. Example The following example adds a permanent static MAC address c2f3.220a.12f4 to the MAC address table. console(config)# mac address-table static c2f3.220a.
Port security allows the network administrator to secure interfaces by specifying (or learning) the allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally. All other host packets are discarded. Port security operates on access, trunk and general mode ports. Two methods are used to implement Port MAC locking: dynamic locking and static locking. Static locking further has an optional sticky mode.
Sticky mode configuration converts all the existing dynamically learned MAC addresses on an interface to sticky. This means that they will not age out and will appear in the running-config. In addition, new addresses learned on the interface will also become sticky. Note that sticky is not the same as static – the difference is that all sticky addresses for an interface are removed from the running-config when the interface is taken out of sticky mode.
console(config)#vlan 33 console(config-vlan33)#interface gi1/0/3 console(config-if-Gi1/0/3)#switchport mode trunk console(config-if-Gi1/0/3)#switchport port-security mac-address sticky 0011.2233.4455 vlan 33 Remove a sticky mode MAC address from trunk port Gi1/0/3 and VLAN 33. console(config)#vlan 33 console(config-vlan33)#interface gi1/0/3 console(config-if-Gi1/0/3)#switchport mode trunk console(config-if-Gi1/0/3)#no switchport port-security mac-address 0011.2233.
• mac-address — The static MAC address to be configured on the interface and VLAN. • vlan-id — The VLAN identifier on which to configure the MAC address. • dynamic — Configure the maximum number of dynamic MAC addresses that be be learned on the interface. Setting the dynamic limit to 0 causes all received packets with non-static MAC addresses to be considered as violations. • sticky – Configure a sticky MAC address on the interface.
User Guidelines Port security allows the network administrator to secure interfaces by specifying (or learning) the allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally. All other host packets are discarded. Port security operates on access, trunk and general mode ports. Two methods are used to implement port security: dynamic locking and static locking. Static locking further has an optional sticky mode.
Statically locked MAC addresses are not eligible for aging. If a packet arrives on a port with a source MAC address that is statically locked on another port, then the packet is discarded. To configure static locking only, set the dynamic MAC limit to 0 and configure the static MAC addresses on the interface. To configure dynamic locking only, set the static MAC limit to 0, and set the appropriate dynamic MAC address limit.
Command History Updated in 6.3.0.1 firmware. Example Enable port security/MAC locking globally and on an interface. console(config)#switchport port-security console(config)#interface gi1/0/3 console(config-if-gi1/0/3)#switchport port-security Enable port security/MAC locking globally and on an interface, enable sticky mode on the interface and convert all dynamic addresses on the interface to sticky.
console(config-if-Gi1/0/3)#switchport port-security mac-address sticky console(config)#do write Convert all sticky MAC addresses on trunk port 33 to sticky MAC addresses and save the running-config so the configuration will persist across reboots.
in the specified format. The vlan, address, and format parameters may all be specified together. A MAC address can be displayed in IP format only if it is in the range 01:00:5e:00:00:00 through 01:00:5e:7f:ff:ff. Static multicast MAC addresses can be added via the mac address-table static command. Example In this example, Multicast MAC address table information is displayed. console#show mac address-table multicast Vlan ----1 MAC Address ------------------0100.5E05.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Use the show mac address-table multicast to display multicast MAC address entries along with forbidden multicast MAC entries. Example In this example, all classes of entries in the mac address-table are displayed. console#show mac address-table Aging time is 300 Sec Vlan ---0 1 1 10 90 Mac Address ---------------001E.C9AA.AE19 001E.C9AA.AC19 001E.C9AA.AE1B 001E.C9AA.AE1B 001E.C9AA.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, the mac address table entry for 0000.E26D.2C2A is displayed. console#show mac address-table address 0000.E26D.2C2A Vlan Mac Address Type Port ---- -------------- -------- ------------1 0000.E26D.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, all dynamic entries in the mac address-table are displayed. console#show mac address-table dynamic Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ------- ------------1 0000.0001.0000 Dynamic Gi1/0/1 1 0000.8420.5010 Dynamic Gi1/0/1 1 0000.E26D.2C2A Dynamic Gi1/0/1 1 0000.E89A.596E Dynamic Gi1/0/1 1 0001.
User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the bridge-forwarding database for Gigabit Ethernet interface 1/0/1 are displayed. console#show mac address-table interface gigabitethernet 1/0/1 Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ---------------1 0000.0001.0000 Dynamic Gi1/0/1 1 0000.8420.5010 Dynamic Gi1/0/1 1 0000.E26D.2C2A Dynamic Gi1/0/1 1 0000.E89A.596E Dynamic Gi1/0/1 1 0001.02F1.
User Guidelines This command has no user guidelines. Example In this example, all static entries in the bridge-forwarding database are displayed. console#show mac address-table static Vlan Mac Address Type Port ---- -------------- --------1 0001.0001.0001 Static Gi1/0/1 show mac address-table vlan Use the show mac address-table vlan command in User Exec or Privileged Exec mode to display all entries in the bridge-forwarding database for the specified VLAN.
Aging time is 400 Sec Vlan Mac Address -------- --------------------1 1418.7715.1BAA 1 1418.7715.47E8 1 2047.47BA.F696 1 B8CA.3AD5.DF1A Type ----------Dynamic Management Dynamic Static Port --------------------Gi2/0/29 CPU Gi2/0/29 Gi2/0/29 show port-security Use the show ports security command to display port security (MAC locking) configuration.
Field Description Admin Mode The configured global administrative status of port MAC locking. This information is shown if only an interface parameter is given: Field Description Interface Identifier The interface identifier. Status The port security administrative status (enabled/disabled). Max-dynamic The dynamic MAC address limit. Max-static The static address limit. Protect Trap issued on violation (enabled/disabled). Frequency The frequency of trap issuance (in seconds).
Field Description Statically Configured MAC Address Statically configured MAC addresses. VLAN ID The VLAN identifier of the MAC address. Sticky Indicates if the secure MAC address is sticky. This information is shown if the violation parameter is given: Field Description MAC address The source MAC address of the last packet discarded on the interface. These are packets with unknown MAC addresses, e.g., as in the case of the dynamic limit set to 0.
Auto-VoIP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.
show switchport voice switchport voice detect auto show switchport voice Use the show switchport voice command to show the status of Auto-VoIP on an interface or all interfaces. Syntax show switchport voice [ interface-id ] • interface-id —An Ethernet or port channel interface identifier. Default Configuration There is no default configuration for this command.
Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Gi1/0/10 Gi1/0/11 Gi1/0/12 Gi1/0/13 Gi1/0/14 Gi1/0/15 Gi1/0/16 Gi1/0/17 Gi1/0/18 Gi1/0/19 Gi1/0/20 Gi1/0/21 Gi1/0/22 Gi1/0/23 Gi1/0/24 Po1 Po2 Po3 Po4 Po5 Po6 Po7 Po8 Po9 Po10 Po11 Po12 Po13 Po14 Po15 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled
• Traffic Class—The Cos Queue or Traffic Class to which all VoIP traffic is mapped. This is not configurable and defaults to the highest COS queue available in the system for data traffic. switchport voice detect auto The switchport voice detect auto command is used to enable the VoIP Profile on all the interfaces of the switch (global configuration mode) or for a specific interface (interface configuration mode).Use the no form of the command to disable the VoIP Profile.
CDP Interoperability Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices. Dell EMC Networking switches participate in the ISDP protocol and are able to both discover and be discovered by devices that support the Cisco Discovery Protocol (CDP).
User Guidelines There are no user guidelines for this command. Example console#clear isdp counters clear isdp table The clear isdp table command clears entries in the ISDP table. Syntax clear isdp table Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command.
Default Configuration ISDP sends version 2 packets by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#isdp advertise-v2 isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP. Use this command in global configuration mode to enable the ISDP function on the switch. Use this command in interface mode to enable sending ISDP packets on a specific interface.
console(config)#isdp enable console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#isdp enable isdp holdtime The isdp holdtime command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The range is given in seconds. Use the no form of this command to reset the holdtime to the default.
isdp timer The isdp timer command sets period of time between sending new ISDP packets. The range is given in seconds. Use the “no” form of this command to reset the timer to the default. Syntax isdp timer time no isdp timer • time—The time in seconds (range: 5–254 seconds). Default Configuration The default timer is 30 seconds. Command Mode Global Configuration mode User Guidelines Configuring the timer to a low value on a large number interfaces may affect system processing due to CPU overload.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show isdp Timer................................ Hold Time............................ Version 2 Advertisements............. Neighbors table last time changed.... Device ID............................ Device ID format capability.......... Device ID format.....................
Example console#show isdp entry Switch Device ID N2000/N3000 Series Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.18 Capability Router IGMP Platform cisco WS-C4948 Interface Gi1/0/1 Port ID Gi1/0/1 Holdtime 64 Advertisement Version 2 Entry last changed time 0 days 00:13:50 Version: Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000 I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.
Example console#show isdp interface all Interface --------------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Mode ---------Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled console#show isdp interface gigabitethernet 1/0/1 Interface --------------Gi1/0/1 Mode ---------Enabled show isdp neighbors The show isdp neighbors command displays the list of neighboring devices.
Example console#show isdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge, S - Switch, H - Host, I - IGMP, r - Repeater Device ID Intf Holdtime Capability Platform ------------------------ --------- --------- ---------- ---------------CN0H784T2829841E0534A00 Gi1/0/13 163 R N3048 R3 Gi1/0/16 157 R N3048 Port ID --------Gi1/0/13 Gi1/0/16 console#show isdp neighbors detail Device ID Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.
Example console#show isdp traffic ISDP Packets Received.......................... ISDP Packets Transmitted....................... ISDPv1 Packets Received........................ ISDPv1 Packets Transmitted..................... ISDPv2 Packets Received........................ ISDPv2 Packets Transmitted..................... ISDP Bad Header................................ ISDP Checksum Error............................ ISDP Transmission Failure...................... ISDP Invalid Format...........................
DHCP Layer 2 Relay Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches In the majority of network configurations, DHCP clients and their associated servers do not reside on the same IP network or subnet. Therefore, some kind of third-party agent is required to transfer DHCP messages between clients and servers. Such an agent is known as a DHCP Relay agent. The DHCP Relay agent accepts DHCP requests from any routed interface, including VLANs.
dhcp l2relay (Global Configuration) Use the dhcp l2relay command to enable Layer 2 DHCP Relay functionality. The subsequent commands mentioned in this section can only be used when the L2-DHCP Relay is enabled. Use the no form of this command to disable L2-DHCP Relay. Syntax dhcp l2relay no dhcp l2relay Default Configuration DHCP L2 Relay is disabled by default. Command Mode Global Configuration. User Guidelines There are no user guidelines for this command.
Command Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay dhcp l2relay circuit-id Use the dhcp l2relay circuit-id command to enable setting the DHCP Option 82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82. Use the no form of this command to disable setting the DHCP Option 82 Circuit ID.
dhcp l2relay remote-id Use the dhcp l2relay remote-id command to enable setting the DHCP Option 82 Remote ID for a VLAN. When enabled, the supplied string is used for the Remote ID in DHCP Option 82. Use the no form of this command to disable setting the DHCP Option 82 Remote ID. Syntax dhcp l2relay remote-id remoteId vlan vlan-list no dhcp l2relay remote-id vlan vlan-list • remoteId —The string to be used as the remote ID in the Option 82 (Range: 1 128 characters). • vlan-list —A list of VLAN IDs.
Default Configuration DHCP Option 82 is discarded by default. Configuration Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay trust dhcp l2relay vlan Use the dhcp l2relay vlan command to enable the L2 DHCP Relay agent for a set of VLANs. All DHCP packets which arrive on interfaces in the configured VLAN are subject to L2 Relay processing.
Example console(config)#dhcp l2relay vlan 10,340-345 show dhcp l2relay all Use the show dhcp l2relay all command to display the summary of DHCP L2 Relay configuration. Syntax show dhcp l2relay all Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console #show dhcp l2relay all DHCP L2 Relay is Enabled.
show dhcp l2relay interface Use the show dhcp l2relay interface command to display DHCP L2 Relay configuration specific to interfaces. Syntax show dhcp l2relay interface {all | interface-id} • all—Show all interfaces. • interface-id—Show the specified interface information. The interface may be an Ethernet interface or a port-channel. Default Configuration This command has no default configuration.
Syntax show dhcp l2relay stats interface {all | interface-id} • all—Show all interfaces. • interface-id—An Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay stats interface all DHCP L2 Relay is Enabled.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console# show dhcp l2relay agent-option vlan 5-10 DHCP L2 Relay is Enabled.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay vlan 100 DHCP L2 Relay is Enabled. DHCP L2 Relay is enabled on the following VLANs: 100 show dhcp l2relay circuit-id vlan Use the show dhcp l2relay circuit-id vlan command to display whether DHCP L2 Relay is globally enabled and whether the DHCP Circuit-ID option is enabled on the specified VLAN or VLAN range.
DHCP L2 Relay is Enabled. DHCP Circuit-Id option is enabled on the following VLANs: 300 show dhcp l2relay remote-id vlan Use the show dhcp l2relay remote-id vlan command to display whether DHCP L2 Relay is globally enabled and shows the remote ID configured on the specified VLAN or VLAN range. Syntax show dhcp l2relay remote-id vlan vlan-list • vlan-list—Show information for the specified VLAN range. List separate, nonconsecutive VLAN IDs separated by commas (without spaces).
Syntax clear dhcp l2relay statistics interface {all | interface-id} • all—Show all interfaces. • interface-id—An Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command.
DHCP Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized. The DHCP snooping application processes incoming DHCP messages.
Commands in this Section This section explains the following commands: clear ip dhcp snooping binding ip dhcp snooping trust clear ip dhcp snooping statistics ip dhcp snooping verify mac-address ip dhcp snooping show ip dhcp snooping ip dhcp snooping binding show ip dhcp snooping binding ip dhcp snooping database show ip dhcp snooping database ip dhcp snooping database write-delay show ip dhcp snooping interfaces ip dhcp snooping limit show ip dhcp snooping statistics ip dhcp snooping log-inva
Command History Port-channel capability added in version 6.5 firmware. clear ip dhcp snooping statistics Use the clear ip dhcp snooping statistics command to clear all DHCP Snooping statistics. Syntax clear ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode Privileged Exec User Guidelines There are no user guidelines for this command.
Command Mode Global Configuration mode User Guidelines To enable DHCP snooping, do the following: 1 Enable DHCP Snooping globally. 2 Enable DHCP Snooping per VLAN. 3 Configure at least one DHCP Snooping trusted port via which the DHCP server may be reached. The bindings database populated by DHCP snooping is used by several other services, including IP source guard and dynamic ARP inspection. DHCP snooping must be enabled for these services to operate.
• interface-id —The interface on which the client is authorized. The interface may be an Ethernet interface identifier or a port channel interface identifier. Default Configuration There are no static or dynamic DHCP snooping bindings by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping binding 00:00:00:00:00:01 vlan 10 10.131.12.
User Guidelines There are no user guidelines for this command. Example The following example configures the storage location of the snooping database as local. console(config)#ip dhcp snooping database local The following example configures the storage location of the snooping database as remote. console(config)#ip dhcp snooping database tftp://10.131.11.1/db.
ip dhcp snooping limit Use the ip dhcp snooping limit command to diagnostically disable itself if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to re-enable the interface. Use the no form of this command to disable automatic shutdown of the interface. Syntax ip dhcp snooping limit {rate rate [burst interval seconds]} no ip dhcp snooping limit • rate— The maximum number of packets per second allowed (Range: 0– 300 pps).
The administrator can configure the rate and burst interval. Rate limiting is configured independently on each Ethernet or port-channel interface and may be enabled on both DHCP trusted and untrusted interfaces. The rate limit is configurable in the range of 0-300 packets per second and the burst interval in the range of 1-15 seconds. In general, a rate limit of under 100 pps is valid for untrusted interfaces.
ip dhcp snooping trust Use the ip dhcp snooping trust command to configure a port as trusted. Use the no form of this command to configure a port as untrusted. Syntax ip dhcp snooping trust no ip dhcp snooping trust Default Configuration Ports are untrusted by default.
ip dhcp snooping verify mac-address Use the ip dhcp snooping verify mac-address command to enable the verification of the source MAC address with the client MAC address in the received DHCP message. Use the “no” form of this command to disable verification of the source MAC address. Syntax ip dhcp snooping verify mac-address no ip dhcp snooping verify mac-address Default Configuration Source MAC address verification is disabled by default.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping binding Total number of bindings: 2 MAC Address ----------------00:02:B3:06:60:80 00:02:FE:06:13:04 IP Address --------------210.1.1.3 210.1.1.
Example console#show ip dhcp snooping database agent url: write-delay: /10.131.13.79:/sai1.txt 5000 show ip dhcp snooping interfaces Use the show ip dhcp snooping interfaces command to show the DHCP Snooping status of the interfaces. Syntax show ip dhcp snooping interfaces [interface-id] • interface-id — A valid Ethernet or port-channel interface. Default Configuration There is no default configuration for this command.
Gi1/0/15 Yes 15 1 show ip dhcp snooping statistics Use the show ip dhcp snooping statistics command to display the DHCP snooping filtration statistics. Syntax show ip dhcp snooping statistics Default Configuration There is no default configuration for this command.
Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Gi1/0/10 Gi1/0/11 Gi1/0/12 Gi1/0/13 Gi1/0/14 Gi1/0/15 Gi1/0/16 Gi1/0/17 Gi1/0/18 Gi1/0/19 Gi1/0/20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Layer 2 Switching Commands 357
DHCPv6 Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches This section explains the following commands: clear ipv6 dhcp snooping binding ipv6 dhcp snooping verify mac-address clear ipv6 dhcp snooping binding ipv6 verify binding ipv6 dhcp snooping ipv6 verify source ipv6 dhcp snooping vlan show ipv6 dhcp snooping ipv6 dhcp snooping binding show ipv6 dhcp snooping binding ipv6 dhcp snooping database show ipv6 dhcp snooping database ipv6 dhcp sno
Command Modes User Exec, Privileged Exec User Guidelines This command has no user guidelines. Example (console)#clear ipv6 dhcp snooping binding clear ipv6 dhcp snooping statistics Use the clear ipv6 dhcp snooping statistics command to clear all IPv6 DHCP Snooping statistics. Syntax clear ipv6 dhcp snooping statistics Default Configuration This command has no default configuration.
Syntax ipv6 dhcp snooping no ipv6 dhcp snooping Default Configuration By default, DHCP snooping is not enabled. Command Modes Global Configuration mode User Guidelines The DHCP snooping application processes incoming DHCP messages. For RELEASE and DECLINE messages from a DHCPv6 client and RECONFIGURE messages from a DHCPv6 server received on an untrusted interface, the application compares the receive interface and VLAN with the client’s interface and VLAN in the bindings database.
Syntax ipv6 dhcp snooping vlan vlan-list no ipv6 dhcp snooping vlan-list • vlan-list —A single VLAN, one or more VLANs separated by commas, or two VLANs separated by a single dash indicating all VLANs between the first and second inclusive. Multiple VLAN identifiers can be entered provided that no embedded spaces are contained within the vlan-list. Default Configuration By default, DHCP snooping is not enabled on any VLANs.
• mac-address—A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093) • ip-address—A valid IPv6 address. • interface-id—A valid Ethernet interface ID in short or long format. • port-channel-number—A valid port channel identifier. Default Configuration By default, no static DHCP bindings are configured. Command Modes Global Configuration mode User Guidelines Static bindings do not age out of the DHCP binding database.
User Guidelines The DHCP binding database is persistently stored on a configured external server or locally in flash, depending on the user configuration. A row-wise checksum is placed in the text file that is stored on the configured TFTP server. On switch startup, the switch reads the text file and uses the contents to build the DHCP snooping database. If the calculated checksum value equals the stored checksum, the switch uses the entries from the binding file and populates the binding database.
ipv6 dhcp snooping limit Use the ipv6 dhcp snooping limit command configures an interface to be diagnostically disabled if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to reenable the interface. Use the no form of the command to disable diagnostic disabling of the interface. Syntax ipv6 dhcp snooping limit {rate pps [burst interval seconds]} no ipv6 dhcp snooping limit • pps—The rate in packets per interval. (Range 0-300.
The administrator can configure the rate and burst interval. Rate limiting is configured independently on each Ethernet interface and may be enabled on both trusted and untrusted interfaces. The rate limit is configurable in the range of 0-300 packets per second and the burst interval in the range of 1-15 seconds. ipv6 dhcp snooping log-invalid Use the ipv6 dhcp snooping log-invalid command to configure the port to log invalid received DHCP messages.
ipv6 dhcp snooping trust Use the ipv6 dhcp snooping trust command to configure an interface as trusted. Use the no form of the command to return the interface to the default configuration. Syntax ipv6 dhcp snooping trust no ipv6 dhcp snooping trust Default Configuration By default, interfaces are untrusted.
no ipv6 dhcp snooping verify mac-address Default Configuration By default, MAC address verification is not enabled. Command Modes Global Configuration mode User Guidelines DHCP MAC address verification operates on DHCP messages received over untrusted interfaces. The source MAC address of DHCP packet is different from the client hardware if: • A DHCP discovery/request broadcast packet that was forwarded by the relay agent. • A DHCP unicast request packet was routed in renew process.
Syntax ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id no ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id • mac-address —A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093. • ip-address —A valid IPv6 address. • interface-id—A valid interface ID in short or long format. Default Configuration By default, no static IP Source Guard entries are configured.
Default Configuration By default, no sources are blocked. Command Modes Interface Configuration mode (Ethernet and port-channel) User Guidelines DHCP snooping should be enabled on any interfaces for which ipv6 verify source is configured. If ipv6 verify source is configured on an interface for which DHCP snooping is disabled, or for which DHCP snooping is enabled and the interface is trusted, incoming traffic on the interface is dropped. Traffic is filtered based on the source IP address and VLAN.
User Guidelines This command has no user guidelines.
Command Modes User Exec, Privileged Exec (all show modes) User Guidelines There are no user guidelines for this command.
write-delay: 5000 show ipv6 dhcp snooping interfaces Use the show ipv6 dhcp snooping interfaces command to show the DHCP Snooping status of IPv6 interfaces. Syntax show ipv6 dhcp snooping interfaces [interface id] • interface id—A valid Ethernet or port-channel interface. Default Configuration There is no default configuration for this command. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines If no parameter is given, all interfaces are shown.
Syntax show ipv6 dhcp snooping statistics Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines The following statistics are displayed. Parameter Description MAC Verify Failures The number of DHCP messages that got filtered on an untrusted interface because of the source MAC address and client hardware address mismatch.
show ipv6 source binding Use the show ipv6 source binding command to display the IPv6 Source Guard configurations on all ports, on an individual port, or on a VLAN. Syntax show ipv6 source binding [{dhcp-snooping | static}] [interface interface-id] [vlan vlan-id] • dhcp-snooping — Displays the DHCP snooping bindings. • static —Displays the statically configured bindings. Default Configuration This command has no default configuration.
Default Configuration There is no default configuration for this command.
Syntax show ipv6 verify source Default Configuration There is no default configuration for this command. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, the MAC Address field displays permit-all. The filter type is one of the following: • ipv6-mac: User has configured MAC address filtering on this interface.
Dynamic ARP Inspection Commands Dell EMC Networking N1500/N2000/N2100-ON/N3000/N3100ON/N4000 Series Switches Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors. The attacker sends ARP requests or responses mapping another station IP address to its own MAC address.
• acl-name — A valid ARP ACL name (Range: 1–31 characters). Default Configuration There are no ARP ACLs created by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#arp access-list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command to reset the statistics for Dynamic Address Resolution Protocol (ARP) inspection on all VLANs.
ip arp inspection filter Use the ip arp inspection filter command to configure the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings. Use the “no” form of this command to unconfigure the ARP ACL.
Syntax ip arp inspection limit {none | rate pps [burst interval seconds]} no ip arp inspection limit • none — To set no rate limit. • pps — The number of packets per second (Range: 0–300). • seconds — The number of seconds (Range: 1–15). Default Configuration The default rate limit is 15 packets per second. The default burst interval is 1 second.
Default Configuration Interfaces are configured as untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines There are no user guidelines for this command.
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console(config)#ip console(config)#ip console(config)#ip console(config)#ip arp arp arp arp inspection inspection inspection inspection validate validate validate validate src-mac dst-mac ip src-mac ip dst-mac ip ip ip arp inspection vlan Use the ip arp inspection vlan command to enable Dynamic ARP Inspection on a single VLAN or a range of VLANs.
Example console(config)#ip arp inspection vlan 200-300 console(config)#ip arp inspection vlan 200-300 logging permit ip host mac host Use the permit ip host mac host command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation. Use the “no” form of this command to delete an ARP ACL rule. Syntax permit ip host sender-ip mac host sender-mac no permit ip host sender-ip mac host sender-mac • sender-ip — Valid IP address used by a host.
Syntax show arp access-list [acl-name] • acl-name — A valid ARP ACL name (Range: 1–31 characters). Default Configuration There is no default configuration for this command. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show arp access-list ARP access list H2 permit ip host 1.1.1.1 mac host 00:01:02:03:04:05 permit ip host 1.1.1.
• statistics [vlan vlan-list]—Display the statistics of the ARP packets processed by Dynamic ARP Inspection. Given vlan-list argument, it displays the statistics on all DAI-enabled VLANs in that range. In the case of no argument, it lists the summary of the forwarded and dropped ARP packets. • vlan vlan-list—Display the Dynamic ARP Inspection configuration on all the VLANs in the given VLAN list.
Invalid IP The number of packets dropped due to invalid IP checks. Example Following is an example of the show ip arp inspection command. console#show ip arp inspection Source MAC Validation................. Disabled Destination MAC Validation............ Disabled IP Address Validation.................
The following global parameters are displayed when no parameters are given: Parameter Description Source Mac Validation If Source Mac validation of ARP frame is enabled. Destination Mac Validation If Destination Mac validation of ARP Response frame is enabled. IP Address Validation If IP address validation of ARP frame is enabled. The following fields are displayed for each VLAN: Field Description VLAN The VLAN-ID for each displayed row. Configuration Whether DAI is enabled on the VLAN.
Ethernet Configuration Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Dell EMC Networking switches support a variety of configuration options to optimize network operations. Features such as flow-control and jumbo frames are supported along with a variety of commands to display traffic statistics as well as limit the effects of network loops or other network issues.
On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. The speed command controls interface link speeds and auto-negotiation. If speed is set to something other than auto, auto-negotiation is disabled on the interface.
• stack-ports—Clears stack-port statistics. • switchport—Clear all the interface counters • interface-id—An Ethernet or port-channel identifier. If specified, counters are cleared for the individual interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines Use of the clear counters command with no parameters indicates that both switch and all interface statistics are to be cleared.
Default Configuration By default, the interface does not have a description. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example adds a description to the Ethernet port 5.
• The interface is set to access mode using VLAN 1. • The port is removed from all access-groups. • The port is removed from port-channels. • Speed/duplex are set to defaults. • Spanning tree is enabled. • Loop protection, BFD, and UDLD are disabled. • Port MAC locking is disabled. • Static MAC address entries referencing the interface are removed. • Private VLAN configuration is removed. Use of this command may cause the interface to drop the link.
Default Configuration Auto-negotiation is enabled by default on copper ports. Command Mode Interface Configuration (Ethernet) mode User Guidelines When both speed and duplex are configured to auto, auto negotiation is enabled for the port. To disable auto-negotiation on a port, it is necessary to enter either the speed or duplex commands without using the auto parameter.
Command Mode Global Configuration and Interface Configuration modes User Guidelines Dell EMC Networking switches implement receive flow control only. They never issue a flow control PAUSE frame when congested, but do respect received flow control PAUSE frames received from other switches. Disabling flow control causes the switch to ignore received PAUSE frames. Interface specific configuration overrides any global configuration.
Default Configuration This command has no default configuration. Command Mode Global Configuration, Interface Configuration User Guidelines Dell EMC Networking switches implement receive flow control only. They never issue a flow control PAUSE frame when congested, but will respect received flow control PAUSE frames received from other switches. Disabling flow control causes the switch to ignore received PAUSE frames. Interface specific configuration overrides any global configuration.
Syntax interface range {interface-range-specifier | interface-type all} • port-range—A list of valid ports to configure. Separate non-consecutive ports with a comma and no spaces; use a hyphen to designate a range of ports. For more detailed information, see Command line parameters are entered by the user to choose an individual value or range of values for the specific command. Command line parameters are not syntax or range checked until the carriage return is entered.
Example The following example shows how gigabitethernet ports 5/0/18 to 5/0/20 and 3/0/1 to 3/0/24 are ranged to receive the same command. console(config)# interface range gigabitethernet 5/0/18-20,Gi3/0/1-24 console(config-if-range)# The following example shows how all gigabitethernet ports can be configured at once.
User Guidelines The link bounce time configures a link bounce hysteresis on link loss of link. Loss of link signal starts a link bounce timer. If the link is restored prior to expiry of the timer, operation continues and the system is not notified that that link connectivity has been lost. Hysteresis can be used to mitigate link flaps caused by bad cabling or partially inserted optics or cables. The debounce timer resolution is approximately 10 ms.
rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU. Use the no form of the command to set the rate limit to the default value. Syntax rate-limit cpu direction input pps pps_value no rate-limit cpu direction input pps • pps_value—The packets per second. The range is 100-1024 packets per second (100-3000 packets per second for N4000 series switches).
This command does not affect the rate limits for control plane packets. It is almost never necessary to use this command to change from the default value. The use of this command should be restricted to situations in which moderate to high rates of unknown unicast/multicast are continually sent to the switch CPU as evidenced by the show process cpu command and where the ipMapForwardingTask is showing high CPU usage.
1293 boxs Req 0.00% 0.01% 0.01% ------------------------------ -------- -------- -------Total CPU Utilization 27.31% 28.97% 31.01% show interfaces Use the show interfaces command to list the traffic statistics for one or multiple interfaces. If no parameter is given, all interfaces are shown. Syntax show interfaces [ interface-id ] • interface-id—A physical interface id (i.e., a 1G, 10G, or 40G interface) in standard interface format. Default Configuration There is no default configuration.
No link detected Link Status : ................................. Err-disable/Down Interface is error disabled due to loop detection Link Status : ................................. Err-disable/None The interface is error disabled due to a cause other than loop detection. The possible causes for error disabled interfaces are: Term Parameter Description ARP inspection arp-inspection ARP inspection auto-recovery. BPDU Guard bpduguard BPDU guard auto-recovery.
Example The following example shows the output for a 1G interface: console#show interfaces gi1/0/1 Interface Name : .............................. SOC Hardware Info :............................ Link Status : ................................. Keepalive Enabled.............................. Err-disable Cause : ........................... VLAN Membership Mode: ......................... VLAN Membership: .............................. MTU Size : .................................... Port Mode [Duplex] : ........
console#show interfaces po1 Intf Ports Ch-Type Hash Min-link Local Prf TX Util RX Util ---- ----------------------- -------- ---- -------- --------- ------- ------Po1 Active: Te1/0/1, Te1/0/2 Dynamic 7 1 Disabled 432344 83782 Utilization is shown in Mbps.
Examples The following examples display information about auto negotiation advertisement.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The displayed port configuration information includes the following: Field Description Port The port number. Description The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling including both Tx and Rx transmissions. Duplex Displays the port Duplex status.
Syntax show interfaces counters [errors] [gigabitethernet unit/slot/port | portchannel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port] • errors—Show the error counts (frame discards and reasons) in the in and out direction. • gigabitethernet—Shows the traffic for the specified Gigabit Ethernet port. • port-channel—Shows the traffic for the specified port channel port. • tengigabitethernet—Shows the traffic for the specified 10-Gigabit Ethernet port.
Field Description Alignment Errors A count of frames received that are not an integral number of octets in length and do not pass the FCS check. FCS Errors Counted frames received that are an integral number of octets in length but do not pass the FCS check. Single Collision Frames Counted frames that are involved in a single collision, and are subsequently transmitted successfully.
console>show interfaces counters Port InTotalPkts InUcastPkts InMcastPkts InBcastPkts --------- ---------------- ---------------- ---------------- --------------Gi1/0/1 0 0 0 0 Gi1/0/2 0 0 0 0 Gi1/0/3 0 0 0 0 Gi1/0/4 0 0 0 0 Gi1/0/5 0 0 0 0 Gi1/0/6 0 0 0 0 Gi1/0/7 0 0 0 0 Gi1/0/8 0 0 0 0 Gi1/0/9 0 0 0 0 Gi1/0/10 0 0 0 0 Gi1/0/11 0 0 0 0 Gi1/0/12 0 0 0 0 Gi1/0/13 11447 6867 4580 0 Gi1/0/14 0 0 0 0 Gi1/0/15 0 0 0 0 Gi1/0/16 51119 12196 38917 6 Gi1/0/17 0 0 0 0 Gi1/0/18 0 0 0 0 Gi1/0/19 0 0 0 0 Gi1/0/20 0 0 0
Port InTotalPkts InUcastPkts InMcastPkts InBcastPkts --------- ---------------- ---------------- ---------------- --------------Te1/0/13 21614369 21614360 9 0 Port OutTotalPkts OutUcastPkts OutMcastPkts OutBcastPkts --------- ---------------- ---------------- ---------------- --------------Te1/0/13 40620964 40620547 19 398 FCS Errors: ................................... Single Collision Frames: ...................... Late Collisions: .............................. Excessive Collisions: .....................
User Guidelines Use the link debounce time command to configure the debounce time for an interface. Command History Introduced in version 6.2.0.1 firmware. Example The following example shows the output for representative interfaces. console#show interfaces debounce Interface Debounce Time (ms) Flaps --------- ------------------ ------Gi1/0/1 500 0 show interfaces description Use the show interfaces description command in User Exec mode to display the description for all configured interfaces.
Example The following example displays the description for all interfaces. console>show interfaces description Port Description --------------------------------------------------Gi1/0/1 Port that should be used for management only Gi2/0/1 Gi2/0/2 Port Description ----- ---------------------------------------------------------------------Po1 show interfaces detail Use the show interfaces detail command to display detailed status and configuration of the specified interface.
--------- --------------------------- ------ ------- ---- ----- ----- ----Gi1/0/1 N/A Unknown Auto 1518 Up Down Port Description --------- --------------------------------------------------------------------Gi1/0/1 Flow Control: Enabled Port: Gi1/0/1 VLAN Membership mode: Access Mode Operating parameters: PVID: 1 Ingress Filtering: Enabled Acceptable Frame Type: Admit All Default Priority: 0 GVRP status: Disabled Protected: Disabled Port Gi1/0/1 is member in: VLAN Name Egress rule Type ---------------------
Syntax show interfaces status Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Port channels are only displayed if configured. Use the show interfaces portchannel command to display configured and unconfigured port channels. Interfaces configured as stacking ports will show as detached in the output of the show interfaces status command.
Displays the Flow Control status, either Active or Inactive. Flow Ctrl Status The following table displays the interface mode codes and VLAN output format for the interface mode: Mode VLAN A – Access Native T – Trunk (Native),List D – Dot1q tunnel Outer P – Private VLAN Promiscuous (Primary), Secondary List H–Private VLAN Host (Primary), Secondary G– General (PVID), All the tagged and untagged VLANs. Example The following example displays the status for all configured interfaces.
Port Description Channel ------- -----------------------------Po1 Link M VLAN State ------- - ------------------Down H (4),5 show interfaces transceiver Use the show interfaces transceiver command to display the optic static parameters as well as the Dell EMC qualification. Syntax show interfaces transceiver [properties] • properties—Displays the static parameters for the optics. Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec modes.
console#show interfaces transceiver properties Yes: Dell EMC Qualified No: Not Qualified N/A : Not Applicable Port Type Media Serial Number ------------ ------- --------------- -------------------Te1/0/9 SFP+ 10GBASE-LRM ANF0L5J Te1/0/11 SFP+ 10GBASE-LRM ANF0L5R Te1/0/13 SFP 1GBASE-SX PCC1PT5 Te1/0/15 SFP+ 10GBASE-SR AD1125A002R Te1/0/17 SFP+ 10GBASE-SR AD0815E00PC Dell EMC Qualified -----------------Yes Yes N/A No No show interfaces trunk Use the show interfaces trunk command to display active trunk inte
• Participating VLANs—The participating trunk VLANs with the native VLAN in parentheses. The output shows the port-channel participating VLANs for interfaces bundled in a port-channel. • STP Forwarding VLANs—The VLANs in the spanning tree forwarding state. Command History Command introduced in version 6.5 firmware.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Statistics are only collected for Ethernet interfaces, port-channel interfaces, and the switch CPU interface. Command History Modified in version 6.5 firmware. Examples The following example shows statistics for port gi1/0/1. console#show statistics gi1/0/1 Total Frames Received (Octets)................ Frames Received 64 Octets.....
Unacceptable Frame Type....................... 0 Received Frames Dropped > MTU................. 0 Total Received Frames Not Forwarded........... 0 802.3x Pause Frames Received.................. 0 Total Frames Transmitted (Octets)............. Frames Transmitted 64 Octets.................. Frames Transmitted 65-127 Octets.............. Frames Transmitted 128-255 Octets............. Frames Transmitted 256-511 Octets............. Frames Transmitted 512-1023 Octets............
EAPOL Frames Transmitted...................... 0 EAPOL Start Frames Received................... 0 Time since counters last cleared.............. 11 day 22 hr 28 min 22 sec show statistics switchport Use the show statistics command to display detailed statistics for a specific port or for the entire switch. Syntax show statistics {interface-id |switchport} • interface-id—The interface ID. See Interface Naming Conventions for interface representation.
Receive Packets Discarded ifInDiscards Octets Transmitted ifHCOutOctets Unicast Packets Transmitted ifHCOutUcastPkts Multicast Packets Transmitted ifHCOutMulticastPkts Broadcast Packets Transmitted ifHCOutBroadcastPkts Transmit Packets Discarded ifOutDiscards Example The following example shows statistics for the CPU interface. console#show statistics switchport Total Packets Received (Octets)................ Packets Received Without Error................. Unicast Packets Received...............
show storm-control Use the show storm-control command to display the configuration of storm control. Syntax show storm-control [all | {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Disable Disable Disable Disable Disable Disable Disable 5 5 5 5 5 5 5 Disable Disable Disable Disable Disable Disable Disable 5 5 5 5 5 5 5 Disable Disable Disable Disable Disable Disable Disable 5 5 5 5 5 5 5 Enabled Enabled Enabled Enabled Enabled Enabled Enabled show storm-control action Use the show storm-control action command to display the storm control action configuration for one or all interfaces.
shutdown Use the shutdown command in Interface Configuration mode to disable an interface. To restart a disabled interface, use the no form of this command. Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, Port-Channel, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Examples The following example disables Gigabit Ethernet port 1/0/5.
• 10—Configures the port to 10 Mbps operation. • 100—Configures the port to 100 Mbps operation. • 1000—Configures the port to 1000 Mbps operation. • 10000—Configures the port to 10 Gbps operation. • 40000—Configures the port to 40 Gbps operation. • auto—The port automatically negotiates the highest common speed with the port at the other end of the link. If you use the 10, 100, 1000, 2500, 5000, or 10000 keywords with the auto keyword, the port only advertises the specified speeds.
When the auto parameter is configured with a set of speeds, only those speeds are advertised during auto-negotiation. Alternatively, if no speed arguments are configured, then all the speeds which the port is capable of supporting are advertised. Not all ports support all speeds, even if they are available in the command. Entering an unsupported speed will produce the following error message An invalid interface has been used for this function.
Command History The speed 10000 syntax was introduced in the 6.3.6 release. The 2500 and 5000 speeds were introduced in the 6.3.5 release. The description was updated in the 6.4 release. switchport protected Use the switchport protected command in Interface Configuration mode to configure a protected port. The groupid parameter identifies the set of protected ports to which this interface is assigned. You can only configure an interface as protected in one group.
Example The following example configures Ethernet port 1/0/1 as a member of protected group 1. console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#switchport protected 1 switchport protected name Use the switchport protected name command in Global Configuration mode to adds the port to the protected group 1 and also sets the group name to “protected”.
show switchport protected Use the show switchport protected command to display the status of all the interfaces, including protected and unprotected interfaces. Syntax show switchport protected groupid • groupid — Identifies which group the port is to be protected in. (Range: 0–2) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Command Modes Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no usage guidelines. Example console #show system mtu System Jumbo MTU size is 9216 bytes system jumbo mtu Use the system jumbo mtu command to globally configure the link Maximum Transmission Unit (MTU) on all interfaces, IP/IPv6 interfaces, VLAN interfaces, and port channel interfaces for forwarded and systemgenerated frames.
User Guidelines Dell EMC Networking N-Series switches do not fragment received packets. The IPv4 and IPv6 MTU are set to the link MTU minus 18 bytes. IP packets forwarded in software are dropped if they exceed the IP MTU. Packets originated on the router, such as OSPF packets, may be fragmented by the IP stack. OSPF advertises the IP MTU in the Database Description packets it sends to its neighbors during database exchange.
Ethernet CFM Commands Dell EMC Networking N4000 Series Switches Connectivity Fault Management (CFM) is the OAM Protocol provision for end-to-end service layer OAM in carrier Ethernet networks. CFM provides mechanisms to support the operator in performing connectivity checks, fault detection, fault verification and isolation, and fault notification per service in the network domain of interest. Unlike Ethernet OAM defined in IEEE 802.
ethernet cfm mep active show ethernet cfm maintenance-points remote ethernet cfm mep archive-hold-time show ethernet cfm statistics ethernet cfm mip level – ethernet cfm domain Use the ethernet cfm domain command in Global Configuration mode to enter into Maintenance Domain Configuration mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain Configuration mode.
console(config-cfm-mdomain)# service Use the service command in Maintenance Domain Configuration mode to associate a VLAN with a maintenance domain. Use the no form of the command to remove the association. Syntax service service-name vlan vlan-id • service-name—Unique service identifier. • vlan-id—VLAN ID representing a service instance that is monitored by this maintenance association. The range is 1-4093. Default Configuration No VLANs are associated with a maintenance domain by default.
• vlan-id—VLAN ID representing a service instance that is monitored by this maintenance association. The range is 1-4093. • secs—Time interval between successive transmissions. The range is 1, 10, 60, and 600 seconds. The default is 1 second. Default Configuration CCMs are not sent by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Command Mode Interface Configuration mode User Guidelines This command has no user guidelines. Example The following example creates a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep level 1 direction up mpid 1010 vlan 10 ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode to enable a MEP at the specified level and direction. Use the no form of the command to disable the MEP.
Example The following example enables a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep enable level 1 vlan 10 mpid 1010 ethernet cfm mep active Use the ethernet cfm mep active command in Interface Configuration mode to activate a MEP at the specified level and direction. Use the no form of the command to deactivate the MEP.
• hold-time—The time in seconds to maintain the data for a missing MEP before removing the data. The default value is 600 seconds. Default Configuration No MEPs are preconfigured. Command Mode Interface Configuration User Guidelines The hold time should generally be less than the CCM message interval. Example The following example sets the hold time for maintaining internal information regarding a missing MEP.
User Guidelines Refer to IEEE 802.1ag for an explanation of maintenance association levels. Typically, this value is assigned by the top level network service provider. Example console(config-if-Gi1/0/1)# ethernet cfm mip level 7 ping ethernet cfm Use the ping ethernet cfm command to generate a loopback message (LBM) from the configured MEP.
User Guidelines This command has no user guidelines. Example console #ping ethernet cfm mac 00:11:22:33:44:55 level 1 vlan 10 mpid 1 count 10 traceroute ethernet cfm Use the traceroute ethernet command to generate a link trace message (LTM) from the configured MEP.
User Guidelines This command has no user guidelines. Example console # traceroute ethernet cfm remote-mpid 32 level 7 vlan 11 mpid 12 show ethernet cfm errors Use the show ethernet cfm errors command to display the cfm errors. Syntax show ethernet cfm errors {domain domain-id | level 0-7} • level—Maintenance association level • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). Default Configuration This command has no default configuration.
• DevXconCCM—The MEP has received at least one CCM from either another MAID or a lower MD level whose CCM interval has not yet timed out.
show ethernet cfm maintenance-points local Use the show ethernet cfm maintenance-points local command to display the configured local maintenance points. Syntax show ethernet cfm maintenance-points local {level 0-7 | interface interfaceid | domain domain-name} • level—Maintenance association level • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). • interface-id—Show all MPs associated with the interface.
• MEP-Active—The MEP administrative status • Operational Status—The MEP operational status • MAC—The MAC address associated with the MEP.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines Refer to IEEE 802.1ag for an explanation of the maintenance association level and MEP ID. Typically, these are assigned by the top level network service provider.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines Refer to IEEE 802.1ag for an explanation of the maintenance association level. Typically, maintenance levels are assigned by the top level network service provider.
Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 2' -----------------------------------------------------------------Out-of-sequence CCM's received : 0 CCM's transmitted : 1 In-order Loopback Replies received : 5 Out-of-order Loopback Replies received: 5 Bad MSDU Loopback Replies received : 0 Loopback Replies transmitted : 0 Unexpected LTR's received : 0 -----------------------------------------------------------------Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 3' --------------
Green Ethernet Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Dell EMC Networking switches support various Green Ethernet modes, i.e., power saving modes, namely: • Energy-Detect Mode • Energy Efficient Ethernet These modes can enable significant operational cost reductions through direct power savings and reducing cooling costs. Green mode commands are only valid for copper Ethernet interfaces.
green-mode eee show green-mode description show green-mode eee-lpi-history interface green-mode eee-lpi-history – green-mode energy-detect This command enables a Dell EMC proprietary mode of power reduction on ports that are not connected to another interface. Use the green-mode energy-detect command in Interface Configuration mode to enable energydetect mode on an interface or all the interfaces.
Series 10G ports and on N1100-ON/N1500/N2000/N2100-ON/N3000/N3100ON 1G copper ports. Energy-detect mode is always enabled on N4000 series 10G ports and cannot be disabled. An error message (Unable to set energy-detect mode) will be displayed if the user attempts to configure energy-detect on a 10G port on a N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON series switch. green-mode eee Use the green-mode eee command in Interface Configuration mode to enable EEE low power idle mode on an interface.
cable diagnostics. EEE mode is supported on N4000 series 10G copper ports and on N1100-ON/N1500/N2000/N2100-ON/N3000/N3100-ON 1G copper interfaces. green-mode eee { tx-idle-time | tx-wake-time} Use the green-mode eee {tx-idle-time | tx_wake-time} command in Interface Configuration mode to control the transmit idle and wake time parameters on an interface. Use the no form of the command to return the configuration to the default.
This command is available in Ethernet interface configuration mode for copper ports that are EEE capable. Configuring the values on interfaces that do not support EEE will return an error. Command History Syntax added in 6.4 release.
collected on combo ports when the copper port is enabled. Use the no form of the command to set the sampling interval or max-samples values to the default. Syntax green-mode eee-lpi-history {sampling-interval 30 sec – 36000 sec| maxsamples 1 - 168} • sampling-interval—The interval in seconds at which power consumption data needs to be collected. • max-samples—Maximum number of samples to keep.
show green-mode interface-id Use the show green-mode interface-id command to display the green-mode configuration and operational status of the port. This command is also used to display the per port configuration and operational status of the greenmode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled. Syntax show green-mode interface-id • interface-id—An Ethernet interface identifier.
Term Description Reason for Energydetect current operational status The energy detect mode may be administratively enabled, but the operational status may be inactive. The possible reasons are: 1 Port is currently operating in the fiber mode 2 Link is up. If the energy-detect operational status is active, then the reason field shows up as: 1 No energy Detected EEE EEE Admin Mode EEE Admin Mode is enabled or disabled.
Term Description Tw_sys_rx Echo (μSec) Integer that indicates the remote systems Receive Tw_sys that was used by the local system to compute the Tw_sys that it can support. This value maps into the aLldpXdot3LocRxTwSysEcho attribute. Fallback Tw_sys (μSec) Integer that indicates the value of fallback Tw_sys that the local system requests from the remote system. This value is updated by the local system software.
Term Description Time Since Counters Last Cleared Time Since Counters Last Cleared (since the time of power up, or after clear eee counters is executed) Example console#show green-mode gi1/0/1 Energy Detect Admin Mode............ Enabled Operational Status.................. Active Reason.............................. No Energy Detected Short Reach Feature................. Not Available EEE Admin Mode...................... Enabled Rx Low Power Idle Event Count....... 0 Rx Low Power Idle Duration (uSec)..
Syntax show green-mode Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command output provides the following information. Term Description Energy Detect Energy-detect Config Energy-detect Admin mode is enabled or disabled. Energy-detect Opr Energy detect mode is currently active or inactive.
Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Enabled Enabled Enabled Enabled Enabled Enabled Active Active Active Active Active Active Enabled Enabled Enabled Enabled Enabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled In-Active In-Active In-Active In-Active In-Active In-Active Enabled Enabled Enabled Enabled Enabled Enabled show green-mode eee-lpi-history interface Use the show green-mode eee-lpi-history interface command to display the interface green-mode EEE LPI history.
Term Description Sample Time Time since last reset. %Time Spent in LPI Percentage of time spent in LPI mode on this port when Mode Since Last compared to sampling interval. Sample %Time Spent in LPI Percentage of total time spent in LPI mode on this port when Mode Since Last compared to time since reset. Reset Example This example is on a platform capable of providing power consumption details. console#show green-mode eee-lpi-history interface gi1/0/1 Sampling Interval (sec)........................
GMRP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches The GARP Multicast Registration Protocol (GMRP) provides a mechanism that allows networking devices to dynamically register (and deregister) Group membership information with the MAC networking devices attached to the same segment, and for that information to be disseminated across all networking devices in the bridged LAN that support Extended Filtering Services.
This ensures that the networking device receives multicast frames from all ports but forwards them through only those ports for which GMRP has created Group registration entry (for that multicast address). Registration entries created by GMRP ensures that frames are not transmitted on LAN segments which neither have registered GMRP participants nor are in the path through the active topology between the sources of the frames and the registered group members.
Example In this example, GMRP is globally enabled. console(config)#gmrp enable clear gmrp statistics Use the clear gmrp statistics command to clear all the GMRO statistics information. Syntax clear gmrp statistics [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
Default Configuration GMRP is disabled by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
GVRP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network. GVRP allows both end stations and the networking device to issue and revoke declarations relating to membership in VLANs.
Syntax clear gvrp statistics [interface-id] • interface-id—An Ethernet interface identifier or a port channel identifier Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example clears all the GVRP statistics information on interface Gi1/0/8.
Default Configuration The default timer values are as follows: • Join timer — 20 centiseconds • Leave timer — 60 centiseconds • Leaveall timer — 1000 centiseconds Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode.
no gvrp enable Default Configuration GVRP is globally disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (Interface Configuration) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface. To disable GVRP on an interface, use the no form of this command.
User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode. An Access port cannot join dynamically to a VLAN because it is always a member of only one VLAN. Membership in untagged VLAN would be propagated in a same way as a tagged VLAN. In such cases it is the administrator’s responsibility to set the PVID to be the untagged VLAN VID. Example The following example enables GVRP on Gigabit Ethernet 1/0/8.
Example The following example shows how default dynamic registering and deregistering is forbidden for each VLAN on port 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#gvrp registration-forbid gvrp vlan-creation-forbid Use the gvrp vlan-creation-forbid command in Interface Configuration mode to disable dynamic VLAN creation. To enable dynamic VLAN creation, use the no form of this command.
show gvrp configuration Use the show gvrp configuration command to display GVRP configuration information. Timer values are displayed. Other data shows whether GVRP is enabled and which ports are running GVRP. Syntax show gvrp configuration [ interface-id ] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is valid for Ethernet and port-channel interfaces.
Gi1/0/11 Gi1/0/12 Gi1/0/13 Gi1/0/14 20 20 20 20 60 60 60 60 1000 1000 1000 1000 Disabled Disabled Disabled Disabled show gvrp error-statistics Use the show gvrp error-statistics command in User Exec mode to display GVRP error statistics. Syntax show gvrp error-statistics [interface-id] • interface-id—An Ethernet interface identifier or a port channel interface identifier. Default Configuration This command has no default configuration.
Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 show gvrp statistics Use the show gvrp statistics command in User Exec mode to display GVRP statistics. Syntax show gvrp statistics [interface-id] • interface-id —An Ethernet interface identifier or a port channel interface identifier. Default Configuration This command has no default configuration.
Port rJE -----Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 rJIn rEmp ---- ---0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 rLIn rLE rLA sJE sJIn ---- ----- --- --0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 sEmp --0 0 0 0 0 0 0 0 sLIn ---0 0 0 0 0 0 0 0 sLE sLA ---- --0 0 0 0 0 0 0 0 Layer 2 Switching Commands 0 0 0 0 0 0 0 0 475
IGMP Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Snooping of Internet Group Management Protocol (IGMP) messages is a feature that allows Dell EMC Networking switches to forward multicast traffic intelligently on the switch. Multicast traffic is traffic that is destined to a host group. Host groups are identified by the destination MAC address, i.e.
and thus not detectable by the switch. If a query is not received on an interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached. The multicast router present expiration time is configurable using management. The default value for the multicast router expiration time is zero, which indicates an infinite time-out (that is, no expiration).
Default Configuration IGMP snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode User Guidelines Use this command without parameters to globally enable IGMP snooping. Use the no form of the command to disable IGMP snooping. Use the vlan parameter to enable IGMP snooping on a specific VLAN. GMRP is incompatible with IGMP snooping and should be disabled on any VLANs on which IGMP snooping is enabled.
show ip igmp snooping Use the show ip igmp snooping command to display the IGMP snooping configuration and SSM statistics. Syntax show ip igmp snooping [vlan vlan-id] • vlan-id—Specifies a VLAN ID value. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console(config)#show ip igmp snooping Admin Mode..............................
show ip igmp snooping groups Use the show ip igmp snooping groups command in User Exec mode to display the Multicast groups learned by IGMP snooping and IGMP SSM entries. Syntax show ip igmp snooping groups [vlan vlan-id] [address ip-multicast-address] • vlan-id — Specifies a VLAN ID value. • ip-multicast-address — Specifies an IP Multicast address. Default Configuration This command has no default configuration.
1 224.3.3.3 192.168.10.2 include Te1/0/1 4.4.4.4 VLAN Group Reporter Filter IIF Source Address ---- --------------------- ----------------- ------- ---------- ----------1 224.2.2.2 192.168.10.2 include Te1/0/1 1.1.1.2 console(config)#show ip igmp snooping Admin Mode..................................... IGMP Router-Alert check........................ Multicast Control Frame Count.................. SSM FDB Capacity............................... SSM FDB High Water Mark........................
User Guidelines This command has no user guidelines. Example The following example shows IGMP snooping mrouter information. console#show ip igmp snooping mrouter VLAN ID Port ----------------10 Gi2/0/1 ip igmp snooping vlan immediate-leave This command enables or disables IGMP Snooping immediate-leave mode on a selected VLAN.
User Guidelines This command has no user guidelines. Example The following example enables IGMP snooping immediate-leave mode on VLAN 2. console(config)#ip igmp snooping vlan 2 immediate-leave ip igmp snooping vlan groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry.
Example The following example configures an IGMP snooping group membership interval of 1500 seconds on VLAN 2. console(config)#ip igmp snooping vlan 2 groupmembership-interval 1500 ip igmp snooping vlan last-member-queryinterval This command sets the last-member-query interval on a particular VLAN. The last-member-query-interval is the amount of time in seconds after which a host is considered to have left the group. This value must be less than the IGMP Query Interval time value.
console(config)#ip igmp snooping vlan 2 last-member-query-interval 7 ip igmp snooping vlan mcrtrexpiretime This command sets the Multicast Router Present Expiration time. The time is set on a particular VLAN. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached. The range is 1–2147483647 seconds. A value of 0 indicates an infinite time-out (no expiration).
Syntax ip igmp snooping vlan vlan-id report-suppression no ip igmp snooping vlan vlan-id report-suppression • vlan-id — A VLAN identifier (Range 1-4093). Default Configuration Report suppression is enabled by default. Command Mode Global Configuration mode User Guidelines When IGMP report suppression is enabled, the switch only sends the first report received for a group in response to a query. Report suppression is only applicable to IGMPv1 and IGMPv2.
Command Mode Global Configuration mode. User Guidelines There is no equivalent MLD command since this setting applies to both protocols. Example console(config)#ip igmp snooping unregistered floodall ip igmp snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. Use the no form of this command to remove the static binding.
IGMP snooping will consider that an mrouter is active if an mrouter port is defined in the VLAN, regardless of whether the mrouter port is up or not. If an mrouter port is defined, IGMP snooping will not flood multicast source packets received in the VLAN. This behavior can be used to ensure that IGMP snooping will selectively forward IPv4 multicast data traffic in a VLAN even if no dynamically discovered IPv4 multicast router has been discovered.
IGMP Snooping Querier Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches The IGMP Snooping Querier is an extension to the IGMP Snooping feature. IGMP Snooping Querier allows the switch to simulate an IGMP router in a Layer 2-only network, thus removing the need to have an IGMP Router to collect and refresh the multicast group membership information. The querier function simulates a small subset of the IGMP router functionality.
address when generating periodic queries. The no form of this command disables IGMP Snooping Querier on the system. Use the optional address parameter to set or reset the querier address. If a VLAN has IGMP Snooping Querier enabled, and IGMP Snooping is operationally disabled on the VLAN, IGMP Snooping Querier functionality is disabled on that VLAN. IGMP Snooping Querier functionality is reenabled if IGMP Snooping becomes operational on the VLAN.
The VLAN IP address takes precedence over the global IP address when both are configured. IGMP Querier does not detect when the local switch is configured as a multicast router. It is not recommended to configure both L3 multicast routing and IGMP Querier on the same switch. IGMP snooping (and IGMP querier) validates IGMP packets. As part of the validation, IGMP checks for the router alert option.
Default Configuration The snooping querier is configured to not participate in the querier election by default. Command Mode Global Configuration mode User Guidelines If the switch detects another querier in the VLAN, it will cease sending queries for the querier timeout period. Example The following example configures the snooping querier to participate in the querier election on VLAN 10.
User Guidelines The value of this parameter should be larger than the IGMP Max Response Time value inserted into general query messages by the querier. The default IGMP Max Response Time is defined in RFC 3376 as 10 seconds. Dell EMC Networking queriers use this value when sending general query messages. Use the show ip igmp snooping querier vlan command to display the operational max response time value.
Example The following example sets the querier timer expiry time to 100 seconds. console(config)#ip igmp snooping querier timer expiry 100 ip igmp snooping querier version This command sets the IGMP version of the query that the snooping switch is going to send periodically. The no form of this command sets the IGMP Querier Version to its default value. Syntax ip igmp snooping querier version version no ip igmp snooping querier version • version — IGMP version.
Syntax show ip igmp snooping querier [detail | vlan vlan-id] • vlan-id —Specifies a VLAN ID value. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all submodes User Guidelines When the optional argument vlan-id is not used, the command shows the following information. Parameter Description IGMP Snooping Querier Indicates whether or not IGMP Snooping Querier is active on the switch.
Parameter Description Operational State Indicates whether IGMP Snooping Querier is in the Querier or Non-Querier state. When the switch is in Querier state it sends out periodic general queries. When in Non-Querier state it waits for moving to Querier state and does not send out any queries. VLAN Operational Indicates the time to wait before removing a Leave from a host Max Response Time upon receiving a Leave request. This value is calculated dynamically from the Queries received from the network.
Operational State.............................. Querier Operational version............................
Interface Error Disable and Auto Recovery Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Interface error disable automatically disables an interface when an error is detected; no traffic is allowed until the interface is either manually re-enabled or, if auto recovery is configured, the configured auto recovery time interval has passed.
• All — Recovery for all possible causes is enabled. • bpduguard — BPDU Guard auto-recovery. • bcast-storm — Broadcast storm auto-recovery. • bpdustorm — BPDU Storm auto-recovery. • denial-of-service — Denial of Service auto-recovery. • loop-protect — Loop Protection auto-recovery. • port-security — Port security MAC locking auto-recovery. • mcast-storm — Multicast Storm auto-recovery. • sfp-mismatch — SFP mismatch auto-recovery.
Interfaces in the disabled state may be manually shut down. These interfaces will not be recovered. Auto-recovery applies to Ethernet interfaces and link aggregation groups. Command History Implemented in version 6.3.0.1 firmware. Additional causes added in version 6.5 firmware. Example The following example enables auto-recovery for all causes.
When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled. Only a single timer is used and recovery occurs when the timer expires, not when the interface time expires. Interfaces recovered by auto-recovery issue a log message indicating that recovery is being attempted. <13> Sep 25 14:38:32 10.130.135.107-1 UDLD[nim_t]: udld_util.c(1829) 87 %% Interface Gi1/0/1 is restored from the error disabled state.
When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled. Only a single timer is used and recovery occurs when the timer expires, not when the interface time expires. Interfaces recovered by auto-recovery issue a log message indicating that recovery is being attempted. <13> Sep 25 14:38:32 10.130.135.107-1 UDLD[nim_t]: udld_util.c(1829) 87 %% Interface Gi1/0/1 is restored from the error disabled state.
Term Parameter Description Time Interval time interval Time interval for auto-recovery in seconds. Command History Implemented in version 6.3.0.1 firmware. Modified in version 6.5 firmware.
Command Mode EXEC mode, Privileged Exec mode, and all submodes. User Guidelines Error disabled interfaces indicate that a problem that must be resolved by the administrator. This could be a configuration problem or a physical problem and does not necessarily indicate a problem with the switch. When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled.
Term Parameter Description SFP Mismatch sfp-mismatch SFP mismatch auto-recovery. SFP Plus Mismatch sfpplusmismatch SFP Plus mismatch auto-recovery. Spanning Tree spanning-tree Spanning-tree auto-recovery. UDLD udld UDLD auto-recovery. Unicast Storm ucast-storm Unicast storm auto-recovery. Command History Implemented in version 6.3.0.1 firmware. Modified in version 6.5 firmware.
IPv6 Access List Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
deny | permit (IPv6 ACL) This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured rules for the list. A rule may either deny or permit traffic according to the specified classification fields. At a minimum, either the every keyword or the protocol, source address, and destination address values must be specified. The source and destination IPv6 address fields may be specified using the keyword any to indicate a match on any value in that field.
[routing] [fragments] [dscp dscp]}} [time-range time-range-name] [log] [assign-queue queue-id] [{mirror | redirect} interface-id] [rate-limit rate burst-size] no [sequence-number] • sequence-number — Identifies the order of application of the permit/deny statement. If no sequence number is assigned, permit/deny statements are assigned a sequence number beginning at 1000 and incrementing by 10. Statements are applied in hardware beginning with the lowest sequence number.
have a value equal or greater than the starting port. The starting port, ending port, and all ports in between will be part of the layer 4 port range. • – When “eq” is specified, IPv6 ACL rule matches only if the layer 4 port number is equal to the specified port number or portkey. – When “lt” is specified, IPv6 ACL rule matches if the layer 4 destination port number is less than the specified port number or portkey. It is equivalent to specifying the range as 0 to .
• – This option is visible only if the protocol is tcp. – Ack – Acknowledgment bit – Fin – Finished bit – Psh – push bit – Rst – reset bit – Syn – Synchronize bit – Urg – Urgent bit [icmp-type icmp-type [icmp-code icmp-code] | icmp-message icmpmessage]—Specifies a match condition for ICMP packets. – When icmp-type is specified, IP ACL rule matches on the specified ICMP message type, a number from 0 to 255.
• log—Specifies that this rule is to be logged when the rule has been matched one or more times since the expiry of the last logging interval. The logging interval is five minutes. • time-range time-range-name—Allows imposing time limitation on the ACL rule as defined by the parameter time-range-name. If a time range with the specified name does not exist and the ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied immediately.
Any – is equivalent to ::/0 for IPv6 access lists. Host - indicates /128 prefix length for IPv6. Port ranges are not supported for egress (out) IPv6 traffic-filters. This means that only the eq operator is supported for egress (out) ACLs. The protocol type must be SCTP, TCP or UDP to specify a port range. The protocol type must be IPv6, SCTP, TCP, ICMPv6, or UDP to specify a flow label. The IPv6 “fragment” and “routing” keywords are not supported on egress (out) access groups.
For the N1100-ON/N1500/N2000/N2100-ON/N3000/N3100-ON series switches, for ingress (in) ACLs: • The IPv6 ACL “fragment” keyword matches only on the first IPv6 extension header for the fragment header (next header code 44). If the fragment header appears in the second or a subsequent header, it is not matched. • The IPv6 ACL “routing” keyword matches only on the first IPv6 extension header for the routing header (next header code 43).
Syntax ipv6 access-list name no ipv6 access-list name • name — Alphanumeric string of 1 to 31 characters uniquely identifying the IPv6 access list. Default Configuration There is no default configuration for this command.
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 access-list rename DELL_IP6 DELL_IP6_NEW_NAME ipv6 traffic-filter The ipv6 traffic-filter command either attaches a specific IPv6 Access Control List (ACL) to an interface or associates it with a VLAN ID in a given direction. Dell EMC Networking switches support configuration of multiple access groups on interfaces.
• control-plane—The access list is applied to ingress control plane packets. This parameter is only available in Global Configuration mode. • seq-num — Order of access list relative to other access lists already assigned to this interface and direction. (Range: 1–4294967295) Default Configuration No IPv6 traffic filters are configured by default.
Syntax show ipv6 access-lists [name] • name—The name used to identify the IPv6 ACL. Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
Source IPV6 Address............................ Destination IPV6 Address....................... Destination Layer 4 Operator................... Destination L4 Port Keyword.................... Flow Label..................................... TCP Flags...................................... fe80::2121/128 fe80::1212/128 Equal To 800 65535 FIN (Set) SYN (Ignore) RST (Ignore) PSH (Ignore) ACK (Ignore) URG (Ignore) ACL Hit Count..................................
IPv6 MLD Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches In IPv6, Multicast Listener Discover (MLD) snooping performs functions similar to IGMP snooping in IPv4. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets.
ipv6 mld snooping vlan groupmembershipinterval The ipv6 mld snooping vlan groupmembership-interval command sets the MLD Group Membership Interval time on a VLAN or interface. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry. This value must be greater than the MLDv2 Maximum Response time value. The range is 2 to 3600 seconds.
You should enable immediate-leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port. This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port, but were still interested in receiving multicast traffic directed to that group. Also, immediate-leave processing is supported only with MLD version 1 hosts. Syntax ipv6 mld snooping vlan vlan-id immediate-leave • vlan-id— A VLAN identifier (Range 1-4093).
Default Configuration Listener message suppression is enabled by default. Command Mode Global Configuration mode. User Guidelines MLD listener message suppression is equivalent to IGMP report suppression. When MLD listener message suppression is enabled, the switch only sends the first report received for a group in response to a query. Listener message suppression is only applicable to MLDv1.
User Guidelines This command has no user guidelines. Example console(config)#ipv6 mld snooping vlan 2 last-listener-query-interval 7 ipv6 mld snooping vlan mcrtrexpiretime The ipv6 mld snooping mcrtrexpiretime command sets the Multicast Router Present Expiration time. The time is set for a particular interface or VLAN.
ipv6 mld snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. The no form of this command removes the static binding. Syntax ipv6 mld snooping vlan vlan-id mrouter interface interface no ipv6 mld snooping vlan vlan-id mrouter interface interface • vlan-id — A VLAN identifier (Range 1-4093). • interface-id— The next-hop interface to the Multicast router. Default Configuration There are no multicast router ports configured by default.
no ipv6 mld snooping [vlan vlan-id] • vlan-id — A VLAN identifier (Range 1-4093). Default Configuration MLD Snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode. User Guidelines Use this command without parameters to globally enable MLD Snooping. Use the no form of the command to disable MLD Snooping. Use the vlan parameter to enable MLD Snooping on a specific VLAN.
• interface-id—An Ethernet interface identifier or a port channel identifier • vlan-id—A VLAN identifier. Default Configuration This command has no default configuration Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines With no optional arguments, the command displays the following information: • Admin Mode — Indicates whether or not MLD Snooping is active on the switch.
• Last Listener Query Interval—Displays the amount of time the switch waits after it sends a query on an interface, participating in the VLAN, because it did not receive a report for a particular group on that interface. This value may be configured. • Multicast Router Present Expiration Time — Displays the amount of time to wait before removing an interface that is participating in the VLAN from the list of interfaces with multicast routers attached. The interface is removed if a query is not received.
Default configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This user guideline applies to all switch models.To see the full Multicast address table (including static addresses) use the show mac address-table multicast command. Example This example shows MLDv2 snooping entries console#show ipv6 mld snooping groups Vlan ---1 Group ----------------------3333.0000.
Default configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines MLD snooping forwards IPv6 multicast data plane packets to mrouter ports, including statically configured mrouter ports. If a static mrouter port is configured in a VLAN, MLD snooping will forward multicast data plane packets received on the VLAN even if the interface is down.
IPv6 MLD Snooping Querier Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches The MLD Snooping Querier is an extension of the MLD Snooping feature. MLD Snooping Querier allows the switch to simulate an MLD router in a Layer 2-only network, thus removing the need to have an MLD Router to collect the multicast group membership information. The querier function simulates a small subset of the MLD router functionality.
Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Default Configuration MLD Snooping Querier is disabled by default. Command Mode Global Configuration mode User Guidelines It is not recommended the MLD Snooping Querier be enabled on a switch enabled for IPv6 multicast routing. Example console(config)#ipv6 mld snooping querier ipv6 mld snooping querier (VLAN mode) Use the ipv6 mld snooping querier command in VLAN mode to enable MLD Snooping Querier on a VLAN.
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier vlan 10 ipv6 mld snooping querier address Use the ipv6 mld snooping querier address command to set the global MLD Snooping Querier address. Use the no form of this command to reset the global MLD Snooping Querier address to the default. Syntax ipv6 mld snooping querier address prefix[/prefix-length] no ipv6 mld snooping querier address • prefix — An IPv6 address prefix.
enabled, if the Snooping Querier finds that the other Querier's source address is numerically lower than the Snooping Querier's address, it stops sending periodic queries. If the Snooping Querier wins the election then it will continue sending periodic queries. Use the no form of this command to disable election participation on a VLAN.
• interval — Amount of time that the switch waits before sending another general query. (Range: 1–1800 seconds) Default Configuration The default query interval is 60 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console(config)#ipv6 mld snooping querier 120 ipv6 mld snooping querier timer expiry Use the ipv6 mld snooping querier timer expiry command to set the MLD Querier timer expiration period.
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier timer expiry 222 show ipv6 mld snooping querier Use the show ipv6 mld snooping querier command to display MLD Snooping Querier information. Configured information is displayed whether or not MLD Snooping Querier is enabled.
Querier Query Interval Shows the amount of time that a Snooping Querier waits before sending out a periodic general query. Querier Expiry Interval Displays the amount of time to wait in the Non-Querier operational state before moving to a Querier state. When the optional argument vlan vlan-id is used, the following additional information appears: Parameter Description MLD Snooping Querier VLAN Mode Indicates whether MLD Snooping Querier is active on the VLAN.
IP Source Guard Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair. The network administrator configures whether enforcement includes the source MAC address. The network administrator can configure static authorized source IDs.
Syntax ip verify source {port-security} no ip verify source • port-security—Enables filtering based on IP address, VLAN, and MAC address. When not specified, filtering is based upon IP address. Default Configuration By default, no sources are blocked. Command Mode Interface Configuration mode (Ethernet and port channel) User Guidelines DHCP snooping should be enabled on any ports for which ip verify source is configured.
ip verify binding Use the ip verify binding command in Global Configuration mode to configure static bindings. Use the no form of the command to remove the IPSG entry. Syntax ip verify binding macaddr vlan ipaddr interface Default Configuration By default, there are no static bindings configured. Command Mode Global Configuration mode User Guidelines The configured IP address and MAC address are used to match the source IP address and source MAC address for packets received on the interface.
Default Configuration There is no default configuration for this command.
Syntax show ip verify source [interface interface-id] • interface-id: A valid Ethernet interface identifier or port-channel identifier Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
User Guidelines This command has no user guidelines. Example console#show ip source binding MAC Address IP Address Type VLAN Interface --------------------- ----- ----- ------------0011.2233.4455 1.2.3.
iSCSI Optimization Commands Dell EMC Networking N2000/N2100-ON/N3000/N3100-ON/N4000 Series Switches iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. iSCSI Optimization is best applied to mixed-traffic networks where iSCSI packets constitutes a portion of overall traffic.
iSCSI Optimization borrows ACL lists from the global system pool. ACL lists allocated by iSCSI Optimization reduce the total number of ACLs available for use by the network operator. Enabling iSCSI Optimization uses one ACL list to monitor for iSCSI sessions for the application of any CoS treatment.
Command Mode Global Configuration mode. User Guidelines The remark option only applies to DSCP values. Remarking is not available for vpt values. In general, the use of iSCSI CoS is not required. By default, iSCSI flows are assigned to the highest VPT/DSCP value that is mapped to the highest queue not used for stack management or the voice VLAN. Make sure you configure the relevant Class of Service parameters for the queue in order to complete the setting.
iscsi enable The iscsi enable command globally enables iSCSI optimization. To disable iSCSI optimization, use the no form of this command. Syntax iscsi enable no iscsi enable Default Configuration iSCSI is enabled by default. Command Mode Global Configuration mode User Guidelines This command modifies the running config to enable flow control on all interfaces. Monitoring for EqualLogic Storage arrays via LLDP is enabled by this command.
AE Priority = priority configured for iSCSI PFC (the VPT value above). This TLV is sent in addition to any Application Priority TLV information received from the configuration source. If the configuration source is sending iSCSI application priority information, it is not necessary to enable iscsi cos to send the iSCSI Application Priority TLV. Command History Modified in version 6.5 firmware. Example In the following example, iSCSI is globally enabled.
Session aging time: 10 min Maximum number of sessions is 1024 -----------------------------------------------iSCSI Targets and TCP Ports: -----------------------------------------------TCP Port Target IP Address Name --------------------------------------------------iSCSI Static Rule Table --------------------------------------------------Index TCP Port IP Address IP Address Mask 1 9876 2 25555 - Layer 2 Switching Commands 548
Link Dependency Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface. Circular dependencies are not allowed. For example, if port-channel 1 in group 1 depends on port-channel 2.
Command Mode Link Dependency mode User Guidelines The action up command will cause the group members to be up when no depended-on interfaces are up. Example console(config-depend-1)#action up link-dependency group Use the link-dependency group command to enter the link-dependency mode and configure a link-dependency group. Syntax link-dependency group GroupId no link-dependency group GroupId • GroupId — Link dependency group identifier.
add Use this command to add member ten Gigabit or Gigabit Ethernet port(s) or port channels to the dependency list. Syntax add intf-list • intf-list — List of Ethernet interface identifiers or port channel identifiers or ranges. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports. Default Configuration This command has no default configuration.
no depends-on intf-list • intf-list — List of Ethernet interface identifiers or port channel interface identifiers or ranges.Separate nonconsecutive items with a comma and no spaces. Use a hyphen to designate the range of ports or port-channel numbers. Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines Circular dependencies are not allowed, i.e.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines Configure a link dependency group prior to using this command. Example The following command shows link dependencies for all groups.
LLDP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows stations residing on an IEEE802 LAN to advertise major capabilities, physical descriptions, and management information to physically adjacent devices, allowing a network management system (NMS) to access and display this information.
The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection. The LLDP component manages a number of statistical parameters representing the operation of each transmit and receive function on a per-port basis.
Default Configuration By default, data is removed only on system reset. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays how to clear the LLDP remote data. console#clear lldp remote-data clear lldp statistics Use the clear lldp statistics command to reset all LLDP statistics. Syntax clear lldp statistics Default Configuration By default, the statistics are only cleared on a system reset.
dcb enable This command enables the sending of DCBX information in LLDP frames. Syntax dcb enable no dcb enable Command Mode Global Configuration mode Default Value The sending of DCBX information in enabled by default. User Guidelines Use this command to disable the sending of DCBX information when it is desirable to utilize legacy QoS and disable the automatic configuration of CNAs based on transmitted DCBX information.
Default Configuration If neither transmit nor receive is specified, packets for both directions are displayed. Command Mode Privileged Exec mode User Guidelines Decode of LLDP packet information is limited. If possible, it is preferable to attach the Wireshark tool to the switch CPU to obtain a full decode, if an out-of-band port is available. Refer to the Remote Capture example in the User’s Configuration Guide. Command History Command introduced in version 6.5 firmware.
Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#lldp med lldp med confignotification This command is used to enable sending topology change notifications. Syntax lldp med confignotification no lldp med confignotification Command Mode Interface Configuration (Ethernet) mode Default Value By default, notifications are disabled on all Ethernet interfaces. User Guidelines There are no guidelines for this command.
Default Value 3 User Guidelines No specific guidelines. Example console(config)# lldp med faststartrepeatcount 2 lldp med transmit-tlv This command is used to specify which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs. There are certain conditions that have to be met for a port to be MED compliant. These conditions are explained in the normative section of the ANSI/TIA-1057 specification. For example, the MED TLV 'capabilities' is mandatory.
console(config-if-Gi1/0/1)#lldp med transmit-tlv capabilities console(config-if-Gi1/0/1)#lldp med transmit-tlv network-policies lldp notification Use the lldp notification command in Interface Configuration mode to enable remote data change notifications. To disable notifications, use the no form of this command. Syntax lldp notification no lldp notification Default Configuration By default, notifications are disabled on all supported interfaces.
no lldp notification-interval • interval — The smallest interval in seconds at which to send remote data change notifications. (Range: 5–3600 seconds) Default Configuration The default value is 5 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the interval value to 10 seconds.
Example The following example displays how to enable the LLDP receive capability. console(config-if-Gi1/0/3)#lldp receive lldp timers Use the lldp timers command in Global Configuration mode to set the timing parameters for local data transmission on ports enabled for LLDP. To return any or all parameters to factory default, use the no form of this command.
Examples The following example displays how to configure LLDP to transmit local information every 1000 seconds. console(config)#lldp timers interval 1000 The following example displays how to set the timing parameter at 1000 seconds with a hold multiplier of 8 and a 5 second delay before reinitialization. console(config)#lldp timers interval 1000 hold 8 reinit 5 lldp transmit Use the lldp transmit command in Interface Configuration mode to enable the LLDP advertise (transmit) capability.
lldp transmit-mgmt Use the lldp transmit-mgmt command in Interface Configuration mode to include transmission of the local system management address information in the LLDPDUs. To cancel inclusion of the management information, use the no form of this command. Syntax lldp transmit-mgmt no lldp transmit-mgmt Default Configuration By default, management address information is not included. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
• sys-name — Transmits the system name TLV. This is the configured host name for the system. (TLV type 5) • sys-desc — Transmits the system description TLV. (TLV type 6) • sys-cap — Transmits the system capabilities TLV. (TLV type 7) • port-desc — Transmits the port description TLV. (TLV type 4) Default Configuration By default, the port-desc, and sys-name TLVs are transmitted.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the current LLDP configuration summary. console#show lldp LLDP Global Configuration Transmit Interval............................ Transmit Hold Multiplier..................... Reinit Delay................................. Notification Interval.................
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples This example show how the information is displayed when you use the command with the all parameter.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples These examples show advertised LLDP local data in two levels of detail.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes Default Value Not applicable User Guidelines No specific guidelines. Example console(config)#show lldp med LLDP MED Global Configuration Fast Start Repeat Count: 3 Device Class: Network Connectivity show lldp med interface This command displays a summary of the current LLDP MED configuration for a specific interface.
Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Detach Detach Detach Detach Detach Enabled Disabled Disabled Disabled Disabled Enabled Disabled Disabled Disabled Disabled Enabled0,1 Disabled Disabled Disabled Disabled 0,1 0,1 0,1 0,1 console #show lldp med interface gi1/0/1 LLDP MED Interface Configuration Interface --------Gi1/0/1 Link -----Up configMED operMED ConfigNotify -------- -------- -------Enabled Enabled Disabled TLVsTx ------0,1 TLV Codes: 0- Capabilities, 1- Network Policy 2-Location, 3- Exte
DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1 DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 watts Source: primary Priority: critical Extended POE PD Required: 0.
Syntax show lldp med remote-device {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | all} show lldp med remote-device detail {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port} • all — Indicates all valid LLDP interfaces. • detail — Includes a detailed version of remote data for the indicated interface.
DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1 DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 Watts Source: primary Priority: critical Extended POE PD Required: 0.
Syntax show lldp remote-device {detail interface | interface | all} • detail — Includes detailed version of remote data. • interface — Specifies a valid Ethernet interface on the device. Substitute gigabitethernet unit/slot/port or tengigabitethernet unit/slot/port or fortygigabitethernet unit/slot/port} Default Configuration This command has no default configuration.
System Description: Port Description: Gi1/0/13 System Capabilities Supported: System Capabilities Enabled: Time to Live: 113 seconds show lldp statistics Use the show lldp statistics command to display the current LLDP traffic statistics. Syntax show lldp statistics {unit/slot/port | all} Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Total Ageouts................................ 1 Tx Interface Total --------- ----Gi1/0/1 29395 Gi1/0/2 0 Gi1/0/3 0 Gi1/0/4 0 Rx Total ----82562 0 0 0 Discards -------0 0 0 0 Errors -----0 0 0 0 Ageout -----1 0 0 0 TLV Discards -------0 0 0 0 TLV Unknowns -------0 0 0 0 TLV MED ---0 0 0 0 TLV 802.3 ----1 0 0 0 TLV UPOE ----4 0 0 0 0 0 0 TLV MED ---0 TLV 802.1 ----0 TLV 802.3 ----10 console#show lldp statistics Gi1/0/7 LLDP Device Statistics Last Update..................................
Fields Description Receive Total Total number of valid LLDP frames received on the indicated port. Discards Number of LLDP frames received on the indicated port and discarded for any reason. Errors Number of non-valid LLDP frames received on the indicated port. Ageouts Number of times a remote data entry on the indicated port has been deleted due to TTL expiration.
Loop Protection Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Loop protection detects physical and logical loops between Ethernet ports on a device. Loop protection must be enabled globally before it can be enabled at the interface level.
User Guidelines Loop protection operates by unicasting a Configuration Test Protocol (CTP) reply packet with the following field settings: • Source MAC Address:switch L3 MAC address • Destination MAC Address: Switch L3 MAC address • Ether Type: 0x0900 (LOOP) • Skip Count: 0 • Functions: Reply • Receipt Number: 0 • Data: 0 Since all switch ports share the same MAC address, if any interface receives CTP packets transmitted by the switch in excess of the configured limit, that interface is error
console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#no keepalive keepalive (Global Config) Use the keepalive command in Global Configuration mode to enable keepalive or to configure the loop protection timer and packet count. Use the no form of the command to return the configuration to the defaults. Syntax keepalive [ period [ count ] ] no keepalive • period – Configures the interval for the transmission of keepalive packets.
Command History Implemented in version 6.3.0.1 firmware. Example The following example configures the CTP transmit interval to transmit CTP packets every 5 seconds. console(config)#keepalive 5 This example configures the CTP transmit interval to 5 seconds. If an interface receives two CTP packets, it error disables the interface.
Command Mode Interface Configuration mode User Guidelines Error disabled interfaces can be configured to auto-recover using the errdisable recovery cause loop-protect command. Keep-alive should only be configured on interfaces that do not participate in spanning-tree. Keep-alive may disable interfaces in the spanning-tree designated (blocked) role. Command History Implemented in version 6.3.0.1 firmware. Syntax corrected in 6.4 release.
Field Description Keepalive Service The Keepalive service configuration (Enabled, Disabled). Transmit Interval The transmission interval in seconds. Retry Count The number of times a keepalive packet must be seen before a looped state is declared. Command History Implemented in version 6.3.0.1 firmware. Example updated in 6.4 version. Example console#show keepalive Keepalive Service.............................. Enabled Transmit Interval.............................. 10 Retry Count.................
User Guidelines The following information is displayed. Field Description Port The interface identifier. Keep Alive Are keepalives transmitted on this interface (Yes, No)? Loop Detected Has a loop been detected (Yes, No)? Loop Count The number of CTP packets detected. Time Since Last Loop The last time a loop was detected. Rx Action Action when a loop is detected (Error disable, Log). Port Status Current port status (Enable, Disable). Command History Implemented in version 6.3.0.1 firmware.
MLAG Commands Dell EMC Networking N2000/N2100-ON/N3000/N3100-ON/N4000 Series Switches MLAG enables a LAG to be created across two independent switches, so that some member ports of a MLAG can reside on one switch and the other members of a MLAG can reside on another switch. The partner switch on the remote side can be a MLAG-unaware unit. To the MLAG unaware switch, the MLAG appears to be a single LAG connected to a single switch.
Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear vpc statistics feature vpc The feature vpc command globally enables MLAG. Use the no form of the command to globally disable MLAG. Syntax feature vpc no feature vpc Default Configuration By default, the MLAG feature is not globally enabled.
peer detection enable Use the peer detection enable command to enable the Dual Control Plane Detection Protocol. This enables the detection of peer MLAG switches and suppresses state transitions out of the secondary state in the presence of peer link failures. Use the no form of the command to disable the dual control plane detection protocol. Syntax peer detection enable no peer detection enable Default Configuration Dual Control Plane Detection Protocol is disabled by default.
Syntax peer detection interval interval-msecs timeout timeout-msecs no peer detection interval • interval-msecs—The peer keepalive timeout in seconds. The range is 200– 4000 milliseconds. • timeout-msecs—The peer timeout value in milliseconds. The range is 700–14000 milliseconds. Default Configuration The default transmission interval is 1000 milliseconds. The default reception timeout is 3500 milliseconds.
Syntax peer-keepalive destination ipaddress source srcaddr [udp-port port] no peer-keepalive destination • ipaddress—The ip address of the MLAG peer. • port—The UDP port number to use to listen for peer Dual Control Plane Detection Protocol packets. • srcaddr—The local source address to use. Default Configuration There are no Dual Control Plane Detection Protocol peers configured by default.
Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.1 console(config-vpc 1)#peer detection enable console(config-vpc 1)#exit peer-keepalive enable Use the peer-keepalive enable command to enable the peer keepalive protocol on the peer link.
• • Secondary device fails: All MLAG members’ port information regarding the secondary device that the primary switch maintains are removed from the primary switch. Forwarding and control processing continues on the local MLAG ports on the primary switch. Once the secondary comes back up again, it starts the keepalive protocol and, if successful in contacting the primary device, moves to the secondary state. It then initiates an FDB sync and becomes operational again.
no peer-keepalive timeout • value—The peer keepalive timeout value in seconds. The range is 2 to 15 seconds. Default Configuration By default, the keepalive timeout value is 5 seconds. Command Modes VPC Domain User Guidelines This command configures the peer keepalive timeout value (in seconds). If an MLAG switch does not receive keepalive messages from the peer for this timeout value, it takes the decision to transition its role (if required).
• Value—The local switch priority value. (The range is 1-255.) Default Configuration The default priority value is 100. Command Modes MLAG Domain Configuration mode User Guidelines This value is used for the MLAG role election and is sent to the MLAG peer in the MLAG keepalive messages. The MLAG switch with the numerically lower priority value becomes the Primary and the switch with higher priority becomes the Secondary.
Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines There are no user guidelines for this command. Example (console)# show vpc 10 VPC Id 10 ----------------Configuration mode......................Enabled Operational mode........................Enabled Port channel................................
User Guidelines A VPC domain ID must be configured for this command to display the VPC status. Only the Primary switch maintains the member status of the Secondary switch. The Secondary switch does not maintain or show the status of the Primary switch peer members. A VPC instance may show as enabled even if all of the port-channels that are members of the VPC are disabled or all of the links in the port channels are disabled. A VPC will show as disabled if peer-link (or DCPDP) connectivity is lost.
Number of VPCs configured...................... 2 Number of VPCs operational..................... 2 VPC id# 1 ----------Interface...................................... Po2 Configured Vlans............................... 1,10,11,12,13,14,15,16,17 VPC Interface State............................ Active Local MemberPorts Status ----------------- -----Gi1/0/23 UP Gi1/0/24 UP Peer MemberPorts Status ---------------- -----Gi1/0/23 UP Gi1/0/24 UP VPC id# 2 ----------Interface......................................
User Guidelines There are no user guidelines for this command. Command History Introduced in 6.2.0.1 firmware. Updated in 6.3.0.1 firmware.
Parameter Name ---------------Port Channel Mode STP Mode BPDU Filter Mode BPDU Flood Mode Auto-edge TCN Guard Port Cost Edge Port Root Guard Loop Guard Hash Mode Minimum Links Channel Type Configured VLANs MTU Active Port -----------Gi1/0/1 Gi1/0/2 Value --------------------------Enabled Enabled Enabled Enabled FALSE True 2 True True True 3 1 Static 4,5,7,8 1518 Speed --------100 100 Duplex -------Full Full MST VLAN Configuration Instance ------------1 2 Associated VLANS ------------------------------
Syntax show vpc consistency-features { global | interface port-channel-number } • port-channel-number—A valid port-channel identifier. Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines There are no user guidelines for this command. show vpc peer-keepalive Use the show vpc peer-keepalive command to display the peer MLAG switch’s IP address used by the Dual Control Plane Detection Protocol.
Peer IP address............................10.130.14.55 Source IP address..........................10.130.14.54 UDP port...................................50000 Peer detection admin status................Enabled Peer detection operational status..........Up Peer is detected...........................True Configured Tx interval.....................500 milliseconds Configured Rx timeout......................2000 milliseconds Operational Tx interval....................500 milliseconds Operational Rx timeout...
Configured VPC system priority..................32767 Operational VPC system priority.................32767 Local System MAC..................................... 00:10:18:82:18:63 Timeout........................................ 5 VPC State...................................... Primary VPC Role....................................... Primary Peer ---VPC Domain ID.................................. 1 Role Priority.................................. 100 Configured VPC MAC..............................
Total received..........................................115 Rx successful...........................................108 Rx Errors...............................................7 Timeout counter.........................................6 (console)# show vpc statistics peer-link Peer link control messages transmitted..................123 Peer link control messages Tx errors................... 5 Peer link control messages Tx timeout.................. 4 Peer link control messages ACK transmitted.............
system-mac Use this command to manually configures the MAC address for the VPC domain. Use the no form of the command to revert the domain MAC address to the default value. Syntax system-mac mac-address no system-mac • mac-address—The system MAC address for the VPC domain. Default Configuration By default, the domain uses a pre-configured MAC address. Command Modes VPC domain mode User Guidelines The VPC domain MAC address must be the same on both MLAG peer devices.
system-priority Use this command to manually configure the priority for the VPC domain. Use the no form of the command to revert the priority to the default value. Syntax system-priority priority no system-priority • priority—The priority for the VPC domain. Range is 1-65535. Default Configuration By default, the system priority is 32767. Command Modes VPC domain mode User Guidelines The system priority must be configured identically on all VPC peers.
vpc Use the vpc command to configure a port-channel (LAG) as part of an MLAG instance. Upon issuing this command, the port-channel is down until the port-channel member information is exchanged and agreed between the MLAG peer switches. Use the no form of the command to remove the LAG from the MLAG domain. Syntax vpc vpc-id no vpc vpc-id • vpc-id—The MLAG identifier. Default Configuration LAGs are not members of an MLAG domain by default.
console(config-if-Po3)#switchport trunk allowed vlan 1-99,101-4093 console(config-if-Po3)#vpc 2 console(config-if-Po3)#exitconsole(config)#interface po3 console(config-if-Po3)#switchport mode trunk console(config-if-Po3)#switchport trunk allowed vlan 1-99,101-4093 console(config-if-Po3)#vpc 2 console(config-if-Po3)#exit vpc domain Use the vpc domain command to enter into MLAG configuration mode. This command creates an MLAG domain and enters into MLAG configuration mode.
BPDUs sent out on VPC interfaces. If two VPC domains have the identical domain-ids, the resulting actor IDs may lead to LACP or STP convergence issues. Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.
console(config-if-Po1)#spanning-tree disable console(config-if-Po1)#switchport mode trunk console(config-if-Po1)#switchport trunk allowed vlan 1-99,101-4093 console(config-if-Po1)#vpc peer-link console(config-if-Po1)#exit Layer 2 Switching Commands 609
Multicast VLAN Registration Commands Dell EMC Networking N1100-ON/N2000/N2100-ON/N3000/N3100ON/N4000 Series Switches Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.
mvr mvr type mvr group mvr vlan group mvr mode show mvr mvr querytime show mvr members mvr vlan show mvr interface mvr immediate show mvr traffic mvr Use the mvr command in Global Configuration and Interface Configuration modes to enable MVR. Use the no form of this command to disable MVR. Syntax mvr no mvr Default Configuration The default value is Disabled. Command Mode Global Configuration, Interface Configuration User Guidelines MVR can only be configured on physical interfaces.
no mvr group A.B.C.D [count] • A.B.C.D—Specify a multicast group. • count—Specifies the number of multicast groups to configure. Groups are configured contiguously by incrementing the first group specified. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The following table lists the completion messages.
• dynamic—Send IGMP joins to the multicast source when IGMP joins are received on receiver ports. Default Configuration The default mode is compatible. Command Mode Global Configuration User Guidelines This command has no user guidelines. mvr querytime Use the mvr querytime command in Global Configuration mode to set the MVR query response time.
Message Type Message Description Successful Completion Message Defaulting MVR query response time. Error Completion Message None Example console(config)#interface Gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan 2 console(config-if-Gi1/0/1)#mvr console(config-if-Gi1/0/1)#mvr type receiver console(config-if-Gi1/0/1)#exit console(config)#mvr mode dynamic console(config)#mvr querytime 10 mvr vlan Use the mvr vlan command in Global Configuration mode to set the MVR multicast VLAN.
Message Type Message Description Successful Completion Message MVR multicast VLAN ID is set to the default value which is equal to 1. Error Completion Message Receiver port in mVLAN, operation failed. mvr immediate Use the mvr immediate command in Interface Configuration mode to enable MVR Immediate Leave mode. Use the no form of this command to set the MVR multicast VLAN to the default value. Syntax mvr immediate no mvr immediate Default Configuration The default value is Disabled.
mvr type Use the mvr type command in Interface Configuration mode to set the MVR port type. Use the no form of this command to set the MVR port type to None. Syntax mvr type {receiver | source} no mvr type • receiver—Configure the port as a receiver port. Receiver ports are ports over which multicast data will be sent but not received. • source—Configure the port as a source port. Source ports are ports over which multicast data is received or sent. Default Configuration The default value is None.
console(config-if-Gi1/0/1)#mvr type receiver console(config-if-Gi1/0/1)#interface Gi1/0/24 console(config-if-Gi1/0/24)#switchport mode trunk console(config-if-Gi1/0/24)#switchport trunk native vlan 99 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 99 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#exit mvr vlan group Use the mvr vlan group command in Interface Configuration mode to participate in the specific MVR group.
console(config-vlan2000)#exit console(config)#mvr vlan 2000 console(config)#interface gi1/0/24 console(config-if-Gi1/0/24)#switchport mode trunk console(config-if-Gi1/0/24)#switchport trunk native vlan 2000 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 2000 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#mvr vlan 2000 group 239.1.1.1 show mvr Use the show mvr command to display global MVR settings.
Parameter Description MVR Max Multicast Groups The maximum number of multicast groups that is supported by MVR. MVR Current Multicast groups The current number of MVR groups allocated. MVR Query Response Time The current MVR query response time. MVR Mode The current MVR mode. It can be compatible or dynamic. Example console #show mvr MVR Running.............................. MVR multicast VLAN....................... MVR Max Multicast Groups................. MVR Current multicast groups............
Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description MVR Group IP MVR group multicast IP address. Status The status of the specific MVR group. It can be active or inactive. Members The list of ports which participates in the specific MVR group. Examples console#show mvr members MVR Group IP Status -------------------------------224.1.1.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description Port Interface number Type The MVR port type. It can be None, Receiver, or Source type. Status The interface status.
console#show mvr interface gi1/0/23 members vlan 12 235.0.0.1 STATIC ACTIVE 235.1.1.1 STATIC ACTIVE show mvr traffic Use the show mvr traffic command to display global MVR statistics. Syntax show mvr traffic Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages.
Parameter Description IGMP Report V2 Transmitted Number of transmitted IGMP Reports V2. IGMP Leave Transmitted Number of transmitted IGMP Leaves. IGMP Packet Receive Failures Number of failures on receiving the IGMP packets. IGMP Packet Transmit Failures Number of failures on transmitting the IGMP packets. console#show mvr traffic IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP Query Received............................ Report V1 Received........................ Report V2 Received..............
Port Channel Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches A port channel is a set of one or more links that can be aggregated together to form a bonded channel (Link Aggregation Group or LAG or port channel). Individual conversations in a particular direction always travel over a single link in the port channel, however, in aggregate, the bandwidth usage of all of the links is fairly evenly distributed.
unable to buffer the requisite number of frames will show excessive frame discard. Configuring copper and fiber ports together in an aggregation group is not recommended. If a dynamic LAG member sees an LACPDU that contains information different from the currently configured default partner values, that particular member drops out of the LAG. This configured member does not aggregate with the LAG until all the other active members see the new information.
VLANs and LAGs When Ethernet interfaces are added to a LAG, they are removed from all existing VLAN membership and take on the VLAN membership of the LAG. When members are removed from a LAG, the members regain the Ethernet interface VLAN membership as per the configuration. LAG Thresholds In many implementations, a LAG is declared as up if any one of its member ports is active. This enhancement provides configurability for the minimum number of member links to be active to declare a LAG up.
• Source/Destination IP and source/destination TCP/UDP Port fields of the packet. Enhanced LAG Hashing Dell EMC Networking devices based on Broadcom XGS-IV silicon support configuration of hashing algorithms for each LAG interface. The hashing algorithm is used to distribute traffic load among the physical ports of the LAG while preserving the per-flow packet order. NOTE: Enhanced hashing mode is not supported on the N1100ON/N1500 Series switches.
Flexible Assignment of Ports to LAGs Assignment of interfaces to dynamic LAGs is based upon a maximum of 144 interfaces assigned to dynamic LAGs, a maximum of 128 dynamic LAGs and a maximum of 8 interfaces per dynamic LAG. For example, 128 LAGs may be assigned 2 interfaces each or 18 LAGs may be assigned 8 interfaces each. NOTE: The N1100-ON/N1500 Series switches support 64 port channels.
Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example shows how port gi1/0/5 is configured in port-channel 1 without LACP (static LAG). console(config)# interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)# channel-group 1 mode on The following example shows how port gi1/0/6 is configured to port-channel 2 with LACP (dynamic LAG).
User Guidelines Port channel numbers range from 1 to 128 for all switches except the N1500 which supports 64 port channels. Example The following example enters the context of port-channel 1. console(config)# interface port-channel 1 console(config-if-po1)# interface range port-channel Use the interface range port-channel command in Global Configuration mode to execute a command on multiple port channels at the same time.
console(config)# interface range port-channel 1-2,8 console(config-if)# hashing-mode Use the hashing-mode command to set the hashing algorithm on trunk ports. Use the no hashing-mode command to set the hashing algorithm on trunk ports to the default. Syntax hashing-mode mode • mode — Mode value in the range of 1 to 7.
User Guidelines Enhanced hashing mode is recommended, however, depending on the specific traffic patterns present in the network, a different hashing mode may give better bandwidth distribution across the LAG member links. Use the show interfaces utilization command to view link utilization.
The port priority of each port is a four octet binary number, formed by using the configured port priority as the two most significant octets and the port number as the two least significant octets. For any given set of ports, the port with the numerically lower value of port priority has the higher priority.
User Guidelines Per IEEE 802.1AX-2008 Section 5.6, ports are selected for aggregation by each switch based upon the port priority assigned by the switch with the higher system priority, starting with the highest priority port of the switch with the higher switch priority, and working downward through the ordered list of port priority values for the ports.
Command Mode Interface Configuration (Ethernet) mode Interface Range mode User Guidelines The LACP time-out setting indicates a local preference for the rate of LACPDU transmission and the period of time before invalidating received LACPDU information. This setting is negotiated with the link partner. Long time-outs are 90 seconds with a transmission rate of once every 30 seconds. Short time-outs are 3 seconds with a transmission rate of once every second.
User Guidelines For a LAG that contains links distributed across stacking units, the default behavior is to distribute locally received ingress traffic across all LAG links in the stack per the selected hashing algorithm. When enabled, this command disables forwarding of ingress unicast traffic across stacking links for a LAG that is comprised of links on multiple stack units. It does this by restricting LAG hashing to only select egress links on the stack unit where the traffic ingresses.
Default Configuration The default minimum links is 1. Command Mode Interface Configuration (port-channel) mode User Guidelines This command has no user guidelines. Example console(config)#interface port-channel 1 console(config-if-Po1)#port-channel min-links 3 console(config-if-Po1)#no port-channel min-links show interfaces port-channel Use the show interfaces port-channel command to show port-channel information.
Parameter Description Channel Number of the port channel to show. This parameter is optional. If the port channel number is not given, all the channel groups are displayed. (Range: Valid port-channel number, 1 to 48). • Ports—The ports that are members of the port-channel. • Ch-Type—The aggregation scheme. Dynamic indicates that the LACP protocol is run. • Hash Algorithm Type—The hashing used to assign a conversation to a particular aggregation link.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows how to display LACP Ethernet interface information.
LACP PDUs send: LACP PDUs received: 0 0 show statistics port-channel Use the show statistics port-channel command to display statistics about a specific port-channel. Syntax show statistics port-channel port-channel-number Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows statistics about port-channel 1.
Packets RX and TX 2048-4095 Octets............. 0 Packets RX and TX 4096-9216 Octets............. 0 Total Packets Received Without Errors.......... Unicast Packets Received....................... Multicast Packets Received..................... Broadcast Packets Received..................... Receive Packets Discarded...................... 0 0 0 0 0 Total Packets Received with MAC Errors......... Jabbers Received............................... Fragments/Undersize Received...................
GVRP PDUs Transmitted.......................... GVRP Failed Registrations...................... GMRP PDUs Received............................. GMRP PDUs Transmitted.......................... GMRP Failed Registrations...................... BPDUs: Sent: 0, Received: 0 0 0 0 0 0 Time since counters last cleared...............
Port Monitor Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Dell EMC Networking switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed. Network traffic transmission is always disrupted whenever a configuration change is made for port monitoring.
• Once configured, there is no network connectivity on the probe (destination) port. The probe port does not forward any traffic and does not receive any traffic. The probe tool attached to the probe port is unable to ping the networking device or ping through the networking device, and no device is able to ping the probe tool.
The in memory buffer is 128 packets. The file system buffer is 524288 bytes and is named cpuPktCapture.pcap. The remote monitor capture port is 2002. Command Modes Global Configuration mode User Guidelines Packets that are transmitted or received by the switch CPU may be captured to the switch file system, to local memory, or sent to a WireShark client.
monitor capture (Privileged Exec) Use the monitor capture command to capture packets transmitted or received from the CPU. This facility captures switch control plane traffic and is useful in monitoring network control traffic and analyzing network security. Remote packet capture is not supported when the packets are received via Service Port. Syntax monitor capture {start [transmit | receive | all] | stop} • Transmit—Capture packets transmitted by the switch CPU.
Syntax monitor capture mode {line | remote | file} no monitor capture mode • line—Captured packets are sent to the console. • remote—Captured packets are sent to a remote WireShark network analyzer. • file—Captured packets are sent to the file system. Default Configuration By default, remote capture is configured. Command Modes Global Configuration mode User Guidelines Only one file, remote, or line may be specified. Setting the mode takes effect immediately.
• The time when packet passed through CPU. • The first 128 bytes of packet. • The length of full packet (if greater than 128 bytes). The in-memory capture buffer can be configured to stop when full. This mode is configured with the command no monitor capture line wrap. Capturing packets is started by the monitor capture start command. Capturing packets is stopped automatically when 128 packets are captured and saved into the RAM.
If capturing is in progress and more than 128 packets are captured and the user configures no monitor capture line wrap mode, capturing is stopped automatically. No packets are lost when capturing is in progress. All captured packets can be displayed. No captured and not yet displayed packets are lost. Captured packets can be displayed when capturing is in progress or after the moment when capturing is stopped. Only packets saved in RAM (up to 128) can be displayed when capturing is stopped.
Remote capture can be enabled or disabled using the CLI. The network operator should obtain a computer with the Wireshark tool to display the captured traffic. When using remote capture mode, the switch doesn’t store any captured data locally. The local TCP port number can be configured for connecting Wireshark to the switch. The default port number is 2002. If a firewall is installed between the Wireshark PC and the switch, these ports must be allowed to pass through the firewall.
Example This example sends capture output to the console. console(config)#monitor capture line console(config)#exit console#monitor capture start all monitor session Use the monitor session command in Global Configuration mode to configure the source and destination for mirroring. Packets are copied from the source to the destination. Use the no form of the command to disable the monitoring session.
• tx — Mirrors transmitted packets only. If no option is specified, monitors both rx and tx. • both—Mirrors both ingress and egress. This is the default. • mode—Enable session mirroring. Use the no form of the command to disable monitoring. • remove-rspan-tag—Remove the RSPAN tag from packets transmitted on the probe port. This option is not available on the N4000 Series switches. Default Configuration The default is to mirror both transmit and receive directions.
• Up to 4 sessions with egress (TX) traffic mirroring may be active. • Up to 2 sessions with both (RX and TX) traffic mirroring may be active. • Any other combination of up to 4 total ingress or egress mirroring may be active. Destination (probe) interfaces do not perform MAC learning and drop ingress traffic (forwarding is disabled and incoming packets are dropped). Routing, spanning-tree, and port channel configuration are operationally disabled on probe ports.
ports, and be members of the RSPAN VLAN. Do not assign other ports to the RSPAN VLANs (for example, trunk ports that are not reflector ports). Additionally, reflector ports may not be port channels. Monitored traffic is encapsulated in the RSPAN VLAN on the reflector port on the source switch. On a source switch, when both an RSPAN VLAN and reflector port are configured on a trunk or general mode port with other VLANs, the interface can also carry traffic on the other VLANs.
the implicit deny all). If configuring an egress ACL on the destination port, care must be taken with the ACL numbering to ensure the mirrored traffic is properly processed. Bidirectional mirroring of multiple ports in a network may result in duplicate packets transmitted on the probe port (one copy for the receive side and another copy for the transmit side). Configuring the mirroring as rx only may help to reduce this issue.
console(config)#monitor session 1 destination remote vlan 723 reflector-port Te1/0/1 console(config)#monitor session 1 mode console(config)#show monitor session 1 Session Admin mode Type Source ports Both Destination port Destination RSPAN VLAN : : : : : : : 1 Enabled Remote source session Gi1/0/48 Te1/0/1 723 This example shows how to configure a destination switch using VLAN 723 as the source RSPAN VLAN interface Te1/0/1 and Gi1/0/10 as the destination interface.
Syntax remote-span no remote-span Default Configuration There is no default configuration for this command. Command Modes VLAN Configuration mode. User Guidelines Remote-span VLANs must be configured as a tagged VLAN on trunk or general mode ports on RSPAN transit switches. Traffic in an RSPAN VLAN is always flooded as MAC address learning and link local protocols are disabled on RSPAN VLANs.
Command Modes Privileged Exec mode (all SHOW modes) User Guidelines This command has no user guidelines. Example console#show monitor capture Operational Status............................. Current Capturing Type......................... Capturing Traffic Mode......................... Line Wrap Mode................................. RPCAP Listening Port........................... RPCAP dump file size (KB)......................
0010 86 dd 60 00 00 0020 00 00 00 00 88 0030 00 00 00 00 00 0040 01 00 82 00 43 0050 00 00 00 00 00 =================== 00 ff 00 62 00 00 fe 00 27 00 24 2f 00 10 00 00 8e 00 00 00 01 82 01 00 00 fe ff 3a 00 ff 80 02 00 00 ff 00 00 05 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 Gi1/0/1 Length = 94 [RECEIVE] =================== 02:29:26.
console(config)#show monitor session 1 Session Admin mode Type Source ports Both Destination ports IP access-group : : : : : : : 1 Disabled Local session Te1/0/10 Te2/0/20 a1 The following example shows the detailed status of the port based mirroring session that is constrained to a local switch.
The following example shows the detailed status of a VLAN session on destination switch, where session is span across multiple switches. console# show monitor session 1 detail Session : 1 Type : Remote Destination Session Source Ports : RX Only : None TX Only : None Both : None Source VLANs : RX Only : None Source RSPAN VLAN : 999 Destination Ports : Gi1/0/15 Dest RSPAN VLAN : None show vlan remote-span Use this command to display the RSPAN VLAN IDs.
----------------------------------------------------10 Layer 2 Switching Commands 662
QoS Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Quality of Service (QoS) technologies are intended to provide guaranteed timely delivery of specific application data to a particular destination. In contrast, standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee.
ACLs can be configured to apply to a VLAN instead of an interface. Traffic tagged with a VLAN ID (either receive-tagged or tagged by ingress process such as PVID) is evaluated for a match regardless of the interface on which it is received. Layer 2 ACLs The Layer 2 ACL feature provides access list capability by allowing classification on the Layer 2 header of an Ethernet frame, including the 802.1Q VLAN tag(s).
CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as physical port interfaces. Queue Mapping The priority of a packet arriving at an interface is used to steer the packet to the appropriate outbound CoS queue through a mapping table. Network packets arriving at an ingress port are directed to one of n queues in an egress port(s) based on the translation of packet priority to CoS queue.
DiffServ Standard IP-based networks are designed to provide “best effort” data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will meet the latency or bandwidth requirements. During times of congestion, packets may be delayed, sent sporadically, or dropped. For typical Internet applications, such as email and file transfer, a slight degradation in service is acceptable and in many cases unnoticeable.
conform-color match dstl4port policy-map show policy-map cos-queue minbandwidth match ethertype random-detect queue-parms show policy-map interface cos-queue random- match ip6flowlbl detect random-detect show service-policy exponentialweighting-constant cos-queue strict match ip dscp redirect traffic-shape diffserv match ip precedence service-policy vlan priority drop match ip tos show class-map – mark cos match protocol show classofservice – dot1p-mapping mark ip-dscp match source
User Guidelines The queue id is the internal queue number (traffic class), not the CoS value. Use the show classofservice command to display the assignment of CoS and DSCP values to internal queue numbers. Example The following example displays how to change the queue ID to 4 for the associated traffic stream.
Example The following example shows how to specify the DiffServ class name of “DELL.” console(config)#class-map match-all DELL console(config-classmap)#exit console(config)#policy-map DELL1 in console(config-policy-map)#class DELL class-map Use the class-map command in Global Configuration mode to define a new DiffServ class of type match-all. To delete an existing class, use the no form of this command.
Enter the class-map command with the match-all/match-any parameter and a nonexistent class-map-name to create a new class map. The class-mapname must not be the same as any other class map or access group name. Use the no class-map form of the command without a match-all/match-any parameter to delete an existing class map. The match-all parameter indicates that all of the match criteria configured in the class map must be met for the packet to be processed by the class map.
console(config-classmap)#match access-group name voice-pass console(config-classmap)#match access-group name voice-all console(config- classmap)#exit console(config)#class-map match-all port-default console(config-classmap)#match access-group name default console(config- classmap)#exit console(config)#policy-map inbound in console(config-policy-map)#class voice-all console(config-policy-classmap)#mark ip dscp af41 console(config-policy-classmap)#exit console(config-policy-map)#class port-default console(con
Example The following example displays how to change the name of a DiffServ class from “DELL” to “DELL1.” console(config)#class-map rename DELL DELL1 console(config)# classofservice dot1p-mapping Use the classofservice dot1p-mapping command in Global Configuration mode to map an IEEE 802.1p user priority to an internal traffic class. In Interface Configuration mode, the mapping is applied only to packets received on that interface. Use the no form of the command to remove mapping between an 802.
Command Mode Global Configuration or Interface Configuration (Ethernet, Port-channel) mode User Guidelines None Example The following example globally configures a mapping for user priority 1 and traffic class 2. If trust mode is enabled for 802.1p (classofservice trust dot1p), packets received on any interface marked with IEEE 802.1p priority 1 will be assigned to internal CoS queue 2.
IP DSCP Traffic Class (queue-id) 0(be/cs0) 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8(cs1) 0 9 0 10(af11) 0 11 0 12(af12) 0 13 0 14(af13) 0 15 0 16(cs2) 0 17 0 18(af21) 0 19 0 20(af22) 0 21 0 22(af23) 0 23 0 24(cs3) 1 25 1 26(af31) 1 Layer 2 Switching Commands 674
IP DSCP Traffic Class (queue-id) 27 1 28(af32) 1 29 1 30(af33) 1 31 1 32(cs4) 2 33 2 34(af41) 2 35 2 36(af42) 2 37 2 38(af43) 2 39 2 40(cs5) 2 41 2 42 2 43 2 44 2 45 2 46(ef) 2 47 2 48(cs6) 3 49 3 50 3 51 3 52 3 53 3 54 3 Layer 2 Switching Commands 675
IP DSCP Traffic Class (queue-id) 55 3 56(cs7) 3 57 3 58 3 59 3 60 3 61 3 62 3 63 3 Command Mode Global Configuration mode User Guidelines The switch may be configured to trust either DSCP or CoS values, but not both. Setting the trust mode does not affect ACL packet matching, e.g. it is still possible to use an ACL that matches on a received CoS value and assigns the packet to a queue even when DSCP is trusted.
Syntax classofservice trust {dot1p | untrusted | ip-dscp} no classofservice trust • dot1p — Specifies that the mode be set to trust IEEE 802.1p packet markings. • untrusted — Sets the Class of Service Trust Mode to Untrusted. • ip-dscp — Specifies that the mode be set to trust IP DSCP packet markings. Default Configuration By default, the switch trusts IEEE 802.1p markings.
Syntax conform-color {class-map-name} [exceed-color { class-map-name } ] Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command must be preceded by a police command. If the conform-color command is not entered, the police algorithm uses the color-blind version, meaning in the incoming color is ignored. The conform-color command can be used with any of the three police algorithms.
Example The following example uses a simple policer to color TCP packets that exceed an average rate of 1000 Kbps or a burst size of 16 Kbytes as red. Conforming packets (those in CoS queue 1) are pre-colored green prior to metering. After metering, non-conforming packets are colored red. Both green and red packets are transmitted, but may be subject to further color-based action on egress.
Command Mode Global Configuration mode or Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command changes the scheduling policy for packet transmission of the selected CoS queues. It does not change the packet buffering policy nor does it reserve packet buffers to a CoS queue. The maximum number of queues supported per interface is seven.
cos-queue random-detect Use the cos-queue random-detect command in Global Configuration or Interface Configuration mode to enable WRED queue management policy on an interface CoS queue. Use the no form of the command to disable WRED policy for a CoS queue on an interface. NOTE: On the N1500 Series switches, this command enables Simple RED since the hardware is not capable of Weighted RED. Syntax cos-queue {random-detect queue-id1 [queue-id2..queue-idn]} no cos-queue {random-detect queue-id1 [queue-id2..
Use the policy-map and conform-color commands to mark traffic with a color other than default green color. The drop probability scale supports values in the range 0-10% and the discrete values 25%, 50%, 75%, and 100%. Other values are truncated to the next lower value by the hardware. N1500 Series Switches N1500 Series switches support a simple RED capability.
drop threshold at 100% of the statically calculated port queue length vs. the dynamically calculated value used by the normal tail-drop mechanism (approx. 1/2 remaining free packet buffer memory). console(config)# cos-queue random-detect 0 console(config)# random-detect queue-parms 0 min-thresh 3 3 3 100 max-thresh 10 10 10 100 drop-prob-scale 1 2 3 0 Example 2 This example configures simple RED on an N1500 series switch.
User Guidelines Strict priority (SP) queues are scheduled in priority order ahead of WRR queues. Strict priority queues are allocated unlimited bandwidth by default. Configuring the min-bandwidth on a CoS queue also configured for strict priority wastes the scheduler slots. Use the cos-queue min-bandwidth command on lower priority SP and WRR queues to ensure fairness to lower priority queues by reserving a specific amount of scheduler bandwidth.
NOTE: On the N1500 Series switches, enable Simple RED since the hardware is not capable of Weighted RED. Syntax diffserv no diffserv Default Configuration This command default is enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the DiffServ operational mode to active.
User Guidelines This command has no user guidelines. Example The following example displays how to specify that matching packets are to be dropped at ingress. console(config-policy-classmap)#drop mark cos Use the mark cos command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified class of service value in the user priority field of the 802.1p header. If the packet does not already contain this header, one is inserted.
Example The following example displays how to mark all packets with a CoS value. console(config-policy-classmap)#mark cos 7 mark ip-dscp Use the mark ip-dscp command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP DSCP value. NOTE: This command is not available on the N1500 Series switches.
Example The following example displays how to mark all packets with an IP DSCP value of “cs4.” console(config-policy-classmap)#mark ip-dscp cs4 mark ip-precedence Use the mark ip-precedence command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP precedence value. NOTE: This command is not available on the N1500 Series switches. Syntax mark ip-precedence prec-value • prec-value — Specifies the IP precedence value as an integer.
console(config-policy-classmap)#mark ip-precedence 2 console(config-policy-classmap)# match access-group Use the match access-group command to add ACL match criteria to a class map. Use the no form of the command to remove the ACL match criteria. Syntax match access-group name name no match access-group name name • name—The name of an access-list. Only MAC, IPv4, and IPv6 access-lists are allowed. Default Configuration No access-lists are configured for a class-map.
If a packet matches a permit ACL clause specified in a class-map, the packet matches, no further matching is performed, and the class-map clause is matched. If a packet matches a deny ACL class specified in a class-map, the packet does not match, no further matching is performed, and the class-map clause is not matched. No counters are instantiated for ACLs referenced in a class map. Command History Command introduced in version 6.5 firmware.
match class-map Use the match class-map command to add to the specified class definition the set of match conditions defined for another class. Use the no form of this command to remove from the specified class definition the set of match conditions defined for another class. NOTE: This command is not available on the N1500 Series switches.
• The total number of class rules formed by the complete reference class chain (including both predecessor and successor classes) must not exceed a platform-specific maximum. In some cases, each removal of a refclass rule reduces the maximum number of available rules in the class definition by one. Example The following example adds match conditions defined for the Dell class to the class currently being configured.
Example The following example displays adding a match condition to the specified class. console(config-classmap)#match cos 1 match destination-address mac Use the match destination-address mac command in Class-Map Configuration mode to add a match condition based on the destination MAC address of a packet. NOTE: This command is not available on the N1500 Series switches.
match any Use the match any command in Class-Map Configuration mode to allow matching on any of the specified match conditions. Use the no form of the command to remove the ACL match criteria and revert to match-all behavior. Syntax match any no match any Default Configuration The default matching for a class map is to match on all specified match conditions.
Example The following example configures a MAC access list arp-list with a policy that implements a simple policer for ARP packets coming from any of the hosts listed in the access list. Apply the policy to an interface using the servicepolicy in command in Interface Configuration mode. console(config)#mac access-list extended arp-list console(config-mac-access-list)#permit 00:01:02:03:04:05 0000.0000.0000 0x0806 console(config-mac-access-list)#permit 00:03:04:05:06:07 0000.0000.
Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition using the specified IP address and bit mask. console(config-classmap)#match dstip 10.240.1.1 255.255.255.1 match dstip6 The match dstip6 command adds a match condition based on the destination IPv6 address of a packet. NOTE: This command is not available on the N1500 Series switches.
Example console(config-classmap)#match dstip6 2001:DB8::0/32 match dstl4port Use the match dstl4port command in Class-Map Configuration mode to add a match condition based on the destination layer 4 port of a packet using a single keyword or a numeric notation. NOTE: This command is not available on the N1500 Series switches. Syntax match dstl4port {portkey | port-number} • portkey — Specifies one of the supported port name keywords. A match condition is specified by one layer 4 port number.
NOTE: This command is not available on the N1500 Series switches. Syntax match ethertype {keyword | 0x0600-0xffff} • keyword — Specifies either a valid keyword or a valid hexadecimal number. The supported keywords are appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. (Range: 0x0600– 0xFFFF) Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines.
Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example adds a rule to match packets whose IPv6 Flow Label equals 32312.
User Guidelines This DSCP field is defined as the high-order six bits of the Service type octet in the IP header. The low-order two bits are not checked. The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. To specify a match on all DSCP values, use the match ip tos tosbits tosmask command with tosbits set to “0” (zero) and tosmask set to hex “03.
User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. To specify a match on all precedence values, use the match ip tos tosbits tosmask command with tosbits set to “0” (zero) and tosmask set to hex “1F.” Example The following example displays adding a match condition based on the value of the IP precedence field.
User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. This specification is the free form version of the IP DSCP/Precedence/TOS match specification in that you have complete control of specifying which bits of the IP Service Type field are checked.
• igmp—Match IGMP protocol packets (Ethertype 0x0800 and IPv4 protocol 2).
Example The following example displays adding a match condition based on the “ip” protocol name keyword. console(config-classmap)#match protocol ip match source-address mac Use the match source-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source MAC address of the packet. NOTE: This command is not available on the N1500 Series switches.
match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP address of a packet. NOTE: This command is not available on the N1500 Series switches. Syntax match srcip ipaddr ipmask • ipaddr — Specifies a valid IP address. • ipmask — Specifies a valid IP address bit mask. Note that although this IP address bit mask is similar to a subnet mask, it does not need to be contiguous.
Syntax match srcip6 source-ipv6-prefix/prefix-length • source-ipv6-prefix — IPv6 prefix in IPv6 global address format. • prefix-length — IPv6 prefix length value. Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command.
Command Mode Class-Map Configuration mode User Guidelines Only one srcl4port matching criteria can be specified. To remove the matching criteria, delete the class map. Example The following example displays how to add a match condition using the “snmp” port name keyword. console(config-classmap)#match srcl4port snmp match vlan Use the match vlan command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field.
Example The following example displays adding a match condition for the VLAN ID “2.” console(config-classmap)#match vlan 2 mirror Use the mirror command in Policy-Class-Map Configuration mode to mirror all the data that matches the class defined to the destination port specified. NOTE: This command is not available on the N1500 Series switches. Syntax mirror interface • interface — Specifies the Ethernet port to which data needs to be copied.
Syntax police-simple {datarate burstsize conform-action {drop | set-prec-transmit cos | set-dscp-transmit dscpval | transmit} [violate-action {drop | set-cos transmit cos | set-prec-transmit cos | set-dscp-transmit dscpval | transmit}]} • datarate — Data rate in kilobits per second (Kbps). (Range: 1– 4294967295) • burstsize — Burst size in Kbytes (Range: 1–128) • conform action — Configures the action taken for packets that do not exceed the data rate or the burst size: – drop: Drop the packet.
User Guidelines The simple form of the police command uses a single data rate and burst size, resulting in two outcomes: conform and violate. Conforming packets are colored green and non-conforming packets are colored red for use by the WRED mechanism. Only one style of police command (simple, single-rate or two-rate) is allowed for a given class instance in a particular policy. The conform-color command can be used to pre-color packets prior to policing.
– set-dscp-transmit dscp-val: Remark the DSCP in the packet to dscpval and transmit. (Range 0-63) – set-cos-transmit 802.1p-priority: Remark the 802.1p priority in the packet to 802.1p-priority and transmit. (Range 0-7) – transmit: Transmit the packet unmodified. Default Configuration There no default configuration for this command.
Syntax police-two-rate datarate burstsize peak-data-rate excess-burstsize conformaction action exceed-action action violate-action action • datarate — Data rate in kilobits per second (Kbps). (Range: 1– 4294967295) • burstsize — Burst size in Kbytes (Range: 1–128) • peak-data-rate— Peak data rate in kilobits per second (Kbps). (Range 14294967295) • excess-burstsize — Excess burst size in kilobits per seconds (Kbps). (Range 1-128) • action— The action to take according to the color.
Peak Burst Size (PBS) A packet is colored red if it exceeds the PIR, yellow if it exceeds the CIR, but not the PIR, and green if it does not exceed either. A trTCM is useful when a peak rate needs to be enforced separately from a committed rate. The CIR and PIR are measured in Kbps (not pps as indicated in the RFC), the CBS in Kbytes, and the PBS in Kbytes. It is recommended that the CBS and PBS be configured to be larger than the largest expected IP packet.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The CLI mode is changed to Policy-Class-Map Configuration when this command is successfully executed. The policy type dictates which of the individual policy attribute commands are valid within the policy definition. Example The following example shows how to establish a new ingress DiffServ policy named “DELL.
• queue-id—The internal class of service queue (range 0-6). The queue-id is not the same as the CoS value received in incoming packets. Use the show classofservice dot1p-mapping command to display the CoS value to internal CoS queue mapping. • min-thresh—The minimum threshold at which to begin dropping, based on the configured maximum drop probability for each color and for nonTCP packets. Range 0 to 250. At or below the minimum threshold, no packets are dropped.
Queue ID WRED Minimum Threshold WRED Maximum Threshold WRED Drop Probability Scale ECN Enabled 5 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No 6 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No Command Mode Global Configuration mode, Interface Configuration mode (physical and port-channel), Interface Range mode User Guidelines Interface configuration overrides the global configuration. WRED Processing WRED is intended to provide feedback to protocols (e.g.
physical interface. For the Dell EMC NetworkingN2000/N3000 Series switches, a threshold of 100% corresponds to a buffer occupancy of 295428 bytes queued for transmission on an interface. For the N4000 Series switch, a threshold of 100% corresponds to a buffer occupancy of 666757 bytes queued for transmission on an interface.
Explicit Congestion Notification (ECN): ECN capability is an end-to-end feedback mechanism. Both ends of the TCP connection must participate. When ECN is enabled, packets marked as ECN capable and selected for discard by WRED are marked CE and are not dropped. In cases of extreme congestion, ECN capable packets may be dropped. Use the show interfaces traffic command to see color aware drops and congestion levels.
100%: 100 Examples This example configures simple RED on an N1500 series switch. CoS queue 1 is globally configured for simple RED with a congestion threshold of 50% and a drop probability of 0.781% for green colored traffic.
size to ½ the difference between the previous size and the current instantaneous queue size, set the weighting constant to 1. To update the current queue size to 1/4 the difference between the previous size and the current instantaneous queue size, set the weighting constant to 2, .... The average queue size is calculated for each physical interface independently.
service-policy Use the service-policy command in either Global Configuration mode (for all system interfaces) or Interface Configuration mode (for a specific interface) to attach a policy to an interface. To return to the system default, use the no form of this command. NOTE: This command is not available on the N1500 Series switches.
the same direction. Applying a policy globally applies the policy to all physical interfaces. The policy appears in the running-config as part of the individual interface configuration. Example The following example shows how to attach a service policy named “DELL” to all interfaces for packets ingressing the switch. console(config)#service-policy in DELL show class-map Use the show class-map command to display all configuration information for the specified class.
Class Name ------------------------------cee ipv4 stop_http_class Type ACL Identifier or Reference Class Name ----- -------------------------------------All acl (IP ) All Any console#show class-map ipv4 Class Name..................................... ipv4 Class Type..................................... All Match Rule Count............................... 1 Match Criteria Values ---------------------------- -------------------------------------------Source IP Address 2.2.2.2 (255.255.255.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If the interface is specified, the IEEE 802.1p mapping table of the interface is displayed. If omitted, the global configuration settings are displayed. The following table lists the parameters in the example and gives a description of each. Parameter Description User Priority The 802.1p user priority value.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
28(af32) 29 30(af33) 31 32(cs4) 33 34(af41) 35 36(af42) 37 38(af43) 39 40(cs5) 41 42 43 44 45 46(ef) 47 48(cs6) 49 50 51 52 53 54 55 56(cs7) 57 58 59 60 61 62 63 1 1 1 1 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 show classofservice trust Use the show classofservice trust command to display the current trust mode setting for a specific interface.
Syntax show classofservice trust [{gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If the interface is specified, the port trust mode of the interface is displayed. If omitted, the port trust mode for global configuration is shown.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show diffserv DiffServ Admin mode.......................... Class Table Size Current/Max................. Class Rule Table Size Current/Max............ Policy Table Size Current/Max................ Policy Instance Table Size Current/Max....... Policy Attribute Table Size Current/Max......
User Guidelines This command has no user guidelines. Example console#show diffserv service interface gigabitethernet 1/0/1 in DiffServ Admin Mode........................... Enable Interface..................................... Gi1/0/1 Direction..................................... In No policy is attached to this interface in this direction. show diffserv service brief Use the show diffserv service brief command to display all interfaces in the system to which a DiffServ policy has been attached.
Po47 Gi1/0/1 Po48 Gi1/0/2 In In In In Down Down Down Down DELL DELL DELL DELL show interfaces cos-queue Use the show interfaces cos-queue command to display the class-of-service queue configuration for the specified interface. Syntax show interfaces cos-queue [{gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
2 3 4 5 6 0 0 0 0 0 Weighted Weighted Weighted Weighted Weighted Tail Tail Tail Tail Tail Drop Drop Drop Drop Drop This example displays the COS configuration for the specified interface Gi1/0/1. console#show interfaces cos-queue gigabitethernet 1/0/1 Interface...................................... Gi1/0/1 Interface Shaping Rate......................... 0 Queue Id -------0 1 2 3 4 5 6 Min.
Parameter Description Minimum Bandwidth The minimum transmission bandwidth guarantee for the queue, expressed as a percentage. A value of 0 means bandwidth is not guaranteed and the queue operates using best-effort scheduling. This value is a configured value. Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme. This value is a configured value.
rate commands), all packets are colored green. Use the show interfaces cosqueue command to show the global or per interface scheduler type and queue management types. The N1500 Series switch does not support configuration of the maximum threshold nor can the threshold or drop probability be configured for nonTCP traffic. Example Example 1 This example shows ECN enabled for green color packets on CoS queues 0 and 1.
show policy-map Use the show policy-map command to display all configuration information for the specified policy. NOTE: This command is not available on the N1500 Series switches. Syntax show policy-map [policyname] • policyname — Specifies the name of a valid existing DiffServ policy. (Range: 1-31) Default Configuration This command has no default configuration.
Syntax show policy-map interface {interface-id} {in|out} • interface-id—An Ethernet or port-channel identifier. • in—Show inbound service policies. The offered value indicates the number of packets received by the classifier. • out—Show outbound service policies. The discarded value indicates the number of packets discarded by the policy. Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays a summary of policy-oriented statistics information.
• bw — Maximum transmission bandwidth value expressed in Kbps. (Range: 64 - 4294967295) Default Configuration This command has no default configuration. Command Mode Global Configuration mode, Interface Configuration (gigabitethernet, portchannel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Traffic shaping, also known as rate shaping, has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded.
Default Configuration By default, untagged frames are processed with VLAN priority 0. The VLAN priority is mapped to a class of service value which determines the handling of the frame. Use the show interfaces detail command to display the configured priority. Use the show classofservice dot1p-mapping command to display the mapping of VLAN priorities to COS values. Command Modes Interface (physical) Configuration mode User Guidelines This command has no user guidelines.
Spanning Tree Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches The Multiple Spanning Tree Protocol (MSTP) component complies with IEEE 802.1 by efficiently segregating VLAN traffic over separate interfaces for multiple instances of Spanning Tree. IEEE 802.1D, Spanning Tree and IEEE w, Rapid Spanning Tree are supported through the IEEE 802.1s implementation. The difference between the RSTP and STP (IEEE 802.
port. In this way, the root guard enforces the position of the root bridge. In MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role. STP BPDU Filtering - STP BPDU filtering applies to all operational edge ports.
show spanning-tree spanning-tree forward-time spanning-tree portfast spanning-tree vlan forward-time show spanning-tree spanning-tree guard spanning-tree summary portfast bpdufilter default spanning-tree vlan hello-time show spanning-tree spanning-tree vlan loopguard spanning-tree vlan max-age spanning-tree spanning-tree portfast default spanning-tree max- spanning-tree port- spanning-tree vlan root age priority (Interface Configuration) spanning-tree auto- spanning-tree max- – portfast hops span
console#clear spanning-tree detected-protocols gigabitethernet 1/0/1 exit (mst) Use the exit command in MST mode to exit the MST configuration mode and apply all configuration changes. Syntax exit Default Configuration MST configuration. Command Mode MST mode User Guidelines This command has no user guidelines. Example The following example shows how to exit the MST configuration mode and save changes.
Default Configuration VLANs are mapped to the common and internal spanning tree (CIST) instance (instance 0). Command Mode MST mode User Guidelines Before mapping VLANs to an instance use the spanning-tree mst enable command to enable the instance. All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree (CIST) instance (instance 0) and cannot be unmapped from the CIST.
console(config-mst)#instance 1 add vlan 3000-4093 console(config-mst)#instance 2 add vlan 200-349 console(config-mst)#instance 2 add vlan 351-399 console(config-mst)#instance 2 add vlan 450-499 console(config-mst)#instance 2 add vlan 2000-2199 console(config-mst)#instance 2 add vlan 2500-2599 console(config-mst)#instance 2 add vlan 2800-2999 console(config-mst)#exit console(config)#interface te1/1/1 console(config-if-Te1/1/1)#switchport mode trunk console(config-if-Te1/1/1)#switchport trunk allowed vlan add
Example The following example sets the configuration name to “region1”. console(config)#spanning-tree mst configuration console(config-mst)#name region1 revision (mst) Use the revision command in MST mode to identify the configuration revision number. To return to the default setting, use the no form of this command. Syntax revision version no revision • version — Configuration revision number. (Range: 0-65535) Default Configuration Revision number is 0.
show spanning-tree Use the show spanning-tree command to display the spanning-tree configuration. Syntax show spanning-tree [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] [instance instance-id] show spanning-tree [detail] [active | blockedports] | [instance instance-id] show spanning-tree mst-configuration show spanning-tree {uplinkfast | backbonefast} • detail—Displays detailed information.
Examples The following examples display spanning-tree information. MST information is shown in this form of the command regardless of the spanning tree mode. console#show spanning-tree Spanning Tree: Enabled Mode: rstp BPDU Flooding: Disabled Portfast BPDU Filtering: Enabled Portfast BPDU Guard: Disabled CST Regional Root: 80:00:00:1E:C9:AA:AD:1B Regional Root Path Cost: 0 ROOT ID Priority 32768 Address 0010.1882.
BPDUs: Sent: 74, Received: 0 console#show spanning-tree detail Spanning Tree: Enabled (BPDU Flooding: Disabled) Mode: rstp Portfast BPDU Filtering: Disabled CST Regional Root: 80:00:00:1E:C9:DE:D4:47 Regional Root Path Cost: 0 Address 80:00:00:1E:C9:DE:D4:47 This Switch is the Root.
Address 80:00:00:1E:C9:DE:D4:47 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Transmit Hold Count: 6s Bridge Max Hops: 20 Number of topology changes: 1 Last Change Occurred: 0d0h4m13s ago Times: Hold: 6, Hello: 2, Max Age: 20, Forward Delay: 15 Port: Gi1/0/1 Enabled State: Forwarding Role: Designated Port ID: 128.1 Port Cost: 20000 Root Protection: No Designated Bridge Priority: 32768 Address: 001E.C9DE.D447 Designated Port ID: 128.
console(config)#show spanning-tree uplinkfast Directlink rapid convergence is enabled BPDU update rate : 150 packets/sec Directlink rapid convergence Statistics --------------------Directlink rapid convergence transitions (all VLANs).. 0 Proxy multicast addresses transmitted (all VLANs).....
###### MST 0 Vlan Mapped: 1 ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Interfaces Name --------Gi1/0/1 Gi1/0/2 Te1/0/1 Te1/0/2 State -------Enabled Enabled Enabled Enabled Prio.Nbr --------128.1 128.2 128.49 128.50 Cost --------0 0 0 0 Sts ---FWD FWD FWD DSC Role ----Desg Desg Desg Bkup RestrictedPort -------------No No No No ###### MST 1 Vlan Mapped: 2 ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root.
Interfaces Name --------Gi1/0/1 Gi1/0/2 State -------Enabled Enabled Prio.Nbr --------128.1 128.2 Cost --------20000 20000 Sts ---FWD FWD Role ----Desg Desg RestrictedPort -------------No No console(config)#show spanning-tree instance 2 Spanning Tree: Enabled BPDU Flooding: Disabled Mode: mstp Portfast BPDU Filtering: Disabled CST Regional Root: 80:00:00:1E:C9:DE:D4:47 Regional Root Path Cost: 0 ###### MST 2 Vlan Mapped: 3-5 ROOT ID Priority 4096 Address 001E.C9DE.
ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Interfaces Name State --------- -------Gi1/0/1 Enabled Gi1/0/2 Enabled Te1/0/1 Enabled Te1/0/2 Enabled Prio.Nbr --------128.1 128.2 128.49 128.50 Cost --------20000 20000 2000 2000 Sts ---FWD FWD FWD DSC Role ----Desg Desg Desg Bkup RestrictedPort -------------No No No No This example shows spanning-tree configured in rapid-pvst mode.
Gi1/0/1 Gi1/0/2 Enabled Enabled 128.1 128.2 20000 20000 Forwarding Forwarding Designated Designated show spanning-tree summary Use the show spanning-tree summary command to display spanning tree settings and parameters for the switch. Syntax show spanning-tree summary Default Configuration There is no default configuration for this command.
Configuration Name Identifier used to identify the configuration currently being used. Configuration Revision Level Identifier used to identify the configuration currently being used. Configuration Digest Key A generated Key used in the exchange of the BPDUs. Configuration Format Selector Specifies the version of the configuration format being used in the exchange of BPDUs. The default value is zero. MST Instances List of all multiple spanning tree instances configured on the switch.
• all—Show all VLANs. Default Configuration There is no default configuration for this command. Command Modes Privileged Exec and above User Guidelines There are no user guidelines for this command. Example console(config)#show spanning-tree vlan 2 VLAN 2 Spanning Tree: Enabled Mode: rapid-pvst RootID Priority 32770 Address 001E.C9DE.D447 Cost 0 Port This switch is the root Hello Time: 2s Max Age: 20s Forward Delay: 15s BridgeID Priority 32770 (priority 32768 sys-id-ext 2) Address 001E.C9DE.
Default Configuration Spanning-tree is enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables spanning-tree functionality. console(config)#spanning-tree spanning-tree auto-portfast Use the spanning-tree auto-portfast command to set the port to auto portfast mode. This enables the port to become a portfast port if it does not see any BPDUs for 3 seconds after a link up event.
Example The following example enables spanning-tree functionality on Gigabit ethernet interface 4/0/1. console#config console(config)#interface gigabitethernet 4/0/1 console(config-if-4/0/1)#spanning-tree auto-portfast spanning-tree backbonefast Use the spanning-tree backbonefast command to enable the detection of indirect link failures and accelerate spanning tree convergence on STP-PV/RSTP-PV configured switches using Indirect Link Rapid Convergence (IRC).
Example console(config)#spanning-tree backbonefast spanning-tree bpdu flooding The spanning-tree bpdu flooding command allows flooding of BPDUs received on non-spanning-tree ports to all other non-spanning-tree ports. Use the “no” form of the command to disable flooding. Syntax spanning-tree bpdu flooding no spanning-tree bpdu flooding Default Configuration This feature is disabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Default Configuration BPDU guard is not enabled. Command Mode Global Configuration mode User Guidelines The administrator should ensure that interfaces on which BDPU guard is enabled are configured as edge ports. To configure an interface as an edge port, use the spanning-tree portfast command. An edge port is generally connected to a user terminal (such as a desktop computer) or file server directly and is configured as an edge port to implement a fast transition to the forwarding state.
Syntax spanning-tree [vlan vlan-list] cost cost no spanning-tree cost • cost — The port path cost. Default Configuration The default cost value (0) causes the switch to select the path cost based on the link speed. • 40G Port path cost — 1400 • 10G Port path cost — 2000 • 1000 Mbps (giga) — 20,000 • 100 Mbps — 200,000 • 10 Mbps — 2,000,000 • Port Channel—200,000,000 divided by the sum of the unidirectional link speed (in Mbps) of each active member multiplied by 10 per section 13.6.
If an interface is configured with both the spanning-tree vlan vlan-id cost cost command and the spanning-tree cost cost command, the spanning-tree vlan vlan-id cost cost value is used in the spanning tree calculation for RSTP, STP, and MST. Use the spanning-tree vlan cost command to change the cost for RSTP-PV and STP-PV. Example The following example configures the external path cost to be 8192 for VLANs 12, 13, 24, 25, and 26.
spanning-tree forward-time Use the spanning-tree forward-time command in Global Configuration mode to configure the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state. To reset the default forward time, use the no form of this command. Syntax spanning-tree forward-time seconds no spanning-tree forward-time • seconds — Time in seconds.
spanning-tree guard The spanning-tree guard command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, the port operates in accordance with the multiple spanning tree protocol. Use the “no” form of this command to disable loop guard or root guard on the interface. Syntax spanning-tree guard {root | loop | none} • root — Enables root guard. • loop — Enables loop guard • none — Disables root and loop guard.
no spanning-tree loopguard default Default Configuration Loop guard is disabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree loopguard functionality on all ports. console(config)#spanning-tree loopguard default spanning-tree max-age Use the spanning-tree max-age command in Global Configuration mode to configure the spanning-tree bridge maximum age.
User Guidelines When configuring the Max-Age the following relationships should be satisfied: 2*(Forward-Time - 1) >= Max-Age Max-Age >= 2*(Hello-Time + 1) Example The following example configures the spanning-tree bridge maximum-age to 10 seconds. console(config)#spanning-tree max-age 10 spanning-tree max-hops Use the spanning-tree max-hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree.
spanning-tree mode Use the spanning-tree mode command in Global Configuration mode to configure the spanning-tree protocol. To return to the default configuration, use the no spanning-tree form of this command. Syntax spanning-tree mode {stp | rstp | mst | pvst | rapid-pvst} • stp — Spanning Tree Protocol (STP) is enabled. • rstp — Rapid Spanning Tree Protocol (RSTP) is enabled. • mst — Multiple Spanning Tree Protocol (MSTP) is enabled. • pvst— Spanning-tree operates in STP-PV mode.
RSTP-PV maintains independent spanning tree information about each configured VLAN. RSTP-PV uses IEEE 802.1Q trunking and allows a trunked VLAN to maintain blocked or forwarding state per port on a per VLAN basis. This allows a trunk port to be forwarding for some VLANs and blocked on other VLANs. RSTP-PV extends the IEEE 802.1w standard. It supports faster convergence than IEEE 802.1D. RSTP-PV is compatible with IEEE 802.1D spanning tree.
User Guidelines For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number and the same name. Example The following example configures an MST region.
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Use the spanning-tree cost command to configure MST instance 0 (the common spanning tree instance). Use the show spanning-tree active command to display the spanning tree costs. Example The following example configures the MSTP instance 1 path cost for Gigabit Ethernet interface 1/0/9 to 4.
User Guidelines The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. Example The following example configures the port priority of Gigabit Ethernet interface 1/0/5 to 144. console(config)#interface gigabitethernet 1/0/5 console(config-if)#spanning-tree mst 1 port-priority 144 spanning-tree mst priority Use the spanning-tree mst priority command in Global Configuration mode to set the switch priority for the specified spanning-tree instance.
Bridge priority configuration is given preference over the root primary/secondary configuration. Root primary/secondary configuration is given preference over the DRC configuration. The switch with the lowest priority is selected as the root of the spanning tree. Example The following example configures the spanning tree priority of instance 1 to 4096.
Example The following example enables portfast on Gi1/0/5. console(config)#interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)#spanning-tree portfast spanning-tree portfast bpdufilter default The spanning-tree portfast bpdufilter default command disables the transmission and reception of BPDUs on portfast enabled ports. Use the “no” form of the command to enable the transmission and receipt of BPDUs.
The administrator must ensure that interfaces enabled for BPDU filtering are configured as edge ports. Use the spanning-tree portfast command to configure the interface as an edge port. Example The following example discards BPDUs received on spanning-tree ports in portfast mode. console(config)#spanning-tree portfast bpdufilter default spanning-tree portfast default Use the spanning-tree portfast default command to enable portfast mode on access ports.
Example The following example enables portfast mode on all access ports. console(config)#spanning-tree portfast default spanning-tree port-priority (Interface Configuration) Use the spanning-tree port-priority command in Interface Configuration mode to configure the priority value of an edge-port or point-to-point interface to allow the operator to select the relative importance of the interface in the selection process for forwarding.
If an interface is configured with both the spanning-tree vlan vlan-id portpriority priority command and the spanning-tree port-priority priority command, the spanning-tree vlan vlan-id port-priority priority value is used as the port priority. If a VLAN parameter is provided, the VLAN must have been previously configured or an error is thrown. An edge port is a port with spanning-tree port-fast enabled. A point-to-point link is a link configured as full-duplex.
Syntax spanning-tree priority priority no spanning-tree priority • priority — Priority of the bridge. (Range: 0–61440) Default Configuration The default bridge priority for IEEE STP is 32768. Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096. The switch with the lowest priority is the root of the spanning tree. Bridge priority configuration is given preference over root primary/secondary configuration.
Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures spanning-tree tcnguard on 4/0/1. console(config-if-4/0/1)#spanning-tree tcnguard spanning-tree transmit hold-count Use the spanning-tree transmit hold-count command to set the maximum number of BPDUs that a bridge is allowed to send within a hello time window (2 seconds).
spanning-tree uplinkfast Use the spanning-tree uplinkfast command to configure the rate at which gratuitous frames are sent (in packets per second) after a switchover to an alternate port on STP-PV and RSTP-PV configured switches and enable Direct Link Rapid Convergence on STP-PV switches. This command assists in accelerating spanning-tree convergence after switchover to an alternate port.
that the rest of the network knows to use the secondary link to reach that machine. DRC is disabled when the administrator modifies the spanning-tree priority of a VLAN and is re-enabled only when the default priority is restored. Configuration of the bridge priority is given preference over configuration of the root primary or root secondary configuration, which is given preference over the configuration of DirectLink Rapid Convergence. RSTP-PV embeds support for IRC and DRC.
To change the allocation of spanning-tree instances to VLANs, use the no spanning-tree vlan command to disassociate a VLAN from a per VLAN spanning-tree instance and use the spanning-tree vlan command to associate the spanning-tree instance with the desired VLAN. Command Modes Global Configuration mode User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes.
Command Modes Global Configuration Mode User Guidelines Set this value to a lower number to accelerate the transition to forwarding. The network operator should take into account the end to end BPDU propagation delay, the maximum frame lifetime, the maximum transmission halt delay and the message age overestimate values specific to their network when configuring this parameter. Forward delay is only application to STP modes.
User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes. Set this value to a lower number to accelerate discovery of topology changes. Use the no form of the command to return the hello time to its default value.
The default setting of 20 seconds is suitable for a network of diameter 7, lost message value of 3, transit delay of 1, hello interval of 2 seconds, overestimate per bridge of 1 second, and a BPDU delay of 1 second. For a network of diameter 4, a setting of 16 seconds is appropriate if all other timers remain at their default values. IEEE 802.1Q notes that RSTP and MSTP treat the common spanning tree message age field as a hop count. Section 13.
User Guidelines This command can be configured even if the switch is configured for MST (RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes. The logic sets the bridge priority to a value lower (primary) or next lower (secondary) than the lowest bridge priority for the specified VLAN or a range of VLANs. This command only applies when STP-PV or RSTP-PV is enabled.
If the value configured is not among the specified values, it will be rounded off to the nearest valid value. Command Modes Global Configuration mode User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes. The root bridge for a VLAN should be carefully selected to provide optimal paths for traffic through the network.
UDLD Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches The UDLD feature detects unidirectional links on physical ports. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction. UDLD must be enabled on the both sides of the link in order to detect a unidirectional link. The UDLD protocol operates by exchanging packets containing information about neighboring devices.
recognize only the sending failures on unidirectional links. If all devices in the network support UDLD, this functionality is enough to detect all unidirectional links. Processing UDLD Traffic from Neighbors Every UDLD-capable device collects information about all other UDLDcapable devices. Each device populates UDLD echo packets with collected neighbor information to help neighbors identify unidirectional links.
UDLD will put the port into the diagnostically disabled state in the following cases: a When there is a loopback, the device ID and port ID sent out on a port is received back. b UDLD PDU is received from a partner does not have its own details (echo). c Bidirectional connection is established and no UDLD packets are received from the partner device within three times the message interval. d In aggressive mode, when the partner does not respond to an ECHO within 7 seconds.
Command Mode Global Configuration mode User Guidelines This command globally enables UDLD. Interfaces must also be individually enabled for UDLD. Example This command globally enables UDLD. console(config)#udld enable udld reset Use the udld reset command to reset (enable) all interfaces disabled by UDLD. Syntax udld reset Default Configuration This command has no default configuration.
Example This example resets all UDLD disabled interfaces. console#udld reset udld message time Use the udld message time command in Global Configuration mode to configure the interval between the transmission of UDLD probe messages on ports that are in the advertisement phase. Use the no form of the command to return the message transmission interval to the default value. Syntax udld message time message-interval no udld message time • message-interval—UDLD message transmit interval in seconds.
udld timeout interval Use the udld timeout interval command in Global Configuration mode to configure the interval for the receipt of ECHO replies. Use the no form of the command to return the value to the default setting. Syntax udld timeout interval timeout-interval no udld timeout interval • timeout-interval—UDLD timeout interval. Range is 5 to 60 seconds. Default Configuration The default timeout interval is 5 seconds.
no udld enable Default Configuration UDLD is disabled by default on an interface. UDLD must be enabled globally and on an interface in order to operate. Command Mode Interface (physical) Configuration mode User Guidelines UDLD cannot be enabled on a port channel. Instead, enable UDLD on the physical interfaces of a port channel. Example This example enables UDLD on an interface. UDLD must also be enabled globally.
Command Mode Interface (Ethernet) Configuration mode User Guidelines In aggressive mode, UDLD will attempt to detect a peer by sending an ECHO packet every seven seconds until a peer is detected. Example This example configure an interface to operate in UDLD aggressive mode. console(config-if-Te1/0/1)#udld port aggressive show udld Use the show udld command in User Exec or Privileged Exec mode to display the global settings for UDLD.
Field Description Timeout Interval The time period (in seconds) before making decision that link is unidirectional. When an interface ID is specified, the following fields are shown: Field Description Interface Id The interface identifier in short form, e.g. te1/0/1. Admin Mode The administrative mode of UDLD configured on this interface. This is either Enabled or Disabled. UDLD Mode The UDLD mode configured on this interface. This is either Normal or Aggressive.
Interface --------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Admin Mode UDLD Mode UDLD Status ---------- ----------- ---------------Enabled Aggressive Err-disabled (Link Down) Enabled Aggressive UDLD Err-disabled Enabled Aggressive Shutdown (Link Down) Disabled Normal Not Applicable Disabled Normal Not Applicable Layer 2 Switching Commands 796
VLAN Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Dell EMC Networking 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own.
Double VLAN Mode An incoming frame is identified as tagged or untagged based on Tag Protocol Identifier (TPID) value it contains. The IEEE 802.1Q standard specifies a TPID value (0x8100) to recognize an incoming frame as tagged or untagged. Any valid Ethernet frame with a value of 0x8100 in the 12th and 13th bytes is recognized as a tagged frame. Dell EMC Networking N-Series switches can be configured to enable the port in double-VLAN (QinQ) mode.
Protocol Based VLANs The main purpose of Protocol-based VLANs (PBVLANs) is to selectively process packets based on their upper-layer protocol by setting up protocolbased filters. Packets are bridged through user-specified ports based on their protocol. In PBVLANs, the VLAN classification of a packet is based on its protocol (IP, IPX, NetBIOS, and so on). PBVLANs help optimize network traffic because protocol-specific broadcast messages are sent only to end stations using that protocol.
Private VLAN Commands The Dell EMC Networking Private VLAN feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN. The secondary VLAN ID differentiates subdomains from each another and provides Layer 2 isolation between ports of the same private VLAN.
promiscuous ports or can communicate only with the promiscuous ports (if the secondary VLAN is an isolated VLAN). The Private VLANs can be extended across multiple switches through interswitch/stack links that transport primary, community and isolated VLANs between devices, as shown in Figure 3-1. Figure 3-1. Private VLANs Isolated VLAN An endpoint connected over an isolated VLAN is allowed to communicate with endpoints connected to promiscuous ports only.
Private VLAN Operation in the Switch Environment The Private VLAN feature operates in a stacked or single switch environment. The stack links are transparent to the configured VLAN, thus there is no need for special private VLAN configuration. Any private VLAN port can reside on any stack member. In order to enable Private VLAN operation across multiple switches which are not stacked, the inter-switch links should carry VLANs which belong to a private VLAN.
protocol group show vlan association subnet switchport mode vlan makestatic protocol vlan group show vlan privatevlan switchport mode dot1q-tunnel vlan protocol group protocol vlan group switchport access all vlan switchport mode private-vlan vlan protocol group add protocol show dot1q-tunnel switchport dot1q ethertype (Global Configuration) switchport private- vlan protocol group vlan name show interfaces switchport switchport trunk switchport general forbidden vlan vlan protocol group remov
User Guidelines Assigning an IP address to a VLAN interface enables Layer 3 on the VLAN interface. If IP routing is globally enabled and an IP address is assigned, the router will route packets to and from the VLAN. When an interface is enabled for routing using the interface vlan command, the port will no longer be operationally enabled as a protected port on the interface. Use the no form of the command to remove empty interface vlan entries from the running config.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The VLANs in the interface range must by configured and enabled for routing prior to use in the vlan range command. Commands used in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution continues on other interfaces.
Default Configuration The default VLAN name is default. Command Mode VLAN Configuration mode User Guidelines The VLAN name may include any alphanumeric characters including a space, underscore, or dash. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may truncate entries at the first illegal character or reject the entry entirely. The name of VLAN 1 cannot be changed.
• remove—Deletes the secondary VLAN association with the primary VLAN. • vlan-list—A list of secondary VLAN ids to be mapped to a primary VLAN. The VLAN list can contain multiple entries separated by commas and containing no spaces. Each entry can be a single VLAN id or a hyphenated range of VLANs. Default Configuration This command has no default setting.
console(config)# vlan 20 console(config-vlan)# private-vlan association 1001-1003 console(config-vlan)# end protocol group Use the protocol group command in VLAN Configuration mode to attach a VLAN ID to the protocol-based group identified by groupid. A group may only be associated with one VLAN at a time. However, the VLAN association can be changed. The referenced VLAN should be created prior to the creation of the protocol-based group except when GVRP is expected to create the VLAN.
console(config-vlan)#protocol group 3 100 protocol vlan group Use the protocol vlan group command in Interface Configuration mode to add the physical unit/slot/port interface to the protocol-based group identified by groupid. A group may have more than one interface associated with it. Each interface and protocol combination can be associated with one group only.
Example The following example displays how to add an Ethernet interface to the group ID of “2.” console(config-if-Gi1/0/1)#protocol vlan group 2 protocol vlan group all Use the protocol vlan group all command in Global Configuration mode to add all physical interfaces to the protocol-based group identified by groupid. A group may have more than one interface associated with it. Each interface and protocol combination can be associated with one group only.
Example The following example displays how to add all physical interfaces to the protocol-based group identified by group ID “2.” console(config)#protocol vlan group all 2 show dot1q-tunnel Use the show dot1q-tunnel command to display the QinQ status for each interface. Syntax show dot1q-tunnel [ interface interface-id ] Default Configuration If no interfaces are specified, information is shown for all interfaces.
Gi1/0/4 Gi1/0/5 Gi1/0/6 Disable 802.1 Disable 802.1 Disable 802.1 show interfaces switchport Use the show interfaces switchport command to display the complete switchport VLAN configuration for all possible switch mode configurations: access, dot1q-tunnel, general, trunk, and (private VLAN) host or (private VLAN) promiscuous.
VLAN Membership Mode: Trunk Mode Access Mode VLAN: 1 (default) General Mode PVID: 1 (default) General Mode Ingress Filtering: Enabled General Mode Acceptable Frame Type: Admit All General Mode Dynamically Added VLANs: General Mode Untagged VLANs: 1 General Mode Tagged VLANs: General Mode Forbidden VLANs: Trunking Mode Native VLAN: 1 (default) Trunking Mode Native VLAN Tagging: Disabled Trunking Mode VLANs Enabled: 1-99,101-4093 Private VLAN Host Association: none Private VLAN Mapping: Private VLAN Operation
User Guidelines This command has no user guidelines. Example The following example displays the Protocol-Based VLAN information for either the entire system. console#show port protocol all Group Group Name ID Protocol(s) VLAN --------------- ----- ---------- ---test 1 IP 1 Interface(s) -----------gi1/0/1 show switchport ethertype Use the show switchport ethertype to display the configured Ethertype for each interface.
The primary TPID is shown in the EtherType column. The primary TPID is placed in the outer tag for traffic egressing the interface. The interface will process traffic as double tagged if any of the configured TPIDs is present in the frames outer VLAN tag. Traffic with a TPID other than the configured TPID is processed normally, i.e. as if it is not double tagged. Example This example shows the various invocations of the command. console(config)#show switchport ethertype Default TPID........................
• vlan-id—A VLAN identifier • vlan-name—A valid VLAN name (Range 1-32 characters) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines • VLAN—The VLAN identifier • Name—The VLAN name • Ports—The port membership for the VLAN • Type—The type of VLAN (default, static, dynamic) Example This shows all VLANs and RSPAN VLANs.
-----------------------------------------------------------------Enabled This example shows information for a specific VLAN name. console#show vlan name myspan VLAN ----10 Name --------------myspan Ports ------------Te1/0/1 Type -------------Static RSPAN Vlan -----------------------------------------------------------------Enabled show vlan association mac Use the show vlan association mac command to display the VLAN associated with a specific configured MAC address.
Example The following example shows no entry in MAC address to VLAN crossreference. console#show vlan association mac MAC Address VLAN ID ----------------------- ------0001.0001.0001.0001 1 show vlan association subnet Use the show vlan association subnet command to display the VLAN associated with a specific configured IP-Address and netmask. If no IP Address and net mask are specified, the VLAN associations of all the configured IP-subnets are displayed.
console#show vlan association subnet IP Address IP Mask VLAN ID ---------------- ---------------- ------The IP Subnet to VLAN association does not exist. show vlan private-vlan Use the show vlan private-vlan command to display information about the configured private VLANs including primary and secondary VLAN IDs, type (community, isolated, or primary), and the ports which belong to a private VLAN. Syntax show vlan private-vlan [type] Default Configuration This command has no default setting.
Parameter Description Type Secondary VLAN type. Use the type parameter to display only private VLAN ID and its type. Ports Ports that are associated with a private VLAN. switchport access vlan Use the switchport access vlan command in Interface Configuration mode to configure the PVID VLAN ID when the interface is in access mode. To reconfigure the interface to use the default VLAN, use the no form of this command.
Examples The following example configures interface gi1/0/8 to operate in access mode with a VLAN membership of 23. Received untagged packets are processed on VLAN 23. Received packets tagged with VLAN 23 are also accepted. Other received tagged packets are discarded. console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#switchport access vlan 23 The following example sets the PVID for interface Gi1/0/12 to VLAN ID 33. Since VLAN 33 does not exist, it is automatically created.
User Guidelines This command globally defines additional TPIDs for use by the system for matching of ingress packets in the outer tag. The switch uses the default primary TPID 0x8100 and any of the additional TPIDs to match packets in the outer tag on ingress. A TPID must be configured globally before it can be applied to an interface. Up to three additional TPIDs can be configured for acceptance in the outer VLAN tag on the SP port.
This example configures an SP port using trunk mode.
Command Mode Interface Configuration mode (physical and port channel), Interface range mode (physical and port channel) User Guidelines This command applies a previously defined TPID to an interface. The TPID must be configured using the global configuration mode command before it can be applied to an interface. Up to 3 additional TPIDs for use in the outer VLAN tag may be configured. The outer VLAN tag in tagged packets received on the interface is compared against the configured list of TPIDs.
VLAN ID 10. Then, in the last command, the port is configured to accept the VMAN TPID in the outer VLAN on ingress and further configured to tag packets with the VMAN TPID in the outer VLAN tag on egress.
User Guidelines This configuration only applies to ports configured in general mode. It is possible to configure the general mode VLAN membership of a port while the port is in access or trunk mode. Doing so does not change the VLAN membership of the port until it is configured to be in general mode. Example The following example forbids adding VLAN numbers 234 through 256 to port 1/0/8.
Example The following example configures 1/0/8 to discard untagged frames at ingress. console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#switchport general acceptable-frame-type taggedonly switchport general allowed vlan Use the switchport general allowed vlan command in Interface Configuration mode to add VLANs to or remove VLANs from a general port.
It is possible to configure the general mode VLAN membership of a port while the port is in access or trunk mode. Doing so does not change the VLAN membership of the port until it is configured to be in general mode. Example The following example shows how to add VLANs 1, 2, 5, and 8 to the allowed list.
console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#switchport general ingress-filtering enable switchport general pvid Use the switchport general pvid command in Interface Configuration mode to configure the Port VLAN ID (PVID) when the interface is in general mode. Use the switchport mode general command to set the VLAN membership mode of a port to “general.” To configure the default value, use the no form of this command.
switchport mode Use the switchport mode command in Interface Configuration mode to configure the VLAN membership mode of a port. To reset the mode to the appropriate default for the switch, use the no form of this command. Syntax switchport mode {access | trunk | general} no switchport mode • access—An access port connects to a single end station belonging to a single VLAN.
Example The following example configures Gi1/0/5 to access mode. console(config)#interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)#switchport mode access switchport mode dot1q-tunnel Use the switchport mode dot1q-tunnel command to enable QinQ tunneling on customer edge (CE) interfaces. Use the no form of the command to return the interface to the default switchport mode (access).
CE interfaces must be configured in dot1q-tunnel mode with the PVID configured with the outer tag (native) VLAN ID for the associated service provider (SP) interface. Configure the outer VLAN ID using the switchport access vlan command. All MAC address learning and forwarding occurs on the outer VLAN tag. The VLAN ID must be common to both the SP port and the CE ports.
switchport mode private-vlan Use the switchport mode private-vlan command in Interface Configuration mode to define a private VLAN association for an isolated or community interface or a mapping for a promiscuous interface. Use the no form of the command to remove the private VLAN association or mapping from the interface. Syntax switchport mode private-vlan {host|promiscuous} no switchport mode • host—Configure the interface as a private VLAN host port.
console(config-if-Gi1/0/8)#switchport mode private-vlan host switchport private-vlan Use the switchport private-vlan command in Interface Configuration mode to define a private VLAN association for an isolated or community port or a mapping for a promiscuous port. Use the no form of the command to remove the private VLAN association or mapping from the interface.
Example console(config)#vlan 10,20 console(config-vlan10,20)#exit console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#switchport private-vlan host-association 10 20 switchport trunk Use the switchport trunk command in Interface Configuration mode to configure VLAN membership for a trunk port or to set the native VLAN for an interface in Trunk Mode.
Default Configuration A trunk port is a member of all VLANs by default. VLAN 1 is the default native VLAN on a trunk port. The default allowed VLAN membership on a trunk port is all VLANs. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode Interface Range mode Port-Channel Range mode User Guidelines Untagged traffic received on a trunk port is forwarded on the native VLAN, if configured.
Default Configuration Dell EMC Networking switches use dot1q encapsulation on trunk ports by default. Command Mode Interface config mode, Interface range mode (including port-channels) User Guidelines This command performs no action. Dell EMC Networking switches always use dot1q encapsulation on trunk mode ports. Command History Introduced in version 6.2.0.1 firmware. Example This example demonstrates compatibility.
User Guidelines Deleting the VLAN assigned as the PVID on an access port will cause VLAN 1 to be assigned as the PVID for the access port. Deleting the VLAN assigned as the native VLAN for a trunk port will cause the trunk port to discard untagged frames received on the port. Creating a VLAN adds it to the allowed list for all trunk ports except those where it is specifically excluded. Ports and port channels can be configured with VLANs that do not exist. They will not forward traffic on nonexisting VLANs.
Example The following example associates MAC address with VLAN ID 1. console(config)# vlan 1 console(config-vlan-1)#vlan association mac 0001.0001.0001 vlan association subnet Use the vlan association subnet command in VLAN Configuration mode to associate a VLAN to a specific IP-subnet. Only packets with a matching source IP address are placed into the VLAN. Syntax vlan association subnet ip-address subnet-mask no vlan association subnet ip-address subnet-mask • ip-address — Source IP address.
vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 24093. Syntax vlan makestatic vlan-id • vlan-id — Valid VLAN ID. Range is 2–4093. Default Configuration This command has no default configuration.
no vlan protocol group group-id • group-id — The protocol-based VLAN group ID, to create a protocolbased VLAN group. To see the created protocol groups, use the show port protocol all command. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
• ethertype value — The protocol you want to add. The ethertype value can be any valid hexadecimal number in the range 0x0600 to 0xffff. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to add the “ip” protocol to the protocol based VLAN group identified as “2.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)# vlan protocol group name 1 usergroup vlan protocol group remove Use the vlan protocol group remove command in Global Configuration mode to remove the protocol-based VLAN group identified by groupid.
Switchport Voice VLAN Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches The Voice VLAN feature enables switch ports to carry voice traffic with an administrator-defined priority so as to enable prioritization of voice traffic over data traffic. Using Voice VLAN helps to ensure that the sound quality of an IP phone is protected from deterioration when the data traffic utilization on the port is high.
traffic. See the User Configuration Guide for more information. Voice VLAN is recommended for enterprise-wide deployment of voice services on the IP network. Commands in this Section This section explains the following commands: switchport voice vlan – switchport voice vlan (Interface) authentication event server dead action authorize voice switchport voice vlan priority show voice vlan switchport voice vlan This command is used to enable the voice VLAN capability on the switch.
Example console(config)#switchport voice vlan console(config)#no switchport voice vlan switchport voice vlan (Interface) This command is used to assign the voice VLAN ID on the interface. Syntax switchport voice vlan {vlan-id | dot1p priority | none | untagged | priority extend trust|override-authentication| dscp value} no switchport voice vlan [priority extend][override-authentication] • vlan-id—Configure an existing VLAN as the voice VLAN.
Default Configuration The default DSCP value is 46. The default CoS is 5 for untrusted ports. The default is tagged voice VLAN traffic. The default data priority is to trust the received CoS value. The default override-authentication value is to require authentication. No voice VLAN ID is configured by default. The default 802.1p value is none. Command Mode Interface Configuration (Ethernet) mode. User Guidelines Enable voice VLAN using the following steps: • Create the voice VLAN on the switch.
Voice VLAN information is transmitted to the phone via LLDP-MED in the Network Policy TLV (Application Type Voice, Tagged Yes, …). Voice VLAN information is transmitted to the phone via CDP in the Appliance VLAN TLV. The voice VLAN must be configured on the switch and must be different than the data VLAN. The configured or default priority is sent to the phone Class of Service (CoS) TLV. The trust status is sent to the phone via CDP in the Extended trust TLV.
The voice VLAN may not be configured as a PVID. The switch enforces this restriction by not configuring the voice VLAN, if the VLAN is the PVID of any port, or by failing the PVID assignment if the VLAN is a voice VLAN. The voice VLAN may not be configured as the unauthenticated VLAN and vice-versa. The voice VLAN may not be configured as the guest VLAN and vice-versa. The voice VLAN may not be configured as a private VLAN host port. Command History Description updated in 6.3.0.5 release.
3 Configure port 10 to be in access mode. The data VLAN ID is 1 and uses untagged packets. console(config)#interface gi1/0/10 console(config-if-Gi1/0/10)#switchport mode access 4 Enable port-based 802.1X authentication on the port for the data traffic. console(config-if-Gi1/0/10)#dot1x port-control auto 5 Enable the voice VLAN feature on the interface. Voice packets are tagged using VLAN 25. console(config-if-Gi1/0/10)#switchport voice vlan 25 6 Allow access to the voice VLAN regardless of the 802.
• untrust —Do not trust the IEEE 802.1p user priority contained in packets arriving on the voice VLAN port. This overrides the received value with the configured 801.2p value. If a distinguished service for voice traffic is required, an ACL or diffserv policy must be configured.
User Guidelines During authentication, the switch identifies a device as a voice device when an Access-Accept is received from the AAA service with Cisco proprietary VSA device-traffic-class=voice. Phones/devices using the voice VLAN are periodically re-authenticated. If no AAA server is available during reauthentication, access to the voice VLAN is removed when authentication fails. Critical voice VLAN supports voice VLAN access on an interface connected to an 802.
Command History Command introduced in version 6.5 firmware. show voice vlan This command displays information about the voice VLAN. Syntax show voice vlan [interface {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}|all] Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines • When the interface parameter is not specified, only the global mode of the voice VLAN is displayed.
Example (console)#show voice vlan interface gi1/0/1 Interface...................................... Voice VLAN Interface Mode...................... Voice VLAN Priority............................ Voice VLAN COS Override........................ Voice VLAN DSCP Value.......................... Voice VLAN Port Status......................... Voice VLAN Authentication......................
4 Security Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Security commands enable network operators to administer security for administrator access to the switch management console or web interface as well as to configure restrictions of network access for network attached devices.
AAA Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Dell EMC Networking switches support authentication of network users and switch administrators via a number of methods. Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in the SNMP Commands section).
To authenticate a switch administrator, the authentication methods in the APL for the access line are attempted in order until an authentication attempt returns a success or failure return code. If a method times out, the next method in the list is attempted. The component requesting authentication is unaware of the ultimate authentication source. If a method in the preference list does not support the concept of time-out, subsequent entries in the list are never attempted.
Accounting notification is sent when the administrator exits exec mode. The duration of the exec session is logged in the accounting notice. Accounting notifications are sent at the end of each administrator executed command. In the case of commands like reload, and clear config, an exception is made and the stop accounting notice is sent at the beginning of the command.
Command Authorization Dell EMC Networking switches support per command or enable authorization using a TACACS server. See the authorization command in this section for further information. Additionally, the RADIUS or TACACS server can be configured to assign an administrative profile to a switch administrator. The administrative profile identifies groups of commands which may be executed by the administrator. See the Administrative Profiles Commands section for further information on this capability.
The Internal Authentication Server feature provides support for the creation of users for IEEE 802.1x access only, i.e. without switch management access. This feature maintains a separate database of users allowed for 802.1x access. The authentication method internal is available in the list of methods supported by authentication to support user database lookup. The internal method cannot be added in the same authentication list that has other methods like local, radius and reject.
MAC Authentication Bypass (MAB) provides 802.1x unaware clients controlled access to the network using the devices’ MAC address as an identifier. This requires that the known and allowable MAC address and corresponding access rights be prepopulated in the authentication server. MAB only works when the port control mode of the port is MAC-based.
in the unauthorized state and the client is not granted access to the network. If an unauthenticated VLAN is configured for the port and the 802.1x client fails to authenticate for the configured number of attempts, the port is placed in the authorized state on the unauthenticated VLAN and the client is granted access to the network.
Use either the aaa accounting dot1x default none or no aaa accounting dot1x default command to disable dot1x accounting. Use the no aaa accounting exec or no aaa accounting commands to disable aaa accounting and optionally delete an accounting method list. Syntax aaa accounting {exec | commands | dot1x} {default | list-name} {start-stop | stop-only |none} [method1 [method2…]] {radius|tacacs|radius tacacs|tacacs radius} • exec—Provides accounting for a User Exec terminal sessions.
accounting method, accounting records are notified to a TACACS+ server. If radius is the specified accounting method, accounting records are notified to a RADIUS server. Please note the following: • A maximum of five Accounting Method lists can be created for each exec and commands type. • Only the default Accounting Method list can be created for RADIUS. There is no provision to create more.
The first aaa command creates a method list for exec sessions with the name ExecList, with record-type as stop-only and the method as TACACS+. The second command changes the record type to start-stop from stop-only for the same method list. The third command, for the same list changes the methods list to {tacacs,radius} from {tacacs}. The following shows an example of the no version of the command.
User Guidelines Only one authentication method may be specified in the command. For the RADIUS authentication method, if the RADIUS server cannot be contacted, the supplicant fails authentication. The none method always allows access. the ias method utilizes the internal authentication server. The internal authentication server only supports the EAP-MD5 method. Example The following example configures 802.1x authentication to use no authentication.
Keyword Source or destination enable Uses the enable password for authentication. line Uses the line password for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The default enable list is enableList. It is used by console, telnet, and SSH and only contains the method enable and none.
NOTE: Requests sent by the switch to a RADIUS server include the username “$enabx$”, where x is the requested privilege level in decimal. For enable to be authenticated on Radius servers, add “$enabx$” users to them. The login user ID is also sent to TACACS+ servers for enable authentication. Example The following example configures enable authentication to use the enable method for accessing higher privilege levels.
Keyword Source or destination tacacs Use the list of all TACACS+ servers for authentication. Default Configuration The default login lists are defaultList and networkList. defaultList is used by the console and only contains the method none. networkList is used by telnet and SSH and only contains the method local. Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication login command are used with the login authentication command.
aaa authorization Use the aaa authorization command to enable authorization and optionally create an authorization method list. A list may be identified by a userspecified list-name or the keyword default. Use the no form of the command to disable authorization and optionally delete an authorization list. Syntax aaa authorization {commands|exec|network}{default|list-name} method1 [method2] no aaa authorization {commands|exec|network} {default|list-name} • exec—Provides Exec authorization.
Authorization is not enabled by default. Authorization supports Exec authorization and network authorization for RADIUS. Only TACACS is supported for command authorization. Setting a none or local method for authorization authorizes Exec access for all functions.
If no authorization server is available or configured, the function is denied unless the none method is configured in the list. If authorization is configured on the console, this can lead to situations where the console denies administrative access. Therefore, it is recommended that the console authorization only be enabled with due regard to the risks involved. If none is configured as the last method after radius or tacacs, no authorization is performed if the RADIUS/TACACS servers are down.
console(config)#aaa authorization exec exec-list radius none Apply the AML to an access line mode (SSH): console(config)#line ssh console(config-ssh)#authorization exec exec-list Display the authorization methods: console#show authorization methods Exec Authorization List Methods --------------------------------------------------------dfltExecAuthList none exec-list radius none Command Authorization List ---------------------------dfltCmdAuthList telnet-list Line --------Console Telnet SSH Methods ------
Command Mode Global Configuration mode User Guidelines The RADIUS server can place a port in a particular VLAN based on the result of the authentication. VLAN assignment must be configured on the external RADIUS server using the RADIUS TUNNEL-TYPE attribute and others. See RADIUS Commands and Security Commands for further information. If the port is configured to use 802.
Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no user guidelines. Examples console#configure console(config)#aaa ias-user username client-1 console(config-ias-user)#exit console(config)#no aaa ias-user username client-1 aaa new-model The aaa new-model command in Global Configuration mode is a no-op command. It is present only for compatibility purposes.
(config)# aaa new-model aaa server radius dynamic-author Use this command to enter dynamic RADIUS server configuration mode. Syntax aaa server radius dynamic-author Default Configuration By default, no dynamic RADIUS servers are configured. Command Mode Global Configuration User Guidelines Configuring a dynamic RADIUS server causes the system to begin listening on the default port 3799 for RADIUS CoA requests.
Command History Introduced in version 6.2.0.1 firmware. Example The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and 3.3.3.3 and CoA clients at 4.4.4.4 and 5.5.5.5. It sets the front panel ports to use 802.1x MAC-based authentication. CoA is configured for two dynamic RADIUS servers located at 1.1.1.1 and 2.2.2.2 using a global shared secret and a third server using a server specific shared secret. CoA and disconnect requests are accepted from the CoA clients at 4.4.4.4 and 5.5.5.5.
authentication enable Use this command to globally enable the Authentication Manager. Interface configuration set with the authentication order command takes effect only if the Authentication Manager is enabled. Use the no form of this command to disable the Authentication Manager. Syntax authentication enable no authentication enable Default Configuration The default value is Disabled.
Syntax authentication order {dot1x [mab][captive-portal] | mab [dot1x] [captiveportal] | captive-portal} no authentication order Default Configuration There is no default configuration for this command. Command Modes Interface Configuration (Ethernet) mode User Guidelines Each method can only be entered once. Ordering is only possible between 802.1x and MAB. Captive portal can be configured either as a stand-alone method or as the last method in the order.
Default Configuration There is no default configuration for this command. Command Modes Interface Configuration (Ethernet) mode. User Guidelines Each method can only be entered once. There are no restrictions on the priority ordering of methods. Example console(config-if-Gi1/0/1)# authentication priority mab dot1x captive-portal console(config-if-Gi1/0/1)# no authentication priority authentication restart Use this command to set the interval after which reauthentication starts.
Example console(config-if-Gi1/0/1)# authentication restart 1800 console(config-if-Gi1/0/1)# no authentication restart clear (IAS) Use the clear aaa ias-users command to delete all IAS users. Syntax clear aaa ias-users Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear aaa ias-users clear authentication statistics Use this command to clear the authentication statistics.
User Guidelines There are no user guidelines for this command. Example console(config)# clear authentication statistics Gi1/0/1 Are you sure you want to clear authentication manager port stats? (y/n) clear authentication authentication-history Use this command to clear the authentication history logs. Syntax clear authentication authentication-history {interface-id | all} • interface-id—The interface. • all—All interfaces. Default Configuration There is no default configuration for this command.
Syntax enable password password [encrypted] no enable password • password — Password for this level (Range: 8- 64 characters). The special characters allowed in the password include ! # $ % & ‘ " ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. User names can contain blanks if the name is surrounded by double quotes. To use the ! character as part of the username or password string, it should be enclosed within quotation marks. For example, username “test!xyz” password “test!xyz”.
ip http authentication Use the ip http authentication command in Global Configuration mode to specify authentication methods for http server users. To return to the default, use the no form of this command. Syntax ip http authentication method1 [method2...] no ip http authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication.
ip https authentication Use the ip https authentication command in Global Configuration mode to specify authentication methods for users authenticating over HTTPS. To return to the default configuration, use the no form of this command. Syntax ip https authentication method1 [method2...] no ip https authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication.
Example The following example configures HTTPS authentication. console(config)# ip https authentication radius local password (AAA IAS User Configuration) Use the password command in aaa IAS User Configuration mode to configure a password for an IAS user. The password is composed of up to 64 alphanumeric characters. An optional parameter [encrypted] is provided to indicate that the password given to the command is already pre-encrypted. To clear the user’s password, use the no form of this command.
The following is an example of adding a MAB Client to the IAS user database with MAC address f81f.3ccc.b157. Be sure to enter the password in upper case letters or authentication will fail with an “MD5 Validation Failure” as the password hash does not match.
console>password Enter old password:******** Enter new password:******** Confirm new password:******** show aaa ias-users Use the show aaa ias-users command to display configured IAS users and their attributes. Passwords configured are not shown in the show command output. Syntax show aaa ias-users Default Configuration This command has no default configuration.
Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Examples console#show accounting methods AcctType MethodName MethodType Method1 Method2 -----------------------------------------------------------------Exec dfltExecList start-stop tacacs Commands dfltCmdList stop-only tacacs Dot1x dfltDot1xList start-stop Line EXEC Method List Command Method List ------------------------------------------------Console none none Telnet none none SSH none none Command History Example updated in the 6.4 release.
Tiered Authentication.......................... Enabled console# show authentication interface gi1/0/1 Port........................................... Authentication Restart timer................... Configured method order........................ Enabled method order........................... Configured method priority..................... undefined Enabled method priority........................ undefined Number of authenticated clients................ Logical Interface..............................
Example console#show authentication authentication-history gi1/0/1 Time Stamp Interface MAC-Address Auth Status Method --------------------- --------- ----------------- ------------ -----Jul 21 1919 15:06:15 Gi1/0/1 00:00:00:00:00:01 Authorized 802.1x show authentication methods Use the show authentication methods command to display information about the authentication methods. Syntax show authentication methods Default Configuration This command has no default configuration.
Line ------Console Telnet SSH Login Method List ----------------defaultList networkList networkList HTTPS HTTP DOT1X Enable Method List -----------------enableList enableNetList enableNetList :local :local : show authentication statistics Use this command to display the Authentication Manager statistics on one or more interfaces. Syntax show authentication statistics interface-id • interface-id—The physical interface. Default Configuration There is no default configuration for this command.
show authorization methods Use the show authorization methods command to display the configured authorization method lists. Syntax show authorization methods Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Command authorization is supported only for the line, telnet, and SSH access methods.
show users accounts Use the show users accounts command to display the local user status with respect to user account lockout and password aging. Syntax show users accounts Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines User accounts are distinct from the IAS user accounts. IAS users are allowed access to network resources when authenticating via AAA.
console(config)#show users accounts UserName Privilege ------------------------ --------admin 15 Administrative Profile(s): Password Password Lockout Aging Expiry date -------- -------------------- -------200 Jan 13 1915 00:32:12 False show users login-history Use the show users login-history command in Global Configuration mode to display information about the login history of users. Syntax show users login-history [username|long] • username — name of user.
Command History Syntax updated in 6.4 release. username Use the username command in Global Configuration mode to add a new user to the local user (switch administrator) database. The default privilege level is 1. The command optionally allows the specification of an Administrative Profile for a local user. Use the no form of this command to remove the username from the local user database.
• encrypted—Encrypted password entered, copied from another switch configuration. Password strength checking is not applied to the encrypted string. Default Configuration The default privilege level is 1. Command Mode Global Configuration mode User Guidelines The following rules and restrictions apply: • User accounts have an associated privilege level, a user name, and a user password. • The password is saved internally in hashed format and never appears in clear text anywhere in the UI.
Message Type Message Description Error Completion Message Could not set user password! Reason behind the failure 1 Exceeds Minimum Length of a Password. Password should be in the range of 8-64 characters in length. Set minimum password length to 0 by using the passwords min-length 0 command.
Syntax username username unlock Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command applies to switch administrator accounts. Privilege level 0 is restricted from using Privileged Exec or any Configurationlevel commands. There is effectively no difference between privilege level 1 and 15.
Administrative Profiles Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches The administrative profiles capability provides the network administrator control over which commands a user (switch administrator) is allowed to execute. The administrator is able to group commands into a “profile” and assign a profile to a user upon authentication. This provides more granularity than simply allowing read-only and read-write users.
passes enable authentication, the user is permitted access to all commands. This is also true if none of the Administrative Profiles provided are configured on the switch. RADIUS and TACACS+ The network administrator may configure a custom attribute to be provided by the server during authentication. The RADIUS and TACACS+ applications process this custom attribute and provide this data to the User Manager for configuring the user profile.
Default Configuration The administrative profiles are defined by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)#admin-profile qos console(admin-profile)# description (Administrative Profile Configuration) Use the description command in Administrative Profile Configuration mode to add a description to an administrative profile. Use the no form of this command to delete the description.
Example console(admin-profile)#description “This profile allows access to QoS commands.” rule Use the rule command to add a rule to an administrative profile. Use the no form of this command to delete a rule. Syntax rule number {deny|permit} {command command-string|mode modename} no rule number • number—The sequence number of the rule. Rules are applied from the highest sequence number to the lowest. Range: 1 to 256. • command-string—Specifies which commands to permit or deny.
Example console(admin-profile)#rule 1 permit command “access-list *” console(admin-profile)# show admin-profiles Use the show admin-profiles command to show the administrative profiles. If the optional profile name parameter is used, only that profile will be shown. Syntax show admin-profiles [name profile-name] • profile-name—The name of the administrative profile to display. Default Configuration This command has no default configuration.
Description: This profile allows access to QoS commands. Rule Perm Type Entity ---- ------ ------- ---------------------------------------1 permit command access-list * 2 permit command access-group * 3 permit mode class-map show admin-profiles brief Use the show admin-profiles brief command to list the names of the administrative profiles defined on the switch. Syntax show admin-profiles brief Default Configuration This command has no default configuration.
show cli modes Use the show cli modes command to list the names of all the CLI modes. Syntax show cli modes Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines These are the generic mode names to be used in the rule command above. These are not the same as the prompt which is displayed in a particular mode.
E-mail Alerting Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches E-mail Alerting is an extension of the logging system. The Dell EMC Networking logging system allows the user to configure a variety of destinations for log messages. This feature adds e-mail configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.
logging email show logging email statistics logging email urgent clear logging email statistics logging email message-type to-addr security logging email from-addr mail-server ip-address | hostname logging email message-type subject port (Mail Server Configuration Mode) logging email logtime username (Mail Server Configuration Mode) logging email test message-type password (Mail Server Configuration Mode) – show mail-server logging email Use the logging email command in Global Configuration
Default Configuration E-mail alerting is disabled by default. When e-mail alerting is enabled, log messages at or above severity Warning are e-mailed. Command Mode Global Configuration mode User Guidelines The logging email command with no arguments enables e-mail alerting. Specify a severity to set the severity level of log messages that are e-mailed in a non-urgent manner.
• – error (3) – warning (4) – notice (5) – info (6) – debug (7) none—If you specify this keyword, no log messages are e-mailed urgently. All log messages at or above the non-urgent level (configured with the logging email command) are e-mailed in batch. Default Configuration The default severity level is alert. Command Mode Global Configuration mode User Guidelines Log messages at or above this severity level are considered urgent.
no logging email message-type {urgent | non-urgent | both} to-addr toemail-addr Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The to-email-addr is the address to which the email is sent. Urgent | non-urgent | both—The priority with which the email is queued. Urgent email is sent immediately. Non-urgent email is queued and sent periodically. Example console(config)#logging email message-type urgent to-addr admin123@dell.
Command Mode Global Configuration User Guidelines The from-addr in this command is the email address of the email sender. Many mail servers will validate the from address of an email to ensure that abuse of the email server does not occur. Example console(config)#logging email from-addr dell@gmail.com Command History Example added in the 6.4 release. logging email message-type subject Use the logging email message-type subject command in Global Configuration mode to configures subject of the e-mail.
Example console(config)#logging email message-type urgent subject UrgentLog Command History Example added in the 6.4 release. logging email logtime Use the logging email logtime command in Global Configuration mode to configure the value of how frequently the queued messages are sent. Syntax logging email logtime time duration no logging email logtime • time duration—Time in minutes. Range: 30 – 1440. Default Configuration The default value is 30 minutes.
logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server. Syntax logging email test message-type message-type message-body message-body • message-type—Urgent, non-urgent, or both • message-body—The message to log. Enclose the message in double quotes if it contains any spaces. Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines This command has no user guidelines. Example console#show logging email statistics No of email Failures so far.................... 0 No of email sent so far......................... 0 Time since last email Sent.................... 00 days 00 hours 00 mins 00 secs clear logging email statistics Use the clear logging email statistics command to clear the e-mail alerting statistics.
Command History Example added in the 6.4 release. security Use the security command in Mail Server Configuration mode to set the email alerting security protocol. This enables and disables the switch to use TLS authentication with the SMTP Server. If the administrator sets the TLS mode and, if the SMTP sever does not support TLS mode, then no e-mail goes to the SMTP server. Syntax security {tlsv1 | none} Default Configuration The default value is disabled.
Syntax mail-server {ip-address | hostname} no mail-server {ip-address | hostname} • ip-address—An IPv4 or IPv6 address. • hostname—The DNS name of an SMTP server. Default Configuration The default configuration for a mail server is shown in the table below.
Default Configuration The default value is 25 (SMTP). Command Mode Mail Server Configuration User Guidelines Port 25 is the standard SMTP port for cleartext messages. Port 465 is the standard port for messages sent using TLSv1. Example console(config)#mail-server 10.131.1.11 console(mail-server)#port 1024 Command History Example added in the 6.4 release. Description updated in the 6.4 release.
User Guidelines This command has no user guidelines. Example console(config)#mail-server 10.131.1.11 console(mail-server)#username admin Command History Example added in the 6.4 release. password (Mail Server Configuration Mode) Use the password command in Mail Server Configuration mode to configure the password required to authenticate to the e-mail server. Use the no form of the command to revert the password to the default value.
show mail-server Use the show mail-server command to display the configuration of all the mail servers or a particular mail server. Syntax show mail-server {ip-address | hostname | all} Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show mail-server all Mail Servers Configuration: No of mail servers configured......................
Email Email Email Email Email Alert Alert Alert Alert Alert Mail Server Address................ Mail Server Port................... SecurityProtocol................... Username........................... Password........................... 10.131.1.11 465 tlsv1 admin password Command History Example added in the 6.4 release.
RADIUS Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Authentication of users in a large network can be significantly simplified by making use of a single database of accessible information supplied by an Authentication Server. These servers commonly use the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
assigned VLAN is dynamically created. See the aaa authorization network default radius command for further information. This implies that the client can connect from any port and be assigned to the appropriate VLAN, which may be already configured on an uplink interface. This gives flexibility for clients to move around the network with out requiring the operator to perform additional provisioning for each network interface.
If the session cannot be located, the device returns a Disconnect-NAK message with the “Session Context Not Found” error-code attribute. If the session is located, the device terminates the session. After the session has been completely removed, the device returns a Disconnect-ACK message. The attributes returned within a CoA ACK can vary based on the CoA Request. The administrator can configure whether all or any of the session attributes are used to identify a client session.
attribute 8 radius server attribute 4 radius server timeout attribute 25 radius server attribute 6 retransmit attribute 31 radius server attribute 8 show aaa servers – radius server attribute 25 show radius statistics authentication event fail retry radius server attribute 31 source-ip auth-port radius server deadtime timeout automate-tester radius server usage deadtime radius server key – key radius server retransmit – msgauth – – acct-port Use the acct-port command to set the
Example The following example sets port number 56 for accounting requests. console(config)#radius server acct 3.2.3.2 console(Config-acct-radius)#acct-port 56 attribute 6 Use the attribute 6 command to configure processing of the RADIUS Service-Type attribute. Syntax attribute 6 [on-for-login-auth|mandatory] no attribute 6 [on-for-login-auth|mandatory] Default Configuration By default, the Service-Type is not included in the Access-Request message sent to the authentication server.
Example This example configures the switch to send the Service-Type attribute to the RADIUS server in the Access-Request message. console#conf console(config)#radius server auth 4.3.2.1 console(config-auth-radius)#attribute 6 on-for-login-auth This example configures the switch to process and validate the Service-Type received in the Access-Accept message from the RADIUS server. console#conf console(config)#radius server auth 4.3.2.
Example console#conf console(config)#radius server auth 4.3.2.1 console(config-auth-radius)#attribute 8 include-in-access-req attribute 25 Use the attribute 25 command to enable the switch to send the RADIUS Class attribute as supplied by the RADIUS server in accounting messages sent to the specific accounting server.
attribute 31 Use the attribute 31 command to alter the format of the MAC address sent to the RADIUS server in the Calling-Station-Id attribute when authenticating using 802.1X MAC based authentication for an interface. Use the no form of the command to return the MAC address format to the default. Syntax attribute 31 mac format { ietf | unformatted | legacy } [lower-case | uppercase] no attribute 31 mac format • ietf—Format the MAC address as 18-DB-F2-25-B2-D4. The default is upper case.
This command overrides the global configuration for attribute 31 (CallingStation-ID). Use the mab request format command to control the formatting of the User-Name (1) attribute. Command History Introduced in version 6.3.0.1 firmware. Description update in release 6.5.0 to remove the User-Name formatting control. Example This example configures the format of the MAC address sent in MAC based authentication to IETF lower case for the RADIUS server at address 1.2.3.4.
Command Mode Interface Configuration mode, Interface Range mode User Guidelines The authentication manager must be enabled for this command to have effect. This command is only applicable to IEEE 802.1X authentication with a RADIUS server. It has no effect on any other authentication method. This parameter is independent of, and does not control, the number of times the authenticator will attempt to contact the RADIUS servers.
Command History Introduced in version 6.3.0.1 firmware. auth-port Use the auth-port command in RADIUS Server Configuration mode to set the port number on which the RADIUS server listens for authentication requests. Syntax auth-port auth-port-number • auth-port-number — Port number for authentication requests. (Range: 1 65535) Default Configuration The default value of the port number is 1812.
Syntax automate-tester username user-name [idle-time minutes] no automate-tester username • username user-name—Configure the user name to use to test the RADIUS server for liveness. The user-name should not be configured on the RADIUS server. • idle-time minutes—Configure the idle time (in minutes) after which the server is quarantined and sending of test packets commences. The range is 1 to 35791 minutes. Default Configuration There is no default user name. The default idle time is 60 minutes.
Command History Command introduced in version 6.5 firmware. Example The following example configures an IPv4 RADIUS accounting server with the following characteristics: Server IP address—192.168.10.1 Login—DummyLogin Idle Time—30 minutes deadtime Use the deadtime command in RADIUS Server Configuration mode to configure the minimum amount of time to wait before attempting to recontact an unresponsive RADIUS server.
Example The following example specifies a deadtime interval of 60 minutes. console(config)#radius server auth 192.143.120.123 console(config-auth-radius)#deadtime 60 key Use the key command to specify the encryption key which is shared with the RADIUS server. Use the no form of this command to remove the key. Syntax key [ 0|7] key-string no key • 0—The key string that follows is the unencrypted shared secret. The length is 1–128 characters.
Keys are always displayed in their encrypted form in the running configuration. The encryption algorithm is the same across switches. Encrypted passwords may be copied from one switch and pasted into another switch. Command History Updated in version 6.3.0.1 firmware. Example The following two examples globally configure the RADIUS server key for all configured servers. The two examples are identical in effect. console(config)#radius server auth 1.2.3.
primary Use the primary command to specify that a configured server should be the primary server in the group of authentication servers which have the same server name. Multiple primary servers can be configured for each group of servers which have the same name. When the RADIUS client has to perform transactions with an authenticating RADIUS server of the specified name, it uses the primary server that has the specified server name by default.
Default Configuration The default priority is 0. Command Mode RADIUS Server Configuration mode User Guidelines User must enter the mode corresponding to a specific RADIUS server before executing this command. Example The following example specifies a priority of 10 for the designated server. console(config)#radius server auth 192.143.120.
User Guidelines This command does not alter the address in the IP header in Access-Requests transmitted to the RADIUS server. It only configures the NAS-IP-Address attribute sent to the RADIUS server inside the RADIUS Access-Request packet. This capability is useful when configuring multiple RADIUS clients (switches) to simulate a single RADIUS client for scalability. The RADIUS Acct-Session-Id may overlap if multiple switches are configured with the same NAS-IP-Address.
User Guidelines on-for-login—This parameter globally configures the switch to send the RADIUS Service-Type attribute in the Access-Request message sent to all RADIUS authentication servers. The switch sends the Service-Type value Administrative (6) for administrators attempting to access the switch console and sends Service-Type value Login (1) for users attempting to access the network.
Command Mode Global Configuration User Guidelines The switch sends the IP address of the host attempting to access the network in the Framed-IP-Address attribute. Command History Introduced in version 6.3.0.1 firmware.
Command History Introduced in version 6.3.0.1 firmware. Example console#conf console(config)#radius server attribute 25 include-in-access-req radius server attribute 31 Use the radius server attribute 31 command to alter the format of the MAC address sent to the RADIUS server when authenticating using 802.1X MAC based authentication. Use the no form of the command to return the MAC address format to the default.
User Guidelines Use this command to override the format of MAC addresses sent in the Calling-Station-Id (attribute 31) for authentication Access-Requests for ports configured for MAC based 802.1x authentication. This command is only supported for 802.1X authentication. This command does not override the per RADIUS server configuration for attribute 31. Use the mab request format command to configure formatting the User-Name attribute. Command History Introduced in version 6.3.0.1 firmware.
• deadtime — Length of time in minutes, for which a RADIUS server is skipped over by transaction requests. (Range: 0–2000 minutes). Deadtime is used to mark an unavailable RADIUS server as dead until this userconfigured time expires. Deadtime is configurable on a RADIUS server basis. Default Configuration The default dead time is 0 minutes. Command Mode Global Configuration mode User Guidelines If only one RADIUS server is configured, it is recommended that the deadtime interval be left at 0.
• hostname —Host name of the RADIUS server host. (Range: 1–255 characters). Default Configuration The default server type is authentication. The default server name is DefaultRADIUS-Server. The default port number is 1812 for an authentication server and 1813 for an accounting server. Command Mode Global Configuration mode User Guidelines RADIUS servers are keyed by the host name/IP address, therefore it is advisable to use unique server host names.
hostnames/IP addresses with the same priority, the order of attempts is based on lexicographic order. For example, if hostnames name9, name1, name6 are configured as secondary hosts, the hostnames are attempted in the order name1, name6, name9 when the primary host fails to respond. Command History Updated syntax in version 6.5 firmware. Example The following example specifies a RADIUS authentication server with the following characteristics: Server IP address — 192.168.10.
Syntax radius server key [ 0 | 7 ]key-string no radius server key • 0—The key string that follows is the unencrypted shared secret. The length is 1–128 characters. • 7—The key string that follows is the encrypted shared secret. The length is exactly 256 characters. • key-string — The key string in encrypted or unencrypted form. In encrypted form, it must be 256 characters in length. In unencrypted form, it may be up to 128 characters in length. Default Configuration The default is an empty string.
console(config)#radius server key 0 “This is a key string” radius server retransmit Use the radius server retransmit command to specify the number of times the RADIUS client will retransmit requests to the RADIUS server. To reset the default configuration, use the no form of this command. Syntax radius server retransmit retries no radius server retransmit • retries — Specifies the retransmit value. (Range: 1–10) Default Configuration The default is 1 retry.
no radius server source-ip • source — Specifies the source IPv4 address. Default Configuration The default IPv4 address is the outgoing interface IPv4 address. Command Mode Global Configuration mode User Guidelines The command configures the source IP address present in the IPv4 header. It is not the optional NAS-IP-Address in the RADIUS message. Use the radius server attribute 4 command to configure the NAS-IP-Address attribute sent in the RADIUS Access-Request message.
Default Configuration By default, the switch uses the assigned switch IP address as the source IP address for RADIUS packets. This is either the IP address assigned to the VLAN from which the RADIUS packet originates or the out-of-band interface IP address. Command Mode Global Configuration User Guidelines The source IP address of RADIUS packets sent to a server should match the NAS IP address configured on the RADIUS server. A mismatch may lead to a RADIUS packet timeout.
Default Configuration The default value is 15 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the interval for which a switch waits for a server to reply to 5 seconds. console(config)#radius server timeout 5 retransmit Use the retransmit command in RADIUS Server Configuration mode to specify the number of times the RADIUS client retransmits requests to the RADIUS server.
Example The following example of the retransmit command specifies five retries. console(config)#radius server host 192.143.120.123 console(config-auth-radius)#retransmit 5 show aaa servers Use the show aaa servers command to display the list of configured RADIUS servers and the values configured for the global parameters of the RADIUS servers. Syntax show aaa servers [accounting | authentication] [name [servername]] • accounting—This optional parameter will cause accounting servers to be displayed.
Field Description Configured Authentication Servers The number of RADIUS Authentication servers that have been configured. Configured Accounting Servers The number of RADIUS Accounting servers that have been configured. Named Authentication Server Groups The number of configured named authentication RADIUS server groups. Named Accounting Server Groups The number of configured named accounting RADIUS server groups. Timeout The configured timeout value, in seconds, for request retransmissions.
Field Description RADIUS Attribute 31 format A global parameter that indicates the format of the Calling-Station-ID attribute. Command History Introduced in version 6.2.0.1 firmware. Example console#show aaa servers IP address Type Port TimeOut Retran. DeadTime Source IP Prio.Usage ---------------- ----- ----- ------- ------- -------- ---------- ----- -----6.6.6.6 5.5.5.5 4.4.4.4 3.3.3.3 2.2.2.2 1.1.1.
test 6.6.6.6 1812 No switch-top#show aaa servers authentication name CoA-Server-1 RADIUS Server Name............................. CoA-Server-1 Current Server IP Address...................... 1.1.1.1 Number of Retransmits.......................... 3 Timeout Duration............................... 15 Deadtime....................................... 0 Port........................................... 3799 Source Interface............................... Default RADIUS Accounting Mode.........................
Default Configuration By default, the command displays authentication server statistics. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed for accounting servers: Field Description RADIUS Name of the accounting server. Accounting Server Name Server Host Address IP address of the host.
Field Description Timeouts The number of accounting timeouts on this server. Unknown Types The number of packets unknown type which were received from this server on accounting port. Packets Dropped The number of RADIUS packets received from this server on accounting port and dropped for some other reason. The following fields are displayed for authentication servers: Field Description RADIUS Server Name Name of the authenticating server. Server Host Address IP address of the host.
Field Description Timeouts The number of authentication timeouts to this server. Unknown Types The number of packets unknown type which were received from this server on the authentication port. Packets Dropped The number of RADIUS packets received from this server on authentication port and dropped for some other reason. Example console#show radius statistics accounting 192.168.37.200 RADIUS Accounting Server Name................. Host Address.................................. Round Trip Time......
source-ip Use the source-ip command in RADIUS Server Configuration mode to specify the source IP address to be used for communication with RADIUS servers. 0.0.0.0 is interpreted as a request to use the IP address of the outgoing IP interface. Syntax source-ip source • source — A valid source IP address. Default Configuration The IP address is of the outgoing IP interface.
Default Configuration The default value is 15 seconds. Command Mode RADIUS mode User Guidelines User must enter the mode corresponding to a specific RADIUS server before executing this command. Example The following example specifies the timeout setting for the designated RADIUS Server. console(config)#radius server host 192.143.120.123 console(config-radius)#timeout 20 usage Use the usage command in RADIUS mode to specify the usage type of the server.
Example The following example specifies usage type login. console(config)#radius server host 192.143.120.
TACACS+ Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches TACACS+ provides access control for networked devices via one or more centralized servers, similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ is based on the TACACS protocol (described in RFC1492) but additionally provides for separate authentication, authorization and accounting services.
show tacacs tacacs-server timeout – timeout key Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon. Syntax key [0|7] key-string no key • 0—The key string that follows is the unencrypted shared secret. The length is 1–128 characters. • 7—The key string that follows is the encrypted shared secret. The length is 256 characters.
Keys are always displayed in their encrypted form in the running configuration. In an Access-Request, encrypted passwords are sent using the RSA Message Digest algorithm (MD5). The encryption algorithm is the same across switches. Encrypted passwords may be copied from one switch and pasted into another switch configuration. Command History Updated in version 6.3.0.1 firmware. Example The following example sets the authentication encryption key.
Example The following example displays how to specify TACACS server port number 1200. console(config-tacacs)#port 1200 priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority. Syntax priority [priority] • priority — Specifies the priority for servers. 0 (zero) is the highest priority. (Range: 0–65535). Default Configuration If left unspecified, this parameter defaults to 0 (zero).
• ip-address — The name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following example displays TACACS+ server settings. console#show tacacs Global Timeout: 5 Server Address --------------10.254.24.
Default Configuration No TACACS+ host is specified. Command Mode Global Configuration mode User Guidelines To specify multiple hosts, multiple tacacs-server host commands can be used. TACACS servers are keyed by the host name, therefore it is advisable to use unique host names. Example The following example specifies a TACACS+ host. console(config)#tacacs-server host 172.16.1.
Default Configuration The default is an empty string. Command Mode Global Configuration mode User Guidelines The tacacs-server key command accepts any printable characters for the key except a question mark. Enclose the string in double quotes to include spaces within the key. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely.
Syntax tacacs-server source-interface { loopback loopback-id | vlan vlan-id } no tacacs-server source-interface • loopback-id — Identifies the loopback interface. • vlan-id — Identifies the VLAN. Default Configuration By default, the switch uses the assigned switch IP address as the source IP address for TACACS packets. This is either the IP address assigned to the VLAN from which the TACACS packet originates or a loopback interface IP address.
Syntax tacacs-server timeout [timeout] no tacacs-server timeout • timeout — The timeout value in seconds. (Range: 1–30) Default Configuration The default value is 5 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the timeout value as 30. console(config)#tacacs-server timeout 30 timeout Use the timeout command in TACACS Configuration mode to specify the timeout value in seconds.
User Guidelines This command has no user guidelines. Example This example shows how to specify the timeout value.
802.1x Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Local Area Networks (LANs) are often deployed in environments that permit the attachment of unauthorized devices. The networks also permit unauthorized users to attempt to access the LAN through existing equipment. In such environments, the administrator may desire to restrict access to the services offered by the LAN.
to be able to identify the short-comings in the configuration of a 802.1x authentication on the switch without affecting the network access to the users of the switch. There are three important aspects to this feature after activation: 1 To allow successful authentications using the returned information from authentication server.
mab request format dot1x timeout supptimeout show dot1x interface statistics dot1x max-reauth-req dot1x timeout tx-period show dot1x users dot1x max-req auth-type clear dot1x authentication– history dot1x max-users client dot1x guest-vlan dot1x port-control ignore dot1x unauth-vlan dot1x re-authenticate port show dot1x advanced dot1x reauthentication 802.
User Guidelines This command has no user guidelines. dot1x eapolflood This command enables the flooding of received IEEE 802.1x frames in the VLAN. Use the no form of the command to return the processing of EAPOL frames to the default. Syntax dot1x eapolflood no dot1x eapolflood Default Configuration By default, the switch does not forward received IEEE 802.1x frames, even if 802.1x is not enabled on the switch. This is the default behavior required by IEEE 802.1x-2010.
dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is auto or mac-based. If the control mode is not auto or mac-based, an error will be returned. Syntax dot1x initialize [interface interface-id] • interface-id—The port to be initialized. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command.
User Guidelines Authentication of a user via MAB will not occur until the “dot1x time-out guest-vlan-period” timer expires. When using MAB, configure the user name attributes with the supplicant MAC address using the mab request format command. Command History Updated syntax in version 6.5 firmware.
User Guidelines This command configures the RADIUS authentication protocol used for MAB devices connected to the interface. CHAP is not supported for TACACS authentication. The switch sends the following information to the RADIUS server for CHAP Access-Requests: 1–User-Name—MAC address of MAB device. 3–CHAP-Password = Encrypted User Name. 4–NAS-IP-Address—IP address of the switch. 5–NAS-Port—Our internal port number. 6–Service-Type is set to 10 (Call-Check).
Command History Command introduced in version 6.5 firmware. mab request format Use the mab request format command to configure the format of the MAC address sent in the User-Name attribute. Use the no form of the command to return the configuration to the default. Syntax mab request format attribute 1 groupsize {1 | 2 | 4 | 12} separator {- | : | .} [lowercase | uppercase] no mab request format attribute 1 • groupsize—The number of digits in a group. • separator—The separator between groups of digits.
18DBF225B2D4 4 - Upper 18DB-F225-B2D4 Command History Command introduced in version 6.5 firmware. dot1x max-reauth-req Use the dot1x max-reauth-req command in Interface Configuration mode to set the maximum number of times that the switch sends Extensible Authentication Protocol EAP-Request/Identity frames to which no response is received before restarting the authentication process. To return to the default setting, use the no form of the command.
dot1x max-req Use the dot1x max-req command to set the maximum number of times that the switch sends an Extensible Authentication Protocol EAP-Request frame to which no response is received, before restarting the authentication process. To return to the default setting, use the no form of this command. Syntax dot1x max-req count no dot1x max-req • count — Number of times that the switch sends an EAP-Request/Identity frame before restarting the authentication process.
dot1x max-users Use the dot1x max-users command in Interface Configuration mode to set the maximum number of clients supported on the port when MAC-based 802.1x authentication is enabled on the port. Use the no version of the command to reset the maximum number of clients supported on the port when MAC-based 802.1x authentication is enabled on the port. Syntax dot1x max-users users no dot1x max-users • users — The number of users the port supports for MAC-based 802.
Syntax dot1x port-control {force-authorized | force-unauthorized | auto | macbased} no dot1x port-control • auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client. VLAN assignment is allowed on the port if it is not configured in trunk mode. This is the default port-control authentication method. • force-authorized — Disables 802.
When configuring a port to use MAC-based authentication, the port must be in switchport general mode. Example The following command enables MAC-based authentication on port 1/0/2 console(config)# interface gigabitethernet 1/0/2 console(config-if-Gi1/0/2)# dot1x port-control mac-based dot1x re-authenticate Use the dot1x re-authenticate command to manually initiate a re-authentication of all 802.1x-enabled ports or the specified 802.1x-enabled port.
dot1x reauthentication Use the dot1x reauthentication command in Interface Configuration mode to enable periodic re-authentication of the client. To return to the default setting, use the no form of this command. Syntax dot1x reauthentication no dot1x reauthentication Default Configuration Periodic reauthentication is disabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
Default Configuration The default for this command is disabled. Command Mode Global Configuration mode User Guidelines Devices connected to interfaces on which IEEE 802.1X authentication is enabled will be required to authenticate before accessing network resources. This command enables 802.1X authentication on all interfaces, including uplinks. Use the interface mode dot1x port-control force-authorized command to disable 802.1X on an interface. This command enables local processing of IEEE 802.
Command Mode Global Configuration mode User Guidelines Monitor mode always allows access to network resources, even if authentication fails. Example The following command enables monitor mode. Clients are always authenticated in monitor mode.
User Guidelines During the quiet period, the switch does not accept or initiate any authentication requests. Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. To provide a faster response time to the user, enter a smaller number than the default.
User Guidelines The re-authentication process sends an authentication message (EAPRequest/Identity)to authenticated supplicants asking them to reauthenticate themselves. If a supplicant fails re-authentication, it is denied access to switch resources. Example The following example sets the number of seconds between re-authentication attempts to 300.
Example The following example sets the time for the retransmission to the authentication server to 3600 seconds. console(config-if-gi1/0/1)# dot1x timeout server-timeout 3600 dot1x timeout supp-timeout Use the dot1x timeout supp-timeout command to set the time that the switch waits for a response before retransmitting an Extensible Authentication Protocol (EAP-Request/Identity) frame to the client. To return to the default setting, use the no form of this command.
dot1x timeout tx-period Use the dot1x timeout tx-period command in Interface Configuration mode to set the number of seconds that the switch waits for a response to an Extensible Authentication Protocol EAP-Request/Identity frame from the client before resending the request. To return to the default setting, use the no form of this command.
auth-type Use this command to set the accepted authorization types for dynamic RADIUS clients. Use the no form of the command to set the authorization type to the default. Syntax auth-type { all | any |session-key} no auth-type • all—Selects all COA client authentication types. All authentication attributes must match for the authentication to succeed. • any—Selects any COA client authentication type. Any authentication attribute may match for the authentication to succeed.
client Use this command to enter the CoA client parameters. Syntax client {ip-address | hostname } [ server-key [0 | 7] key-string ] no client {ip-address | hostname } • ip-address—The IPv4 address of a CoA client. The IPv4 address is entered in dotted-quad notation. • hostname—The fully qualified domain name (FQDN) of a CoA client. Maximum length of a host FQDN is 255 characters. • server-key —Sets the shared secret to verify client COA requests for this server.
Command History Introduced in version 6.2.0.1 firmware. Example The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and 3.3.3.3 and CoA clients at 3.3.3.3, 4.4.4.4, and 5.5.5.5. It sets the front panel ports to use 802.1x MAC-based authentication. CoA is configured for two RADIUS servers located at 1.1.1.1 and 2.2.2.2 using a global shared secret and a third server using a server specific shared secret. CoA and disconnect requests are accepted from these servers.
ignore Use this command to set the switch to ignore certain authentication parameters from dynamic RADIUS clients. Use the no form of the command to restore checking of the specific authentication parameters as configured by the auth-type command. Syntax ignore {session-key | server-key} no ignore {session-key | server-key} • Session-key—Do not attempt to authenticate with the session key. • Server-key—Do not attempt to authenticate with the server key.
port Use this command to set the port on which to listen for CoA and disconnect requests from authorized dynamic RADIUS clients. Syntax port port–number no port • port-number—An integer in the range of 1025–65535 Default Configuration The default is port 3799. Command Modes Dynamic Radius Configuration User Guidelines Only one port may be defined and it is used to all RADIUS clients. Do not use a port number reserved for use by the switch.
Syntax server-key [0 | 7] key-string no server-key • 0—An unencrypted key is to be entered. • 7—An encrypted key is to be entered. • key-string—The key string in encrypted or unencrypted form. In encrypted form, it must be 256 characters in length. In unencrypted form, it may be up to 128 characters in length. Enclose the key string in quotes to use special characters or embedded blanks. Default Configuration By default, no global server key is configured.
console(config-if)# exit console(config)# radius server auth 1.1.1.1 console(config-auth-radius)#primary console(config-auth-radius)#exit console(config)# radius server auth 2.2.2.2 console(config-auth-radius)#exit console(config)# radius server auth 3.3.3.3 console(config-auth-radius)#key “That’s your secret.” console(config-auth-radius)#exit console(config)# radius server key “Keep it. Keep it.” console(config)# aaa server radius dynamic-author console(config-radius-da)# client 3.3.3.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If you do not use the optional parameters, the command displays the global dot1x mode, Dynamic VLAN Creation Mode, Monitor Mode, EAPOL Flood Mode, and the VLAN Assignment mode. Field Description Administrative Mode Indicates whether authentication control on the switch is enabled or disabled.
show dot1x authentication-history Use the show dot1x authentication-history command to display the dot1x authentication events and information during successful and unsuccessful dot1x authentication processes. The command is available to display all events, or events per interface, or only failure authentication events in summary or in detail. Syntax show dot1x authentication-history {interface-id | all} [failed-auth-only] [detail] • interface-id— Any valid interface.
Parameter Description Reason Actual reason behind the successful or failure authentication. Result Age Time since last result. Filter Name The name of the assigned filter (policy map). Example console#show dot1x authentication-history all detail Time Stamp.......................... Result Age.......................... Interface........................... MAC-Address......................... VLAN Assigned....................... VLAN Assigned Reason................ Filter Name.........................
show dot1x clients Use the show dot1x clients command to display 802.1x client information. The client information is displayed in summary or in detail. The command also displays the statistics of the number of clients that are authenticated using Monitor Mode and using 802.1x. Syntax show dot1x clients {interface–id | all} • interface–id—Any valid interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration.
Field Description Username The username representing the identity of the Supplicant. This field shows the username when the port control is auto or mac-based. If the port is Authorized, it shows the username of the current user. If the port is unauthorized it shows the last user that was authenticated successfully. Supp MAC Address The MAC-address of the supplicant Session Time The amount of time, in seconds, since the client was authenticated on the port.
Syntax show dot1x interface interface-id Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The command accepts Ethernet interface identifiers. Example console#show dot1x interface gigabitethernet 1/0/10 Administrative Mode............... Disabled Dynamic VLAN Creation Mode........ Disabled Monitor Mode......................
show dot1x interface statistics Use the show dot1x interface statistics command to display 802.1x statistics for the specified interface. Syntax show dot1x interface {gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} statistics Default Configuration This command has no default configuration.
Field Description EAP Request/ID Frames Transmitted The number of EAP Req/Id frames that have been transmitted by this Authenticator. EAP Request Frames Transmitted The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator. Invalid EAPOL Frames Received The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized.
Syntax show dot1x users [username username] • username — Supplicant username (Range: 1–64 characters) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays 802.1x users.
Syntax clear dot1x authentication–history [interface–id] • interface–id—Any valid interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example This examples clears all entries from the authentication log. console#clear dot1x authentication-history This example purges all entries for the specified interface from the authention log.
• vlan-id — The ID of a valid VLAN to use as the guest VLAN (Range: 14093). Default Configuration The guest VLAN is disabled on the interface by default. Command Mode Interface Configuration (Ethernet) mode User Guidelines If configured, the guest VLAN is the VLAN to which 802.1X unaware clients are assigned. Configure the guest VLAN before using this command. By default, the switch retries authentication one time before assigning a supplicant to the guest VLAN.
Command Mode Interface Configuration (Ethernet) mode User Guidelines It is recommended that the user set the dot1x timeout guest-vlan-period to at least three times the dot1x timeout tx-period timer so that at least three EAP Requests are sent, before assuming that the client is an 802.1X unaware client. An 802.1X unaware client is one that does not respond to EAPRequest/Identity frames and does not send EAPOL-Start or EAPResponse/Identity frames. Example The following example sets the 802.
User Guidelines By default, the switch will retry authentication one time before assigning a user to the unauthenticated VLAN. Configure the unauthenticated VLAN before using this command. Example The following example set the unauthenticated VLAN on port 1/0/2 to VLAN 20. console(config-if-Gi1/0/2)#dot1x unauth-vlan 20 show dot1x advanced Use the show dot1x advanced command to display 802.1x advanced features for the switch or for the specified interface.
console#show dot1x advanced Port Guest Unauthenticated VLAN Vlan ------------------------------Gi1/0/1 Disabled Disabled Gi1/0/2 10 20 Gi1/0/3 Disabled Disabled Gi1/0/4 Disabled Disabled Gi1/0/5 Disabled Disabled Gi1/0/6 Disabled Disabled console#show dot1x advanced gigabitethernet 1/0/2 Port --------Gi1/0/2 Guest VLAN --------10 Unauthenticated Vlan --------------20 Security Commands 1013
Captive Portal Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches The Captive Portal feature is a software implementation that blocks both wired and wireless clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users. Authenticated users must be validated against a database of authorized Captive Portal users before access is granted.
interface session-timeout locale verification Captive Portal Client Connection Commands captive-portal client deauthenticate show captive-portal interface client status show captive-portal client status show captive-portal interface configuration status show captive-portal configuration client status – Captive Portal Local User Commands clear captive-portal users user-logout no user user name show captive-portal user user password user group user session-timeout Captive Portal Status Comma
Captive Portal Global Commands authentication timeout Use the authentication timeout command to configure the authentication timeout. If the user does not enter valid credentials within this time limit, the authentication page needs to be served again in order for the client to gain access to the network. Use the “no” form of this command to reset the authentication timeout to the default.
Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#captive-portal console(config-cp)# enable Use the enable command to globally enable captive portal. Use the “no” form of this command to globally disable captive portal. Syntax enable no enable Default Configuration Captive Portal is disabled by default. Command Mode Captive Portal Configuration mode.
http port Use the http port command to configure an additional HTTP port for captive portal to listen for connections. Use the “no” form of this command to remove the additional HTTP port from monitoring. Syntax http port port-num no http port • port-num — The port number on which the HTTP server listens for connections (Range: 1025–65535). Default Configuration Captive portal only monitors port 80 by default.
• port-num — The port number on which the HTTPS server listens for connections (Range: 1025–65535). Default Configuration Captive portal listens on port 443 by default. Command Mode Captive Portal Configuration mode. User Guidelines The port number should not be set to a value that might conflict with other wellknown protocol port numbers used on this switch.
Example console#show captive-portal Administrative Mode....................... Operational Status........................ Disable Reason............................ CP IP Address............................. Disabled Disabled Administrator Disabled 1.2.3.4 show captive-portal status Use the show captive-portal status command to report the status of all captive portal instances in the system. Syntax show captive-portal status Default Configuration There is no default configuration for this command.
Captive Portal Configuration Commands The commands in this section are related to captive portal configurations. block Use the block command to block all traffic for a captive portal configuration. Use the “no” form of this command to unblock traffic. Syntax block no block Default Configuration Traffic is not blocked by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
• cp-id — Captive Portal ID (Range: 1–10). Default Configuration Configuration 1 is enabled by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-cp)#configuration 2 console(config-cp 2)# enable Use the enable command to enable a captive portal configuration. Use the no form of this command to disable a configuration.
group Use the group command to configure the group number for a captive portal configuration. If a group number is configured, the user entry (Local or RADIUS) must be configured with the same name and the group to authenticate to this captive portal instance. Use the no form of this command to reset the group number to the default. Syntax group group-number no group • group-number — The number of the group to associate with this configuration (Range: 1–10).
Default Configuration No interfaces are associated with a configuration by default. Command Mode Captive Portal Instance Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#interface gi1/0/2 locale The locale command is not intended to be a user command. The administrator must use the Web UI to create and customize captive portal web content.
name (Captive Portal) Use the name command to configure the name for a captive portal configuration. Use the no form of this command to remove a configuration name. Syntax name cp-name no name • cp-name — CP configuration name (Range: 1–32 characters). Default Configuration Configuration 1 has the name “Default” by default. All other configurations have no name by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#protocol http redirect Use the redirect command to enable the redirect mode for a captive portal configuration. Use the “no” form of this command to disable redirect mode. Syntax redirect no redirect Default Configuration Redirect mode is disabled by default. Command Mode Captive Portal Instance mode.
Syntax redirect-url url • url — The URL for redirection (Range: 1–512 characters). Default Configuration There is no redirect URL configured by default. Command Mode Captive Portal Instance mode. User Guidelines The administrator must enable redirect mode before executing this command. Example console(config-cp 2)#redirect-url www.dell.com session-timeout Use the session-timeout command to configure the session timeout for a captive portal configuration.
User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#session-timeout 86400 console(config-cp 2)#no session-timeout verification Use the verification command to configure the verification mode for a captive portal configuration. Syntax verification { guest | local | radius } • guest — Allows access for unauthenticated users (users that do not have assigned user names and passwords). • local — Authenticates users against a local user database.
Captive Portal Client Connection Commands captive-portal client deauthenticate Use the captive-portal client deauthenticate command to deauthenticate a specific captive portal client. Syntax captive-portal client deauthenticate macaddr • macaddr — Client MAC address. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode. User Guidelines There are no user guidelines for this command. Example console#captive-portal client deauthenticate 0002.BC00.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal client status Client MAC Address Client IP Address Protocol ------------------ ----------------- -------0002.BC00.1290 10.254.96.47 https 0002.BC00.1291 10.254.96.48 https 0002.BC00.1292 10.254.96.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal configuration client status CP ID CP Name Client MAC Address Client IP Address ----- --------------- ------------------ ----------------1 cp1 0002.BC00.1290 10.254.96.47 0002.BC00.1291 10.254.96.48 2 cp2 0002.BC00.1292 10.254.96.49 3 cp3 0002.BC00.1293 10.254.96.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal interface client status Client Client Intf Intf Description MAC Address IP Address ------ ----------------------------------- ----------------- --------------Gi1/0/1 Unit: 1 Slot: 0 Port: 1 Gigabit 0002.BC00.1290 10.254.96.47 0002.BC00.1291 10.254.96.48 Gi1/0/2 Unit: 1 Slot: 0 Port: 2 Gigabit 0002.BC00.1292 10.254.96.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal interface configuration status CP ID CP Name Interface Interface Description ----- -------- --------- -----------------------------------1 Default Gi1/0/1 Unit:1 Slot: 0 Port: 1 Gigabit .
Command Mode Privileged Exec mode. User Guidelines There are no user guidelines for this command. Example console#clear captive-portal users no user Use the no user command to delete a user from the local user database. If the user has an existing session, it is disconnected. Syntax no user user-id • user-id — User ID (Range: 1–128). Default Configuration There is no default configuration for this command. Command Mode Captive Portal Configuration mode.
Syntax show captive-portal user [user-id] • user-id — User ID (Range: 1–128). Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
Syntax user user-id group group-id • user-id — User ID (Range: 1–128). • group-id — Group ID (Range: 1–10). Default Configuration A user is associated with group 1 by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-cp)#user 1 group 3 user-logout Use the user-logout command in Captive Portal Instance mode to enable captive portal users to log out of the portal (versus having the session time out).
User Guidelines There are no user guidelines for this command. Example In this example, all classes of entries in the mac address-table are displayed. console(config)#captive-portal console(config-cp)#user 1 name asd console(config-cp)#configuration 1 console(config-cp 1)#user-logout console(config-cp 1)#no user-logout user name Use the user name command to modify the user name for a local captive portal user. Syntax user user-id name name • user-id — User ID (Range: 1–128).
user password Use the user password command to create a local user or change the password for an existing user. Syntax user user-id password {password | encrypted enc-password} • user-id — User ID (Range: 1–128). • password — User password (Range: 8–64 characters). • enc-password — User password in encrypted form. Default Configuration There are no users configured by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
• timeout — Session timeout. 0 indicates use global configuration (Range: 0–86400 seconds). Default Configuration The global session timeout is used by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
User Guidelines There are no user guidelines for this command. Example console#show captive-portal configuration 1 CP ID..................................... 1 CP Name................................... cp1 Operational Status........................ Disabled Disable Reason............................ Administrator Disabled Blocked Status............................ Not Blocked Configured Locales........................ 1 Authenticated Users.......................
CP Name................................... cp1 Operational Block Interface Interface Description Status Status --------- ---------------------------------------- ------------ --------Gi1/0/1 Unit: 1 Slot: 0 Port: 1 Gigabit - Level Disabled Blocked console#show captive-portal configuration 1 interface gi1/0/1 CP ID..................................... 1 CP Name................................... cp1 Interface................................. Gi1/0/1 Interface Description.....................
en show captive-portal configuration status Use the show captive-portal configuration status command to display information about all configured captive portal configurations or about a specific captive portal configuration. Syntax show captive-portal configuration [ cp-id ] status • cp-id — Captive Portal ID. Default Configuration There is no default configuration for this command.
Captive Portal User Group Commands user group Use the user group command to create a user group. Use the no form of this command to delete a user group. The default user group (1) cannot be deleted. Syntax user group group-id no user group group-id group-id — Group ID (Range: 1–10). Default Configuration User group 1 is created by default and cannot be deleted. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
Default Configuration There is no default configuration for this command. Command Mode Captive Portal Configuration mode User Guidelines The new group-id must already exist. Example console(config-cp)#user group 2 console(config-cp)#user 1 group 2 console(config-cp)#user group 2 moveusers 3 user group name Use the user group name command to configure a group name. Syntax user group group-id name name • group-id — Group ID (Range: 1–10). • name — Group name (Range: 1–32 alphanumeric characters).
Denial of Service Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches The Dell EMC Networking DoS capability supports a package of filters intended to provide network administrators the ability to reduce network exposure to common attack vectors. The following list shows the DoS attack detection Dell EMC Networking supports.
• – TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and – TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and – TCP Sequence Number = 0 or TCP Flags SYN and FIN set. TCP Offset: – • TCP SYN: – • TCP Flags FIN and URG and PSH set and TCP Sequence Number = 0. ICMP V6: – • TCP Flags SYN and FIN set. TCP FIN & URG & PSH: – • TCP Flag SYN set. TCP SYN & FIN: – • Checks for TCP header offset =1. Limiting the size of ICMPv6 Ping packets.
dos-control firstfrag Use the dos-control firstfrag command in Global Configuration mode to enable Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller than the configured value, the packets are dropped. Syntax dos-control firstfrag [size] no dos-control firstfrag • size —TCP header size. (Range: 0-255). The default TCP header size is 20. ICMP packet size is 512.
Syntax dos-control icmp [size ] no dos-control icmp • size — Maximum ICMP packet size. (Range: 0-16376). If size is unspecified, the value is 512. Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates the Maximum ICMP Packet Denial of Service protection with a maximum packet size of 1023.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates L4 Port Denial of Service protection. console(config)#dos-control l4port dos-control sipdip Use the dos-control sipdip command in Global Configuration mode to enable Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
dos-control tcpflag Use the dos-control tcpflag command in Global Configuration mode to enable TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP Flag SYN set and a source port less than 1024, having TCP Control Flags set to 0 and TCP Sequence Number set to 0, having TCP Flags FIN, URG, and PSH set and TCP Sequence Number set to 0, or having TCP Flags SYN and FIN both set, the packets are dropped.
no dos-control tcpfrag Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates TCP Fragment Denial of Service protection. console(config)#dos-control tcpfrag rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU on CoS queues 0 and 1.
Command Modes Global Configuration mode User Guidelines Unknown multicast and IPv4/IPv6 data packets destined to hosts in the connected networks on the router for which the MAC address is not resolved are trapped to CPU to trigger the ARP/neighbor discovery resolution of those hosts. When the ARP or neighbor table is filled, the switch cannot accommodate new entries. In this case, there is no value in receiving the unresolved IPv4/IPv6 packets.
status bytes ------ ---------free 1055653888 alloc 672153600 CPU Utilization: PID Name 5 Secs 60 Secs 300 Secs ---------- ------------------- -------- -------- -------1129 osapiTimer 0.09% 0.02% 0.01% 1137 bcmCNTR.0 0.19% 0.28% 0.30% 1142 bcmRX 18.00% 12.04% 11.10% 1155 bcmLINK.0 0.39% 0.37% 0.36% 1156 cpuUtilMonitorTask 0.09% 0.04% 0.04% 1170 nim_t 0.09% 0.07% 0.07% 1222 snoopTask 0.09% 0.02% 0.02% 1243 ipMapForwardingTask 27.30% 24.19% 29.06% 1257 tRtrDiscProcessingT 0.09% 0.01% 0.00% 1291 RMONTask 0.
Example The following example displays Denial of Service configuration information. console#show dos-control SIPDIP Mode...............................Disable First Fragment Mode.......................Disable Min TCP Hdr Size..........................20 TCP Fragment Mode........................ Disable TCP Flag Mode.............................Disable L4 Port Mode..............................Disable ICMP Mode.................................Disable Max ICMP Pkt Size.........................
storm-control broadcast Use the storm-control broadcast command to enable broadcast storm recovery mode for a specific interface. Use the no form of the command to disable storm control or to return the configuration to the default. Syntax storm-control broadcast [{level level| rate rate | action {shutdown | trap}] no storm-control broadcast [level| rate | action] • level— The configured rate as a percentage of link bandwidth (Range: 0100) • rate — The configured rate in packets per second.
Either the trap action or the shutdown action may be specified, but not both. The trap action issues a log message and a trap when the configured threshold is exceeded. Traffic exceeding the threshold is dropped. The shutdown action shuts down the interface, puts the interface into the Ddisable state, issues a log message (WARNING) and a trap. The operator may bring the port back into service using the no shutdown command.
Default Configuration By default, multicast storm control is not enabled on any interfaces. The default threshold for multicast traffic is 5% of link bandwidth. The default behavior is to rate limit (drop) traffic exceeding the configured threshold. The default action is no action. Command Mode Interface Configuration (Ethernet) mode, Interface Range mode User Guidelines Multicast storm control applies to unknown multicast (i.e.
console(config)#interface range gi1/0/1-24 console(config-if)#storm-control multicast level 20 console(config-if)#storm-control multicast action shutdown console(config-if)#exit storm-control unicast Use the storm-control unicast command in Interface Configuration mode to enable storm control for an interface. Unicast storm control limits the number of unicast destination lookup failures (DLFs). Use the no form of the command to disable unicast storm control or to return the configuration to the default.
Unicast storm control can issue a trap and drop packets in excess of the configured rate (level) or shut down the port when the rate is exceeded. Setting the level, rate or action enables storm control. The shutdown action disables the interface when a packet storm is detected. The trap action issues an SNMP trap to configured SNMP agents. Unicast storm control can only be enabled on Ethernet interfaces. It cannot be configured on port channels.
Management ACL Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches In order to ensure the security of the switch management features, the administrator may elect to configure a management access control list. The Management Access Control and Administration List (ACAL) component is used to ensure that only known and trusted devices are allowed to remotely manage the switch via TCP/IP.
deny (management) permit (management) management access-class show management access-class management access-list show management access-list no priority (management) – deny (management) Use the deny command in Management Access-List Configuration mode to set conditions for disallowing packets to flow to the switch management function.
• service service — Indicates service type. Can be one of the following: telnet, ssh, http, https, tftp, snmp, sntp, or any. The any keyword indicates that the service match for the ACL is effectively “don’t care”. • priority priority — Priority for the rule. (Range: 1–64) Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The active management access-list processes IPv4 TCP/UDP packets only. Packets for certain management protocols are allowed to pass to the CPU without processing by the management ACL list.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines A management access list is only supported on the switched interfaces. It is not supported on the out-of-band interface. This command enters the access-list configuration mode, where access conditions may be defined with deny and permit commands. If no match criteria are defined the default is to deny the packet (i.e., the packet is dropped).
console(config-macal)# exit console(config) # management access-class mlist no priority (management) Use the no priority command to remove a permit or deny condition from a Management Access list. Syntax no priority priority priority-value—The priority of the permit or deny rule to be removed. The range is 1 to 64. Default Configuration This command has no default configuration.
permit {gigabitethernet unit/slot/port | vlan vlan-id | port-channel portchannel-number | tengigabitethernet unit/slot/port |fortygigabitethernet unit/slot/port} [service service] [priority priority-value] permit service service [priority priority-value] permit priority priority-value • gigabitethernet unit/slot/port — A valid Gigabit Ethernet routed port number. • vlan vlan-id — A valid VLAN number. • port-channel port-channel-number — A valid port channel number.
If the priority-value is not specified when inputing a rule, the system assigns the lowest numbered unused priority-value in the range 1–64. If a rule is input with an existing priority-value, the original rule is overwritten. Examples The following example shows how to allow global access for two management interfaces, Gigabit Ethernet 1/0/1 and Gigabit Ethernet 1/0/9.
User Guidelines This command has no user guidelines. Example The following example displays the management access-list information. console# show management access-class Management access-class is enabled, using access list mlist show management access-list Use the show management access-list command to display management access-lists. Syntax show management access-list [name] • name — A valid access list name. (Range: 1–32 characters) Default Configuration This command has no default configuration.
Password Management Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches The Password Management component supports configuration of strength checks intended to ensure that network operators utilize passwords that are difficult to crack. In addition, the administrator can age passwords, ensure that operators do not reuse passwords, and lock out operator accounts when multiple attempts to enter incorrect passwords are detected.
logging in must enter the correct password within that count. Otherwise, that user is locked out form further remote switch access. Only an administrator with read/write access can reactivate that user. The user lockout feature is disabled by default. The user lockout feature applies to all users on all ports. The administrator can access the serial port even if he/she is locked out and reset the password or clear the config to regain control of the switch.
• Maximum number of consecutive numbers (such as 1234). • Maximum number of repetition of characters or numbers (such as 1111 or aaaa). Configuring minimum value of 0 for the above parameters means no restriction on that set of characters and configuring maximum of 0 means disabling the restriction (or no limit on the maximum number of course limited by minimum password length).
passwords aging Use the passwords aging command in Global Configuration mode to implement aging on passwords for local users. When a user’s password expires, the user is prompted to change it before logging in again. Use the no form of this command to set the password aging to the default value. Syntax passwords aging 1-365 no passwords aging Default Configuration The default value is 0. Command Mode Global Configuration mode User Guidelines A value of 0 days disables password aging.
Syntax passwords history 0-10 no passwords history Default Configuration The default value is 0. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the number of previous passwords remembered by the system at 10.
Command Mode Global Configuration mode. User Guidelines Password lockout only applies to users with authentication configured to local. RADIUS or TACACS authenticated users will use policies configured on the respective RADIUS/TACACS servers. Example The following example sets the number of user attempts before lockout at 2.
Example The following example configures user bob with password xxxyymmmm and user level 15. (config)# username bob password xxxyyymmm privilege 15 passwords strength-check Use the passwords strength-check command in Global Configuration mode to enable the Password Strength feature. The command is used to enable the checking of password strength during user configuration. Use the no form of the command to disable the Password Strength feature.
minimum strength check character classes if password strength checking is desired. Use the minimum character class check to require the user to enter a password that passes the minimum strength check for more than one minimum strength check character class. Minimum character class checking validates passwords that contain a character matching a configured character class.
User Guidelines This limit is not enforced unless the passwords strength minimum uppercase-letters command is configured with a value greater than 0. In other words, with a configuration of 0, a password consisting entirely of upper case letters will pass the minimum strength check criteria. Example console(config)#passwords strength minimum uppercase-letters 6 passwords strength minimum lowercase-letters Use this command to enforce a minimum number of lowercase letters that a password must contain.
passwords strength minimum numericcharacters Use this command to enforce a minimum number of numeric numbers that a password should contain. The valid range is 0–16. The default is 1. A minimum of 0 means no restriction on that set of characters. Use the no form of this command to reset the minimum numeric characters to the default value. Syntax passwords strength minimum numeric–characters 0–16 no passwords strength minimum numeric–characters Default Configuration The default value is 1.
Syntax passwords strength minimum special–characters 0–16 no passwords strength minimum special–characters Default Configuration The default value is 1. Command Mode Global Configuration User Guidelines This limit is not enforced unless the passwords strength minimum specialcharacters command is configured with a value greater than 0. In other words, a configuration of 0 allows a password consisting entirely of special characters to pass strength check validation.
Default Configuration The default value is 0. Command Mode Global Configuration User Guidelines This command has no user guidelines. Example console(config)#passwords strength max-limit consecutive-characters 3 passwords strength max-limit repeatedcharacters Use this command to enforce a maximum repeated characters that a password should contain. If password has repetition of characters more than the configured max-limit, it fails to configure. The valid range is 0-15. The default is 0.
Example console(config)# passwords strength max-limit repeated-characters 3 passwords strength minimum character-classes Use this command to enforce a minimum number of character classes that a password must contain. Character classes are uppercase letters, lowercase letters, numeric characters and special characters. The valid range is 0-4. The default is 0. If a value of 0 is configured then no character class checking is performed, i.e.
A value greater than 0 specifies the minimum number of character class tests a password must contain. A value of 0 disables checking that the password contains characters from the requisite number of character classes. Minimum character class checking validates passwords that contain at lease one character matching a character class. If minimum character class checking is enabled, a password must contain at least one character from a minimum number of character classes to be valid.
User Guidelines This command has no user guidelines. Example console(config)#passwords strength exclude-keyword dell enable password encrypted This command is used by an Administrator to transfer the enable password between devices without having to know the password. Syntax enable password password encrypted Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines The password parameter must be exactly 128 hexadecimal characters.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed by this command. Parameter Description Minimum Password Length Minimum number of characters required when changing passwords. Password History Number of passwords to store for reuse prevention. Password Aging Length in days that a password is valid. Lockout Attempts Number of failed password login attempts before lockout.
Parameter Description Minimum Password Character Classes Minimum number of character classes (uppercase, lowercase, numeric and special) required when configuring passwords. Password Exclude-Keywords Minimum number of character classes (uppercase, lowercase, numeric and special) required when configuring passwords. Example The following example displays the command output. console#show passwords configuration Passwords Configuration ----------------------Minimum Password Length........................
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the command output. console#show passwords result Last User whose password is set....................... dell Password strength check............................ Enable Last Password Set Result: Reason for failure: Could not set user password! Password should contain at least 4 uppercase letters.
SSH Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Management access to the switch is supported via telnet, SSH, or the serial console. The Dell EMC Networking supports secure shell (SSH) and secure sockets layer (SSL) to help ensure the security of network transactions. Keys and certificates can be generated externally (that is, offline) and downloaded to the target or generated directly by the Dell EMC Networking switch.
Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs: one public DSA key and one private DSA key. These keys are used the encrypt communication with the switch when using SSH or HTTPS. If your switch already has DSA keys when you issue this command, you are warned and prompted to replace the existing keys. Existing certificates generated from the previous keys will be invalidated.
Command Mode Global Configuration mode User Guidelines RSA keys are generated in pairs: one public RSA key and one private RSA key. These keys are used to encrypt communication with the switch when using SSH. If your switch already has RSA keys when you issue this command, you are warned and prompted to replace the existing keys. The keys are not saved in the switch configuration; they are saved in the file system and the private key is never displayed to the user.
Command Mode Global Configuration mode User Guidelines This public key is used to authenticate an administrator to the switch when using SSH. This avoids the need for the administrator to enter a password on every login. Enclose the key string is quotes. The Key String is the contents of the public key in uu-encoded format. Example The following example configures a public key for administrator bob, enables the SSH server, and enables public key authentication over SSH.
Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode. User Guidelines The SSH server requires the public and private keys RSA/DSA keys to operate. Example console(config)#crypto key zeroize pubkey-chain ssh user-key bob crypto key zeroize {rsa|dsa} Use the crypto key zeroize {rsa|dsa} command in Global Configuration mode to delete the RSA or DSA public and private keys from the switch.
The crypto key zeroize dsa command removes the following files: ssh_host_dsa_key ssh_host_dsa_key.pub Removing the keys does not terminate existing SSH sessions. Example console(config)#crypto key zeroize rsa ip ssh port Use the ip ssh port command in Global Configuration mode to specify the TCP port to be used by the SSH server. To use the default port, use the no form of this command. Syntax ip ssh port port-number no ip ssh port • port-number — Port number for use by the SSH server.
Example The following example specifies the port to be used by the SSH server as 8080. console(config)#ip ssh port 8080 ip ssh pubkey-auth Use the ip ssh pubkey-auth command in Global Configuration mode to enable public key authentication for incoming SSH sessions. To disable this function, use the no form of this command. Syntax ip ssh pubkey-auth no ip ssh pubkey-auth Default Configuration The function is disabled.
ip ssh server Use the ip ssh server command in Global Configuration mode to enable the switch to be configured using SSH. To disable this function, use the no form of this command. Syntax ip ssh server no ip ssh server Default Configuration The SSH server is disabled by default. Command Mode Global Configuration mode User Guidelines To generate SSH server keys, use the commands crypto key generate rsa and crypto key generate dsa commands. These keys are required to allow the SSH server to operate.
key-string Use the key-string SSH Public Key Configuration mode to specify an SSH public key manually. Syntax key-string key-string key-string row key-string • row — To specify the SSH public key row by row. • key-string — The UU-encoded DER format is the same format as the authorized keys file used by OpenSSH. Default Configuration By default, the key-string is empty.
Examples The following example shows how to enter a single public key string for a user called “bob.
dxUXEAiDHXcWHVr0R/ak1HDQitBzeEv1vVEToEn5ddLmRhtIgRdKUJHgBHJV R2VaSN/WC0IK53j9re4B11AE+O3qAxwJs0KD7cTkvF9I+YdiXeOM8VE4skkw AiyLDNVWXgNQ6iat8+8Mjth+PIo5t3HykYUCkD8B1v93nzi/sr4hHHJCdx7w wRW3QtgXaGwYt2rdlr3x8ViAF6B7AKYd8xGVVjyJTD6TjrCRRwQHgB/BHsFr z/Rl1SYa0vFjel/7/0qaIDSHfHqWhajYkMa4xPOtIye7oqzAOm1b76l28uTB luBEoLQ+PKOKMiK8sQ== Fingerprint(hex): 58:7f:5c:af:ba:d3:60:88:42:00:b0:2f:f1:5a:a8:fc Fingerprint(bubbleBabble): xodob-liboh-heret-tiver-dyrib-godac-pynah-muzytmofim-bihog-cuxyx show crypto key pubkey-chai
Username Fingerprint -------- ------------------------------------------------bob 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 john 98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:87:C8 The following example displays the SSH public called “dana.
------------- -------------------10.240.1.
Security Commands 1100
5 Audio Visual Bridging Commands Dell EMC Networking N4000 Series Switches This section of the document contains the following audio visual bridging commands: Multiple MAC Registration Protocol Commands Multiple Stream Reservation Protocol Commands Multiple VLAN Registration Protocol Commands 802.
Multiple MAC Registration Protocol Commands Dell EMC Networking N4000 Series Switches This section covers commands related to Multiple MAC Registration Protocol (MMRP). MMRP is an implementation of IEEE 802.1ak. MMRP supports registration of MAC address/VLAN pairs in support of Audio-Visual Bridging.
User Guidelines MMRP is not compatible the GMRP. Do NOT enable GMRP/GVRP on MMRP enabled switches. The clear counters command also clears all MMRP statistics for all interfaces in addition to clearing other counters. Command History Introduced in version 6.2.0.1 firmware. Example This example clears the MMRP counters on port channel 1 console#clear mmrp statistics po1 mmrp This command enables MMRP on a specific interface. Use the no form of the command to disable MMRP on an interface.
Enabling MMRP on a port channel associated Ethernet interface has no effect as long as the interface is a member of the port channel. MMRP must also be enabled globally in order to become operational. This command is only available on the Dell EMC Networking N4000 Series switches. Command History Introduced in version 6.2.0.1 firmware. Example This example enables MMRP on port channel 1.
IGMP snooping can interfere with MMRP/MVRP. Disable IGMP snooping if using MMRP/MVRP. MMRP propagates VLAN registration information to allow switches in the network to dynamically learn and configure VLANs. Refer to IEEE Std. 802.1Q-2005 and IEEE Std. 802.1Qbe-2010 for further information. In particular, MMRP must also be enabled on the individual interfaces to become operational. MMRP does not support configuration of default group filtering behavior.
User Guidelines The MMRP periodic state machine ages out unused MMRP entries. Use the show mmrp summary command to display the global MMRP administrative status. Command History Introduced in version 6.2.0.1 firmware. Example This example enables the MMRP periodic state machine. console(config)#mmrp periodic state machine show mmrp Use this command to display the MMRP configuration for an interface or globally.
Command History Introduced in version 6.2.0.1 firmware. Example console#show mmrp summary MMRP Global Admin Mode......................... Disabled MMRP Periodic State Machine.................... Disabled console#show mmrp interface Gi1/0/12 MMRP Interface Admin Mode......................
Command History Introduced in version 6.2.0.1 firmware. Example console#show mmrp statistics gi1/0/12 Port........................................... MMRP messages received......................... MMRP messages received with bad header......... MMRP messages received with bad format......... MMRP messages transmitted...................... MMRP messages failed to transmit...............
Multiple VLAN Registration Protocol Commands Dell EMC Networking N4000 Series Switches This section covers commands related to Multiple VLAN Registration Protocol (MVRP). MVRP is an implementation of IEEE 802.1ak in support of Audio-Video Bridging. Dell EMC Networking MVRP supports registration (dynamic VLAN creation) and propagation of VLAN membership information.
User Guidelines MVRP is not compatible with GVRP. Do not enable GMRP/GVRP on MVRP enabled switches. The clear counters command also clears all MVRP statistics for all interfaces in addition to clearing other counters. Command History Introduced in version 6.2.0.1 firmware. Example This example clears the MVRP counters on port channel 1 console#clear mmrp statistics po1 mvrp This command enables MVRP on a specific interface. Use the no form of the command to disable MVRP on an interface.
Enabling MVRP on a port channel associated interface has no effect as long as the interface is a member of the port channel. MVRP is not compatible with private VLAN configured interfaces. Do not enable GVRP on private VLAN enabled interfaces. MVRP must also be enabled globally in order to become operational. Command History Introduced in version 6.2.0.1 firmware.
MVRP propagates VLAN registration information to allow switches in the network to dynamically learn and configure VLANs. Refer to IEEE Std. 802.1Q-2005 and IEEE Std. 802.1Qbe-2010 for further information. In particular, MVRP must also be enabled on the individual interfaces to become operational. MVRP does not support configuration of default group filtering behavior. MVRP does not support the optional Registrar Administrative Control for VLANs.
Default Configuration By default, the MVRP periodic state machine is disabled globally. Command Mode Global Configuration User Guidelines The periodic state machine ages out MVRP created dynamic VLANs. Use the show mvrp summary command to display the global MVRP administrative status. Command History Introduced in version 6.2.0.1 firmware. Example This example enables the MVRP periodic state machine.
Command Mode Privileged Exec, Global Configuration, and all submodes User Guidelines MVRP is not compatible with GMRP. Do not enable GMRP/GVRP on MVRP enabled switches. Command History Introduced in version 6.2.0.1 firmware. Example The following shows example CLI display output for the command. console#show mvrp summary MVRP global state.............................. Disabled MVRP Periodic State Machine state.............. Disabled VLANs created via MVRP.........................
User Guidelines MVRP is not compatible with GMRP/GVRP. Do not enable GVRP on MMRP enabled switches. Command History Introduced in version 6.2.0.1 firmware. Example The following shows example CLI display output for the command. console#show mvrp statistics summary MVRP MVRP MVRP MVRP MVRP MVRP messages received......................... messages received with bad header......... messages received with bad format......... messages transmitted...................... messages failed to transmit...............
Multiple Stream Reservation Protocol Commands Dell EMC Networking N4000 Series Switches This section covers commands related to Multiple Stream Reservation Protocol (MSRP). MSRP supports registration of stream membership and resource reservation in support of Audio-Visual Bridging as defined by IEEE 802.1Qat and IEEE 802.1Qav. These commands are only available on the Dell EMC Networking N4000 Series switches.
Default Configuration This command has no defaults. Command Mode Privileged Exec User Guidelines The clear counters command also clears all MSRP statistics for all interfaces in addition to clearing other counters. Command History Introduced in version 6.2.0.1 firmware. Example This example clears the MSRP counters on interface Gi1/0/4 console#clear msrp statistics gi1/0/4 msrp (Interface) Use this command to enable MSRP on a specific interface.
MSRP must also be enabled globally in order to become operational. This command is only available on the N4000 Series switches. Command History Introduced in version 6.2.0.1 firmware. Example This example enables MSRP on interface Gi1/0/1 console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#msrp msrp boundary-propagate Use this command to configure the IEEE 802.1Qav boundary propagation. Use the no form of the command set the class configuration to the default.
Example This example administratively enables MSRP talker propagation from outside the domain. console(config)#no msrp global console(config)#msrp boundary-propagate console(config)#msrp global console(config)#show msrp summary MSRP Global Admin Mode......................... MSRP Talker Pruning............................ MSRP Maximum Fan-in Ports...................... MSRP Boundary Propagation...................... QAV class A priority........................... QAV class A remap priority..................
Command History Introduced in version 6.2.0.1 firmware. Example This example configure MSRP delta bandwidth for class A traffic on interface Gi1/0/3 to be 50% console(config)#interface gi1/0/3 console(config-if-Gi1/0/3)#msrp console(config-if-Gi1/0/3)#msrp delta-bw a 50 msrp global Use this command to globally enable MSRP. Use the no form of the command to globally disable MSRP. Syntax msrp global no msrp global Default Configuration By default, MSRP is disabled globally and on all interfaces.
MSRP is internally mapped onto multicast queues 2 and 3. Generally, unicast traffic does not use these queues except for destination lookup failures which are broadcast to all ports in the VLAN. Delay limits are not calculated to accommodate such traffic. Likewise, static configuration can place traffic onto the multicast queues and interfere with AVB traffic. Delay limits cannot be guaranteed in such cases. This command is only available on the N4000 Series switches.
User Guidelines This command configures the maximum number of ingress ports that are capable of transmitting into a single egress port (i.e., the maximum number of talker registrations on a switch). If the fan in is reduced below the number of active registrations, the switch attempts to remove the lowest priority registrations until the fan in limit is reached. Command History Introduced in version 6.2.0.1 firmware. Example This example configures the fan in to 14 interfaces.
Command Mode Interface Configuration, Interface range User Guidelines The VLAN must be configured on the interface is order to carry traffic. The interface must be configured to carry tagged traffic (i.e., trunk mode). MSRP must also be enabled globally in order to become operational. Command History Introduced in version 6.2.0.1 firmware.
• Class A : pcp = 3, remap = 1 • Class B : pcp = 2, remap = 1 Command Mode Global Configuration User Guidelines The IEEE802.1 Qav standard supports time-sensitive traffic streams by pacing all switch traffic, including legacy asynchronous Ethernet traffic, through queuing and forwarding. Dell EMC Networking switches support two stream reservation (SR) classes (A and B).
This example maps class B traffic onto user priority 3. console(config)#msrp srclassqav class b pcp 3 console(config)#show msrp summary MSRP Global Admin Mode......................... MSRP Talker Pruning............................ MSRP Maximum Fan-in Ports...................... MSRP Boundary Propagation...................... QAV class A priority........................... QAV class A remap priority..................... QAV class B priority........................... QAV class B remap priority..............
Command History Introduced in version 6.2.0.1 firmware. Example This example administratively enables MSRP source pruning. console(config)#no msrp global console(config)#msrp talker-pruning console(config)#msrp global console(config)#show msrp summary MSRP Global Admin Mode......................... MSRP Talker Pruning............................ MSRP Maximum Fan-in Ports...................... MSRP Boundary Propagation...................... QAV class A priority...........................
User Guidelines The following fields are displayed for the summary command. Field Description MSRP Global Admin Mode If MSRP global admin mode is enabled or disabled. MSRP Talker Pruning If MSRP talker pruning is enabled or disabled. MSRP Maximum Fan-in Ports The configured MSRP maximum fan-in ports value. MSRP Boundary Propagation If MSRP boundary propagation is enabled or disabled. QAV class A priority The class A priority for traffic class mapping.
MSRP QAV class B The allocated and total bandwidth allocated to MSRP bandwidth (allocated/total) QAV class B. MSRP total bandwidth The allocated and total bandwidth allocated to MSRP. QAV class A priority The class A priority for traffic class mapping. QAV class A remap priority The class A remap priority for traffic class mapping. QAV class B priority The class B priority for traffic class mapping. QAV class B remap priority The class B remap priority for traffic class mapping.
QAV class B remap priority..................... 1 console#show msrp interface Gi1/0/12 MSRP Interface Admin Mode...................... SRclassPVID.................................... MSRP class A Boundary port status.............. MSRP class B Boundary port status.............. MSRP QAV class A delta bandwidth............... MSRP QAV class A delta bandwidth............... MSRP class A bandwidth (allocated/total)....... MSRP class B bandwidth (allocated/total)....... MSRP total bandwidth (allocated/total)...
Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines Use the clear msrp statistics command to clear the MMRP counters. The clear counters command also clears all MSRP statistics for all interfaces in addition to clearing other counters. Command History Introduced in version 6.2.0.1 firmware.
Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines The following information is displayed for the summary command. Field Description MSRP messages received The number of MSRP messages that have been received. MSRP messages received with bad header The number of MSRP messages that have been received with a bad header. MSRP messages received with bad format The number of MSRP messages that have been received in a bad format.
MSRP failed registrations The number of MSRP failed registrations. Command History Introduced in version 6.2.0.1 firmware. Example console# show msrp statistics summary MSRP MSRP MSRP MSRP MSRP MSRP messages received......................... messages received with bad header......... messages received with bad format......... messages transmitted...................... messages failed to transmit............... Message Queue Failures....................
User Guidelines The following information is displayed for the detail command. Field Description Stream Talker ID The MSRP stream talker ID. Stream MAC Address The MSRP stream MAC address. Traff Class The MSRP traffic class. Stream TSpec The MSRP stream TSpec. Failure Code The MSRP failure code. Failure Intf The MSRP interface. Failure MAC Address The MSRP MAC address. Port The port interface. The following information is displayed for the summary command.
console#show msrp stream summary Stream ID ------41543 Stream MAC Address ----------------12:22:e1:65:a3:f8 Destination MAC Address ----------------01:00:00:80:42:01 Acc.
802.1AS Timesync Commands Dell EMC Networking N4000 Series Switches This section covers commands related to IEEE 802.1AS timesync. The Dell EMC Networking 802.1AS capability implements the 2008 PTP Version 2 of the IEEE 1588 protocol in support of Audio-Visual Bridging. Dell EMC Networking 802.1AS implements the best master clock algorithm to select a precise time source and to measure propagation delay accurately. Dell EMC Networking switches are not Grand Master clock capable.
Default Configuration This command has no defaults. Command Mode Privileged Exec. User Guidelines The clear counters command also clears all IEEE 802.1AS statistics for all interfaces in addition to clearing other counters. Command History Introduced in version 6.2.0.1 firmware. Example This example clears the 802.1AS counters on port channel 1 console#clear dot1as statistics po1 dot1as (Global Configuration) Use this command to globally enable IEEE 802.1AS.
User Guidelines IEEE 802.1AS propagates time information from master clocks and synchronizes internally with the clock in support of delivering streams to the destination device with the same relative timing as sampled at the source. All IEEE 802.1AS interfaces must reside on the same stack member. Propagation of timing information across a stack is not supported. IEEE 802.1AS must also be enabled on individual interfaces to become operational. This command is only available on the N4000 Series switches.
All IEEE 802.1AS interfaces must reside on the same stack member. Propagation of timing information across a stack is not supported. IEEE 802.1AS must also be enabled globally as well as on an interface to become operational. Command History Introduced in version 6.2.0.1 firmware. Example console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#dot1as dot1as priority Use this command to globally configure the priority 1 or priority 2 value.
IEEE 802.1AS propagates time information from master clocks and synchronizes internally with the clock in support of delivering streams to the destination device with the same relative timing as sampled at the source. While disabled, IEEE 802.1AS configuration is retained and can be changed, but is not operationally active. Command History Introduced in version 6.2.0.1 firmware. Example This example configures a switch as grand master capable.
Default Configuration By default, the announcement interval is 0. Command Mode Interface Configuration User Guidelines The initial log announcement interval is used to initialize the value of announce interval; it is the mean time interval between transmission of successive ANNOUNCE messages. The ANNOUNCE interval may be modified by the operation of the protocol (i.e.
Propagation Delay.............................. Port Role...................................... PDELAY Threshold............................... PDELAY lost responses allowed.................. Neighbor Rate Ratio............................ Initial Sync Interval.......................... Current Sync Interval.......................... Initial Pdelay Interval........................ Current Pdelay Interval........................ Initial Announce Interval...................... Current Announce Interval.......
Command History Introduced in version 6.2.0.1 firmware. Example This example configures the switch with an initial log sync interval of 3. console(config-if-Gi1/0/1)#dot1as interval sync 3 console(config-if-Gi1/0/1)#show dot1as interface gi1/0/1 AS Interface Admin Mode................... Enabled AS Capable................................ No Is Measuring Delay............................. No Propagation Delay.............................. 0 Port Role......................................
Command Mode Interface Configuration User Guidelines This value is the logarithm to the base 2 of the desired mean time interval between successive Pdelay_req messages sent by the link peer. IEEE 802.1AS must also be enabled globally as well as on an interface to become operational. Command History Introduced in version 6.2.0.1 firmware. Example This example configures the switch with an initial log sync interval of 3.
Syntax dot1as timeout announce expiries no dot1as timeout announce • expiries—The number of expiries with no received announce message on which the master is considered to be no longer transmitting. The range is 2–255. Default Configuration By default, the number of expiries is set to 3. Command Mode Interface Configuration User Guidelines IEEE 802.1AS must also be enabled globally as well as on an interface to become operational. Command History Introduced in version 6.2.0.1 firmware.
Initial Announce Interval...................... Current Announce Interval...................... Sync Receipt Timeout........................... Announce Receipt Timeout....................... 0 0 3 5 dot1as timeout sync Use this command to configure the number of sync intervals expiries with no received announce message in which case the master is considered to be no longer transmitting. Use the no form of the command to return the syncexpiries to the default.
Is Measuring Delay............................. Propagation Delay.............................. Port Role...................................... PDELAY Threshold............................... PDELAY lost responses allowed.................. Neighbor Rate Ratio............................ Initial Sync Interval.......................... Current Sync Interval.......................... Initial Pdelay Interval........................ Current Pdelay Interval........................ Initial Announce Interval.......
Command History Introduced in version 6.2.0.1 firmware. Example This example configures interface Gi1/0/4 to delay retiring the interface for 10 ms. console(config-if-Gi1/0/4)#dot1as pdelay-threshold 10000 console(config-if-Gi1/0/4)#show dot1as interface gi1/0/4 AS Interface Admin Mode................... Enabled AS Capable................................ No Is Measuring Delay............................. No Propagation Delay.............................. 0 Port Role......................................
Default Configuration By default, the number of expiries is set to three responses. If three Pdelay_Resp messages are received within that time, the port is considered to be no longer exchanging messages with the peer. Command Mode Interface Configuration User Guidelines IEEE 802.1AS must also be enabled globally as well as on an interface to become operational. Command History Introduced in version 6.2.0.1 firmware.
show dot1as Use this command to show the IEEE 802.1AS configuration for an interface or globally. Syntax show dot1as[ summary | interface [ interface-id | summary ] ] • summary—Show the global IEEE 802.1AS configuration. • interface-id—Show the IEEE 802.1AS configuration for the specified interface. • interface summary—Show the per interface IEEE 802.1AS configuration for all interfaces. Default Configuration The command has no defaults.
Grandmaster Change Count Specifies the number of GM change events occurred. Last Grandmaster Change Specifies the timestamp of the last GM change event. Timestamp The following information is displayed for the interface command. Field Description Intf Slot/port Mode IEEE 802.1AS interface admin mode (enabled/disabled) asCapable Indicates if the interface is asCapable. measuringPdelay Indicates if the interface is measuring PDELAY.
Initial Sync Interval Specifies the configured mean time interval between successive SYNC messages, in logarithm to base 2 format Current Pdelay interval Specifies the current mean time interval between successive PDELAY_REQ messages sent over a link, in logarithm to base 2 format. Current Announce Interval Specifies the current mean time interval between successive ANNOUNCE messages in logarithm to base 2 format.
Port Role...................................... PDELAY Threshold............................... PDELAY lost responses allowed.................. Neighbor Rate Ratio............................ Initial Sync Interval.......................... Initial Pdelay Interval........................ Initial Announce Interval...................... Current Sync Interval.......................... Current Pdelay Interval........................ Current Announce Interval...................... Sync Receipt Timeout............
User Guidelines Use the clear dot1as statistics or the clear counters command to clear the counters. Command History Introduced in version 6.2.0.1 firmware. Example #show dot1as statistics gi1/0/3 Port........................................... Gi1/0/3 Sync messages transmitted...................... 0 Sync messages received......................... 0 Followup messages transmitted.................. 0 Followup messages received..................... 0 Announce messages transmitted..................
Audio Visual Bridging Commands 1154
6 Data Center Technology Commands Dell EMC Networking N4000 Series Switches The data center commands allow network operators to deploy lossless Ethernet capabilities in support of a converged network with Fibre Channel and Ethernet data, as specified by the FC-BB-5 working group of ANSI T11. This capability allows operators to deploy networks at a lower cost while still maintaining the same SAN network management operations that exists today.
Data Center Bridging Commands Dell EMC Networking N4000 Series Switches NOTE: Enhanced Transmission Selection commands are only supported on N4000 series switches. CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models. Data Center Bridging Exchange Protocol The Data Center Bridging Exchange Protocol (DCBX) is used by DCB devices to exchange configuration information with directly connected peers.
In a typical switch or router, each Ethernet port supports one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria. When a packet is queued for transmission in a port, the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues of the port.
CoS queue configuration. The TCG scheduling and bandwidth enforcement occurs after the CoS queue scheduling and bandwidth enforcement is performed. Therefore all CoS queues mapped to the same TCG share the scheduling and bandwidth properties of the TCG. ETS Operations ETS provides an operational model for priority processing and bandwidth allocation for the switch in a Data Center Bridging environment.
The indirect mapping between the 802.1p priorities and the associated Traffic Class Group mapping is advertised by DCBX as part of ETS TLVs. For this indirect mapping to be valid, the following parameters need to be configured in addition to the configuration of the TCGs. 1 Configure 802.1p priority to CoS mapping for the ingress ports. 2 Enable Trust mode on the ingress ports to trust the 802.1p priority present in the frames.
DCBX can be used to detect misconfiguration of a feature between the peers on a link. Misconfiguration detection is feature-specific because some features may allow asymmetric configuration. • Peer configuration of DCB features DCBX can be used by a device to perform configuration of DCB features in its peer device if the peer device is willing to accept configuration.
Manual Ports operating in the Manual role do not have their configuration affected by peer devices or by internal propagation of configuration. These ports have their operational mode and TC and bandwidth information specified explicitly by the operator. These ports will advertise their configuration to their peer if DCBX is enabled on that port. Incompatible peer configurations will be logged and counted with an error counter.
1 If the configuration is compatible with the configuration source, then the DCBX client becomes operationally active on the upstream port. 2 If the configuration is not compatible with the configuration source, then a message is logged indicating an incompatible configuration, an error counter is incremented, and the DCBX client is operationally disabled on the port.
Configuration Source Port Selection Process When an auto-upstream or auto-downstream port receives a configuration from a peer, the DCBX client first checks if there is an active configuration source. If there is a configuration source already selected, the received configuration is checked against the local port operational values as received from the configuration source, and if compatible, the client marks the port as operationally enabled.
In order to reduce flapping of configuration information, if the configuration source port is disabled, disconnected or loses LLDP connectivity, the system clears the selection of configuration source port (if not manually selected) and enables the willing bit on all auto-upstream ports. The configuration on the auto-configuration ports is not cleared (configuration holdover).
Syntax datacenter-bridging Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines NOTE: This command is only available on N40xx series switches. Datacenter bridging mode is only available on Ethernet interfaces, not on port-channel interfaces. To ensure proper operation, users must configure all Ethernet interfaces in a port channel to have the same data-center bridging configuration.
Syntax lldp dcbx version {auto | cin | cee | ieee} no lldp dcbx version • auto—Automatically select the version based on the peer response. • CIN—Force the mode to Cisco-Intel-Nuova. (DCBX 1.0) • CEE—Force the mode to CEE (DCBX 1.06) • IEEE—Force the mode to IEEE 802.1Qaz Default Configuration The default version is auto. Command Mode Global Config User Guidelines NOTE: This command is only available on N40xx series switches.
for transmission. If executed in Interface mode, the interface configuration overrides the global configuration for that interface. Entering the command with no parameters enables transmission of all TLVs. Use the no form of the command to return the configuration to the default settings.
The following example globally configures all ports to not transmit any DCBX TLVs. console(config)#no dcb enable lldp dcbx port-role Use the lldp dcbx port-role command in Interface Configuration mode to configure the port role to manual, auto-upstream, auto-downstream and configuration source. The default port role is manual.
Default Configuration The default port role is manual. Command Mode Interface Config User Guidelines NOTE: This command is only available on N40xx series switches. In order to reduce configuration flapping, ports that obtain configuration information from a configuration source port will maintain that configuration for 2x the LLDP time out, even if the configuration source port becomes operationally disabled.
User Guidelines NOTE: This command is only available on N40xx series switches. This command has no user guidelines.
This command has no user guidelines. Example #1 DCBX Status: console# show lldp dcbx interface all status Config DCBX DCBX Frame TLV Interface Status Role Version Rx Tx Errors Dscrd Dscrd ---------- ------- -------- -------- ------ ------ ------ ------ ----te1/0/1 Enabled Auto-up CEE 1.06 Yes 32 37 0 0 te1/0/2 Enabled Auto-up IEEE 32 37 0 0 te2/0/1 Enabled Auto-dn CIN 1.0 32 37 0 0 te2/0/2 Enabled Auto-dn IEEE 32 37 0 0 te3/0/1 Enabled Auto-dn CIN 1.
Auto-configuration Port Role: Peer Is Configuration Source: Auto-downstream False Local Configuration: Type Subtype PFC(3) 000 PG(2) 000 APP(4) 000 Max/Oper Version 000 000 000 En/Will/Adv Y/Y/Y Y/Y/Y Y/Y/Y Number of TCs Supported: 3 Priority Group Id: 0:00 PG Percentage (%): 0:12 Strict Priority: 0:0 PFC Enable Vector: 0:0 1:01 1:10 1:2 1:1 2:02 2:12 2:0 2:0 3:03 3:00 3:0 3:0 4:04 4:00 4:0 4:0 5:05 5:66 5:0 5:0 6:06 6:00 6:0 6:0 7:07 7:00 7:0 7:0 Peer Configuration: Operation version: 00 Typ
Example #4 DCBX enabled – IEEE device (DCBX Version Forced): console# show lldp dcbx interface te1/0/1 Interface te1/0/1 DCBX Admin Status: Enabled Configured DCBX Version: CIN 1.0 Peer DCBX Version: CEE 1.6 Peer MAC: 00:23:24:A4:21:03 Peer Description: Cisco Nexus 5020 IOS Version 5.
Peer ETS Configuration: Willing: False Peer ETS Detected: Traffic Classes Supported: 8 Priority Assignment: 0:0 Traffic Class Bandwidth: 0:00 Traffic Selection Algorithm: 0:0 Peer ETS Recommendation: Traffic Class Bandwidth: 0:0 Traffic Selection Algorithm: 0:0 True Credit Shaper: True 1:1 2:1 3:0 4:0 5:1 6:0 7:0 1:10 2:12 3:00 4:00 5:78 6:00 7:00 1:1 2:2 3:0 4:0 5:3 6:0 7:0 1:1 1:1 2:2 2:2 3:0 3:0 4:0 4:0 5:3 5:3 6:0 6:0 7:0 7:0 Peer Application Priority Type Application Priority ----------------
Default Configuration By default, all the traffic classes are mapped to TCG 0. In the default configuration, all the Traffic Classes are grouped as one Traffic Class Group and TCG0 is configured as weighted round robin. Command Mode Global Config, Interface Configuration modes User Guidelines NOTE: This command is only available on N40xx series switches.
traffic-class-group max-bandwidth Use this command in Global Config or Interface Configuration mode to specify the maximum transmission bandwidth limit for each TCG as a percentage of the interface rate. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bound. Syntax traffic-class-group max-bandwidth bw-0 bw-1 … bw-n no traffic-class-group max-bandwidth • bw-0..
If a non-zero value is specified for any bw-x maximum bandwidth parameter, it must not be less than the current minimum bandwidth value for the corresponding queue. A bw-x maximum bandwidth parameter value of 0 may be specified at any time without restriction. The maximum bandwidth limits may be used with either a weighted or strict priority scheduling scheme.
User Guidelines NOTE: This command is only available on N40xx series switches. This command specified in Interface Configuration mode only affects a single interface, whereas the Global Configuration mode setting is applied to all interfaces. The Interface Configuration mode command is only available on the N4000 series switches. Each bw-x value is a percentage that ranges from 0 to 100 in increments of 1.
Syntax traffic-class-group strict tcg-id [tcg-id … tcg-id] no traffic-class-group strict • tcg-id—The TCG identifier. Range is 0 to 2 Default Configuration The default scheduling mode for all TCGs is weighted scheduling. Command Mode Global Configuration mode, Interface Configuration mode User Guidelines NOTE: This command is only available on N40xx series switches.
Example The following example demonstrates how to set TCGs 1 and 2 to strict priority scheduling. console(config)# traffic-class-group strict 1 2 traffic-class-group weight Use the traffic-class-group weight command in Global Config or Interface Configuration mode to specify the scheduling weight for each TCG.
The weight percentage is not considered for Traffic Class Groups that are configured for strict priority scheduling. Auto-configuration ports utilize the weights received from the auto-configuration source but do no alter the manual settings. Manually configured ports enabled for DCBX transmit the manually configured weights in the TC Bandwidth table in the ETS TLVs. Each wp-x (weight percentage) value is a percentage that ranges from 0 to 100 in increments of 1.
Traffic class group 7 is reserved by the system and is not shown. Auto-configuration ports utilize the traffic class group mappings received from the auto-configuration source. Manually configured ports enabled for DCBX transmit the traffic class groups in the ETS TLVs.
User Guidelines The interface-id parameter is optional. The following information is displayed: Field Description Congestion drops Packets dropped due to congestion. This includes packets that exceeded an upper WRED threshold and packet dropped by WRED. ECN marked packets are not counted as dropped. Tx Queue The instantaneous number of cells queued for egress on the interface. Cells are 208 bytes. Rx Queue The instantaneous number of cells queued for ingress on the switch. Cells are 208 bytes.
Gi1/0/3 0 0 0 0 0 0 show interfaces traffic-class-group Use the show interfaces traffic-class-group command to display the Traffic Class to Traffic Class Group mapping. Syntax show interfaces traffic-class-group [interface-id] • interface-id—A valid Ethernet interface specifier. Default Configuration The default is to show the global traffic class group configuration. Command Mode Privileged Exec mode User Guidelines NOTE: This command is only available on N40xx series switches.
Field Description Max-Bandwidth The maximum transmission bandwidth g, expressed as a percentage. A value of 0 means no upper limit is enforced, so the queue may use any or all of the available bandwidth of the interface. This is a configured value. Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme. Strict priority scheduler is to provide lower latency to the higher CoS classes of traffic.
OpenFlow Commands Dell EMC Networking N2000/N2100-ON/N3000/N3100/N4000 Series Switches The OpenFlow feature configures the switch to be managed by a centralized OpenFlow Controller using the OpenFlow protocol. Openflow is not supported in a stacking environment. The OpenFlow agent has been validated with the Helium release of OpenDaylight (ODL).
Default Configuration No controllers are configured by default. Command Mode OpenFlow Configuration User Guidelines If connection to the controller over an interface other than the OOB interface is desired, use the OpenFlow mode command prior to issuing this command. Issuing the mode command after a connection has been established drops the connection. The connections are then re-attempted over the new interface as specified by the mode command.
console(config-of-switch)#controller ipv4 1.2.3.4 port 3435 security ssl hardware profile openflow Use the hardware profile openflow command to select the forwarding mode for the OpenFlow hybrid capability. Use the no form of the command to select the default forwarding capability. Syntax hardware profile openflow { full-match | layer2-match } no hardware profile openflow • full-match—Perform full matching when configured in OpenFlow 1.0 mode.
Command History Introduced in version 6.3.0.1 firmware. Example The following example configures OpenFlow 1.0 full matching, configures a connection to the controller at IPv4 address 1.2.3.4 TCP port 3435 using SSL security, and enables OpenFlow 1.0 on the switch. console(config)#hardware profile openflow full-match console(config)#openflow WARNING! OpenFlow does not operate on stack members. Enable OpenFlow on stand-alone switches only. console(config-of-switch)#controller ipv4 1.2.3.
User Guidelines This command configures the switch with a static IPv4 address. The switch must be configured in static mode in order to use the configured static address. Only IPv4 addresses are supported for OpenFlow controllers. OpenFlow operates on the stack master only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported. OpenFlow should only be enabled on stand-alone switches and should not be enabled on stacks of switches. This restriction is not enforced.
mode Use the mode command to configure the selection of interfaces used to assign the IP address utilized for controller connections. Use the no form of the command to return the setting to the default. Syntax mode { auto | static | oob } no mode • auto—Automatically select the switch IP address • static—Use the configured static IP address • oob—Use the OOB interface IP address Default Configuration By default, the switch selects an IP address automatically (auto mode).
Once the IP address is selected, it is used until the interface goes down or the OpenFlow feature is disabled or, in case of automatic address selection, a more preferred interface becomes available. Only IPv4 addresses are supported for OpenFlow controllers. Changing the mode causes the connections to controllers to be dropped, and if properly configured, re-established.
WARNING! OpenFlow does not operate on stack members. Enable OpenFlow on stand-alone switches only. console(config-of-switch)#controller ipv4 1.2.3.4 port 3435 security ssl console(config-of-switch)#mode auto console(config-of-switch)#exit openflow Use the openflow command to enable OpenFlow on the switch (if disabled) and enter into OpenFlow configuration mode. Use the exit command to return to Global Configuration mode.
OpenFlow operates on the stack master only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported. OpenFlow should only be enabled on stand-alone switches and should not be enabled on stacks of switches. This restriction is not enforced. Command History Introduced in version 6.3.0.1 firmware. Example This example enables OpenFlow 1.3 on a switch and configures a connection the controller at IPv4 address 1.2.3.4 TCP port 3435 using SSL security.
User Guidelines This command configures the switch to accept a connection request from a controller. When passive mode is enabled, the switch accepts TCP connections to ports 6632 and 6633 respectively using any switch IP address. In this mode, the switch continues to attempt to initiate connections to configured controllers. The OpenFlow component always initiates the SSL connections and does not accept SSL connections. OpenFlow operates on the stack master only.
Syntax protocol-version { 1.0 | 1.3 } no protocol-version • 1.0—Operate in OpenFlow 1.0 mode • 1.3—Operate in OpenFlow 1.3 mode Default Configuration By default, the switch operates in OpenFlow 1.3 mode. Command Mode OpenFlow Configuration User Guidelines If the administrator changes the OpenFlow variant while the OpenFlow feature is enabled, the switch automatically disables and re-enables the OpenFlow feature causing all flows to be deleted and connections to the controllers to be dropped.
console(config-of-switch)#controller ipv4 1.2.3.4 port 3435 security ssl show openflow Use the show openflow command to display OpenFlow configuration and status.
Parameter Description Disable Reason If the OpenFlow feature is operationally disabled then this status shows the reason for the feature to be disabled. IP Address IPv4 Address assigned to the feature. If the IP address is not assigned then the status is ‘None’. IP Mode IP mode assigned by the ‘openflow ip-mode’ command. The IP Mode can be “Auto”, “Static” or “ServicePort IP” Static IP Address Static IP address assigned by the ‘openflow static-ipaddress’ command.
Parameter Description Waiting for Space Entries Number of entries that are not currently in the hardware because the attempt to insert the entry failed. Flow Insertion Count. Total number of flows that were added to this table since the switch powered up. Flow Deletion Count. Total number of flows that were deleted from this table since the switch powered up. Insertion Failure Count. Total number of hardware insertion attempts that were rejected due to lack of space since the switch powered up.
Parameter Description Action The action specified by the flow. Duration The time since the flow was created Idle The time since the flow was hit. Installed in hardware Shows 0 if for some reason the flow could not be added in the hardware. Command History Introduced in version 6.3.0.1 firmware. Example This output shows an operationally disabled switch: console#show openflow Administrative Mode............................ Administrative Status.......................... Disable Reason.............
This example shows the output for OpenFlow 1.0 using the switch tables parameter: console#show openflow switch tables Flow Table...............................1 Flow Table Name..........................Forwarding Database Maximum Size.............................64 Number of Entries........................8 Hardware Entries.........................7 Software-Only Entries....................1 Waiting for Space Entries................0 Flow Insertion Count.....................1 Flow Deletion Count............
The following example shows the output when the switch groups parameter is given: console#show openflow switch groups Max Indirect Group Entries......................................... Current Indirect Group Entries in database......................... 1234 123 Max All Group Entries.............................................. Current All Group Entries in database.............................. 1234 123 Max Select Group Entries...........................................
Bucket Index Src MAC VLAN 28 : Output Port NA : Dst MAC NA : Reference Group Id NA NA 12345678 Bucket Index Src MAC VLAN 29 : Output Port NA : Dst MAC NA : Reference Group Id NA NA 12345678 Bucket Index Src MAC VLAN 30 : Output Port NA : Dst MAC NA : Reference Group Id NA NA 12345678 This examples shows the output for OpenFlow 1.
Duration (secs): Packet Count: 5 3 Idle (secs): 2 HW Priority: 65464 In HW: Yes Flow 000001F9 type “1DOT3” Match Criteria: Flow Table: 60 Ingress port: Gi1/0/1 VLAN ID: 1 Src MAC: 00:00:02:37:38:01 Dst MAC: 00:00:18:37:22:01 IP Protocol: 17 Action: Duration (secs): 2 Packet Count: 9879 Priority: 10 Egress Port: Gi1/0/1 VLAN PCP: 1 Src IP: 100.0.1.249 Dst IP: 192.0.1.
Priority Flow Control Commands Dell EMC Networking N4000 Series Switches Priority Flow Control (PFC) provides a means of pausing frames based on individual priorities on a single physical link. By pausing the congested priority or priorities independently, protocols that are highly loss sensitive can share the same link with traffic that has different loss tolerances with less congestion spreading than standard flow control. The priorities are differentiated by the priority field of the 802.1Q VLAN header.
The effective default behavior on an interface enabled for PFC without a nodrop priority is that no flow control (legacy or PFC) is enabled. If the user enables PFC but does not create any no-drop priorities, the interface will not be lossless. Changing the drop and no-drop capabilities on an interface, either in flow control or priority flow control, may require that all ports briefly drop link. The priority to flow control group cannot be changed while traffic is running. When 802.
Default Configuration Priority-flow-control mode is off (disabled) by default. Command Mode Datacenter-Bridging Configuration mode User Guidelines NOTE: This command is only available on N40xx series switches. PFC must be enabled before FIP snooping can operate over the interface. Use the no form of the command to return the mode to the default (off). VLAN tagging (trunk or general mode) must be enabled on the interface in order to carry the 802.1p value through the network.
Syntax priority-flow-control priority priority-list {drop | no-drop} no priority-flow-control priority • drop—Disable lossless behavior on the selected priorities. • no-drop—Enable lossless behavior on the selected priorities. • priority-list —A list of IEEE 802.1p priorities (up to two) which are to be configured as lossless. Default Configuration The default behavior for all priorities is tail-drop.
Syntax clear priority-flow-control statistics [ethernet interface ] • interface — A valid Ethernet port. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example #1 console#clear priority-flow-control statistics tengigabitethernet 1/0/1 Example #2 console#clear priority-flow-control statistics show interfaces priority-flow-control Use the show interfaces priority-flow-control command to display the global or interface priority flow control status and statistics.
Interface Detail:te1/0/1 PFC Configured State: Disabled PFC Operational State: Enabled Configured Drop Priorities: 2-7 Operational Drop Priorities: 2-7 Configured No-Drop Priorities: 0-1 Operational No-Drop Priorities:0-1 Delay Allowance: 32456 bit times Peer Configuration Compatible: True Compatible Configuration Count: 3 Incompatible Configuration Count: 1 Priority Received PFC Frames Transmitted PFC Frames -------- -------------------------------------00 0 10 0 20 0 30 0 40 0 50 0 60 0 70 0 console#show
Te1/0/19 Te1/0/20 Te1/0/21 Te1/0/22 Te1/0/23 Te1/0/24 0-7 0-7 0-7 0-7 0-2,4-7 0-7 3 Inactive Inactive Inactive Inactive Active Inactive Data Center Technology Commands 1211
Data Center Technology Commands 1212
Layer 3 Routing Commands 7 The sections that follow describe commands that conform to the OSI model’s Network Layer (Layer 3). Layer 3 Routing commands enable routing protocols to perform a series of exchanges over various data links to route data between any two nodes in a network. These commands define the addressing and routing structure of the Internet. The Dell EMC N1100-ON Series switches do not support routing.
ARP Commands Dell EMC Networking N1500/N2000/N2100-ON/N3000/N3100ON/N4000 Series Switches When a host has an IP packet to send on an Ethernet network, it must encapsulate the IP packet in an Ethernet frame. The Ethernet header requires a destination MAC address. If the destination IP address is on the same network as the sender, the sender uses the Address Resolution Protocol (ARP) to determine the MAC address associated with destination IP address.
ARP Aging Dynamic entries in the ARP cache are aged. When an entry for a neighbor router reaches its maximum age, the system sends an ARP request to the neighbor router to renew the entry. Entries for neighbor routers should remain in the ARP cache as long as the neighbor continues to respond to ARP requests. ARP cache entries for neighbor hosts are renewed more selectively.
Syntax arp [vrf vrf-name]ip-address hardware-address [ interface interface-id] no arp ip-address • vrf-name—The name of the VRF with which the ARP entry is to be associated. If no VRF is specified, the ARP entry is associated with the global ARP table. • ip-address — IP address of a device on a subnet attached to an existing routing interface. • hardware-address — A unicast MAC address for that device. • interface-id—An optional IP unnumbered (VLAN) interface identifier.
Example The following example creates an ARP entry consisting of an IP address and a MAC address. console(config)#arp 192.168.1.2 00A2.64B3.A245 arp cachesize Use the arp cachesize command in Global Configuration mode to configure the maximum number of entries in the ARP cache. To return the maximum number of ARP cache entries to the default value, use the no form of this command. Syntax arp cachesize integer no arp cachesize • integer — Maximum number of ARP entries in the cache.
arp dynamicrenew Use the arp dynamicrenew command in Global Configuration mode to enable the ARP component to automatically renew dynamic ARP entries when they age out. To disable the automatic renewal of dynamic ARP entries when they age out, use the no form of the command. Syntax arp dynamicrenew no arp dynamicrenew Default Configuration The default state is enabled.
cache capacity, enabling dynamic renew could prevent some neighbors from communicating because the ARP cache is full. Dynamic renewal should be disabled in these networks. Example console#configure console(config)#arp dynamicrenew console(config)#no arp dynamicrenew arp purge Use the arp purge command to cause the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command.
The interface identifier is the identifier of the unnumbered interface, not the loopback interface from which the IP address is borrowed. When the IP address does not uniquely identify an ARP entry, the interface must be given to uniquely identify the ARP entry. The interface may be numbered or unnumbered. Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.
arp retries Use the arp retries command in Global Configuration mode to configure the ARP count of maximum requests for retries. To return to the default value, use the no form of this command. Syntax arp retries integer no arp retries • integer — The maximum number of requests for retries. (Range: 0-10) Default Configuration The default value is 4 retries. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Default Configuration The default value is 1200 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout. console(config)#arp timeout 900 clear arp-cache Use the clear arp-cache command to remove all ARP entries of type dynamic from the ARP cache. Syntax clear arp-cache [vrf vrf-name] [gateway] • vrf-name—The name of the VRF instance on which the command operates.
Example The following example clears all entries ARP of type dynamic, including gateway, from ARP cache. console#clear arp-cache gateway clear arp-cache management Use the clear arp-cache management command to clear all entries that show as management arp entries in the show arp command. Syntax clear arp-cache management Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
ip local-proxy-arp Use the ip local proxy-arp command in Interface Configuration mode to enable proxying of ARP requests. This allows the switch to respond to ARP requests within a subnet where routing is not enabled. Syntax ip local-proxy-arp no ip local-proxy-arp Default Configuration Proxy arp is disabled by default. Command Mode Interface (VLAN) Configuration User Guidelines This command has no user guidelines. Example This example enables proxying of ARP requests on VLAN 10.
Syntax ip proxy-arp no ip proxy-arp Default Configuration Enabled is the default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The ip proxy-arp command is not available in interface range mode. Example The following example enables proxy arp for VLAN 15. (config)#interface vlan 15 console(config-if-vlan15)#ip proxy-arp show arp Use the show arp command to display all entries in the Address Resolution Protocol (ARP) cache.
Command Mode User Exec and Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The show arp command will display static (user-configured) ARP entries regardless of whether they are reachable over an interface or not. The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N3100/N4000 series switches. Example The following example shows show arp command output.
Bidirectional Forwarding Detection Commands Dell EMC Networking N3000/N3100/N4000 Series Switches Bidirectional Forwarding Detection (BFD) verifies bidirectional connectivity between forwarding engines, which can be a single hop or multiple hops away. The protocol works over any underlying transmission mechanism and protocol layer with a wide range of detection times, especially in scenarios where fast failure detection is required in data plane level for multiple concurrent sessions.
Command Mode Global Configuration User Guidelines BFD supports fast detection of forwarding failures on a routing interface. BFD provides an advantage for forwarding plane failure detection over that provided by the individual protocols, each having different hello protocol timers and detection periods. The BFD feature provides notification to BGP or OSPF when an interface is detected to not be in a forwarding state. No other routing protocols are supported. BFD is supported in the default VRF only.
Syntax bfd echo no bfd echo Default Configuration BFD echo mode is not enabled by default. Command Mode Interface (VLAN) Configuration and Interface (VLAN) range mode. User Guidelines BFD echo mode enables fast sending and turnaround of BFD echo packets. Use the bfd slow-timer command to adjust the sending of BFD control plane packets when BFD echo mode is enabled. Command History Introduced in version 6.2.0.1 firmware.
• transmit-interval—Refers to the desired minimum transmit interval, which is the minimum interval the user wants to use while transmitting BFD control packets. It is represented in milliseconds. Its range is 100 ms to 1000 ms with a change granularity of 100 ms and with a default value of 100 ms. • minimum-receive-interval—Refers to the required minimum receive interval, which is the minimum interval at which the system can receive BFD control packets. It is represented in milliseconds.
console(config-if-vlan100)#bfd interval 100 min_rx 100 multiplier 5 console(config-if-vlan100)#exit console(config)#interface te1/0/1 console(config-if-Te1/0/1)#switchport mode trunk bfd slow-timer This command configures the BFD periodic slow transmission interval for BFD Control packets. Use the no form of the command to return the slow transmission interval value to the default. Syntax bfd slow-timer receive-interval no bfd slow-timer • receive-interval—The slow transmission interval.
ip ospf bfd Use the ip ospf bfd command to enable sending of BFD events to OSPF on a VLAN routing interface. Use the no form of the command to disable sending of BFD events. Syntax ip ospf bfd no ip ospf bfd Default Configuration BFD is not enabled by default. Command Mode Interface (VLAN) Configuration mode User Guidelines BFD processing notifies OSPF of L3 connectivity issues with the peer. The interface must be a VLAN interface enabled for routing.
ipv6 ospf bfd Use the ipv6 ospf bfd command to enable sending of BFD events to OSPF on a VLAN routing interface. Use the no form of the command to disable sending of BFD events. Syntax ipv6 ospf bfd no ipv6 ospf bfd Default Configuration BFD is not enabled by default. Command Mode Interface (VLAN) Configuration mode User Guidelines BFD processing notifies OSPFv3 of level 3 connectivity issues with the peer. The interface must be a VLAN interfaced enabled for routing.
neighbor fall-over bfd This command enables BFD support for a BGP neighbor. Use the no form of the command to disable BFD for the specified BGP neighbor. Syntax neighbor{ ipv4-address | ipv6-address [interface vlan vlan-id ] fall-over bfd no neighbor { ipv4-address | ipv6-address [interface vlan vlan-id ] fall-over bfd interval • ipv4-address—The IPv4 address of a configured neighbor reachable over a VLAN routing interface expressed in dotted quad notation.
Syntax show bfd neighbor [details] [ip-address] • details—Display additional information regarding each BFD neighbor, including sent and received message counts. • ip-address—The IPv4 or IPv6 address of a BFD neighbor. Limits the output to the specific neighbor. Default Configuration There is no default configuration for this command.
Parameters Description Registered Protocol The protocol from which the BFD session was initiated and that is registered to receive events from BFD. (for example, BGP). Local Diag The diagnostic state specifying the reason for the most recent change in the local session state. Demand mode Indicates if the system wishes to use Demand mode. Note: Demand mode is not supported in Dell 6.0 8.0, Minimum transmit interval The minimum interval to use when transmitting BFD control packets.
Local IP address............................... Neighbor IP address............................ State.......................................... Interface...................................... Uptime......................................... Registered Protocol............................ Local Diag..................................... Demand mode.................................... Minimum transmit interval...................... Minimum receive interval....................... Operational transmit interval...
Border Gateway Protocol Commands Dell EMC Networking N3000/N3100/N4000 Series Switches This section describes the commands you use to view and configure Border Gateway Protocol (BGP), which is an exterior gateway routing protocol that you use to route traffic between autonomous systems. The BGP CLI commands are available in the N3000/N3100/N4000 Series switches. On the N3000 Series switches, the BGP specific firmware must be loaded (e.g., N3000_BGPvA.B.C.D.stk.
aggregate-address neighbor advertisementinterval (IPv6 Address Family Configuration) show bgp ipv6 bgp aggregate-differentmeds (BGP Router Configuration) neighbor allowas-in show bgp ipv6 aggregateaddress bgp aggregate-differentneighbor connect-retrymeds (IPv6 Address Family interval Configuration) show bgp ipv6 community bgp always-compare-med neighbor default-originate (BGP Router Configuration) show bgp ipv6 communitylist bgp client-to-client reflection (BGP Router Configuration) neighbor def
clear ip bgp neighbor next-hop-self (IPv6 Address Family Configuration) show ip bgp aggregateaddress clear ip bgp counters neighbor password show ip bgp community default-information originate (BGP Router Configuration) neighbor prefix-list (BGP Router Configuration) show ip bgp community-list default-information originate (IPv6 Address Family Configuration) neighbor prefix-list (IPv6 Address Family Configuration) show ip bgp extcommunitylist default metric (BGP Router neighbor remote-as Configu
ip bgp-community newformat neighbor timers show ip bgp update-group ip bgp fast-external-fallover neighbor update-source show ip bgp vpn4 ip community-list network (BGP Router Configuration) template peer ip extcommunity-list network (IPv6 Address Family Configuration) timers bgp match extcommunity redistribute (BGP) – maximum-paths (BGP Router Configuration) rd – router bgp Use the router bgp command to enable BGP and identify the autonomous system (AS) number for the router.
ASNs 0, 56320–64511, and 65535 are reserved and cannot be used. Command History Introduced in version 6.2.0.1 firmware. Example The following example creates a BGP routing instances and enables BGP routing for AS 4324. console(config)#router bgp 4324 address-family Use the address-family command in peer template configuration mode to configure policy parameters within a peer template to be applied to a specific address family.
• advertisement-interval seconds • default-originate • filter-list as-path-list-number {in | out} • maximum-prefix { maximum | unlimited } [threshold] • next-hop-self • prefix-list prefix-list-name { in | out } • remove-private-as • route-reflector-client • route-map map-name { in | out } • send-community The activate command is only available in address-family ipv6 mode. If an IPv6 peer inherits a template that specifies address family ipv4 parameters, those parameters are ignored.
console(config-rtr-tmplt)# exit console(config-router)# neighbor 172.20.1.2 console(config-router)# neighbor 172.20.2.2 console(config-router)# address-family ipv6 console(config-router)# neighbor 172.20.1.2 console(config-router)# neighbor 172.20.2.2 inherit peer AGGR inherit peer AGGR activate activate address-family ipv4 vrf Use the address-family ipv4 vrf command to enter IPv4 VRF configuration mode for a particular VRF instance to configure the BGP VRF parameters.
address-family ipv6 Use the address-family ipv6 command to enter IPv6 family configuration mode to specify IPv6 configuration parameters. Use the no form of the command to delete all IPv6 configuration. Syntax address-family ipv6 no address-family ipv6 Default Configuration By default, the exchange of IPv6 routes is disabled. Command Mode BGP Router Configuration mode User Guidelines The address-family ipv6 command moves the CLI to IPv6 address family configuration mode.
Syntax address-family vpn4 unicast no address-family vpn4 unicast Default Configuration VPN-IPv4 address family mode is not configured by default. Command Mode Router BGP Configuration mode User Guidelines When an iBGP neighbor is configured in this mode, each VPN-IPv4 prefix is made globally unique by the addition of an 8-byte route distinguisher (RD). Only unicast prefixes are advertised to the iBGP neighbor. To exit from VPNIPv4 address family mode, use the exit command.
console(config-router-af)# neighbor 1.1.1.1 send-community extended console(config-router-af)# exit console(config-router)# aggregate-address Use the aggregate-address command to configure a summary address for BGP. Syntax aggregate-address { ipv4-prefix mask | ipv6-prefix/prefix-length } [as-set] [summary-only] no aggregate-address { ipv4-prefix mask | ipv6-prefix/prefix-length } [as-set] [summary-only] • ipv4-prefix mask—A summary prefix and mask in dotted-quad notation. The default route (0.0.0.0 0.0.
• summary-only – When specified, the more-specific routes within the aggregate address are not advertised to neighbors. Default Configuration No aggregate addresses are configured by default. Unless the options are specified, the aggregate is advertised with the ATOMIC_AGGREGATE attribute and an empty AS path, and the more specific routes are advertised along with the aggregate.
Syntax bgp aggregate-different-meds no bgp aggregate-different-meds Default Configuration By default, all the routes aggregated by a given aggregate address must have the same MED value. Command Mode BGP Router Configuration mode User Guidelines When this command is used, the path for an active aggregate address is advertised without an MED attribute and the MED attribute is not considered in aggregating routes.
no bgp aggregate-different-meds Default Configuration By default, all the routes aggregated by a given aggregate address must have the same MED value. Command Mode IPv6 Address Family Configuration mode User Guidelines When this command is used, the path for an active aggregate address is advertised without an MED attribute and the MED attribute is not considered in aggregating routes.
Default Configuration By default, all routes aggregated by a given aggregate address must have the same MED value. Command Mode • BGP Router Configuration mode • IPv6 Address Family Configuration mode User Guidelines The MED is a 32-bit integer, commonly set by an external peer to indicate the internal distance to a destination. The decision process compares MED values to prefer paths that have a shorter internal distance.
Default Configuration Client-to-client reflection is enabled by default when a router is configured as a route reflector. Command Mode BGP Router Configuration mode User Guidelines Route reflection can change the routes clients select. A route reflector only reflects those routes it selects as best routes. Best route selection can be influenced by the IGP metric of the route to reach the BGP next hop.
Syntax bgp client-to-client reflection no bgp client-to-client reflection Default Configuration Client-to-client reflection is enabled by default when a router is configured as a route reflector. Command Mode IPv6 Address Family Configuration mode User Guidelines Route reflection can change the routes clients select. A route reflector only reflects those routes it selects as best routes. Best route selection can be influenced by the IGP metric of the route to reach the BGP next hop.
Syntax bgp cluster-id cluster-id no bgp cluster-id • cluster-id—A non-zero 32-bit identifier that uniquely identifies a cluster of route reflectors and their clients. The cluster ID may be entered in dotted notation like an IPv4 address or as an integer. Default Configuration A route reflector whose cluster ID has not been configured uses its BGP router ID (configured with bgp router-id) as the cluster ID.
Syntax bgp default local-preference number no bgp default local-preference • number—The value to use as the local preference for routes advertised to internal peers. The range is 0 to 4,294,967,295. Default Configuration If no other value is configured, BGP advertises a local preference of 100 in UPDATE messages to internal peers. Command Mode BGP Router Configuration mode User Guidelines BGP assigns the default local preference to each path received from an external peer.
no bgp fast-external-fallover Default Configuration Fast external fallover is enabled by default. Command Mode BGP Router Configuration mode User Guidelines When BGP gets a routing interface down event, BGP drops the adjacency with all external peers whose IPv4 address is in one of the subnets on the failed interface. This behavior can be overridden for specific interfaces using ip bgp fast-external-fallover. Command History Introduced in version 6.2.0.1 firmware.
User Guidelines BGP tracks the reachability of each internal peer’s IP address. If a peer becomes unreachable (that is, the RIB no longer has a non-default route to the peer’s IP address), BGP drops the adjacency. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)# bgp fast-internal-fallover bgp listen Use the bgp listen command to create an IPv4 listen range and associates it with the specified peer template.
Default Configuration No subnets are associated with a BGP listen subnet range, and the BGP dynamic neighbor feature is not activated. Command Mode BGP Router Configuration mode, IPv4 Address Family Configuration mode, IPv6 Address Family Configuration mode User Guidelines This command can be used to configure IPv4 BGP neighbors (BGP Router Configuration mode) as well as IPv6 BGP neighbors (IPv6 Address Family Configuration mode).
bgp log-neighbor-changes Use the bgp log-neighbor-changes command to enable logging of adjacency state changes. Syntax bgp log-neighbor-changes no bgp log-neighbor-changes Default Configuration Neighbor state changes are not logged by default. Command Mode BGP Router Configuration mode User Guidelines Both backward and forward adjacency state changes are logged. Forward state changes, except for transitions to the Established state, are logged at the Informational severity level.
• limit—The maximum length of an AS Path that BGP accepts from its neighbors. The length is the number of autonomous systems listed in the path. The limit may be set to any value from 1 to 100. Default Configuration BGP accepts AS paths with up to 75 AS numbers Command Mode BGP Router Configuration mode User Guidelines If BGP receives a path whose AS PATH attribute is longer than the configured limit, BGP sends a NOTIFICATION and resets the adjacency. Command History Introduced in version 6.2.0.
Command Mode BGP Router Configuration mode User Guidelines The BGP router ID must be a valid IPv4 unicast address, but is not required to be an address assigned to the router. The router ID is specified in the dotted notation of an IPv4 address. Changing the router ID disables and reenables BGP, causing all adjacencies to be re-established.
• ipv4-address—Only reset the adjacency with a single specified peer with a given IPv4 peer address. • ipv6-address [ interface interface-id ]—Only reset the adjacency with a single specified peer with a given IPv6 peer address. If the interface-id is given, only reset the adjacency on the specified interface. The interface id must be a routing interface (a routed VLAN identifier). An adjacency that is formed with the autodetect feature cannot be reset with the command.
Example console(config-router)#clear ip bgp clear ip bgp counters Use the clear ip bgp counters resets all BGP counters to 0. These counters include send and receive packet and prefix counters for all neighbors. Syntax clear ip bgp [vrf vrf-name] counters • vrf-name—This optional parameter identifies the VRF for which to clear counters. If not given, the default VRF counters are cleared. Default Configuration There is no default configuration.
no default-information originate Default Configuration • always—Allows BGP to originate a default route even if the common routing table has no default route. Default Configuration By default BGP does not originate a default route. If a default route is redistributed into BGP, BGP does not advertise the default route unless the default-information originate command has been given. The always option is disabled by default.
Default Configuration By default BGP does not originate a default route. If a default route is redistributed into BGP, BGP does not advertise the default route unless the default-information originate command has been given. The always option is disabled by default. Command Mode IPv6 Address Family Configuration mode User Guidelines Origination of the default route is not subject to a prefix filter configured with the distribute-list out command. Command History Introduced in version 6.2.0.1 firmware.
Command Mode BGP Router Configuration mode User Guidelines There are no user guidelines. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#default-metric 1 default metric (IPv6 Address Family Configuration) This command sets the metric of redistributed IPv6 routes when a metric is not configured in the redistribute command. Syntax default-metric value no default-metric • value—The value to as the MED. The range is 1 to 4,294,967,295.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#default-metric 1 distance Use this command to set the preference (also known as administrative distance) of BGP routes to specific destinations. Syntax distance distance [ prefix wildcard-mask [prefix-list] ] no distance distance [ prefix wildcard-mask [prefix-list] ] • distance—The preference value for matching routes. The range is 1 to 255.
can be overlap between the prefix and mask configured for different commands. When there is overlap, the command whose prefix and wildcard mask are the longest match for a neighbor’s address is applied to routes from that neighbor. An ECMP route’s distance is determined by applying distance commands to the neighbor that provided the best path. The distance command is not applied to existing routes.
• external-distance—The preference value for routes learned from external peers. The range is 1 to 255. • internal-distance—The preference value for routes learned from internal peers. The range is 1 to 255. • local-distance—The preference value for locally-originated routes. The range is 1 to 255.
Syntax distance bgp external-distance internal-distance local-distance no distance bgp • external-distance—The preference value for routes learned from external peers. The range is 1 to 255. • internal-distance—The preference value for routes learned from internal peers. The range is 1 to 255. • local-distance—The preference value for locally-originated routes. The range is 1 to 255.
distribute-list prefix in Use this command to configure a filter that restricts the routes that BGP accepts from all neighbors based on destination prefix. Syntax distribute-list prefix list-name in no distribute-list prefix list-name in • list-name—A prefix list used to filter routes received from all peers based on destination prefix. Default Configuration No distribute lists are defined by default.
Syntax distribute-list prefix list-name out [ protocol | connected | static ] no distribute-list prefix list-name out [ protocol | connected | static ] • prefix list-name—A prefix list used to filter routes advertised to neighbors. • protocol|connected|static—(Optional) When a route source is specified, the distribute list applies to routes redistributed from that source. Only routes that pass the distribute list are redistributed. The protocol value may be either rip or ospf.
Syntax distribute-list prefix list-name out [ protocol | connected | static ] no distribute-list prefix list-name out [ protocol | connected | static ] • prefix list-name—A prefix list used to filter routes advertised to neighbors. • protocol|connected|static—(Optional) When a route source is specified, the distribute list applies to routes redistributed from that source. Only routes that pass the distribute list are redistributed. The protocol value may be either rip or ospf.
Syntax enable no enable Default Configuration By default, BGP is enabled once the administrator has specified the local AS number with the router bgp command and configured a router id with bgp router-id. Command Mode BGP Router Configuration mode User Guidelines When disabling BGP using no enable, BGP retains its configuration. The no router bgp command resets all BGP configuration to default values.
no ip as-path access-list as-path-list-number • as-path-list-number—A number from 1 to 500 uniquely identifying the list. All AS path access list commands with the same as-path-list-number are considered part of the same list. • permit—Permit routes whose AS Path attribute matches the regular expression. • deny—Deny routes whose AS Path attribute matches the regular expression.
Up to 128 AS path access lists can be configured, with up to 64 statements each. To enter the question mark within a regular expression, first enter CTRL-V to prevent the CLI from interpreting the question mark as a request for help. Special Character/Symbol Behavior asterisk * Matches zero or more sequences of the pattern. brackets [] Designates a range of single-character patterns. caret ^ Matches the beginning of the input string. dollar sign $ Matches the end of the input string.
console(config-router)# neighbor 172.20.1.1 remote-as 200 console(config-router)# neighbor 172.20.1.1 filter-list 1 in ip bgp-community new-format Use this command to display BGP standard communities in AA:NN format. To display BGP standard communities as 32-bit integers, use the no form of this command. Syntax ip bgp-community new-format no ip bgp-community new-format Default Configuration Standard communities are displayed in AA:NN format.
no ip bgp fast-external-fallover • permit—Enables fast external fallover on the interface, regardless of the global configuration of the feature. • deny—Disables fast external fallover on the interface, regardless of the global configuration of the feature. Default Configuration Fast external fallover is enabled globally by default. There is no default interface configuration.
• deny—Indicates that matching routes are denied. • community-number—From zero to sixteen community numbers formatted as a 32-bit integers or in AA:NN format, where AA is a 2-byte autonomous system number and NN is a 16 bit integer. The range is 1 to 4,294,967,295 (any 32-bit integer other than 0). Communities are separated by spaces. • no-advertise—The well-known standard community: NO_ADVERTISE (0xFFFFFF02), which indicates the community is not to be advertised.
If more than the maximum allowed communities are configured, the excess entries are ignored. Command History Introduced in version 6.2.0.1 firmware. Example console(config)# ip community-list standard test permit ip extcommunity-list Use the ip extcommunity-list command to create an extended community list to configure VRF route filtering. Use the no form of the command to configure VRF route filtering.
Default Configuration No subnets are associated with a BGP listen subnet range, and the BGP dynamic neighbor feature is not activated. Command Mode Global Config mode User Guidelines This command is used to configure numbered extended community lists. Extended community attributes are used to filter routes for VRFs. All the standard rules of access lists apply to the configuration of extended community lists.
Command History Introduced in version 6.3.0.1 firmware. Example The following example shows the creation of an extended community list that permits routes from route target 1:1 and site of origin 2:2 and denies routes from route target 3:3 and 4:4. (R1)(Config)# ip extcommunity-list 10 permit rt 1:1 (R1)(Config)# ip extcommunity-list 10 permit rt 2:2 (R1)(Config)# ip extcommunity-list 20 deny rt 3:3 rt 4:4 List 10 shows a logical OR condition which means the first match is processed.
Syntax match extcommunity standard-list no match extcommunity standard-list • standard-list—A standard list identifier that identifies one or more permit or deny groups of extended communities. The range if from 0–100. Default Configuration BGP extended community list attributes are not matched. Command Mode Route Map Configuration mode User Guidelines The match extcommunity command is used to configure match clauses that use extended community attributes in route maps.
Syntax maximum-paths number-of-paths no maximum-paths • number-of-paths—The maximum number of next hops in a BGP route. The range is from 1 to 32 unless the platform or currently selected SDM template further restricts the range. Default Configuration BGP advertises a single next hop by default. Command Mode BGP Router Config User Guidelines Paths are considered for ECMP when their attributes are the same (local preference, AS path, origin, MED, peer type and IGP distance).
maximum-paths (IPv6 Address Family Configuration) Use this command to limit the number of ECMP next hops in IPv6 routes from external peers. Syntax maximum-paths number-of-paths no maximum-paths • number-of-paths—The maximum number of next hops in a BGP route. The range is from 1 to 32 unless the platform or SDM template further restricts the range. Default Configuration BGP advertises a single next hop by default.
maximum-paths ibgp (BGP Router Configuration) Use this command to specify the maximum number of next hops BGP may include in an Equal Cost Multipath (ECMP) route derived from paths received from neighbors within the local autonomous system. Syntax maximum-paths ibgp number-of-paths no maximum-paths ibgp • number-of-paths—The maximum number of next hops in a BGP router. The range is from 1 to 32 unless the platform or SDM template further restricts the range.
Example console(config-router)#maximum-paths ibgp 5 maximum-paths ibgp (IPv6 Address Family Configuration) Use this command to limit the number of ECMP next hops in IPv6 routes from internal peers. Syntax maximum-paths ibgp number-of-paths no maximum-paths ibgp • number-of-paths—The maximum number of next hops in a BGP router. The range is from 1 to 32 unless the platform or SDM template further restricts the range. Default Configuration BGP uses a single next hop by default.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#maximum-paths ibgp 5 neighbor activate Use this command to enable the exchange of IPv6 routes with a neighbor. To disable the exchange of IPv6 addresses, use the no form of this command.
When IPv6 is enabled or disabled for a neighbor, the adjacency is brought down and restarted to communicate to the change to the peer. Completely configure IPv6 policy for the peer before activating the peer. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example The following example enables the exchange of IPv6 routes with the external peer at 172.20.1.2 and sets the next hop for IPv6 routes sent to that peer.
Default Configuration The default value is 30 seconds for external peers and 5 seconds for internal peers. Command Mode BGP Router Configuration mode User Guidelines RFC 4271 recommends the interval for internal peers be shorter than the interval for external peers to enable fast convergence within an autonomous system. This value does not limit the rate of route selection, only the rate of route advertisement.
• ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • seconds—The minimum time between route advertisement, in seconds. The range is 0 to 600 seconds. Default Configuration The default value is 30 seconds for external peers and 5 seconds for internal peers.
Syntax neighbor { ip-address | ipv6-address [ interface interface-id ] | autodetect interface vlan vlan-id } allowas-in count no neighbor { ip-address | ipv6-address [ interface interface-id ] | autodetect interface interface-id } allowas-in • interface-id — A routing interface identifier beginning with the VLAN keyword. • ip-address — The neighbor’s IPv4 address. • ipv6-address [ interface interface-id ] — The neighbor’s IPv6 address.
console(config-router)# neighbor 2001::2 remote-as 65003 console(config-router)# neighbor 2001::2 allowas-in 3 neighbor connect-retry-interval Use this command in to configure the initial connection retry time for a specific neighbor.
subsequent retry doubles the previous retry interval. So by default, the TCP connection is retried after 2, 4, and 8 seconds. If none of the retries is successful, the adjacency is reset to the IDLE state and the IDLE hold timer is started. BGP skips the retries and transitions to IDLE state if TCP returns an error, such as destination unreachable, on a connection attempt. The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware.
Command Mode BGP Router Configuration mode User Guidelines By default, a neighbor-specific default has no MED and the Origin is IGP. Attributes may be set using an optional route map. A neighbor-specific default is only advertised if the Adj-RIB-Out does not include a default learned by other means, either from the default-information originate (BGP Router Configuration) command or a default learned from a peer.
Syntax neighbor { ip-address | ipv6-address [interface interface-id]} defaultoriginate [route-map map-name] • interface-id—A routing interface identifier (VLAN interface). • ip-address—The neighbor’s IPv4 address. • ipv6-address —The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • map-name—(Optional) A route map may be configured to set attributes on the default route advertised to the neighbor.
terms, the default route is not advertised. If there is no route map with the route map name given, the default route is not advertised. The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 default-originate neighbor description Use this command to record a text description of a neighbor.
Command Mode BGP Router Configuration mode IPv4 Address Family Configuration mode User Guidelines The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
• autodetect interface interface-id — The VLAN routing interface on which the neighbor’s link local IPv6 address is auto detected. Use the vlan keyword and a VLAN ID. Range 1-4093. • hop-count — The maximum hop-count allowed to reach the neighbor. The allowed range is 1–255. Default Configuration The default hop count is 64. Command Mode BGP Router Configuration mode, IPv6 Address Family Configuration mode User Guidelines The ebgp-multihop parameter is relevant only for external BGP neighbors.
administrator can use a special keyword “autodetect” to refer to the link local IPv6 address of the neighbor. For example: “neighbor autodetect interface 0/21 remote-as 10000” There are several restrictions to this feature: 1 The “interface” can only refer to non-multiple access VLAN routing interfaces. It does not work on tunnels. 2 Only one “autodetect” neighbor can be configured per interface.
no neighbor { ip-address | ipv6-address [ interface interface-id ]} filter-list as-path-list-number {in | out} • interface-id—A routing interface identifier (VLAN interface). • ip-address—The neighbor’s IPv4 address. • ipv6-address —The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • as-path-list-number —Identifies an AS path list. • in—The AS Path list is applied to advertisements received from the neighbor.
neighbor filter-list (IPv6 Address Family Configuration) This command filters BGP to apply an AS path access list to UPDATE messages received from or sent to a specific neighbor. Filtering for IPv6 is independent of filtering configured for IPv4. If an UPDATE message includes both IPv4 and IPv6 NLRI, it could be filtered for IPv4 but accepted for IPv6 or vice versa.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 filter-list 1 in neighbor inherit peer To configure a BGP peer to inherit peer configuration parameters from a peer template, use the neighbor inherit peer command. To remove the inheritance, use the no form of this command.
User Guidelines Neighbor session and policy parameters can be configured once in a peer template and inherited by multiple neighbors, eliminating the need to configure the same parameters for each neighbor. Parameters are inherited from the peer template specified and from any templates it inherits from. A neighbor can inherit directly from only one peer template. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
• ipv6-address [ interface interface-id] — The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • autodetect interface interface-id — The VLAN routing interface on which the neighbor’s link local IPv6 address is auto detected. • local-as as-number — The AS number to advertise as the local AS in the AS PATH sent to the neighbor.
This command is allowed only on external BGP neighbors. A neighbor can inherit this configuration from a peer template. When the local-as is configured for a peer, the BGP peer adjacency gets reset. Command History Introduced in version 6.3.0.1 firmware. Example console(config)#router bgp 65000 console(config-router)# neighbor console(config-router)# neighbor replace-as console(config-router)# neighbor console(config-router)# neighbor as 172.20.1.2 remote-as 65001 172.20.1.
• threshold—The percentage of the maximum number of prefixes BGP configured for this neighbor. When the number of prefixes received from the neighbor exceeds this percentage of the maximum, BGP writes a log message. The range is 1 to 100 percent. The default is 75%. Unless warning-only is specified, BGP shuts down the adjacency when the threshold is reached. • unlimited—Do not enforce any prefix limit.
neighbor maximum-prefix (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor maximum-prefix command specifies the maximum number of IPv6 prefixes that BGP will accept from a given neighbor. Syntax neighbor { ip-address | ipv6-address [ interface interface-id ]} maximumprefix { maximum [threshold] [warning-only] | unlimited } no neighbor { ip-address | ipv6-address [ interface interface-id ]} maximumprefix • ip-address—The neighbor’s IP address.
Default Configuration There is no prefix limit by default. The default warning threshold is 75%. A neighbor that exceeds the limit is shut down by removing the adjacency unless the warning-only option is configured. Command Mode IPv6 Address Family Configuration mode User Guidelines If the peering session is shut down, the adjacency stays down until clear ip bgp is issued for the neighbor. Different limits can be set for IPv4 and IPv6.
• ipv6-address [ interface interface-id ] – The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. Default Configuration This is not enabled by default. Command Mode BGP Router Configuration mode User Guidelines When the next hop attribute in routes from external peers is retained, internal peers must have a route to the external peer’s IP address.
no neighbor { ip-address | ipv6-address [ interface interface-id ]} next-hopself • ip-address – The neighbor’s IPv4 address. • ipv6-address [ interface interface-id ] – The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. Default Configuration This is not enabled by default.
Syntax neighbor { ip-address | ipv6-address [ interface interface-id ] | autodetect interface interface-id } password string no neighbor { ip-address | ipv6-address [ interface interface-id ]| autodetect interface interface-id} password • ip-address—The neighbor’s IPv4 address. • ipv6-address [ interface interface-id ] – The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified.
Example console(config-router)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 password sample neighbor prefix-list (BGP Router Configuration) Use the neighbor prefix-list command to filter advertisements sent to a specific neighbor based on the destination prefix of each route.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 prefix-list test in neighbor prefix-list (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor prefix-list command specifies an IPv6 prefix list to filter routes received from or advertised to a given peer.
User Guidelines Only one prefix list may be defined for each neighbor in each direction. If a prefix list that does not exist is assigned, all prefixes are permitted. In IPv6 address family mode, the command accepts either an IPv4 or an IPv6 address. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor 10.130.14.55 prefix-list test in neighbor remote-as Use the neighbor remote-as command to configure a neighbor and identify the neighbor’s autonomous system.
• remote-as as-number—The autonomous system number of the neighbor’s AS. The range is 1 to 65,535. If the neighbor’s AS number is the same as the local router and the peer is considered an internal peer. Otherwise, the peer is an external peer. Default Configuration No neighbors are configured by default. Command Mode BGP Router Configuration mode IPv4 Address Family Configuration mode User Guidelines Up to 100 neighbors can be configured. Command History Introduced in version 6.2.0.1 firmware.
• ipv6-address– The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • interface vlan vlan-id – The local interface/VLAN ID over which the IPv6 neighbor can be reached. Range 1-4093. • all replace-as – (Optional) To retain the original AS path length, replace each private AS number with the local AS number. Default Configuration Private AS numbers are not removed by default.
Syntax neighbor { ipv6-address | autodetect interface interface-id } rfc5549-support no neighbor { ipv6-address | autodetect interface interface-id } rfc5549support • interface-id—A routing interface identifier (VLAN interface). • ipv6-address — The neighbor’s IPv6 address. • autodetect interface interface-id — The routing interface on which the neighbor’s link local IPv6 address is auto detected. Default Configuration RFC 5549 support is enabled by default for all neighbors.
console(config-vlan10,20,30)#exit console(config)#interface vlan 10 console(config-if-vlan10)#ipv6 enable console(config-if-vlan10)#ipv6 address 2001::1/64 console(config-if-vlan10)#exit console(config)#interface vlan 20 console(config-if-vlan20)#ipv6 enable console(config-if-vlan20)#ip address 1.1.1.1 /24 console(config-if-vlan20)#ipv6 address 2002::1/64 console(config-if-vlan20)#exit console(config)#interface vlan 30 console(config-if-vlan30)#ip address 2.2.2.
Command Mode A route map can be used to change the local preference, MED, or AS Path of a route. Routes can be selected for filtering or modification using an AS path access list or a prefix list. If a neighbor route-map statement refers to a nonexistent route map, all routes are denied. Neighbor route maps configured with this command in router configuration mode are only applied to IPv4 routes. User Guidelines BGP Router Configuration mode Command History Introduced in version 6.2.0.1 firmware.
• route-map map-name—The name of the route map to be used to filter route updates on the specified interface. • in | out—Whether the route map is applied to incoming or outgoing routes. Default Configuration No route maps are applied by default. Command Mode IPv6 Address Family Configuration mode User Guidelines A route map can be used to change the local preference, MED, or AS Path of a route. Routes can be selected for filtering or modification using an AS path access list or a prefix list.
• ip-address—The neighbor’s IPv4 address. Default Configuration Peers are not route reflector clients by default. Command Mode BGP Router Configuration User Guidelines Normally, a router does not re-advertise BGP routes received from an internal peer to other internal peers. If you configure a peer as a route reflector client, this router will re-advertise such routes. A router is a route reflector if it has one or more route reflector clients.
Syntax neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] } routereflector-client no neighbor { ip-address | ipv6-address [ interface vlan vlan-id ]} routereflector-client • ip-address—The neighbor’s IPv4 address. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • interface vlan vlan-id—The local interface/VLAN ID over which the IPv6 neighbor can be reached. Range 1-4093.
Example console(config-router-af)#neighbor 10.130.14.55 route-reflector-client neighbor send-community (BGP Router Configuration) Use the neighbor send-community command to configure the local router to send the BGP communities attribute in UPDATE messages to a specific neighbor. Syntax neighbor ip-address send-community no neighbor ip-address send-community • ip-address – The neighbor’s IPv4 address. Default Configuration The communities attribute is not sent to neighbors by default.
neighbor send-community (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor send-community command tells BGP to send the COMMUNITIES attribute with routes advertised to the peer. Syntax neighbor { ip-address | ipv6-address [ interface interface-id ]} sendcommunity no neighbor { ip-address | ipv6-address [ interface interface-id ]} sendcommunity • ip-address – The neighbor’s IPv4 address. • ipv6-address [ interface interface-id ] – The neighbor’s IPv6 address.
neighbor shutdown Use the neighbor shutdown command to administratively disable communications with a specific BGP neighbor. The effect is to gracefully bring down the adjacency with the neighbor. If the adjacency is up when the command is given, the peering session is dropped and all route information learned from the neighbor is purged.
User Guidelines When a neighbor is shut down, BGP first sends a NOTIFICATION message with a Cease error code. When an adjacency is administratively shut down, the adjacency stays down until administratively re-enabled (using no neighbor shutdown). Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console(config-router)#neighbor 10.130.14.
• keepalive—The time, in seconds, between BGP KEEPALIVE packets sent to a neighbor. The range is 0 to 65,535 seconds. A small internal jitter is applied to the keepalive interval timer in order to reduce the CPU load that may occur when multiple timers expire simultaneously. • holdtime—The time, in seconds, that BGP continues to consider a neighbor to be alive without receiving a BGP KEEPALIVE or UPDATE packet from the neighbor.
Syntax neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] | autodetect interface interface-id }} update-source interface no neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] | autodetect interface interface-id }} update-source • ip-address—The neighbor’s IPv4 address. This is the IP address of the neighbor on the connected link. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified.
It is common to use an IP address on a loopback interface as an update source because a loopback interface is always reachable as long as any routing interface is up. The peering session will stay up as long as the loopback interface remains reachable. If you use an IP address on a routing interface, then the peering session will go down if that interface goes down. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console(config-router)#neighbor 10.130.
• prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. Required if a prefix is specified. A decimal value in the range 1 to 128 that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address) in /length format. A slash mark must precede the decimal value in /length format. • rm-name—The name of a route map used to filter prefixes or set attributes of prefixes advertised by this network.
network (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the network command identifies network IPv6 prefixes that BGP originates in route advertisements to its neighbors. Syntax network prefix mask network-mask [ route-map rm-name ] no network prefix mask network-mask [ route-map rm-name ] network ipv6-prefix/prefix-length [ route-map rm-name ] no network ipv6-prefix/prefix-length • prefix—An IPv4 address prefix in dotted decimal notation.
User Guidelines BGP supports up to 64 networks. The network command may also be used specify a default route (network 0.0.0.0 mask 0.0.0.0). If a route map is configured to set attributes on the advertised routes, match as-path and match community terms in the route map are ignored. A match ip-address prefix-list term is honored in this context. If the route map includes such a match term, the network is only advertised if the prefix list permits the network prefix.
Example console(config-router)#redistribute rip rd Use the rd command to configure a BGP routing session to advertise VPNIPv4 prefixes. Use the no form of this command to delete the VPN-IPv4 configuration. Syntax rd route-distinguisher no rd route-distinguisher— A 2-byte or an 8-byte value to be prepended to an IPv4 prefix to create a VPN IPv4 prefix.
This command is effective only if BGP is running on the router. Command History Introduced in version 6.3.0.1 firmware. Example The following example shows how to configure an RD for a VRF instance in ASN format: console(config)#ip vrf Customer_A console(config-vrf-Customer_A)#rd 62001:10 console(config-vrf-Customer_A)#exit The following example shows how to configure an RD for a VRF instance in IPv4 address format: console(config)#ip vrf Customer_A console(config-vrf-Customer_A)#rd 192.168.10.
• match—(Optional) By default, if BGP is configured to redistribute OSPF routes, BGP only redistributes internal routes (OSPF intra-area and interarea routes). Use of the match option configures BGP to also redistribute specific types of external routes, or to disable redistribution of internal OSPF routes. The match option is only valid for OSPF originated routes. • route-map map-tag—(Optional) A route map can be used to filter redistributed routes by destination prefix using a prefix list.
In conformance with RFC 1475, information learned via BGP from peers within the same AS is not redistributed to OSPF. In general, redistributing routes from BGP into a RIP network is not recommended. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#redistribute rip redistribute (BGP IPv6) In IPv6 address family configuration node, the redistribute command configures BGP to redistribute non-BGP originated routes from the IPv6 routing table.
only valid for OSPF originated routes. Successive redistribute commands are additive. Use the no form of the command to disable redistribution of a route source. • route-map map-tag—(Optional) A route map can be used to filter redistributed routes by destination prefix using a prefix list. Default Configuration BGP redistributes no routes by default. When BGP redistributes OSPF routes, it redistributes only internal routes unless the match option specifies external routes.
Example console(config-router-af)#redistribute rip route-target Use the route-target command to create a list of export, import, or both route target (RT) extended communities for the specified VRF instance. Use the no form of the command to remove the route target from a VRF instance. Syntax route-target {export | import | both} rt-ext-comm no route-target {export | import | both} rt-ext-comm • export — Exports routing information to the target VPN extended community.
User Guidelines Configure the route-target command once for each target extended community. Routes that are learned and carry a specific route-target extended community are imported into all VRFs configured with that particular extended community as an import route target. The configured export RT is advertised as an extended community in the MPBGP format to the eBGP peer. An RT is either: • ASN related – Composed of an autonomous system number and an arbitrary number.
no set extcommunity rt • • value — Specifies the route target extended community value. This value can be entered in one of the following formats: – 16-bit AS number :your 32-bit value (Ex : 100 :11) – 32-bit IPv4 address :your 16-bit value (Ex : 10.1.1.1 :22 additive–Adds a route target to the existing route target list without replacing any existing route targets. Default Configuration No RT extended community attributes are set.
(R1)(config)# route-map (R1)(config-route-map)# (R1)(config-route-map)# (R1)(config-route-map)# SEND_OUT permit 10 match extcommunity 13 set extcommunity rt 10:10 additive exit set extcommunity soo Use the set extcommunity soo command to set BGP extended community attributes for the site of origin. Use the no form of the command to remove the extended community attributes for the site of origin. NOTE: This command is effective only if BGP is running on the router.
configured on the interface and is propagated into BGP through redistribution. The SOO can be applied to routes that are learned from VRFs. The SOO should not be configured for stub sites or sites that are not multihomed Command History Introduced in version 6.3.0.1 firmware. Example The following example shows how to set the extended community attribute for site of origin with route-maps on the sending BGP router.
• longer-prefixes—Displays the specified prefix and any longer prefixes within the same range. • shorter-prefixes [ length ]—Used with the ipv6-prefix/prefix-length option to show routes whose prefix length is shorter than prefix-length, and, optionally, longer than a specified length. This option may not be given if the longer-prefixes option is given. • filter-list as-path-list—Filters the output to the set of routes that match the specified AS Path list.
LocPrf The local preference Path The AS path Origin The value of the Origin attribute Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware. Example console# show bgp ipv6 BGP table version is 5, local router ID is 20.1.1.
Field Description Prefix/Len Destination prefix and prefix length. AS Set Indicates if an empty AS path is advertised with the aggregate address (N) or an AS SET is advertised with the set of AS numbers for the paths contributing to the aggregate (Y). Summary Only Indicates if the individual networks are suppressed (Y) or advertised (N). Active Indicates if the aggregate is currently being advertised. Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Field Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented.
BGP table version is 0, local router ID is 65.1.1.1 Status Codes: s suppressed, * valid, > best, i - internal Origin Codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPref Path ------------------ --------------- ---------- ---------- -------- show bgp ipv6 community-list Use this command to display the IPv6 routes that match a specified community list. Syntax show bgp ipv6 community-list name [ exact-match ] • name—A standard community list name.
Status codes • s—The route is aggregated into an aggregate address configured with the summary-only option • *—Dell EMC Networking BGP never displays invalid routes; so this code is always displayed (to maintain consistency with the industry standard) • >—Indicates that BGP has selected this path as the best path to the destination • i—If the route is learned from an internal peer Network IPv6 Destination prefix Next Hop The route’s BGP next hop Metric Multi-Exit Discriminator LocPrf The local pref
Default Configuration There is no default configuration. Command Mode Privileged Exec mode User Guidelines There are no usage guidelines. Command History Introduced in version 6.3.0.1 firmware. Example console#show bgp ipv6 listen range Listen Range.................................. 2001::1/64 Inherited Template............................ template_2001 Member ASN State --------------------------------------- ----- ----------2001::10 65001 OPENCONFIRM 2001::20 0 ACTIVE Listen Range.....................
• ipv4-address | ipv6-address—(Optional) If a peer address is specified, the output is limited to an individual peer. • interface-id—(Optional) If the peer address is an IPv6 link local address, the interface that defines the scope of the link local address must be given. This must be a VLAN routing interface. • autodetect interface interface-id—(Optional) The routing interface on which the neighbor’s link local IPv6 address is auto detected.
Peer Admin Status START or STOP Peer State The adjacency state of this neighbor Peer Type The type of peer Listen Range The ports that are being listened to. Local Port TCP port number on the local end of the connection Remote Port TCP port number on the remote end of the connection Connection Retry Interval How long BGP waits between connection retries Neighbor Capabilities Optional capabilities reported by the neighbor, recognized and accepted by this router.
Local Interface Address The IPv6 address used as the source IP address in packets sent to this neighbor. Configured Hold Time The time, in seconds, that this router proposes to this neighbor as the hold time Configured Keep Alive Time The configured KEEPALIVE interval for this neighbor. Negotiated Hold Time The minimum configured hold time and the hold time in the OPEN message received from this neighbor.
Time Elapsed Since Last Update How long since an UPDATE message has been received from this neighbor. IPv6 Outbound Update Group The IPv6 outbound update group. Message Table The number of BGP messages sent to and received from this neighbor. Received Update Queue Size Received UPDATE messages are queued for processing.
Example console# show bgp ipv6 neighbors fe80::2 Description: spine 1 router 1 Remote Address................................ Interface..................................... Remote AS..................................... Peer ID....................................... Peer Admin Status............................. Peer State.................................... Peer Type..................................... Local Port.................................... Remote Port...................................
show bgp ipv6 neighbors advertised-routes Use this command to display IPv6 routes advertised to a specific neighbor. The format and field descriptions are the same as for show ip bgp neighbors advertised-routes, except that the Network and Next Hop fields show IPv6 addresses. This command deprecates and replaces the show ipv6 bgp neighbors advertised-routes command.
Status Codes p – The route has been updated in Adj-RIB-Out since the last UPDATE message was sent. Transmission of an UPDATE message is pending. Network The Destination prefix. Next Hop The BGP Next Hop as advertised to the peer. Metric The value of the Multi Exit Discriminator (MED), if the MED is advertised to the peer. LocPref The local preference. Local preference is never advertised to external peers. Path The AS path.
show bgp ipv6 neighbors policy Use this command to display the inbound and outbound IPv6 policies configured for a specific peer. The output distinguishes policies that are configured on the peer itself and policies that the peer inherits from a peer template. This command deprecates and replaces the show ipv6 bgp neighbors policy command.
Modified in version 6.3.0.1 firmware. Example console#show bgp ipv6 neighbors fe80::1 vlan 10 policy Neighbor Policy Template --------------- ------------------------------------------------ ----------fe80::1%Vl0010 activate prefix-list jupiter in prefix-list saturn out maximum-prefix 2000 send-community show bgp ipv6 neighbors received-routes Use this command to display a list of IPv6 routes received from a specific neighbor.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec and all show modes User Guidelines The following fields are displayed. Field Description Network The destination prefix. Next Hop The BGP Next Hop as advertised by the peer. Metric The value of the MED, if a MED is received from the peer. Local Pref The local preference received from the peer. Path The AS path as received from the peer.
Origin codes: i - IGP, e - EGP, ? - incomplete Network ------------------1010:10::/64 2020:20::/64 Next Hop ---------------1010:10::103 1010:10::103 Metric LocPref Path Origin ---------- ------- ------------- -----0 65001 i 0 65001 i show bgp ipv6 statistics Use this command to display statistics for the IPv6 decision process. This command deprecates and replaces the show ipv6 bgp statistics command.
Peer Phase 1 of the decision process can be triggered for a specific peer when a peer’s inbound routing policy changes or the peer is reset. When phase 1 is run for a single peer, the peer’s IP address is given. Duration How long the decision process took, in milliseconds Adds The number of routes added. For phase 1, this is the number of prefixes that pass inbound policy and are added to the Accept-RIB-In. For phase 2, this is the number of routes added to the BGP routing table.
Default Configuration There is no default configuration for this command. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration sub-modes. User Guidelines The following fields are displayed. Field Description Admin Mode Whether BGP is globally enabled. BGP Router ID The configured router ID. Local AS Number The router’s AS number. Traps Whether BGP traps are enabled. Maximum Paths The maximum number of next hops in an external BGP route.
Source A source of routes that BGP is configured to redistribute. Metric The metric configured with the redistribute command. Match Value For routes redistributed from OSPF, the types of OSPF routes being redistributed. Distribute List The name of the prefix list used to filter redistributed routes, if one is configured with the distribute-list out command. Route Map The name of the route map used to filter redistributed routes.
Default Hold Time ............................. Number of Network Entries ..................... Number of AS Paths ............................ Dynamic Neighbors Current/High/Limit .......... Default Metric ................................ Default Route Advertise .......................
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The update send history table show statistics on as many as the fifteen most recent executions of the update send process for the update group. Items in the history table are as follows: Fields Description Version The update version. Delta T The amount of time elapsed since the update send process executed.
Send Community Whether BGP communities are included in route advertisements to members of the group. Yes or No. Neighbor AS Path Access List Out The AS path access list used to filter UPDATE messages sent to peers in the update group. Neighbor Prefix List Out Name of the prefix list used to filter prefixes advertised to the peers in the update group. Neighbor Route Map Out Name of the route map used to filter and modify routes advertised to the peers in the update group.
Modified in version 6.3.0.1 firmware. show bgp ipv6 route-reflection Use this command to display a summary of BGP route reflection. This command deprecates and replaces the show ipv6 bgp route-reflection command. Syntax show bgp ipv6 route-reflection Default Configuration There is no default configuration for this command.
Non-client Internal Peers A list of this router’s internal peers that are not configured as route reflector clients. Routes from nonclient peers are reflected to clients and vice-versa. Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware. Example console(config)#show bgp ipv6 route-reflection Cluster ID .................................... 65.1.1.1 (default) Client-to-client Reflection ...................
• Prefix-list list-name —(Optional) The name of a prefix list indicating the list of matching routes to display. Default Configuration There is no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines The following fields are displayed. Field Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented.
Example console# show ip bgp BGP table version is 5, local router ID is 20.1.1.1 Status codes: s suppressed, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 172.20.1.0/24 *> 172.20.2.0/24 Next Hop 100.10.1.1 200.10.1.1 100.10.1.
AS Set Indicates whether an empty AS path is advertised with the aggregate address (N) or an AS SET is advertised with the set of AS numbers for the paths contributing to the aggregate (Y). Summary Only Indicates whether the individual networks are suppressed (Y) or advertised (N). Active Indicates whether the aggregate is currently being advertised. Command History Introduced in version 6.2.0.1 firmware. Updated in 6.3.0.1 firmware.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec and Global Configuration User Guidelines If the vrf argument is specified, the community information for that VRF is displayed. Command History Introduced in version 6.3.0.1 firmware. Example console#show ip bgp community BGP table version is 0, local router ID is 65.1.1.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec and Global Config modes User Guidelines If the vrf argument is specified, the community list information pertaining to that VRF is displayed. Command History Introduced in version 6.2.0.1 firmware. Updated in the version 6.3.0.1 firmware. Example console(config)#show ip bgp community-list test BGP table version is 0, local router ID is 65.1.1.
Command Mode Privileged Exec and Global Config modes User Guidelines The following fields are displayed. Field Description Standard extended community-list The standard named extended community list. permit Permits access for a matching condition. Once a permit value has been configured to match a given set of extended communities the extended community list defaults to an implicit deny for all other values. RT The route target extended community attribute.
Default Configuration By default, all listen ranges are shown. Command Mode Privileged Exec and global configuration mode User Guidelines There are no user guidelines. Command History Introduced in version 6.3.0.1 firmware. Example console(config-router)#show ip bgp listen range Listen Range .................................. 10.27.0.0/16 Inherited Template ............................ template_10_27 Member ASN State ---------------- ----- ----------10.27.8.189 65001 OPENCONFIRM 10.27.128.
• vrf vrf-name — Displays the aggregate address information associated with the named VRF. Default Configuration By default, information about the global VRF is shown. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines Since IPv4 prefixes can only be exchanged over IPv4 peering, the neighboraddress parameter must be an IPv4 peer address. This option limits the output to show a single neighbor.
Neighbor Capabilities Optional capabilities reported by the neighbor, recognized and accepted by this router. Codes listed in the show output are as follows: • MP: Multiprotocol • RF: Route Refresh This version of Dell EMC Networking does not support any multiprotocol AFI/SAFI pairs other than IPv4 unicast. The presence of this capability does not imply otherwise.
Warning Only on Prefix Limit Whether to shutdown a neighbor that exceeds the prefix limit. TRUE if the event is logged without shutting down the neighbor. Minimum Advertisement Interval The minimum time between UPDATE messages sent to this neighbor. MD5 Password The TCP MD5 password, if one is configured, in plain text. Last Error The last error that occurred on the connection to this neighbor. Last SubError The suberror reported with the last error.
Counters Description Path with duplicate attribute The peer sent an UPDATE message containing the same path attribute more than once. Path with wellknown/optional conflict A received path attribute was flagged as both wellknown and optional or neither well-known nor optional. Transitive flag not set on transitive attr A received path attribute is known to be transitive, but the transitive flag is not set.
Invalid prefix in UPDATE NLRI An UPDATE message received from this peer contained a syntactically incorrect prefix. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console#show ip bgp neighbors Remote Address ................................ Remote AS ..................................... Peer ID ....................................... Peer Admin Status ............................. Peer State ....................................
IPv4 Prefix Statistics: Prefixes Prefixes Prefixes Prefixes Prefixes Max NLRI Min NLRI Inbound 0 0 0 0 0 0 0 Advertised Withdrawn Current Accepted Rejected per Update per Update Outbound 0 0 0 N/A N/A 0 0 console # show ip bgp neighbors 172.20.1.100 Remote Address ................................ Remote AS ..................................... Peer ID ....................................... Peer Admin Status ............................. Peer State .................................... Local Port .......
Prefixes Prefixes Max NLRI Min NLRI Withdrawn Current per Update per Update 0 1 1 1 0 0 0 0 In this example, BGP has received an UPDATE message from an external peer 172.20.101.100 with something other than the peer’s ASN as the first ASN in the AS Path. The additional counter shows that this occurred one time. console #show ip bgp neighbors 172.20.101.100 Remote Address ................................ 172.20.101.100 Remote AS ..................................... 101 ... Last Error ...................
User Guidelines Note that this output differs slightly from the output in show ip bgp. Suppressed routes and non-best routes are not advertised; so these status codes are not relevant here. Advertised routes always have a single next hop, the BGP NEXT HOP advertised to the peer. Local preference is never sent to external peers. If the vrf-name argument is specified, information pertaining to that VRF is displayed.
BGP table version is 5, local router ID is 0.0.0.100 Status codes: p - advertisement pending Origin codes: i - IGP, e - EGP, ? - incomplete Network ------------------172.20.1.0/24 p 20.1.1.0/24 Next Hop Metric LocPref Path Origin ---------------- ---------- ------- ------------- ----172.20.101.1 10 100 20 10 i 172.20.101.1 100 20 ? show ip bgp neighbors received-routes This command displays the list of routes received from a specific neighbor. The list includes both the accepted and rejected routes.
Fields Description Network Destination prefix Next Hop The BGP NEXT HOP as advertised by the peer. Metric The value of the Multi Exit Discriminator, if a MED is received from the peer. Local Pref The local preference received from the peer. Path The AS path as received from the peer Origin The value of the Origin attribute as received from the peer follows immediately after the AS PATH. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
show ip bgp neighbors policy This command displays the inbound and outbound IPv4 policies configured for a specific peer. The output distinguishes policies that are configured on the peer itself and policies that the peer inherits from a peer template. Syntax show ip bgp [vrf vrf-name] neighbors ip-address policy • vrf vrf-name — Displays the aggregate address information associated with the named VRF.
Example console #show ip bgp neighbors 172.20.101.100 policy Neighbor Policy Template --------------- ------------------------------- -----------------------172.20.101.
If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following information is displayed: Fields Description Cluster ID The cluster ID used by this router. The value is tagged as configured when the value is configured with the bgp cluster-id command. When no cluster ID is configured, the local router ID is shown and tagged as default. Client-to-client reflection Displayed as Enabled when this router reflects routes received from its clients to its other clients.
updates the BGP route table, and updates the common RIB. Phase 3 is run independently for each outbound update group and determines which routes should be advertised to neighbors in each group. Each entry in the table shows statistics for one phase of the decision process. The table shows the 20 most recent decision process runs, with the most recent information at the end of the table.
Reason The event that triggered the decision process to run. Peer Phase 1 of the decision process can be triggered for a specific peer when a peer’s inbound routing policy changes or the peer is reset. When phase 1 is run for a single peer, the peer’s IP address is given. Duration How long the decision process took, in milliseconds. Adds The number of routes added. For phase 1, this is the number of prefixes that pass inbound policy and are added to the Accept-RIB-In.
• vrf vrf-name — Displays the aggregate address information associated with the named VRF. Default Configuration By default, information about the global VRF is shown. Command Mode User Exec mode, Privileged Exec mode, Global Config mode and all submodes. User Guidelines If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following information is displayed. Fields Description Admin Mode Whether BGP is globally enabled.
Dynamic Neighbors The number of dynamically discovered neighbors (current number, maximum number discovered, upper limit allowed). Default Metric The default value for the MED for redistributed routes. Default Route Advertise Whether BGP is configured to advertise a default route. Corresponds to default-information originate. Redistributing Source A source of routes that BGP is configured to redistribute. Metric The metric configured with the redistribute command.
Example console#show ip bgp summary IPv4 Routing .................................. BGP Admin Mode ................................ BGP Router ID ................................. Local AS Number ............................... Traps ......................................... Maximum Paths ................................. Maximum Paths iBGP ............................ Default Keep Alive Time ....................... Default Hold Time ............................. Number of Network Entries ..................
Command Mode Privileged Exec mode User Guidelines The following information is displayed. Fields Description Template Name The name of a BGP peer template. AF The address family to which the configuration command applies. This field is blank for session parameters, which apply to all address families. Configuration Configuration commands that are included in the template. Command History Introduced in version 6.2.0.1 firmware.
Syntax show ip bgp [vrf vrf-name] traffic • vrf vrf-name — Displays the aggregate address information associated with the named VRF. Default Configuration By default, information about the global VRF is shown. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines If the vrf-name argument is specified, information pertaining to that VRF is displayed. The output shows when BGP counters were last cleared (using clear ip bgp counters).
Updated in version 6.3.0.1 firmware.
Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes User Guidelines If the vrf-name argument is specified, information pertaining to that VRF is displayed. The update send history table show statistics on as many as the fifteen most recent executions of the update send process for the update group. Items in the history table are as follows: Fields Description Version The update version. Delta T The amount of time elapsed since the update send process executed.
Neighbor AS Path Access List Out The AS path access list used to filter UPDATE messages sent to peers in the update group. Neighbor Prefix List Out Name of the prefix list used to filter prefixes advertised to the peers in the update group. Neighbor Route Map Out Name of the route map used to filter and modify routes advertised to the peers in the update group. Members Added The number of peers added to the group since the group was formed.
Example console# show ip bgp update-group Update Group ID............................ Peer Type.................................. Minimum Advertisement Interval............. Send Community............................. Neighbor AS Path Access List Out........... Neighbor Prefix List Out................... Neighbor Route Map Out..................... Members Added.............................. Members Removed............................ Update Version............................. Number of UPDATEs Sent........
UPDATE Send Failures....................... 0 Current Members: Version 10 172.24.3.1, 172.25.8.56, 172.28.9.1 Delta T Duration UPD Built UPD Sent Paths Sent Pfxs Adv Pfxs Wd 00:00:49 100 6 288 5 1250 750 show ip bgp vpn4 Use the show ip bgp vpn4 command to display the VPNv4 address information from the BGP table. If the vrf argument is specified, the address information pertaining to that VRF is displayed.
• No “IPv4 Outbound Update Group” is listed. • No IPv4 prefix statistics are shown, since this implementation does not support advertisement of IPv4 prefixes over IPv6 transport. • “RFC 5549 Support” is displayed only if the BGP neighbor is peered over IPv6 network. • If the peer is configured as “autodetect”, the “Remote Address” shows detected IPv6 address or “Unresolved” if the peer is not detected by the autodetect feature.
Term Description Generation ID The version of the BGP routing table when this route last changed. Forwarding If this BGP route is used for forwarding. Advertised To Update Groups The outbound update groups to which this route is advertised. Local Preference The local preference, either as received from the peer or as set according to local policy. AS Path The AS Path. This form of show ip bgp displays AS Paths as long as allowed by bgp maxas-limit. Origin Value of the ORIGIN attribute.
Example The following example shows all available VPNv4 information in a BGP routing table: console#show ip bgp vpnv4 all BGP table version is 5, local router ID is 20.1.1.1 Status codes: s suppressed, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Route Distinguisher *> 172.20.1.0/24 *> 24.95.16.0/24 *> 24.14.8.0/24 Next Hop Metric : 1:10 (for VRF red) 100.10.1.1 10 100.10.1.1 10 100.10.1.1 10 Route Distinguisher *> 173.20.1.0/24 *> 25.95.16.0/24 *> 25.14.8.
Best Path: Imported from.............................. Local Preference........................... AS Path.................................... Origin..................................... Metric..................................... Type....................................... IGP Cost................................... Peer (Peer ID)............................. BGP Next Hop............................... Atomic Aggregate........................... Aggregator (AS, Router ID)................. Communities......
Command Mode BGP Router Configuration mode User Guidelines A peer template can be configured with parameters that apply to many peers. Neighbors can then be configured to inherit parameters from the peer template. A peer template can include both session parameters and peer policies. Peer policies are configured within an address family configuration mode and apply only to that address family. You can configure up to 32 peer templates.
Command History Introduced in version 6.2.0.1 firmware. Additional command options added in 6.3.0.1 firmware. Example console(config)# router bgp 65000 console(config-router)# neighbor 172.20.1.2 remote-as 65001 console(config-router)# neighbor 172.20.2.
• holdtime—The time, in seconds, that BGP continues to consider a neighbor to be alive without receiving a BGP KEEPALIVE or UPDATE packet from the neighbor. If no KEEPALIVE is received from a neighbor for longer than the hold time, BGP drops the adjacency. If the hold time is set to 0, then BGP does not enforce a hold time and BGP does not send periodic KEEPALIVE messages. The range is 0, 3 to 65,535 seconds. Default Configuration The default keepalive time is 30 seconds.
BGP Routing Policy Dell EMC Networking N3000/N3100/N4000 Series Switches Exterior routing protocols like BGP use industry-standard routing policy to filter and modify routing information exchanged with peers.
show ip community-list – ip as-path access-list To create an AS path access list, use the ip as-path access-list. An AS path access list filters BGP routes on the AS path attribute of a BGP route. To delete an AS path access list, use the no form of this command Syntax ip as-path access-list as-path-list-number { permit | deny } regexp no ip as-path access-list as-path-list-number • as-path-list-number—A number from 1 to 500 uniquely identifying the list.
statement’s action is taken. An AS path list has an implicit deny statement at the end. If a path does not match any of the statements in an AS path list, the action is considered to be deny. Once you have created an AS path list, you cannot delete an individual statement. If you want to remove an individual statement, you must delete the AS path list and recreate it without the statement to be deleted. Statements are applied in the order in which they are created.
Example In the following example, the router is configured to reject routes received from neighbor 172.20.1.1 with an AS path that indicates the route originates in or passes through AS 100. console(config)# ip as-path access-list 1 deny _100_ console(config)# ip as-path access-list 1 deny ^100$ console(config)# router bgp 1 console(config-router)# neighbor 172.20.1.1 remote-as 200 console(config-router)# neighbor 172.20.1.
ip community-list To create or configure a BGP community list, use the ip community-list command in global configuration mode. To delete a community list, use the no form of this command. Syntax ip community-list standard list-name {permit | deny} [community-number] [no-advertise] [no-export] [no-export-subconfed] [no-peer] no ip community-list standard list-name • standard list-name—Identifies a named standard community list. The name may contain up to 32 characters.
User Guidelines A community list statement with no community values is considered a match for all routes, regardless of their community membership. So the statement ip community-list bullseye permit is a permit all statement. A community number may be entered in either format, as a 32-bit integer or a pair of 16-bit integers separated by a colon, regardless of whether the ip bgpcommunity new-format command is active.
• network mask—Specifies the match criteria for routes being compared to the prefix list statement. The network can be any valid IP prefix. The mask is any IPv4 prefix in dotted-quad notation. • ge length—(Optional) If this option is configured, a prefix is only considered a match if its network mask length is greater than or equal to this value. This value must be longer than the network length and less than or equal to 32.
The command no ip prefix-list list-name deletes the entire prefix list. To remove an individual statement from a prefix list, you must specify the statement exactly, with all its options. Up to 128 prefix lists may be configured. The maximum number of statements allowed in prefix list is 64. Command History Introduced in version 6.2.0.1 firmware. Example The following example configures a prefix list that allows routes with one of two specific destination prefixes, 172.20.0.0 /16 and 192.168.1.
Command Mode Global Configuration User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware. Example console(config)#ip prefix-list test description test prefix lists ipv6 prefix-list To create an IPv6 prefix list or add an IPv6 prefix list entry, use the ipv6 prefix-list command in global configuration mode. To delete a prefix list or a statement in a prefix list, use the no form of this command.
• ipv6-prefix—The IPv6 network assigned to the specified prefix list. This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons. • prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. Required if a prefix is specified. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address) in /length format.
User Guidelines The ipv6 prefix-list command is used to create IPv6 prefix lists. These are similar to ip prefix lists except that the lists are IPv6 specific. An IPv6 prefix list can contain only IPv6 addresses. Prefix lists allow matching of route prefixes against those specified in the prefix list. Each prefix list includes of a sequence of prefix list entries ordered by sequence numbers.
Example The following example configures a prefix list that allows routes with one of two specific destination prefixes, 2001::/64 and 5F00::/48: console(config)# ipv6 prefix-list apple seq 10 permit 2001:: /64 console(config)# ipv6 prefix-list apple seq 20 permit 5F00:: FFFF:FFFF:FFFF:: The following example renumbers the apple prefix list beginning at sequence number 10.
Command History Introduced in version 6.2.0.1 firmware. Example console(route-map)#match as-path 250 match community To configure a route map to match based on a BGP community list, use the match community command. To delete a match term from a route map, use the no form of this command. Syntax match community community-list [ community-list...] [exact-match] no match community [ community-list [ community-list...] [exact-match] ] • community-list—The name of a standard community list.
The command no match community removes the match term and all its community lists. Command History Introduced in version 6.2.0.1 firmware. Example console(route-map)#match community test match ip address prefix-list Use this command to configure a route map to match based on a destination prefix. To delete a match statement from a route map, use the no form of this command. Syntax match ip address prefix-list prefix-list-name [prefix-list-name...
Command History Introduced in version 6.2.0.1 firmware. Example console(route-map)#match ip address prefix-list test match ipv6 address prefix-list Use this command to configure a route map to match based on an IPv6 destination prefix. To delete a match statement from a route map, use the no form of this command. Syntax match ip address prefix-list prefix-list-name [prefix-list-name...] no match ip address prefix-list [ prefix-list-name [prefix-list-name...
Command History Introduced in version 6.2.0.1 firmware. Example In the example below, IPv6 addresses specified by the prefix list apple are matched through the route map abc. Router(config)# route-map abc Router(config-route-map)# match ipv6 address prefix-list apple show ip as-path-access-list This command displays the contents of AS path access lists.
AS path access list 2 deny _200_ deny ^200$ show ip community-list This command displays the contents of AS path access lists. Syntax show ip community-list [community-list-name | detail [community-listname]] • community-list-name—(Optional) A standard community list name. This option limits the output to a single community. • detail—Display detailed community list information Default Configuration No match criteria are configured by default.
show ip prefix-list This command displays the contents of IPv4 prefix lists. Syntax show ip prefix-list [detail [prefix-list-name] | summary [prefix-list-name] | prefix-list-name [network mask [longer] [first-match] | seq sequencenumber ]] [detail | summary] prefix-list-name [network network-mask ] [seq sequence-number] [longer] [first-match] • detail | summary—(Optional) Displays detailed or summarized information about all prefix lists. • prefix-list-name—(Optional) The name of a specific prefix list.
show ip prefix-list prefix-list-name seq sequence-number show ip prefix-list prefix-list-name show ip prefix-list summary show ip prefix-list summary prefix-list-name show ip prefix-list detail show ip prefix-list detail prefix-list-name show ip prefix-list The following information is displayed. Fields Description count Number of entries in the prefix list. range entries Number of entries that match the input range. ref count Number of entries referencing the given prefix list.
ip prefix-list fred: count: 3, range entries: 3, sequences: 5 - 15, refcount: 0 seq 5 permit 10.10.1.1/20 ge 22 (hitcount: 0) seq 10 permit 10.10.1.2/20 le 30 (hitcount: 0) seq 15 permit 10.10.1.2/20 ge 29 le 30 (hitcount: 0) show ipv6 prefix-list This command displays the contents of IPv6 prefix lists.
Default Configuration No prefix lists are configured by default. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines The following information is displayed. Fields Description count Number of entries in the prefix list. range entries Number of entries that match the input range. ref count Number of entries referencing the given prefix list. seq Sequence number of the entry in the list. permit/deny Actions.
ipv6 prefix-list apple: count: 6, range entries: 3, sequences: 5 - 30, refcount: 31 seq 5 deny 5F00::/8 le 128 (hit count: 0, refcount: 1) seq 10 deny ::/0 (hit count: 0, refcount: 1) seq 15 deny ::/1 (hit count: 0, refcount: 1) seq 20 deny ::/2 (hit count: 0, refcount: 1) seq 25 deny ::/3 ge 4 (hit count: 0, refcount: 1) seq 30 permit ::/0 le 128 (hit count: 240664, refcount: 0) clear ip prefix-list To reset the IPv4 prefix-list counters, use the clear ip prefix-list command.
Example console# clear ip prefix-list orange 20.0.0.0 /8 clear ipv6 prefix-list To reset the IPv6 prefix-list counters, use the clear ipv6 prefix-list command. Syntax clear ipv6 prefix-list [list-name | list-name ipv6-prefix/prefix-length] • list-name – (Optional) Name of the IPv6 prefix list from which the hit count is to be cleared. • ipv6-prefix - An IPv6 network assigned to the specified prefix list.
Example The command below clears the counters only for the matching statement in the IPv6 prefix list apple. Router# clear ipv6 prefix-list apple FF05::/35 clear ip community-list To reset the IPv6 prefix-list counters, use the clear ipv6 prefix-list command. Syntax clear ip community-list [list-name] • list-name—(Optional) Name of the community list for which the hit count is to be cleared. Default Configuration No community lists are configured by default.
set as-path To prepend one or more AS numbers to the AS path in a BGP route, use the set as-path command. To remove a set command from a route map, use the no form of this command. Syntax set as-path prepend as-path-string no set as-path prepend as-path-string • prepend as-path-string—A list of AS path numbers to insert at the beginning of the AS_PATH attribute of matching BGP routes. To prepend more than one AS number, separate the ASNs with a space and enclose the string in quotes.
Example console# config console(config)#route-map ppAsPath console(route-map)#set as-path prepend “2 2 2” console(route-map)#exit console(config)#router bgp 1 console(config-rtr)#neighbor 172.20.1.2 remote-as 2 console(config-rtr)#neighbor 172.20.1.2 route-map ppAsPath in set comm-list delete To remove BGP communities from an inbound or outbound UPDATE message, use the set comm-list delete command. To delete the set command from a route map, use the no form of this command.
When a route map statement includes both set community and set commlist delete terms, the set comm-list delete term is processed first, and then the set community term (that is, communities are first removed, and then communities are added). Command History Introduced in version 6.2.0.1 firmware. Example console(route-map)#set comm-list test delete set community To modify the communities attribute of matching routes, use the set community command in route-map configuration mode.
Command Mode Route Map Configuration User Guidelines The set community command can be used to assign communities to routes originated through BGP’s network and redistribute commands and to set communities on routes received from a specific neighbor or advertised to a specific neighbor. It can also be used to remove all communities from a route. To remove a subset of the communities on a route, use the set comm-list delete command. Command History Introduced in version 6.2.0.1 firmware.
User Guidelines When used in a route map applied to UPDATE messages received from a neighbor, the command sets the next hop address for matching IPv6 routes received from the neighbor. When used in a route map applied to UPDATE messages sent to a neighbor, the command sets the next hop address for matching IPv6 routes sent to the neighbor. If the address is a link local address, the address is assumed to be on the interface where the UPDATE is sent or received.
User Guidelines The local preference is the first attribute used to compare BGP routes. Setting the local preference can influence which route BGP selects as the best route. When used in conjunction with a match as-path or match ip-address command, this command can be used to prefer routes that transit certain ASs or to make the local router a more preferred exit point to certain destinations. Command History Introduced in version 6.2.0.1 firmware.
Command History Introduced in version 6.2.0.1 firmware.
DVMRP Commands Dell EMC Networking N3000/N3100/N4000 Series Switches Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast protocol and is most appropriate for use in networks where bandwidth is relatively plentiful and there is at least one multicast group member in each subnet. DVMRP assumes that all hosts are part of a multicast group until it is informed of multicast group changes.
Default Configuration Disabled is the default configuration. Command Mode Global Configuration Interface Configuration (VLAN) mode User Guidelines PIM must be disabled before DVMRP can be enabled. This command enables IGMP/MLD. Disabling IGMP/MLD may operationally disable multicast routing. Example The following example sets VLAN 15’s administrative mode of DVMRP to active.
User Guidelines This command has no user guidelines. Example The following example configures a metric of 5 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 show ip dvmrp Use the show ip dvmrp command to display the system-wide information for DVMRP. Syntax show ip dvmrp Default Configuration This command has no default condition.
show ip dvmrp interface Use the show ip dvmrp interface command to display the interface information for DVMRP on the specified interface. Syntax show ip dvmrp interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays interface information for VLAN 11 DVMRP.
Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP. console(config)#show ip dvmrp neighbor No neighbors available. show ip dvmrp nexthop Use the show ip dvmrp nexthop command to display the next hop information on outgoing interfaces for routing multicast datagrams.
Example The following example displays the next hop information on outgoing interfaces for routing multicast datagrams. console(config)#show ip dvmrp nexthop Next Hop Source IP Source Mask Interface -------------- -------------- --------- Type ------ show ip dvmrp prune Use the show ip dvmrp prune command to display the table that lists the router’s upstream prune information. Syntax show ip dvmrp prune Default Configuration This command has no default condition.
show ip dvmrp route Use the show ip dvmrp route command to display the multicast routing information for DVMRP. Syntax show ip dvmrp route Default Configuration This command has no default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the multicast routing information for DVMRP.
IGMP Commands Dell EMC Networking N3000/N3100/N4000 Series Switches The Dell Network N1500/N2000/N2100-ON Series switches support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. Internet Group Management Protocol (IGMP) is the multicast group membership discovery protocol used for IPv4 multicast groups. Three versions of IGMP exist. Versions one and two are widely deployed.
IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message. Receipt of this message causes the Querier possibly to reduce the remaining lifetime of its state for the group, and to send a groupspecific IGMP Query message to the multicast group.The Leave Group message is not used with IGMPv3, since the source address filtering mechanism provides the same functionality.
Syntax ip igmp last-member-query-count Imqc no ip igmp last-member-query-count • Imqc — Query count. (Range: 1-20) Default Configuration The default last member query count is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets 10 as the number of VLAN 2 Group-Specific Queries.
Default Configuration The default Maximum Response Time value is ten (in tenths of a second). Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures 2 seconds as the Maximum Response Time inserted in VLAN 15’s Group-Specific Queries.
Default Configuration Disabled is the default state. Command Mode Interface VLAN Configuration mode User Guidelines IGMP is enabled when ip pim sparse-mode, ip pim dense-mode, ip dvmrp, or ip igmp-proxy are enabled. A multicast routing protocol (e.g. PIM) should be enabled whenever IGMP is enabled. L3 IP multicast must be enabled for IGMP to operate. Example The following example globally enables IGMP the IGMP proxy service on VLAN 1.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures a 10-second query interval for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp query-interval 10 ip igmp query-max-response-time Use the ip igmp query-max-response-time command in Internet Configuration mode to configure the maximum response time interval for the specified interface.
console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp query-max-response-time 10 ip igmp robustness Use the ip igmp robustness command in Interface VLAN Configuration mode to configure the robustness that allows tuning of the interface, that is, tuning for the expected packet loss on a subnet. If a subnet is expected to have significant loss, the robustness variable may be increased for the interface.
Syntax ip igmp startup-query-count count no ip igmp startup-query-count • count — The number of startup queries. (Range: 1-20) Default Configuration The default count value is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets for VLAN 15 the number of queries sent out on startup at 10.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets at 10 seconds the interval between general queries sent at startup for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query-interval 10 ip igmp version Use the ip igmp version command in Interface Configuration mode to configure the version of IGMP for an interface. Syntax ip igmp version version • version — IGMP version.
show ip igmp Use the show ip igmp command to display system-wide IGMP information. Syntax show ip igmp Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays system-wide IGMP information. console#show ip igmp IGMP Admin Mode............................. Enabled IGMP Router-Alert check.....................
• interface-type interface-number—Interface type of VLAN and a valid VLAN ID Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the registered multicast groups for VLAN 3. console#show ip igmp groups vlan 3 detail Multicast IP Address --------------225.0.0.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays IGMP information for VLAN 11. console#show ip igmp interface vlan 11 Interface..................................... 11 IGMP Admin Mode............................... Enable Interface Mode................................ Enable IGMP Version.................................. 3 Query Interval (secs)..................
User Guidelines This command has no user guidelines. Examples The following examples display the list of interfaces that have registered in the multicast group at IP address 224.5.5.5, the latter in detail mode. console#show ip igmp interface membership 224.5.5.5 console(config)#show ip igmp membership 224.5.5.5 detail show ip igmp interface stats Use the show ip igmp interface stats command in User Exec mode to display the IGMP statistical information for the interface.
Number of Joins.............................. 7 Number of Groups.............................
IGMP Proxy Commands Dell EMC Networking N3000/N3100/N4000 Series Switches IGMP Proxy is used by the router on IPv4 systems to enable the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP router interfaces, thus acting as proxy to all its hosts residing on its router interfaces. Dell EMC Networking supports IGMP Version 3, Version 2 and Version 1. Version 3 adds support for source filtering [SSM] is interoperable with Versions 1 and 2.
no ip igmp proxy-service Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command enables IGMP proxy on the VLAN interface. Use this command to enable sending of IGMP messages received on interfaces configured with the ip igmp mroute-proxy command to an attached multicast router. PIM and DVMRP are not compatible with IGMP proxy. Disable PIM/DVMRP before enabling IGMP proxy.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example resets the host interface status parameters of the IGMP Proxy router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp proxy-service reset-status ip igmp proxy-service unsolicit-rprt-interval Use the ip igmp proxy-service unsolicit-rprt-interval command in Interface Configuration mode to set the unsolicited report interval for the IGMP Proxy router.
console(config-if-vlan15)#ip igmp proxy-service unsolicit-rpt-interval 10 show ip igmp proxy-service Use the show ip igmp proxy-service command to display a summary of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp proxy-service Default Configuration This command has no default configuration.
show ip igmp proxy-service interface Use the show ip igmp proxy-service interface command to display a detailed list of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp proxy-service interface Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example attempts to display a table of information about multicast groups that IGMP Proxy reported. console#show ip igmp proxy-service groups Interface Index................................
User Guidelines This command has no user guidelines. Example The following example displays complete information about multicast groups that IGMP Proxy has reported. console#show ip igmp proxy-service groups detail Interface Index................................ vlan13 Group Address Last Reporter Up Time Member State ------------- --------------- -----------------225.0.1.1 13.13.13.1 26 DELAY-MEMBER 225.0.1.2 13.13.13.
IP Helper/DHCP Relay Commands Dell EMC Networking N1500/N2000/N2100-ON/N3000/N3100ON/N4000 Series Switches The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a particular IP address over a routed interface. This allows applications to reach servers on non-local subnets.
Table 7-1. UDP Destination Ports Protocol UDP Port Number IEN-116 Name Service 42 DNS 53 NetBIOS Name Server 137 NetBIOS Datagram Server 138 TACACS Server 49 Time Service 37 DHCP 67 Trivial File Transfer Protocol 69 ISAKAMP 500 Mobile IP 434 NTP 123 PIM Auto RP 496 RIP 520 Certain pre-existing DHCP relay options do not apply to relay of other protocols. The administrator may optionally set a DHCP maximum hop count or minimum wait time.
configuration for the destination UDP port. If so, the relay agent unicasts the packet to the configured server IP addresses. Otherwise the packet is not relayed. The relay agent only relays packets that meet the following conditions: • The destination MAC address must be the all-ones broadcast address (FF:FF:FF:FF:FF:FF). • The destination IP address must be the IPv4 broadcast address (255.255.255.255) or a directed broadcast address for the receiving interface.
bootpdhcprelay maxhopcount Use the bootpdhcprelay maxhopcount command in Global Configuration mode to configure the maximum allowable relay agent hops for BootP/DHCP Relay on the system. Use the no form of the command to set the maximum hop count to the default value. Syntax bootpdhcprelay maxhopcount integer no bootpdhcprelay maxhopcount • integer — Maximum allowable relay agent hops for BootP/DHCP Relay on the system. (Range: 1-16) Default Configuration The default integer configuration is 4.
bootpdhcprelay minwaittime Use the bootpdhcprelay minwaittime command in Global Configuration mode to configure the minimum wait time in seconds for BootP/DHCP Relay on the system. When the BOOTP relay agent receives a BOOTREQUEST message, it might use the seconds-since-client- began-booting field of the request as a factor in deciding whether to relay the request or not. Use the no form of the command to set the minimum wait time to the default value.
clear ip helper statistics Use the clear ip helper statistics command to reset to 0 the statistics displayed in show ip helper statistics. Syntax clear ip helper statistics [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, counters for the default (global) router instance is cleared. Default Configuration There is no default configuration for this command.
Default Configuration This is enabled by default for a DHCP relay agent. Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Interface configuration takes precedence over global configuration. However if there is no interface configuration then global configuration is followed. This check is enabled by default.
Default Configuration This check is enabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Enable DHCP Relay using the ip helper enable command. Use the global configuration command ip dhcp relay information option command to enable processing of DHCP circuit ID and remote agent ID options. DHCP replies are checked by default. The network administrator should ensure that only one switch in the path between the DHCP client and server processes DHCP information options.
User Guidelines This command globally enables inclusion of DHCP option 82 in DHCP requests forwarded to the DHCP server. This information may also be relayed on a per interface basis using the ip dhcp relay information option-insert command. Enable DHCP Relay using the ip helper enable command. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance.
User Guidelines Enable DHCP Relay using the ip helper enable command. The interface configuration always takes precedence over global configuration. However, if there is no interface configuration, then global configuration is followed. Use the ip dhcp relay information option command to globally enable inclusion of Option 82 information in DHCP requests forwarded to a DHCP server. Example The following example enables the circuit ID and remote agent ID options on VLAN 10.
netbios-dgm (port 138), netbios-ns (port 137), ntp (port 123), pim-autorp (port 496), rip (port 520), tacacs (port 49), tftp (port 69), and time (port 37). Other ports must be specified by number. Default Configuration No helper addresses are configured.
Command History Description revised in 6.3.5 release. ip helper-address (interface configuration) Use the ip helper-address (interface configuration) command to configure the relay of certain UDP broadcast packets received on a specific interface. To delete a relay entry on an interface, use the no form of this command.
User Guidelines This command can be invoked multiple times on routing interface, either to specify multiple server addresses for a given port number or to specify multiple port numbers handled by a specific server. Broadcast packets other than DHCP require configuration of a destination UDP port number for IP helper if not listed in Table 7-1.
Command History Description revised in 6.3.5 release. ip helper enable Use the ip helper enable command to enable relay of UDP packets. To disable relay of all UDP packets, use the “no” form of this command. Syntax ip helper enable no ip helper enable Default Configuration IP helper is enabled by default. Command Mode Global Configuration mode User Guidelines This command can be used to temporarily disable IP helper without deleting all IP helper addresses.
show ip helper-address Use the show ip helper-address command to display the IP helper address configuration. Syntax show ip helper-address [vrf vrf-name] [interface] • interface — Optionally specify an interface to limit the output to the configuration of a single interface. The interface is identified as vlan vlanid. • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown.
Discard If “Yes”, packets arriving on the given interface with the given destination UDP port are discarded rather than relayed. Discard entries are used to override global IP helper address entries which otherwise might apply to a packet. Hit Count The number of times the IP helper entry has been used to relay or discard a packet. Server Address The IPv4 address of the server to which packets are relayed.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N3100/N4000 series switches. Example The following example defines the Boot/DHCP Relay information. console#show ip dhcp relay Maximum Minimum Circuit Circuit Hop Count.............................. 4 Wait Time (Seconds).................... 0 Id Option Mode....................... Disable Id Option Check Mode.................
The VRF parameter is only available on the N3000/N3100/N4000 series switches. The following information is displayed. Field Description DHCP client The number of valid messages received from a DHCP client. messages received The count is only incremented if IP helper is enabled globally, the ingress routing interface is up, and the packet passes a number of validity checks, such as having a TTL > 1 and having valid source and destination IP addresses.
DHCP message with giaddr set to local address The number of DHCP client messages received whose gateway address, giaddr, is already set to an IP address configured on one of the relay agent's own IP addresses. In this case, another device is attempting to spoof the relay agent's address. The relay agent does not relay such packets. A log message gives details for each occurrence. Packets with expired TTL The number of packets received with TTL of 0 or 1 that might otherwise have been relayed.
IP Routing Commands Dell EMC Networking N1500/N2000/N2100-ON/N3000/N3100ON/N4000 Series Switches The Dell Network N1500/N2000/N2100-ON series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. Dell EMC Networking routing provides the base Layer 3 support for Local Area Network (LAN) and Wide Area Network (WAN) environments.
The addition of a preference option has a side benefit. The preference option allows the operator to control the preference of individual static routes relative to routes learned from other sources (such as OSPF). When routes from different sources have the same preference, Dell EMC Networking routing prefers a static route over a dynamic route.
ip route distance set ip next-hop show ip vlan ip routing set ip precedence show route-map – – show routing heap summary encapsulation Use the encapsulation command in Interface Configuration (VLAN) mode to configure the Link Layer encapsulation type for the packet. Routed frames are always Ethernet-encapsulated when a frame is routed to a VLAN. Syntax encapsulation {ethernet | snap} • ethernet — Specifies Ethernet encapsulation. • snap — Specifies SNAP encapsulation.
Syntax ip icmp echo-reply no ip icmp echo-reply Default Configuration ICMP Echo Reply messages are enabled by default. Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000/N3100/N4000 switches.
Default Configuration Rate limiting is enabled by default. The default burst-interval is 1000 milliseconds. The default burst-size is 100 messages. Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines There are no user guidelines for this command. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance.
User Guidelines This command has no user guidelines. Example The following example defines the IP address and subnet mask for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip netdirbcast ip policy route-map Use this command to apply a route map on an interface. Use the no form of this command to delete a route map from the interface. Syntax ip policy route-map map-tag no ip policy route-map map-tag • map-tag—Name of the route map to use for policy based routing.
the entire sequence of route-maps needs to be removed from the interface and added back again in order to have the changed route-map configuration be effective. If the administrator removes match or set terms in a route-map intermittently, the counters corresponding to the removed match term are reset to zero.
ip redirects Use the ip redirects command to enable the generation of ICMP Redirect messages. Use the no form of this command to prevent the sending of ICMP Redirect Messages. In global configuration mode, this command affects all interfaces. In interface configuration mode, it only affects that interface. Syntax ip redirects no ip redirects Default Configuration ICMP Redirect messages are enabled by default.
no ip route [vrf vrf-name] networkaddr {subnetmask | prefix-length} {Null 0 | nexthopip | vlan vlan-id [nexthopip]} • vrf-name—The name of the VRF if which the route is to be installed. If no vrf is specified, the route is created in the global routing table. • networkaddr — IP address of destination interface. • subnetmask—A 32 bit dotted-quad subnet mask. Enabled bits in the mask indicate the corresponding bits of the network address are significant. Enabled bits in the mask must be contiguous.
User Guidelines The IP route command sets a value for the route preference. Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database. Specifying the preference of a static route controls whether a static route is more or less preferred than routes from dynamic routing protocols. The preference also controls whether a static route is more or less preferred than other static routes to the same destination.
static route command along with the next hop IP address, the switch can correctly install static route entries for unnumbered-peers. It is also possible to configure ‘unnumbered interface routes’ where the next hop IP address is not specified and only the unnumbered nexthop interface is configured. Examples Route Leaking Example 1 The following shows the configuration for VRF red-1 configured in VLAN 10. A static global route for the 172.16.0.0 with a next hop of 172.16.0.2 is injected into VRF red-1.
Route Leaking Example 2 Subnetwork 9.0.0.0/24 is a directly connected subnetwork on VLAN 10 in the default routing table. Subnet 8.0.0.0/24 is a directly connected subnetwork in VLAN 30 in virtual router Red. Subnet 66.6.6.x is reachable via VLAN 30 in vrf Red. The first ip route command below leaks the 66.6.6.x subnet from vrf Red into the default routing table. The second ip route command configures a gateway for the default routing table. The next ip route commands leak the 9.0.0.
Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static B - BGP Derived, E - Externally Derived, IA - OSPF Inter Area E1 - OSPF External Type 1, E2 - OSPF External Type 2 N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2 S U - Unnumbered Peer, L - Leaked Route * Indicates the best (lowest metric) route for the subnet. Default Gateway is 9.0.0.2 S *0.0.0.0/0 [253/0] via 9.0.0.2, Vl10 C *9.0.0.0/24 [0/1] directly connected, L *66.6.6.0/24 [1/0] via 0.0.0.
• preference — Specifies the preference value, a.k.a administrative distance, of an individual static route. (Range: 1-255) Default Configuration Default value of preference is 1. Command Mode Global Configuration mode User Guidelines For routed management traffic: 1 Router entries are checked for applicable destinations. 2 The globally assigned default-gateway is consulted.
Example The following example identifies the next-hop-ip and a preference value of 200. console(config)#ip route default 192.168.10.1.200 ip route distance Use the ip route distance command in Global Configuration mode to set the default distance (preference) for static routes. Lower route preference values are preferred when determining the best route. The ip route and ip route default commands allow optional setting of the distance of an individual static route.
User Guidelines Lower route distance values are preferred when determining the best route. The VRF identified in the parameter must have been previously created or an error is returned. Only IPv4 addresses are supported with the vrf parameter. This command is only available on the N3000/N3100/N4000 switches. Example The following example sets the default route metric to 80.
Enable IPv4 routing on a VLAN by entering interface vlan mode for the desired VLAN and assigning an IP address to the VLAN. Use the no interface vlan command to disable routing on an interface. Ensure that statically assigned addresses do not conflict with any configured subnets. Subnet overlap is not allowed. Virtual Router Configuration mode is only available on the N3000/N3100/N4000 switches.
The interface should be configured as able to borrow an IP address, i.e. a routing interface with no IP address. The loopback interface is the numbered interface providing the borrowed address. The providing loopback interface cannot be unnumbered. The loopback interface is identified by its loopback interface number. It is a misconfiguration for two routers, R1 and R2, to be connected by a link where R1’s interface is unnumbered and R2’s interface is numbered.
no ip unnumbered gratuitous-arp accept Default Configuration The default mode is accept. Command Mode Interface (VLAN) Configuration User Guidelines IP unnumbered interfaces are supported in the default VRF only. The interface should be configured as able to borrow an IP address, i.e. a routing interface with no IP address. Normally, the static ARP entry is only installed if the IP address matches one of the local subnets.
Default Configuration ICMP Destination Unreachable messages are enabled. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan10)#ip unreachables match ip address Use this command to specify IP address match criteria for a route map. Use the no form of this command to delete a match statement from a route map.
Actions in the IP ACL configuration are applied with other actions present in the route-map. If an IP ACL referenced by a route-map is removed or rules are added or deleted from the ACL, the configuration is rejected. If a list of IP access lists is specified in this command and a packet matches at least one of these access list match criteria, the corresponding set of actions in the route map are applied to the packet. Duplicate IP access list names are ignored.
console(config)#route-map equal-access permit 10 console(config-route-map)#match ip address R1 console(config-route-map)#set ip default next-hop 192.168.6.6 console(config-route-map)#exit console(config)#route-map equal-access permit 20 console(config-route-map)#match ip address R2 console(config-route-map)#set ip default next-hop 172.16.7.7 console(config-route-map)#exit console(config)#interface vlan 11 console(config-if-vlan11)#ip address 10.1.1.1 255.255.255.
console#configure console(config)#route-map madan console(route-map)#match ip address 1 2 3 4 5 madan console(route-map)#match mac-list madan mohan goud console(route-map)#exit console(config)#exit console #show route-map route-map madan permit 10 Match clauses: ip address (access-lists) : 1 2 3 4 5 madan mac-list (access-lists) : madan mohan goud Set clauses: console(config)#access-list 2 permit every Request denied. Another application using this ACL restricts the number of rules allowed.
Default Configuration There is no default configuration for this command. Command Mode Route Map mode User Guidelines The match criteria specified by this command acts on the packet length as it appears in the IP header and is not necessarily correlated with the frame length as it appears on the wire. Example console(config-route-map)#match length 64 1500 match mac-list Use this command to configure MAC ACL match criteria for a route map.
Actions in the MAC ACL configuration are applied with other actions configured in the route map. When a MAC ACL referenced by a route map is removed, the route map rule is also removed. Example console(config-route-map)#match mac-list mac-test route-map Use this command to create a policy based route map. Use the no form of this command to delete a route map or one of its statements.
User Guidelines Apply an ACL rule on the VLAN interface to perform policy based routing based on the VLAN ID as a matching criteria for incoming packets. Packets matching a deny rule or a deny route-map are routed using the routing table. There is no implicit deny all at the end of a route map. Packets not matching any clause are routed using the routing table. Route maps with no set clause are ignored. One use of a route map is to limit the redistribution of routes to a specified range of route prefixes.
set interface null0 Use this command to drop a packet instead of reverting to normal routing for packets that do not match the route map criteria. This command should be configured as the last entry in the route-map as no further set clauses will operate on a dropped packet. Use the no form of this command to remove the set clause from a route map. Syntax set interface null0 no set interface null0 • null0—Specifies the null0 interface used to drop packets.
set ip default next-hop Use this route map clause to override default entries in the routing table. Packets that can routed by an active explicit route in the routing table are not affected by this clause. Use this command to set a list of default next-hop IP addresses to be used if no explicit route for the packet’s destination address appears in the routing table. If more than one IP address is specified, the reachable address in the list is used.
set ip next-hop Use this command to specify an adjacent next-hop router in the path toward the destination to which the packets should be forwarded. If more than one IP address is specified, the first IP address associated with a link up interface is used to route the packets. Use the no form of this command to remove a set command from a route map.
set ip precedence Use this command to set the three IP precedence bits in the IP packet header on ingress. Values 0 through 7 are supported. This precedence value may be used by other QoS services in the switch such as weighted fair queuing (WFQ) or weighted random early detection (WRED). Use the no form of this command to remove a set clause from a route map. Syntax set ip precedence 0-7 no set ip precedence • 0—Sets the routine precedence. • 1—Sets the priority precedence.
show ip brief Use the show ip brief command to display all the summary information of the IP. Syntax show ip brief [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration.
show ip interface Use the show ip interface command to display information about one or more IP interfaces. The output shows how each IP address was assigned. Syntax show ip interface [vrf vrf-name] [type number] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • type—Interface type (loopback, out-of-band, or VLAN) • number—Interface number. Valid only for loopback and VLAN types.
L3 MAC Address................................. 001E.C9DE.B546 Routing Interfaces: Interface ---------Vl1 Vl2 State IP Address IP Mask Method --------------------------------------Down 0.0.0.0 0.0.0.0 None Up unnumbered -->loopback 2 N/A console# console#show ip interface vlan 1 Routing interface status....................... Unnumbered - numbered interface................ Unnumbered - gratuitous ARP accept............. Method......................................... Routing Mode..........................
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ip policy Interface Vl10 Route map pbr-map show ip protocols Use the show ip protocols command to display a summary of the configuration and status for each unicast routing protocol. The command lists all supported routing protocols, regardless of whether they are currently configured or enabled.
The VRF parameter is only available on the N3000/N3100/N4000 series switches. The command displays the following information. Parameter Description BGP Section: Routing Protocol BGP. Router ID The router ID configured for BGP. Local AS Number The AS number that the local router is in. BGP Admin Mode Whether BGP is globally enabled or disabled. Maximum Paths The maximum number of next hops in an internal or external BGP route.
Parameter Description Distance The administrative distance (or “route preference”) for intraarea, inter-area, and external routes. Default Route Advertise Whether OSPF is configured to originate a default route. Always Whether default advertisement depends on having a default route in the common routing table. Metric The metric configured to be advertised with the default route. Metric Type The metric type to advertise for redistributed routes of this type.
Parameter Description Interface The interfaces where RIP is enabled and the version sent and accepted on each interface. Example The following shows example CLI display output for the command. console# show ip protocols Routing Protocol.......................... Router ID................................. Local AS Number........................... BGP Admin Mode............................ Maximum Paths............................. BGP 6.6.6.6 65001 Enable Internal 32, External 32 Distance.............
Redist Source --------static connected Metric ------default 10 Metric Type ----------2 2 Subnets ------Yes Yes Dist List --------None 1 Number of Active Areas.................... 3 (3 normal, 0 stub, 0 nssa) ABR Status................................ Yes ASBR Status............................... Yes Routing Protocol.......................... RIP Admin Mode............................ Split Horizon Mode........................ Default Metric............................ Default Route Advertise.........
• vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • static—Display statically configured routes. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static B - BGP Derived, E - Externally Derived, IA - OSPF Inter Area E1 - OSPF External Type 1, E2 - OSPF External Type 2 N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2 S U - Unnumbered Peer, L - Leaked Route, T - Truncated ECMP Route * Indicates the best (lowest metric) route for the subnet. C S U S U 3.0.0.0/24 [0/0] directly connected, Vl10 6.1.0.6/32 [0/0] via Vl20 6.2.0.
Routes with 1 Next Hop......................... 34 Routes with 2 Next Hops........................ 285 Routes with 3 Next Hops........................ 5 show ip route static Use the show ip route static command to display the statically configured routes, whether they are reachable or not. Syntax show ip route static [name] Default Configuration This command has no default configuration.
Syntax show ip route preferences Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Route preferences are used in determining the best route. Lower router preference values are preferred over higher router preference values. This command displays the route preferences for each possible route origin. Example The following example displays IP route preferences.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the IP route summary. console#show ip route summary Connected Routes............................... Static Routes.................................. Kernel Routes.................................. Unnumbered Peer Routes.........................
Unique Next Hops (High)........................ Next Hop Groups (High)......................... ECMP Groups (High)............................. ECMP Routes.................................... Truncated ECMP Routes.......................... ECMP Retries................................... Routes with 1 Next Hop......................... Routes with 2 Next Hops........................ Routes with 3 Next Hops........................
Example The following example displays IP route preferences. console>show ip traffic IpInReceives................................... IpInHdrErrors.................................. IpInAddrErrors................................. IpForwDatagrams................................ IpInUnknownProtos.............................. IpInDiscards................................... IpInDelivers................................... IpOutRequests.................................. IpOutDiscards..............................
show ip vlan Use the show ip vlan command to display the VLAN routing information for all VLANs with routing enabled. Syntax show ip vlan Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays VLAN routing information.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example For each route map, the match count is shown in terms of number of packets and number of bytes. This counter displays the match count in packets and bytes when a route map is applied. When a route map is created/removed from interface, this count is shown as zero.
console console console console #configure (Config)#interface Te1/0/2 (config-if-Te1/0/2)#ip policy simplest (config-if-Te1/0/2)#show route-map simplest route-map simplest permit 10 Match clauses: ip address (access-lists) : 1 Set clauses: ip next-hop 3.3.3.3 ip precedence 3 Policy routing matches: 5387983 packets, 344831232 bytes route-map simplest permit 20 Match clauses: ip address (access-lists) : 1 Set clauses: ip default next-hop 4.4.4.
ip address prefix-list a1 as-path 1 community s1 exact-match Set clauses: metric 23 local-preference 34 as-path prepend 2 3 4 5 6 comm-list d1 delete community no-export ipv6 next-hop aa::bb Policy routed: 0 packets, 0 bytes The following example shows a route map test1 that is configured with extended community attributes: console# show route-map test route-map test1, permit, sequence 10 Match clauses: extended community list1 Set clauses: extended community RT:1:100 RT:2:200 show routing heap summary Us
Parameter Description Heap Size The amount of memory, in bytes, allocated at startup for the routing heap. Memory In Use The number of bytes currently allocated. Memory on Free List The number of bytes currently on the free list. When a chunk of memory from the routing heap is freed, it is placed on a free list for future reuse. Memory Available in The number of bytes in the original heap that have never been Heap allocated.
IPv6 Routing Commands Dell EMC Networking N1500/N2000/N2100-ON/N3000/N3100ON/N4000 Series Switches The Dell Network N1500/N2000/N2100-ON series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The IPv6 version of the routing table manager provides a repository for IPv6 routes learned by dynamic routing protocols or static configuration.
ipv6 host ipv6 nd nud maxunicast-solicits ipv6 unreachables show ipv6 neighbors ipv6 icmp errorinterval ipv6 nd nud retry ipv6 mld lastmember-querycount ipv6 nd otherconfig-flag show ipv6 brief ipv6 mld lastmember-queryinterval ipv6 nd prefix show ipv6 interface show ipv6 route preferences show ipv6 protocols show ipv6 route ipv6 mld host-proxy ipv6 nd raguard attach-policy – show ipv6 route summary ipv6 mld host-proxy ipv6 nd ra-interval reset-status show ipv6 mld groups show ipv6 snoopin
Command Mode Privileged Exec mode. User Guidelines This command has no user guidelines. Example The following example clears all entries in the IPv6 neighbor table. console(config)#clear ipv6 neighbors clear ipv6 statistics Use the clear ipv6 statistics command to clear IPv6 statistics for all interfaces or for a specific interface, including loopback and tunnel interfaces. IPv6 statistics display in the output of the show ipv6 traffic command.
ipv6 address Use the ipv6 address command in Interface Configuration mode to configure an IPv6 address on an interface (including VLAN, tunnel and loopback interfaces) and to enable IPv6 processing on this interface. Multiple globally reachable addresses can be assigned to an interface by using this command. There is no need to assign a link-local address by using this command since one is automatically created. IPv6 addresses can be expressed in eight blocks.
User Guidelines This command has no user guidelines. Example The following example configures an IPv6 address and enables IPv6 processing. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 address 2020:1::1/64 ipv6 enable Use the ipv6 enable command in VLAN Interface Configuration mode to enable IPv6 routing on an interface (including tunnel and loopback interfaces) that has not been configured with an explicit IPv6 address.
console(config-if-vlan15)#ipv6 enable ipv6 hop-limit Use the ipv6 hop-limit command to configure the hop limit used in IPv6 PDUs originated by the router. Use the no form of the command to return the hop limit to the default setting. Syntax ipv6 hop-limit count no ipv6 hop-limit • count—The number of hops before the PDU expires (Range 1-255). Default Configuration The default count is “not configured.
Default Configuration No IPv6 hosts are defined. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example console(config)#ipv6 host Dell 2001::DB8:0 ipv6 icmp error-interval Use the icmp error-interval command to limit the rate at which ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst interval.
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 icmp error-interval 2000 20 ipv6 mld last-member-query-count The ipv6 mld last-member-query-count command sets the number of listener-specific queries sent before the router assumes that there are no local members on the interface. Use the “no” form of this command to set the last member query count to the default.
ipv6 mld last-member-query-interval The ipv6 mld last-member-query-interval command sets the last member query interval for the MLD interface, which is the value of the maximum response time parameter in the group-specific queries sent out of this interface. Use the “no” form of this command to set the last member query interval to the default.
Syntax ipv6 mld host-proxy [interface vlan-id] no ipv6 mld host-proxy [interface vlan-id] Default Configuration MLD Proxy is disabled by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld host-proxy ipv6 mld host-proxy reset-status Use the ipv6 mld host-proxy reset-status command to reset the host interface status parameters of the MLD Proxy router.
Example console(config-if-vlan3)#ipv6 mld host-proxy reset-status ipv6 mld host-proxy unsolicit-rprt-interval Use the ipv6 mld host-proxy unsolicit-rprt-interval command to set the unsolicited report interval for the MLD Proxy router. This command is only valid when MLD Proxy is enabled on the interface. Use the “no” form of this command to reset the MLD Proxy router's unsolicited report interval to the default value.
Syntax ipv6 mld query-interval query-interval no ipv6 mld query-interval • query-interval — Query interval (Range: 1–3600). Default Configuration The default query interval is 125 seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld query-interval 130 ipv6 mld query-max-response-time The ipv6 mld query-max-response-time command sets MLD query maximum response time for the interface.
Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld query-max-response-time 4500 ipv6 nd dad attempts Use the ipv6 nd dad attempts command in Interface Configuration mode to set the number of duplicate address detection probes transmitted while doing neighbor discovery. Duplicate address detection verifies that an IPv6 address on an interface is unique.
ipv6 nd ra hop-limit unspecified Use the ipv6 nd ra hop-limit unspecified command to configure the hop limit sent in router alert messages. Use the no form of the command to send the default hop limit of 64. Syntax ipv6 nd ra hop-limit unspecified no ipv6 nd ra hop-limit unspecified Default Configuration The default TTL is 64.
Syntax ipv6 nd managed-config-flag no ipv6 nd managed-config-flag Default Configuration False is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example In the following example, the end node uses DHCPv6.
User Guidelines This command has no user guidelines. Example The following example sets the interval between router advertisements for advertised neighbor solicitations at 5000 ms. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd ns-interval 5000 ipv6 nd nud max-multicast-solicits Configures the maximum number of multicast neighbor solicitations sent during neighbor resolution or during NUD (neighbor unreachability detection).
Example console (config)#ipv6 nd nud max-multicast-solicits 5 ipv6 nd nud max-unicast-solicits Configures the maximum number of unicast neighbor solicitations sent during neighbor resolution or during NUD (neighbor unreachability detection). Use the no form of the command to reset the value to the default.
ipv6 nd nud retry This command configures the exponential backoff multiple to be used in the calculation of the next timeout value for Neighbor Solicitation transmission during NUD (neighbor unreachability detection) following the exponential backoff algorithm. Use the no form of the command to return the backoff multiple to the default. Syntax ipv6 nd nud retry backoff-multiple no ipv6 nd nud retry • backoff-multiple—The value ranges from 1 to 5.
exponential backoff timing for retransmissions, there is a higher probability that the cache entry is removed resulting in the disruption of the existing traffic. Another significant benefit of delayed neighbor solicitation retransmission is higher robustness against transient failures, such as spanning tree reconvergence and other layer 2 issues that can take many seconds to resolve.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets to true the “other stateful configuration” flag in router advertisements console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd other-config-flag ipv6 nd prefix Use the ipv6 nd prefix command to configure parameters associated with prefixes that the router advertises in its router advertisements.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The router advertises its global IPv6 prefixes in its router advertisements (RAs). An RA only includes the prefixes of the IPv6 addresses configured on the interface where the RA is transmitted. Addresses are configured using the ipv6 address interface configuration command.
Command Mode Interface Configuration (Ethernet, port-channel) User Guidelines RA Guard drops all incoming IPv6 router advertisement and router redirect messages. RA Guard may be configured on L2 or L3 interfaces. Command History Introduced in version 6.2.0.1 firmware. Example The following example configures an unnamed RA Guard policy to drop all RA advertisements and router redirect messages on IPv6 routing enabled interface Gi1/0/1 (VLAN 10).
Default Configuration 600 is the default value for seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The minimum interval cannot be larger than 75% of the maximum interval. Example The following example sets the transmission interval between router advertisements at 1000 seconds.
User Guidelines This command has no user guidelines. Example The following example sets at 1000 seconds the value that is placed in the Router Lifetime field of the router advertisements. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd ra-lifetime 1000 ipv6 nd reachable-time Use the ipv6 nd reachable-time command in Interface Configuration mode to set the router advertisement time to consider a neighbor reachable after neighbor discovery confirmation.
console(config-if-vlan15)#ipv6 nd reachable-time 5000 ipv6 nd suppress-ra Use the ipv6 nd suppress-ra command in Interface Configuration mode to suppress router advertisement transmission on an interface. Syntax ipv6 nd suppress-ra no ipv6 nd suppress-ra Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
Default Configuration IPv6 ICMP redirects are enabled by default. Command Mode Interface VLAN Configuration mode User Guidelines In general, an IPv6 ICMP redirect is sent if: • The packet is not addressed to the router. • The packet will be forwarded over the interface on which it was received. • The router determines that a better first-hop resides on the same VLAN as the source of the packet.
ipv6 route ipv6-prefix/prefix-length {ipv6-address | interface-type ipv6address} [preference] no ipv6 route ipv6-prefix/prefix-length ipv6-address preference no ipv6 route ipv6-prefix/prefix-length interface-type ipv6-address no ipv6 route ipv6-prefix/prefix-length interface • distance—The default administrative distance for static routes. (Range 1255) • ipv6-prefix—An IPv6 prefix representing the subnet that can be reached via the next-hop neighbor.
console(config)#ipv6 route 2020:1::1/64 2030:1::2 ipv6 route distance Use the ipv6 route distance command in Global Configuration mode to set the default distance (preference) for static routes. Lower route preference values are preferred when determining the best route. The ipv6 route and ipv6 route default commands allow optional setting of the distance of an individual static route. The default distance is used when no distance is specified in these commands.
ipv6 unicast-routing Use the ipv6 unicast-routing command in Global Configuration mode to enable forwarding of IPv6 unicast datagrams. Syntax ipv6 unicast-routing no ipv6 unicast-routing Default Configuration Disabled is the default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables Ipv6 unicast datagram forwarding.
Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan10)#ipv6 unreachables show ipv6 brief Use the show ipv6 brief command to display the IPv6 status of forwarding mode and IPv6 unicast routing mode. Syntax show ipv6 brief Default Configuration This command has no default configuration.
show ipv6 interface Use the show ipv6 interface command to show the usability status of IPv6 interfaces. The output of the command includes the method of assignment for each IPv6 address that is either autoconfigured or leased from a DHCP server. Global addresses with no annotation are assumed to be manually configured.
The long form of the command includes the same annotations and shows whether address autoconfiguration or DHCP client are enabled on the interface. When the interface acts as a host interface, the output also shows the default gateway on the interface, if one exists. Examples The following example shows the method of assignment for each IPv6 address that is either autoconfigured or leased from a DHCP server. console#show ipv6 interface Oper.
Address DHCP Mode.............................. Router Advertisement NS Interval............... Router Advertisement Lifetime.................. Router Advertisement Reachable Time............ Router Advertisement Interval.................. Router Advertisement Managed Config Flag....... Router Advertisement Other Config Flag......... Router Advertisement Router Preference......... Router Advertisement Suppress Flag............. IPv6 Destination Unreachables.................. IPv6 Default Router.............
Number of (S, G) entries Displays the number of include and exclude mode sources present in the MLD Table. Group Address The address of the multicast group. Interface Interface through which the multicast group is reachable. Uptime Time elapsed in seconds since the multicast group has been known. Expiry Time Time left in seconds before the entry is removed from the MLD membership table.
Expiry Time Time left in seconds before the entry is removed. Example console#show ipv6 mld groups ff1e::5 Interface..................................... vlan 6 Group Address................................ FF1E::5 Last Reporter................... FE80::200:FF:FE00:22 Up Time (hh:mm:ss).......................... 00:03:43 Expiry Time (hh:mm:ss)......................... ----Filter Mode..........................................Include Version1 Host Timer............................ ----Group compat mode.....
Syntax show ipv6 mld interface { vlan vlan-id | all} • vlan-id — A valid VLAN id. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following information is displayed for the specified interface: Field Description Interface The interface number in unit/slot/port format. MLD Global Admin Mode This field displays the configured global administrative status of MLD.
Last Member Query Interval This value indicates the configured Maximum Response Time inserted into Group-Specific Queries sent in response to Leave Group messages. Last Member Query Count This value indicates the configured number of Group-Specific Queries sent before the router assumes that there are no local members.
Startup Query Count......................... 2 Last Member Query Interval (milli-secs)..... 1111 Last Member Query Count..................... 2 show ipv6 mld host-proxy Use the show ipv6 mld host-proxy command to display a summary of the host interface status parameters. Syntax show ipv6 mld host-proxy Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes Default Configuration There is no default configuration for this command.
Querier IP Address The IP address of the Querier, if any, in the network attached to on Proxy Interface the upstream interface (MLD-Proxy interface). Older Version 1 Querier Timeout The interval used to timeout the older version 1 queriers. Proxy Start Frequency The number of times the MLD-Proxy has been stopped and started. Example console#show ipv6 mld host-proxy Interface Index.............................. vlan 10 Admin Mode................................... Enabled Operational Mode................
Group Address The IP address of the multicast group. Last Reporter The IP address of the host that last sent a membership report for the current group on the network attached to the MLD-Proxy interface (upstream interface). Up Time (in secs) The time elapsed in seconds since last created. Member State Possible values are: • Idle_Member — The interface has responded to the latest group membership query for this group.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following parameters are displayed by this command: Field Description Interface The interface number of the MLD-Proxy. Group Address The IP address of the multicast group. Last Reporter The IP address of the host that last sent a membership report for the current group on the network attached to the MLD Proxy interface (upstream interface).
2001::1 2001::2 FF1E::2 00:02:40 -------FE80::100:2.3 Group Source List -----------------3001::1 3002::2 243 FF1E::3 FF1E::4 Include 1 Exclude Include 0 4 Expiry Time --------------00:03:32 00:03:32 FE80::100:2.3 FE80::100:2.
Parameter Description Ver The MLD version. Query Rcvd Number of MLD queries received. Report Rcvd Number of MLD reports received. Report Sent Number of MLD reports sent. Leaves Rcvd Number of MLD leaves received. Valid for version 2 only. Leaves Sent Number of MLD leaves sent on the Proxy interface. Valid for version 2 only. Example console#show ipv6 mld host-proxy interface Interface................................
Field Description Valid MLD Packets Received The number of valid MLD packets received by the router. Valid MLD Packets Sent The number of valid MLD packets sent by the router. Queries Received The number of valid MLD queries received by the router. Queries Sent The number of valid MLD queries sent by the router. Reports Received The number of valid MLD reports received by the router. Reports Sent The number of valid MLD reports sent by the router.
Syntax show ipv6 nd raguard policy Default Configuration By default, no RA guard policies are applied to any interface. Command Mode Privileged Exec, Global Configuration User Guidelines This command has no user guidelines. Command History Introduced in version 6.2.0.1 firmware. Example The following example configures an unnamed RA Guard policy to drop all RA advertisements and router redirect messages on interface Gi1/0/1 (VLAN 10). The configured interfaces are shown.
show ipv6 neighbors Use the show ipv6 neighbors command to display information about the IPv6 neighbors. Syntax show ipv6 neighbors Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information about the IPv6 neighbors.
Command Mode Privileged Exec mode, Global Configuration mode, all Configuration submodes. User Guidelines There are no user guidelines for this command. Example console#show ipv6 protocols Routing Protocol .............................. BGP Router ID ................................. Local AS Number ............................... BGP Admin Mode ................................ Maximum Paths ................................. Always compare MED ............................ Maximum AS Path Length ..........
Number of Active Areas ........................ None show ipv6 route Use the show ipv6 route command in User Exec or Privileged Exec mode to display the IPv6 routing table. The output of the command also displays the IPv6 address of the default gateway and the default route associated with the gateway.
Example The following example displays the IPv6 address of the default gateway and the default route associated with the gateway. console(config)#show ipv6 route IPv6 Routing Table - 0 entries Route Codes: C - connected, S - static O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF Ext 2 ON1 - OSPF NSSA Ext Type 1, ON2 - OSPF NSSA Ext Type 2 Default gateway is 10.1.20.1 S C C 0.0.0.0/0 [254/0] via 10.1.20.1 10.1.20.0/24 [0/1] directly connected, 20.1.20.
Static......................................... OSPF Intra-area routes......................... OSPF Inter-area routes......................... OSPF External routes........................... BGP External................................... BGP Internal................................... BGP Local......................................
External..................................... Internal..................................... Local........................................ OSPF Routes.................................... Intra Area Routes............................ Inter Area Routes............................ External Type-1 Routes....................... External Type-2 Routes....................... Reject Routes.................................. Total routes...................................
Gi1/0/2 431 6599 show ipv6 traffic Use the show ipv6 traffic command in User Exec mode to show traffic and statistics for IPv6 and ICMPv6. Syntax show ipv6 traffic [vlan vlan-id | tunnel tunnel-id | loopback loopback-id] • vlan-id — Valid VLAN ID, shows information about traffic on a specific interface or, without the optional parameter, shows information about traffic on all interfaces. • tunnel-id — Tunnel identifier. (Range: 0-7) • loopback-id — Loopback identifier.
Received Datagrams Discarded Due To Truncated Data. Received Datagrams Discarded Other................. Received Datagrams Reassembly Required............. Datagrams Successfully Reassembled................. Datagrams Failed To Reassemble..................... Datagrams Forwarded................................ Datagrams Locally Transmitted...................... Datagrams Transmit Failed.......................... Datagrams Successfully Fragmented.................. Datagrams Failed To Fragment................
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays IPv6 VLAN routing interface addresses.
• interval—The time (in seconds) between successive echo requests. Default 3. • init-ttl—The initial TTL sent in the ICMP echo request packets (Range 1255. Default 1). • max-ttl—The maximum ttl sent in the ICMP echo request packet (Range 1-255, default 30). Must be equal to or larger than init-ttl. • port—The destination UDP port of the probe. (Range 1-65535). • size—The packet size padding in bytes. (Range 0-39936, default 0).
Loopback Interface Commands Dell EMC Networking N1500/N2000/N3000/N3100/N4000 Series Switches Dell EMC Networking provides for the creation, deletion, and management of loopback interfaces. They are dynamic interfaces that are created and deleted by user configuration. A loopback interface is always expected to be up. As such, it provides a means to configure a stable IP address on the device which may be referred to by other switches in the network. This interface never transmits data but may receive data.
User Guidelines This command has no user guidelines. Example The following example enters the Interface Loopback 1 configuration mode. console(config)#interface loopback 1 console(config-if-loopback0)#ip address 192.168.22.1 255.255.255.255 console(config-if-loopback0)#exit console(config)#ex console#ping 192.168.22.1 Pinging 192.168.22.1 with 0 bytes of data: Reply Reply Reply Reply From From From From 192.168.22.1: 192.168.22.1: 192.168.22.1: 192.168.22.
Examples The following examples display information about configured loopback interfaces. console# show interfaces loopback Loopback Id Interface IP Address ----------- --------- ---------1 loopback 1 0.0.0.0 Received Packets ---------------0 Sent Packets -----------0 console# show interfaces loopback 1 Interface Link Status.......................... Up IP Address..................................... 0.0.0.0 0.0.0.0 MTU size.......................................
IP Multicast Commands Dell EMC Networking N3000/N3100/N4000 Series Switches The Dell Network N1500/N2000/N2100-ON series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The Dell EMC Networking Multicast component is best suited for video and audio traffic requiring multicast packet control for optimal operation.
mandatory. Discovering the local domain-name server is the intended use of multicast messages on remote networks when there is less than one server per network. • Applications used for datacasting: Since multimedia transmission has become increasingly popular, multicast transmission use has increased. Multicast transmission may be used to efficiently accommodate this type of communication. For instance, the audio and video signals are captured, compressed and transmitted to a group of receiving stations.
Syntax clear ip mroute { * | group-address [ source-address ] } • * —Deletes all IPv4 entries from the IP multicast routing table. • group-address— IP address of the multicast group. • source-address—IP address of a multicast source that is sending multicast traffic to the group. Default configuration There is no default configuration for this command.
ip multicast boundary Use the ip multicast boundary command in Interface Configuration mode to add an administrative scope multicast boundary specified by groupipaddr and mask for which this multicast administrative boundary is applicable. groupipaddr is a group IP address and mask is a group IP mask. Syntax ip multicast boundary groupipaddr mask no ip multicast boundary groupipaddr • groupipaddr — IP address of multicast group. Valid range is 239.0.0.0 to 239.255.255.255.
no ip mroute source-address mask • source-address — The IP address of the multicast data source. • mask — The IP subnet mask of the multicast data source. • rpf-address — The IP address of the next hop towards the source. • preference — The cost of the route (Range: 1 - 255). Default Configuration There is no default configuration for this command.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Use of a multicast routing protocol is recommended (e.g., PIM) when IP multicast is enabled. IGMP/MLD snooping may be enabled when IP multicast is enabled. If a multicast source is connected to a VLAN on which both L3 multicast and IGMP/MLD snooping are enabled, the multicast source is forwarded to the mrouter ports that have been discovered when the multicast source is first seen.
ip multicast ttl-threshold Use the ip multicast ttl-threshold command in Interface VLAN Configuration mode to apply a ttlvalue to a routing interface. ttlvalue is the TTL threshold which is applied to the multicast Data packets forwarded through the interface. Syntax ip multicast ttl-threshold ttlvalue no ip multicast ttl-threshold • ttlvalue — Specifies TTL threshold. (Range: 0-255) Default Configuration This command has no default configuration.
no ip pim Default Configuration PIM is not enabled on interfaces by default. Command Mode Interface (VLAN) Configuration mode User Guidelines PIM requires that routing and multicast routing be enabled. Enabling PIM enables IGMP/MLD. Disabling PIM may operationally disable multicast routing. Example console(config)#ip routing console(config)#ip multicast console(config)#interface vlan 10 console(if-vlan-10)#ip pim Command History User Guidelines updated in release 6.3.5.
Command Mode Interface (VLAN) Configuration mode User Guidelines This command only has an effect if sparse mode is enabled. Example console(if-vlan-10)#ip pim bsr-border ip pim bsr-candidate The ip pim bsr-candidate command is used to configure the router to advertise itself as a bootstrap router (BSR). Use the no form of this command to return to the default configuration. This command replaces the ip pimsm bsr-candidate, ip pimsm cbsrhaskmasklength and ip pimsm cbsrpreference commands.
User Guidelines All multicast groups with the same hash value correspond to the same RP. Lower priority values are preferred. Example console(config)#ip pim bsr-candidate vlan 10 16 0 interval 30 ip pim dense-mode Use the ip pim dense-mode command in Global Configuration mode to administratively configure PIM dense mode for IP multicast routing. Use the no form of this command to disable PIM. Syntax ip pim dense-mode no ip pim Default Configuration PIM is not enabled by default.
ip pim dr-priority The ip pim dr-priority command in Interface (VLAN) Configuration mode to administratively configure the advertised designated router (DR) priority value. Use the no form of this command to return the configuration to the default. Syntax ip pim dr-priority priority no ip pim dr-priority • priority — The administratively configured priority (Range: 0– 2147483647). Default Configuration The default election priority is 1.
• interval — The number of seconds between successive hello transmissions. Range: 0–18000 seconds. Default is 30. Default Configuration The default hello interval is 30 seconds. Command Mode Interface (VLAN) Configuration mode User Guidelines There are no user guidelines for this command.
User Guidelines This command only has an effect if sparse mode is enabled. Example console(if-vlan10)#ip pim join-prune-interval 30 ip pim rp-address Use the ip pim rp-address command in Global Configuration mode to define the address of a PIM Rendezvous point (RP) for a specific multicast group range. Use the no form of this command to remove a configured RP. This command replaces the ip pimsm rp-address command.
Command History Updated guidelines in version 6.5 firmware. Example console(config)#ip pim rp-address 192.168.21.1 239.1.0.0 255.255.0.0 override ip pim rp-candidate Use the ip pim rp-candidate command in Global Configuration mode to configure the router to advertise itself to the bootstrap router (BSR) router as a PIM candidate rendezvous point (RP) for a specific multicast group range. Use the no form of this command to return to the default configuration.
Example console(config)#ip pim rp-candidate vlan 10 239.1.0.0 255.255.0.0 interval 30 ip pim sparse-mode Use the ip pim sparse-mode command in Global Configuration mode to administratively configure PIM sparse mode for IP multicast routing. Use the no form of this command to disable PIM. Syntax ip pim sparse-mode no ip pim Default Configuration PIM not enabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router.
ip pim ssm Use the ip pim ssm command in Global Configuration mode to administratively configure PIM source specific multicast range of addresses for IP multicast routing. Use the no form of this command to remove configured ranges of addresses from the router. Syntax ip pim ssm {default | group-address group-mask} no ip pim ssm {default | group-address group-mask} • default—Defines the SSM range access list to 232/8. • group-address—An IP multicast group address. • group-mask—An IPv4 mask in a.b.c.
Default Configuration This command does not have a default configuration. Command Mode Privileged Exec mode, Global Config mode, all sub-modes. User Guidelines This command display both the IPv4 and IPv6 MFC entries. The following information is displayed. Field Description MFC IPv4 Mode Enabled when IPv4 Multicast routing is operational. MFC IPv6 Mode Enabled when IPv6 Multicast routing is operational. MFC Entry Count The number of entries present in MFC.
show ip multicast Use the show ip multicast command to display the system-wide multicast information. Syntax show ip multicast Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays system-wide multicast information. console#show ip multicast Admin Mode........................... Protocol State......
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays all the configured administrative scoped multicast boundaries.
User Guidelines This command has no user guidelines. Example The following example displays the multicast information for VLAN 15. console#show ip mcast interface vlan 15 Interface TTL --------- ----Vl15 1 show ip mroute Use the show ip mroute command to display a summary or details of the multicast table. Syntax show ip mroute Default Configuration This command has no default configuration.
show ip mroute group Use the show ip mroute group command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the groupipaddr value. Syntax show ip mroute group groupipaddr [summary] • groupipaddr — IP address of the multicast group. Default Configuration This command has no default configuration.
Syntax show ip mroute source sourceipaddr {summary} • sourceipaddr — IP address of source. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Use the summary option to summarize the information displayed. Example The following example displays multicast configuration settings. console#show ip mroute source 10.1.1.1 summary console#show ip mroute source 10.1.1.1 239.5.5.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the static routes configured in the static mcast table. console#show ip mroute static MULTICAST STATIC ROUTES Source IP Source Mask RPF Address Preference --------------- --------------- --------------- ---------1.1.1.1 255.255.255.0 2.2.2.
PIM Mode The routers that are enabled for PIM. Example console#show ip pim PIM Mode............................. None If no routers are enabled for PIM, the following message is displayed. None of the routing interfaces are enabled for PIM. show ip pim bsr-router The show ip pim bsr-router command displays information about a bootstrap router (BSR). Syntax show ip pim bsr-router {candidate|elected} • candidate – Shows the candidate routers capable of acting as the bootstrap router.
Next Bootstrap Message Time remaining (in hours, minutes, and seconds) until a in BSR message is sent. Next Candidate RP Advertisement Time remaining (in hours, minutes, and seconds) until the next RP advertisement is sent. Example console#show ip pim bsr-router BSR Address............................. 192.168.10.1 BSR Priority............................ 0 BSR Hash Mask Length.................... 30 C-BSR Advertisement Interval (secs)........60 Next Bootstrap message(hh:mm:ss)..........
Field Description Neighbor Count Number of PIM Neighbors learned on this interface Designated-Router IP address of the elected DR on the interface Default Configuration There is no default configuration for this command. Command Mode User Exec and Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
show ip pim neighbor Use the show ip pim neighbor command in User Exec or Privileged Exec modes to display PIM neighbors discovered by PIMv2 Hello messages. If the interface number is not specified, this command displays the neighbors discovered on all the PIM-enabled interfaces. Syntax show ip pim neighbor [vlan vlan-id] • vlan-id — A valid VLAN ID for which multicast routing has been enabled. Default Configuration This command has no default configuration.
--------------- --------192.168.10.2 VLAN0001 192.168.20.2 VLAN0010 ----------- ----------00:02:55 00:01:15 00:03:50 00:02:10 If no neighbors are learned on any of the interfaces, the following message is displayed. No neighbors are learned on any interface. show ip pim rp-hash The show ip pim rp-hash command displays the rendezvous point (RP) selected for the specified group address. Syntax show ip pim rp-hash group-address • group-address — A valid multicast address supported by RP.
show ip pim rp mapping The show ip pim rp mapping command is used in User Exec and Privileged Exec modes to display the mappings for the PIM group to the active rendezvous points. Syntax show ip pim rp mapping [rp-address |candidate|static] rp-address — An RP address. Default configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed.
No RP-Group mappings exist on this router. If no static RP Group mapping exists on the router, the following message is displayed: No Static RP-Group mappings exist on this router. show ip pim statistics Use the show ip pim statistics command to display the count of PIM sparse mode received control packets per VLAN. Syntax show ip pim statistics [vlan vlan-id] vlan-id — The VLAN for which PIM sparse mode statistics are displayed. Default configuration There is no default configuration for this command.
Field Description Assert Number of PIM Assert messages CRP Number of PIM Candidate RP Advertisement messages.
IPv6 Multicast Commands Dell EMC Networking N3000/N3100/N4000 Series Switches The Dell Network N1500/N2000/N2100-ON series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command does not clear static multicast route entries. When a * entry is deleted through this command, it cannot be formed again until it is expired in MLD and started again via the host. The default mcache time-out is 210 seconds.
no ipv6 pim Default Configuration PIM is disabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Either PIM-SM or PIM-DM are enabled by this command depending on the globally configured mode. Refer to the ipv6 pim sparse-mode and ipv6 pim dense-mode commands for further information. Example console(config-if-vlan3)#ipv6 pim ipv6 pim bsr-border Use the ipv6 pim bsr-border command to prevent bootstrap router (BSR) messages from being sent or received through an interface.
Example console(config-if-vlan3)#ipv6 pim bsr-border ipv6 pim bsr-candidate Use the ipv6 pim bsr-candidate command to configure the router to announce its candidacy as a bootstrap router (BSR). Use the no form of this command to stop the router from announcing its candidacy as a bootstrap router. Syntax ipv6 pim bsr-candidate vlan vlan-id hash-mask-len [priority][interval] no ipv6 pim bsr-candidate vlan vlan-id • vlan-id — A valid VLAN ID value.
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim bsr-candidate vlan 9 10 34 ipv6 pim dense-mode Use the ipv6 pim dense-mode command in Global configuration mode to administratively configure PIM dense mode for IPv6 multicast routing. This command also enables MLD. Use the no form of this command to disable PIM and MLD. This command does not affect ip multicast-routing.
Syntax ipv6 pim dr-priority priority no ipv6 pim dr-priority • priority — The election priority (Range: 0–2147483647). Default Configuration The default election priority is 1. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 pim dr-priority 10 ipv6 pim hello-interval Use the ipv6 pim hello-interval command to configure the PIM-SM Hello Interval for the specified interface.
User Guidelines Setting the hello interval to 0 disables sending on PIM Hellos. Example console(config-if-vlan3)#ipv6 pim hello-interval 45 ipv6 pim join-prune-interval Use the ipv6 pim join-prune-interval command to configure the interface join/prune interval for the PIM-SM router. Use the no form of this command to set the join/prune interval to the default. Syntax ipv6 pim join-prune-interval interval no ipv6 pim join-prune-interval • interval — The join/prune interval (Range: 0–18000 seconds).
Syntax ipv6 pim register-threshold threshold no ipv6 pim register-threshold • threshold — The threshold rate (Range: 0–2000 Kbps). Default Configuration The default threshold rate is 0. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim register-threshold 250 ipv6 pim rp-address Use the ipv6 pim rp-address command to statically configure the RP address for one or more multicast groups.
Default Configuration There are no static RP addresses configured by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim rp-address 2001::1 ff1e::/64 ipv6 pim rp-candidate Use the ipv6 pim rp-candidate command to configure the router to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR).
Command Mode Global Configuration mode User Guidelines The default interval for a Candidate Rendezvous Point (C-RP) to send C-RP Advertisement messages to the Bootstrap Router (BSR) is 60 seconds. Example console(config)#ipv6 pim rp-candidate vlan 6 ff1e::/64 ipv6 pim sparse-mode Use the ipv6 pim sparse-mode command to administratively configure PIM sparse mode for multicast routing. This command also enables MLD. Use the no form of this command to disable PIM and MLD.
ipv6 pim ssm Use the ipv6 pim ssm command to define the Source Specific Multicast (SSM) range of multicast addresses. Syntax ipv6 pim ssm {default | group-address/prefixlength} • default — Defines the SSM range access list to FF3x::/32. • group-address — Group IP address supported by RP. • prefixlength — This parameter specifies the prefix length of the IP address for the media gateway. (Range: 1–128) Default Configuration The default range is FF3x::/32.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console(config)#show ipv6 pim PIM Mode....................................... Sparse Interface --------Vl1 Interface-Mode -------------Enabled Operational-Status -----------------Operational show ipv6 pim bsr-router Use the show ipv6 pim bsr-router command to display the bootstrap router (BSR) information.
Field Description BSR Address Address of the BSR BSR Priority Configured BSR priority BSR Hash Mask Length Configured hash mask length Next Bootstrap Message Remaining time until a BSR message is sent Next Candidate RP Time remaining until the next RP advertisement is sent. Advertisement Example console(config)#show ipv6 pim bsr-router candidate BSR Address.................................... 2001:0db8:0:badc::1 BSR Priority................................. 0 BSR Hash Mask Length.................
show ipv6 mroute Use the show ipv6 mroute command to display a summary or all the details of the multicast table. Syntax show ipv6 mroute [group groupip [summary] | source sourceip [summary] | static summary] • group—Show the multicast route information for the specified multicast group. • source—Show the multicast route information for the specified multicast source. • static—Show the multicast route information for the specified static multicast group. • summary—Summarize the information.
Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- ------* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 console#show ipv6 mroute source 2001::5 ? | summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- ------* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 show ipv6 mroute group Use the show ipv6 mroute group command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the groupipaddr value.
* 2001::5 FF43::5 FF43::5 00:00 02:54 00:01:00 00:00:35 :: 2001::5 RPT SPT console#show ipv6 mroute group FF43::5 summary Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- -----* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 show ipv6 mroute source Use the show ipv6 mroute source command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF
| summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
Example console#show ipv6 pim interface vlan 6 Slot/Port...................................... IP Address..................................... Hello Interval (secs).......................... Join Prune Interval (secs)..................... Neighbor Count................................. Designated Router.............................. DR Priority.................................... BSR Border.....................................
show ipv6 pim rp-hash Use the show ipv6 pim rp-hash command to display which rendezvous point (RP) is being selected for a specified group. Syntax show ipv6 pim rp-hash group-address group-address — Group IP address supported by RP. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
• static—Show static rendezvous point mappings. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ipv6 pim rp mapping Group Address.................................. RP Address..................................... origin......................................... Group Address................................
User Guidelines This command only displays output if pim sparse-mode is enabled. The following counters are displayed in the output. Field Description Stat Rx: Packets received. Tx: Packets transmitted. Interface The PIM enabled routing interface. Hello Number of PIM Hello messages. Register Number of PIM Register messages. Reg-Stop Number of PIM Register-Stop messages. Join/Pru Number of PIM Join/Prune messages. BSR Number of PIM Boot Strap messages. Assert Number of PIM Assert messages.
===================================================================== Vl10 Rx 0 0 0 0 0 0 0 Tx 2 0 0 0 0 0 0 Invalid Packets Received - 0 --------------------------------------------------------------------- Layer 3 Routing Commands 1648
OSPF Commands Dell EMC Networking N3000/N3100/N4000 Series Switches The Dell Network N1500/N2000/N2100-ON series support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. OSPF is a link-state protocol. Dell EMC Networking OSPF supports variablelength subnet masks. Dell EMC Networking OSPF only operates over VLAN interfaces. OSPF operates within a hierarchy.
Route Preferences Normally, OSPF select routes in the following order: • Local • Static • Intra-area • Inter-area • External • RIP Dell EMC Networking OSPF allows the administrator to change the preference for selecting intra, inter, and external routes according to the following rules: a External route preferences apply to all ospf external routes like type1, type2, nssa-type1, nssa-type2 equally. b Multiple route types may be configured with equal preference values.
• Learned Dynamically: Routing protocols can learn ECMP routes. For example, if OSPF is configured on both links connecting Router A to Router B with interface addresses 10.1.1.2 and 10.1.2.2 respectively, and Router B advertises its connection to 20.0.0.0/ 8, then Router A computes an OSPF route to 20.0.0.0/8 with next hops of 10.1.1.2 and 10.1.2.2. Dell EMC Networking routing stores static and dynamic routes in a single combined routing table.
Graceful Restart The Dell EMC Networking implementation of OSPFv2 supports graceful restart as specified in RFC 3623. Graceful restart works in concert with Dell EMC Networking nonstop forwarding to enable the hardware to continue forwarding IPv4 packets using OSPFv2 routes while a backup unit takes over management unit responsibility. When OSPF executes a graceful restart, it informs its neighbors that the OSPF control plane is restarting, but that it will be back shortly.
area nssa translator- distance ospf stab-intv maximum-paths show ip ospf interface stats area range (Router OSPF) distribute-list out network area show ip ospf lsa-group area stub enable nsf show ip ospf neighbor area stub nosummary exit-overflowinterval nsf helper show ip ospf range area virtual-link external-lsdb-limit nsf helper strict-lsa- show ip ospf statistics checking area virtual-link authentication ip ospf area nsf restart-interval show ip ospf stub table area virtual-link de
• area-id — Identifies the OSPF stub area to configure. (Range: IP address or decimal from 0-4294967295) • integer — The default cost for the stub area. (Range: 1–16777215) Default Configuration 10 is the default configuration for integer. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example identifies a stub area of 10 and default cost of 100.
• metric-value—Specifies the metric of the default route advertised to the NSSA. (Range: 1–16777214) • metric-type-value—The metric type can be one of the following: • • – A metric type of nssa-external 1 – A metric type of nssa-external 2 (default) role—The translator role where role is one of the following: – always - The router assumes the role of the translator when it becomes a border router.
area nssa default-info-originate (Router OSPF Config) Use the area nssa default-info-originate command in Router OSPF Configuration mode to configure the metric value and type for the default route advertised into the NSSA. The metric type can be comparable (nssaexternal 1) or noncomparable (nssa-external 2). Use the no form of the command to return the metric value and type to the default value.
area nssa no-redistribute Use the area nssa no-redistribute command in Router OSPF Configuration mode to configure the NSSA Area Border router (ABR) so that learned external routes are not redistributed to the NSSA. Syntax area area-id nssa no-redistribute no area area-id nssa no-redistribute • area-id — Identifies the OSPF NSSA to configure. (Range: IP address or decimal from 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode.
Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the NSSA so that summary LSAs are not advertised into the NSSA. console(config-router)#area 20 nssa no-summary area nssa translator-role Use the area nssa translator-role command in Router OSPF Configuration mode to configure the translator role of the NSSA.
User Guidelines This command has no user guidelines. Example The following example configures the translator role of the NSSA. console(config-router)#area 20 nssa translator-role always area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPF Configuration mode to configure the translator stability interval of the NSSA. Syntax area area-id nssa translator-stab-intv integer no area area-id nssa translator-stab-intv • area-id — Identifies the OSPF NSSA to configure.
area range (Router OSPF) Use the area range command in Router OSPF Configuration mode to configure a summary prefix that an area border router advertises for a specific area. There are two types of area ranges. An area range can be configured to summarize intra-area routes. An ABR advertises the range rather than the specific intra-area route as a type 3 summary LSA. Also, an area range can be configured at the edge of an NSSA to summarize external routes reachable within the NSSA.
type 3 summary LSA is not advertised, but contained networks are suppressed. This behavior is equivalent to specifying the not-advertise option. If the range is configured for type 7 to type 5 translation, a type 5 LSA is sent if the metric is set to 16,777,215; however, other routers will not compute a route from a type 5 LSA with this metric. Default Configuration No area ranges are configured by default. No cost is configured by default.
If the user tries to configure both types of ranges for the same prefix and area: A T3 range with the same prefix is already configured on this area. If the network mask is invalid: console (config-router)#area 1 range 0.0.0.0 0.0.0.0 summarylink An area range mask must have contiguous ones and be no longer than 31 bits. If the prefix is not a valid area range prefix: console (config-router)#area 1 range 0.0.0.0 255.0.0.0 summarylink Cannot create this area range because it represents a default route.
External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area. Use the no form of the command to remove the stub area. Syntax area area-id stub no area area-id stub • area-id — Identifies the area identifier of the OSPF stub. (Range: IP address or decimal from 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode.
no area area-id stub no-summary • area-id — Identifies the OSPF area to configure. (Range: IP address or decimal from 0–4294967295) Default Configuration Disabled is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command creates a totally stubby area when used in conjunction with the area stub command. Example The following example prevents the Summary LSA from being advertised into the area 3 NSSA. Area 3 will be configured as a totally stubby area.
no area area-id virtual-link router-id [authentication [message-digest | null]] [hello-interval] [retransmit-interval] [transmit-delay] [dead-interval] [[authentication-key] | [message-digest-key]] • area-id—Identifies the OSPF stub area to configure. (Range: IP address or decimal from 0-4294967295) • router-id—Valid IP address. • authentication—Specifies authentication type. • message-digest —Specifies that message-digest authentication is used. • null—No authentication is used.
Parameter Default hello-interval seconds 10 seconds retransmit-interval seconds 5 seconds transmit-delay seconds 1 second dead-interval seconds 40 seconds authentication-key key No key is predefined. message-digest-key key-id md5 key No key is predefined. Command Mode Router OSPF Configuration mode. User Guidelines Unauthenticated interfaces cannot be configured with an authentication key. Use the area virtual-link authentication command to enable configuration of an authentication key.
area virtual-link authentication Use the area virtual-link authentication command in Router OSPF Configuration mode to configure the authentication type and key for the OSPF virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the authentication type to the default value.
console(config-router)#area 10 virtual-link 192.168.2.7 authentication console(config-router)#area 10 virtual-link 192.168.2.7 authentication encrypt test123 1001010 area virtual-link dead-interval Use the area virtual-link dead-interval command in Router OSPF Configuration mode to configure the dead interval for the OSPF virtual interface on the virtual interface identified by area-id and neighbor router. Use the no form of the command to return the dead interval to the default value.
area virtual-link hello-interval Use the area virtual-link hello-interval command in Router OSPF Configuration mode to configure the hello interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the hello interval to the default value. Syntax area area-id virtual-link neighbor-id hello-interval seconds no area area-id virtual-link neighbor-id hello-interval • area-id — Identifies the OSPF area to configure.
area virtual-link retransmit-interval Use the area virtual-link retransmit-interval command in Router OSPF Configuration mode to configure the retransmit interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the retransmit interval to the default value.
area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPF Configuration mode to configure the transmit delay for the OSPF virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the transmit delay to the default value. Syntax area area-id virtual-link neighbor-id transmit-delay seconds no area area-id virtual-link neighbor-id transmit-delay • area-id — Identifies the OSPF area to configure.
bandwidth is defined by the “bandwidth” command. Because the default reference bandwidth is 100 Mbps, OSPF uses the same default link cost for all interfaces whose bandwidth is 100 Mbps or greater. To change the reference bandwidth, use the auto-cost command, specifying the reference bandwidth in megabits per second. The different reference bandwidth can be independently configured for OSPFv2 and OSPFv3.
Syntax bandwidth bw • bw — Interface bandwidth in Kbps (Range: 1–10000000). Default Configuration The default reference bandwidth is 10 Mbps Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example The following example configures the interface bandwidth to 500000 Kbps. console(config-if-vlan1)#bandwidth 500000 bfd Use the bfd command to enable processing of BFD events by OSPF on all interfaces enabled for BFD.
User Guidelines BFD processing notifies OSPF of layer 3 connectivity issues with the peer. The interface must be a VLAN interface enabled for routing. BFD event notification must also be enabled in VLAN interface mode in order for processing of BFD events to occur. Command History Introduced in version 6.3.0.1 firmware. Example The following example console#configure console(config)#ip routing console(config)#interface vlan 3 console(config-if-vlan3)#ip address 192.168.0.
User Guidelines There are no user guidelines for this command. Example console(config-router)#capability opaque clear ip ospf Use the clear ip ospf command to reset specific OSPF states. If no parameters are specified, OSPF is disabled and then re-enabled. Syntax clear ip ospf [{configuration | redistribution | counters | neighbor [interface vlan vlan id [neighbor id]]}] [vrf vrf-name] • configuration — Reset the OSPF configuration to factory defaults.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Example The following example shows the options for the clear ip ospf command. console#clear ip ospf ? Press enter to execute the command.
compatible rfc1583 Use the compatible rfc1583 command in Router OSPF Configuration mode to enable OSPF 1583 compatibility. Use the no form of the command to disable it. Syntax compatible rfc1583 no compatible rfc1583 Syntax Description This command has no arguments or keywords. Default Configuration Compatible with RFC 1583. Command Mode Router OSPF Configuration mode.
Syntax default-information originate [always] [metric metric-value] [metric-type type-value] no default-information originate [metric] [metric-type] • always—Always advertise default routes. • metric-value—The metric (or preference) value of the default route. (Range: 1–16777214) • type-value—One of the following: 1 External type-1 route. 2 External type-2 route. Default Configuration The default configuration is no default-information originate. The default metric is none and the default type is 2.
default-metric Use the default-metric command in Router OSPF Configuration mode to set a default for the metric of distributed routes. Use the no form of the command to remove the metric from the distributed routes. If the area has not been previously created, it is created by this command. If the area already exists, the default-metric information is added or modified. Syntax default-metric metric-value no default-metric • metric-value — The metric (or preference) value of the default route.
Syntax distance ospf {[intra-area dist1] [inter-area dist2] [external dist3]} no distance ospf {intra-area | inter-area | external} • intra-area dist1—Used to select the best path within an area when there are two or more routes to the same destination from two different routing protocols (Range: 1–255). • inter-area dist2—Used to select the best path from one area to another area when there are two or more routes to the same destination from two different routing protocols (Range: 1–255).
Syntax distribute-list name out {bgp | rip | static \ connected} no distribute-list name out {bgp | rip | static \ connected} • name—The name used to identify an existing ACL. The range is 1–31 characters. • bgp—Apply the specified access list when BGP is the source protocol. • rip—Apply the specified access list when RIP is the source protocol. • static—Apply the specified access list when packets come through the static route.
Syntax enable no enable Default Configuration Enabled is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines The no form of the enable command removes the OSPF router configuration from the running config. It does not, however, reset the OSPF configuration. For example, following no enable with the enable command restores the OSPF configuration to the running config. OSPF must be disabled in order to assign or change the router ID.
Default Configuration 0 seconds is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets the exit overflow interval for OSPF at 10 seconds. console(config-router)#exit-overflow-interval 10 external-lsdb-limit Use the external-lsdb-limit command in Router OSPF Configuration mode to configure the external LSDB limit for OSPF. If the value is -1, then there is no limit.
User Guidelines The external LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any regular OSPF area. Example The following example configures the external LSDB limit for OSPF with the number of non-default AS-external-LSAs set at 20. console(config-router)#external-lsdb-limit 20 ip ospf area The ip ospf area command enables OSPFv2 and sets the area ID of an interface. This command supersedes the effects of network area command.
ip ospf authentication Use the ip ospf authentication command in the Interface Configuration mode to set the OSPF Authentication Type and Key for the specified interface. Use the no form of the command to return the authentication type to the default value. Syntax ip ospf authentication {none | {simple key} | {encrypt key key-id}} no ip ospf authentication • encrypt — MD5 encrypted authentication key. • key — Authentication key for the specified interface.
ip ospf cost Use the ip ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface. Use the no form of the command to return the cost to the default value. Syntax ip ospf cost interface-cost no ip ospf cost • interface-cost — Specifies the cost (link-state metric) of the OSPF interface. (Range: 1–65535) Default Configuration 10 is the default link-state metric configuration. Command Mode Interface Configuration (VLAN) mode.
Default Configuration By default, LSAs are flooded on all interfaces in a routed VLAN. Command Mode Interface Configuration mode User Guidelines This command is only applicable to OSPFv2 routing configurations. ip ospf dead-interval Use the ip ospf dead-interval command in Interface Configuration to set the OSPF dead interval for the specified interface. Use the no form of the command to return the interval to the default value.
console(config-if-vlan1)#ip ospf dead-interval 30 ip ospf hello-interval Use the ip ospf hello-interval command in Interface Configuration mode to set the OSPF hello interval for the specified interface. Use the no form of the command to return the interval to the default value. Syntax ip ospf hello-interval seconds no ip ospf hello-interval • seconds — Number of seconds to wait before sending Hello packets from the interface. (Range: 1–65535) Default Configuration 10 is the default number of seconds.
Database Description packet is rejected and the OSPF adjacency is not established. Use the no form of the command to enable OSPF maximum transmission unit (MTU) mismatch detection. Syntax ip ospf mtu-ignore no ip ospf mtu-ignore Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example disables OSPF MTU mismatch detection on VLAN interface 15.
Default Configuration Interfaces operate in broadcast mode by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines OSPF treats interfaces as broadcast interfaces by default. Loopback interfaces have a special loopback network type, which cannot be changed. When there are only two routers on the network, OSPF can operate more efficiently by treating the network as a point-to-point network.
Command Mode Interface Configuration (VLAN) mode. User Guidelines A value of 1 is the highest router priority. A value of 0 indicates that the interface is not eligible to become the designated router on this network. Example The following example sets the OSPF priority for the VLAN 15 router at 100.
Example The following example sets the OSPF retransmit Interval for VLAN 15 at 50 seconds. console(config-if-vlan1)#ip ospf retransmit-interval 50 ip ospf transmit-delay Use the ip ospf transmit-delay command in Interface Configuration mode to set the OSPF Transit Delay for the specified interface. Use the no form of the command to return the delay to the default value.
Use the no form of the command to disable state change logging. Syntax log-adjacency-changes [detail] no log-adjacency-changes [detail] • detail—(Optional) When this keyword is specified, all adjacency state changes are logged. Otherwise, OSPF only logs transitions to FULL state and when a backwards transition occurs. Default Configuration Adjacency changes are not logged by default. Command Mode OSPFv2 Router Configuration mode User Guidelines State changes are logged with INFORMATIONAL severity.
• metric—(Optional) Metric to send in summary LSAs when in stub router mode. Range is 1 to 16,777,215. Default is 16,711,680 (0xFF0000). Default Configuration By default, OSPF is not in stub router mode. Command Mode OSPFv2 Global Configuration mode User Guidelines When OSPF is in stub router mode, as defined by RFC 3137, OSPF sets the metric in the non-stub links in its router LSA to LsInfinity. Other routers therefore compute very long paths through the stub router, and prefer any alternate path.
may issue the command no max-metric router-lsa on-startup. The command no max-metric router-lsa summary-lsa causes OSPF to send summary LSAs with metrics computed using normal procedures defined in RFC 2328. maximum-paths Use the maximum-paths command in Router OSPF Configuration mode to set the number of paths that OSPF can report for a given destination. Use the no form of the command to reset the number to the default value.
Example The following example sets the number of paths at 2 that OSPF can report for a given destination. console(config-router)#maximum-paths 2 network area The network area command enables OSPFv2 on an interface and sets its area ID if the ip-address of an interface is covered by this network command. Use the “no” form of this command to disable OSPFv2 on an interface.
OSPF only advertises IP subnets for secondary IP addresses if the secondary address is within the range of a network area command for the same area as the primary address on the same interface. When a network area command is deleted, matching interfaces are reevaluated against all remaining network area commands. Ones in the wildcard mask indicate “don't care” bits in the network address. Example console(config-router)#network 10.50.50.0 0.0.0.
executes a graceful restart, it informs its neighbors that the OSPF control plane is restarting, but that it will be back shortly. Helpful neighbors continue to advertise to the rest of the network that they have full adjacencies with the restarting router, avoiding announcement of a topology change and everything that goes with that (i.e., flooding of LSAs, SPF runs). Helpful neighbors continue to forward packets through the restarting router.
nsf helper strict-lsa-checking Use the nsf-helper strict-lsa-checking command to require that an OSPF helpful neighbor exit helper mode whenever a topology change occurs. Use the “no” form of this command to allow OSPF to continue as a helpful neighbor in spite of topology changes. Syntax nsf [ietf] helper strict-lsa-checking no nsf [ietf] helper strict-lsa-checking • ietf —This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations.
Syntax nsf [ietf] restart-interval seconds no nsf [ietf] restart-interval • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. • seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode. The restarting router includes the restart interval in its grace LSAs (range 1–1800 seconds).
Default Configuration Global passive mode is disabled by default. Command Mode Router OSPF Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface passive-interface Use the passive-interface command to set the interface as passive. It overrides the global passive mode that is currently effective on the interface. Use the “no” form of this command to set the interface as non-passive.
redistribute (OSPF) Use the redistribute command in Router OSPF Configuration mode to configure OSPF protocol to allow redistribution of routes from the specified source protocol/routers. Use the no version of the command to disable redistribution from the selected source or to reset options to their default values.
User Guidelines When redistributing a route metric, the receiving protocol must understand the metric. The OSPF metric is a cost value equal to 108/ link bandwidth in bits/sec. For example, the OSPF cost of GigabitEthernet is 108/108 = 1. The RIP metric is a hop count with a maximum value of 15 (infinity). If no metric value is specified, the metric redistributed for a type 1 route is the sum of the external cost and the internal cost used to reach that route.
User Guidelines The router-id must be set in order for OSPF to become operationally enabled. It is recommended that the router ID be set to the IP address of a loopback interface to ensure that the router remains up internally. Example The following example defines the router ID as 5.5.5.5. console(config)#router ospf console(config-router)#router-id 5.5.5.5 router ospf Use the router ospf command in Global Configuration mode to enter Router OSPF mode and globally enable OSPF.
The no form of the command removes all OSPF configuration (including interface configuration) for the specified VRF Example The following example enters into router OSPF mode. console(config)#router ospf console(config-router)# show ip ospf Use the show ip ospf command to display information relevant to the OSPF router. This command has been modified to show additional fields. Syntax show ip ospf [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates.
Some of the information below displays only if you enable OSPF and configure certain features. The following fields may be displayed: Field Description Router ID A 32-bit integer in dotted decimal format identifying the router about which information is displayed. This is a configured value. OSPF Admin Mode Shows whether OSPF is administratively enabled or disabled.
Default Passive Setting When enabled, OSPF interfaces are passive by default. Maximum Paths Shows the maximum number of paths that OSPF can report for a given destination. Default Metric Default metric for redistributed routes. Stub Router Configuration One of Always, Startup, or None. Stub Router Startup Time Configured value in seconds. This row is only listed if OSPF is configured to be a stub router at startup.
Stub Router Time The remaining time until OSPF exits stub router mode. This Remaining row is only listed if OSPF is in startup stub router mode. External LSDB Overflow OSPF enters this state when the number of external LSAs exceeds a configured limit, as described in RFC 1765. External LSA Count Shows the number of external (LS type 5) link-state advertisements in the link-state database.
NSF Restart Interval The number of seconds a helpful neighbor allows a restarting router to complete its graceful restart. NSF Restart Status Whether the router is currently performing a graceful restart. NSF Restart Age The number of seconds until a graceful restart expires. Only non-zero when the router is in graceful restart. NSF Restart Exit Reason The reason the previous graceful restart ended. Possible values are Not attempted, In progress, Completed, Timed out, Topology change, and Manual clear.
Maximum Paths............................ Default Metric........................... Default Metric........................... Stub Router Configuration................ Summary LSA Metric Override.............. 4 Not configured Not configured None Disabled BFD Enabled.............................. NO Default Route Advertise.................. Always................................... Metric................................... Metric Type..............................
Exit Overflow Interval......................... 0 Spf Delay Time................................. 5 Spf Hold Time.................................. 10 Flood Pacing Interval.......................... 33 ms LSA Refresh Group Pacing Time.................. 60 sec Opaque Capability.............................. Enable AutoCost Ref BW................................ 100 Mbps Default Passive Setting........................ Disabled Maximum Paths.................................. 4 Default Metric...................
Syntax show ip ospf abr [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
• vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
Translator Role................................ Candidate Translator Stability Interval.................. 2000 Translator State............................... Disabled Example #3 The following example shows the length of the area’s flood queue for LSAs waiting to be flooded within the area. console #show ip ospf area 1 AreaID......................................... External Routing............................... Spf Runs....................................... Area Border Router Count......................
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N3100/N4000 series switches. Example console#show ip ospf asbr Type Router Id Cost Area ID ----INTRA INTRA ---------1.1.1.1 4.4.4.4 ---1 10 -------0.0.0.1 0.0.0.1 Next Hop Next Hop Intf ----------- ----------10.1.12.1 vlan10 10.1.24.
• summary — Display the LSA database summary information. • ls-id — Specifies the link state ID (LSID). (Range: IP address or an integer in the range of 0–4294967295) • adv-router — Display the LSAs that are restricted by the advertising router. To specify a router, enter the IP address of the router. • self-originate — Display the LSAs in that are self-originated. • opaque-area— Display the area opaque LSAs. • opaque-as— Display AS opaque LSAs. • opaque-link— Display link opaque LSAs.
Network Link States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----2.2.2.2 20.20.20.20 1165 80000005 f86d -E--O- Network Summary States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----5.2.0.0 0.0.0.0 1360 80000007 242e ------ Summary ASBR States (Area 0.0.0.
show ip ospf database database-summary Use the show ip ospf database database-summary command to display the number of each type of LSA in the database for each area and for the router. The command also displays the total number of LSAs in the database. This command has been modified. Syntax show ip ospf database database-summary [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown.
Summary ASBR Shows Number of summary ASBR LSAs in the database. Type-7 Ext Shows Total number of Type-7 external LSAs in the database. SelfOriginated Type-7 Shows Total number of self originated AS external LSAs in the OSPFv3 link state database. Opaque Link Shows Number of opaque link LSAs in the database. Opaque Area Shows Number of opaque area LSAs in the database. Subtotal Shows Number of entries for the identified area. Opaque AS Shows Number of opaque AS LSAs in the database.
Type-7 Ext..................................... Opaque Link.................................... Opaque Area.................................... Type-5 Ext..................................... Self-Originated Type-5 Ext..................... Opaque AS...................................... Total.......................................... 0 0 0 0 0 0 0 show ip ospf interface Use the show ip ospf interface command to display the information for the VLAN or loopback interface.
Subnet Mask.................................... Secondary IP Address(es)....................... OSPF Admin Mode................................ OSPF Area ID................................... OSPF Network Type.............................. Router Priority................................ Retransmit Interval............................ Hello Interval................................. Dead Interval.................................. LSA Ack Interval............................... Iftransit Delay Interval........
show ip ospf interface brief Use the show ip ospf interface brief command to display brief information for the IFO object or virtual interface tables. Syntax show ip ospf interface brief [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration.
show ip ospf interface stats Use the show ip ospf interface stats command to display the statistics for a specific interface. The information is only displayed if OSPF is enabled. Syntax show ip ospf interface stats vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Syntax show ip ospf lsa-group [vrf vrf-name] • vrf-name—The name of the VRF instance from which to display the selforiginated LSA groups. Default Configuration There are no self-originated LSA groups by default. Command Mode Privileged Exec mode, Global Configuration mode, and all sub-modes User Guidelines The following fields are displayed: Field Description Total selforiginated LSAs The number of LSAs the router is currently originating.
Pacing group limit: 400 Number of self-originated LSAs within each LSA group... Group Start Age 0 60 120 180 240 300 360 420 480 540 600 660 720 780 840 900 960 1020 1080 1140 1200 1260 Group End Age 59 119 179 239 299 359 419 479 539 599 659 719 779 839 899 959 1019 1079 1139 1199 1259 1319 Count 96 88 102 95 95 92 48 58 103 99 119 110 106 122 110 99 135 101 94 115 110 111 show ip ospf neighbor Use the show ip ospf neighbor command to display locally derived information about OSPF neighbors.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N3100/N4000 series switches. The following information is output. Field Description Interface The name of the interface on which the adjacency is formed.
Field Description Retransmission Queue Length The number of LSAs sent to the neighbor's retransmit queue waiting for the neighbor to acknowledge. Restart Helper Status One of two values: • Helping — This router is acting as a helpful neighbor to this neighbor. A helpful neighbor does not report an adjacency change during graceful restart, but continues to advertise the restarting router as a FULL adjacency.
Field Description Restart Helper Exit Reason One of the following values: • Restart Reason — When the router is in helpful neighbor mode, the output includes the restart reason the restarting router sent in its grace LSA. The Restart Reason is the value in the Graceful Restart Reason TLV in the grace LSA sent by the restarting router.
console#show ip ospf neighbor 3.3.3.3 Interface...................................... 0/25 Neighbor IP Address............................ 172.20.25.3 Interface Index................................ 25 Area Id........................................ 0.0.0.0 Options........................................ 0x2 Router Priority................................ 1 Dead timer due in (secs)....................... 10 Up Time........................................ 4 days 3 hrs 33 mins 36 secs State...................
The VRF parameter is only available on the N3000/N3100/N4000 series switches. The following information is displayed. Field Description Prefix The summary prefix. Subnet Mask The subnetwork mask of the summary prefix. Type S (Summary Link) or E (External Link) Action Advertise or Suppress Cost Metric to be advertised when the range is active. If a static cost is not configured, the field displays Auto. If the action is Suppress, the field displays N/A.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N3100/N4000 series switches. This command outputs the following.
Example console# show ip ospf statistics Area 0.0.0.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N3100/N4000 series switches. Example The following example displays the OSPF stub table. console(config)#show ip ospf stub table AreaId TypeofService Metric Val Import SummaryLSA ------------- ------------0.0.0.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N3100/N4000 series switches. The clear ip ospf counters command does not clear the message queue high water marks. The following is output. Parameter Description OSPFv2 Packet Statistics The number of packets of each type sent and received since OSPF counters were last cleared.
LSAs Retransmitted................0 LS Update Max Receive Rate........20 pps LS Update Max Send Rate...........10 pps Number of LSAs Received T1 (Router).......................10 T2 (Network)......................0 T3 (Net Summary)..................300 T4 (ASBR Summary).................15 T5 (External).....................20 T7 (NSSA External)................0 T9 (Link Opaque)..................0 T10 (Area Opaque).................0 T11 (AS Opaque)...................0 Total.............................
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N3100/N4000 series switches. OSPF must be enabled for this command to display the virtual interfaces. Example The following example displays the OSPF Virtual Interface information for area 10 and its neighbor.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines OSPF must be enabled for this command to display the virtual interface information. Example The following example displays the OSPF Virtual Interface information in the system. console#show ipv6 ospf virtual-link brief Hello Dead Retransmit Area ID Neighbor Interval Interval Interval ------- --------------- -------- ---------0.0.0.2 5.5.5.
User Guidelines OSPF distributes routing information in Link State Advertisements (LSAs), which are bundled into Link State Update (LS Update) packets. To reduce the likelihood of sending a neighbor more packets than it can buffer, OSPF rate limits the transmission of LS Update packets. By default, OSPF sends up to 30 updates per second on each interface (1/the pacing interval). Use this command to adjust the LS Update transmission rate.
Command History Command introduced in version 6.5 firmware. Example console(config-router6)#timers pacing lsa-group 90 timers spf Use the timers spf command to configure the SPF delay and hold time. Use the no form of the command to reset the numbers to the default value. Syntax timers spf delay-time hold-time no timers spf • delay-time — SPF delay time. (Range: 0–65535 seconds) • hold-time — SPF hold time. (Range: 0–65535 seconds) Default Configuration The default value for delay-time is 5.
OSPFv3 Commands Dell EMC Networking N3000/N3100/N4000 Series Switches The Dell Network N1500/N2000/N2100-ON series support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities.
area virtual-link dead-interval ipv6 ospf hellointerval redistribute (OSPFv3) show ipv6 ospf stub table area virtual-link hello-interval ipv6 ospf mtuignore router-id show ipv6 ospf virtuallinks area virtual-link ipv6 ospf network retransmit-interval show ipv6 ospf show ipv6 ospf virtuallink brief – show ipv6 ospf abr timers throttle spf area default-cost (Router OSPFv3) Use the area default-cost command in Router OSPFv3 Configuration mode to configure the monetary default cost for the stub ar
Example The following example configures the monetary default cost at 100 for stub area 1. console(config)#ipv6 router ospf console(config-rtr)#area 1 default-cost 100 area nssa (Router OSPFv3) Use the area nssa command in Router OSPF Configuration mode to configure the specified area ID to function as an NSSA. If the area has not been previously created, this command creates the area and then applies the NSSA distinction. If the area already exists, the NSSA distinction is added or modified.
• interval—The period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router. (Range: 0–3600) Default Configuration If no metric is defined, 10 is the default configuration. The default role is candidate. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures not-so-stubby-area 10 as an NSSA.
Syntax area areaid nssa default-info-originate [metric [comparable | noncomparable]] no area areaid nssa default-info-originate • areaid — Valid OSPFv3 area identifier. • metric — Metric value for default route. (Range: 1-16777214) • comparable — Metric Type (nssa-external 1). • non-comparable — Metric Type (nssa-external 2). Default Configuration If no metric is defined, 10 is the default configuration. Command Mode Router OSPFv3 Configuration mode.
• areaid — Valid OSPF area identifier. Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA ABR so that learned external routes will not be redistributed to the NSSA.
User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA so that summary LSAs are not advertised into the NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa no-summary area nssa translator-role Use the area nssa translator-role command in Router OSPFv3 Configuration mode to configure the translator role of the NSSA. Use the no form of the command to remove the configuration.
Example The following example configures the always translator role of the area 1 NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa translator-role always area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPFv3 Configuration mode to configure the translator stability interval of the NSSA.
area range (Router OSPFv3) Use the area range command in Router OSPF Configuration mode to configure a summary prefix for routes learned in a given area. If the area has not been previously created, this command creates the area and then applies the range parameters. There are two types of area ranges. An area range can be configured to summarize intra-area routes. An ABR advertises the range rather than the specific intra-area route as a type 3 summary LSA.
Example The following example creates an area range for the area 1 NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 range 2020:1::1/64 summarylink area stub Use the area stub command in Router OSPFv3 Configuration mode to create a stub area for the specified area ID. If the area has not been previously created, this command creates the area and then applies the stub distinction. A stub area is characterized by the fact that AS External LSAs are not propagated into the area.
area stub no-summary Use the area stub no-summary command in Router OSPFv3 Configuration mode disable the import of Summary LSAs for the stub area identified by area-id. Syntax area area-id stub no-summary no area area-id stub no-summary • area-id — Valid OSPFv3 area identifier. • so-summary — Disable the import of Summary LSAs for the stub area identified by area-id. Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode.
Syntax area area-id virtual-link router-id [hello-interval seconds] [retransmitinterval seconds] [transmit-delay seconds] [dead-interval seconds] no area area-id virtual-link router-id id [hello-interval] [retransmit-interval] [transmit-delay] [dead-interval] • area-id—Valid OSPFv3 area identifier (or decimal value in the range of 04294967295). • router-id—Identifies the Router ID or valid IP address of the neighbor.
Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example creates the OSPF virtual interface for area 1 and its neighbor router.
Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures a 20-second dead interval for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
Example The following example configures a hello interval of 20 seconds for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPFv3 Configuration mode to configure the transmit delay for the OSPF virtual interface on the virtual interface identified by areaid and neighbor. Syntax area areaid virtual-link neighbor transmit-delay seconds no area areaid virtual-link neighbor transmit-delay • areaid — Valid OSPFv3 area identifier. • neighbor — Router ID of neighbor. • seconds — Transmit delay interval.
Syntax default-information originate [always] [metric metric-value] [metric-type type-value] no default-information originate [metric] [metric-type] • always—Always advertise default routes. • metric-value— • type-value—The metric (or preference) value of the default route. (Range: 1–16777214) • One of the following: 1 External type-1 route. 2 External type-2 route. Default Configuration The default metric is none and the default type is 2. Command Mode Router OSPFv3 Configuration mode.
Syntax default-metric metric-value no default-metric • metric-value — The metric (or preference) value of the default route. (Range: 1–16777214) Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets a default of 100 for the metric of distributed routes.
Default Configuration The default preference value is 110. Command Mode Router OSPF Configuration mode. Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example sets a route preference value of 100 for intra OSPF in the router. console(config)#ipv6 router ospf console(config-rtr)#distance ospf intra 100 enable Use the enable command in Router OSPFv3 Configuration mode to enable administrative mode of OSPF in the router (active).
Example The following example enables administrative mode of OSPF in the router (active). console(config)#ipv6 router ospf console(config-rtr)#enable exit-overflow-interval Use the exit-overflow-interval command in Router OSPFv3 Configuration mode to configure the exit overflow interval for OSPF. It describes the number of seconds after entering Overflow state that a router will wait before attempting to leave the Overflow State. This allows the router to originate non-default AS-external-LSAs again.
external-lsdb-limit Use the external-lsdb-limit command in Router OSPFv3 Configuration mode to configure the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state. The router never holds more than the external LSDB limit non-default AS-external- LSAs in it database.
Syntax ipv6 ospf no ipv6 ospf Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example enables OSPF on VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf ipv6 ospf area Use the ipv6 ospf area areaid command in Interface Configuration mode to set the OSPF area to which the specified router interface belongs.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example defines the OSPF area to which VLAN 15 belongs. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf area 100 ipv6 ospf cost Use the ipv6 ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface. Use the no form of the command to return the cost to the default value.
console(config-if-vlan15)#ipv6 ospf cost 100 ipv6 ospf dead-interval Use the ipv6 ospf dead-interval command in Interface Configuration mode to set the OSPF dead interval for the specified interface. Syntax ipv6 ospf dead-interval seconds no ipv6 ospf dead-interval • seconds — A valid positive integer, which represents the length of time in seconds that a router's Hello packets have not been seen before its neighbor routers declare that the router is down.
Syntax ipv6 ospf hello-interval seconds no ipv6 ospf hello-interval • seconds — A valid positive integer which represents the length of time of the OSPF hello interval. The value must be the same for all routers attached to a network. (Range: 1-65535 seconds) Default Configuration 10 seconds is the default value of seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface. When a router receives a Database Description packet, it examines the MTU advertised by the neighbor. By default, if the MTU is larger than the router can accept, the Database Description packet is rejected and the OSPF adjacency is not established.
User Guidelines Normally, the network type is determined from the physical IP network type. By default all Ethernet networks are OSPF-type broadcast. Similarly, tunnel interfaces default to point-to-point. When an Ethernet port is used as a single large bandwidth IP network between two routers, the network type can be point-to-point since there are only two routers. Using point-to-point as the network type eliminates the overhead of the OSPF designated router election.
User Guidelines This command has no user guidelines. Example The following example sets the OSPF priority at 50 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf priority 50 ipv6 ospf retransmit-interval Use the ipv6 ospf retransmit-interval command in Interface Configuration mode to set the OSPF retransmit interval for the specified interface.
ipv6 ospf transmit-delay Use the ipv6 ospf transmit-delay command in Interface Configuration mode to set the OSPF Transmit Delay for the specified interface. Syntax ipv6 ospf transmit-delay seconds no ipv6 ospf transmit-delay • seconds — OSPF transmit delay for the specified interface. In addition, it sets the estimated number of seconds it takes to transmit a link state update packet over this interface. (Range: 1 to 3600 seconds) Default Configuration No default value.
no ipv6 router ospf Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example Use the following command to enable OSPFv3. console(config)#ipv6 router ospf maximum-paths Use the maximum-paths command in Router OSPFv3 Configuration mode to set the number of paths that OSPF can report for a given destination.
Example The following example sets the number of paths that OSPF can report for a destination to 1. console(config)#ipv6 router ospf console(config-rtr)#maximum-paths 1 nsf Use this command to enable OSPF graceful restart. Use the no form of this command to disable graceful restart. Syntax nsf [ietf] [planned-only] no nsf [ietf] • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations.
everything that goes with that (i.e., flooding of LSAs, SPF runs). Helpful neighbors continue to forward packets through the restarting router. The restarting router relearns the network topology from its helpful neighbors. This implementation of graceful restart restarting router behavior is only useful with a router stack. Graceful restart does not work on a standalone, single-unit router. nsf helper Use the nsf-helper to allow OSPF to act as a helpful neighbor for a restarting router.
nsf helper strict-lsa-checking Use the nsf-helper strict-lsa-checking command to require that an OSPF helpful neighbor exit helper mode whenever a topology change occurs. Use the “no” form of this command to allow OSPF to continue as a helpful neighbor in spite of topology changes. Syntax nsf [ietf] helper strict-lsa-checking no nsf [ietf] helper strict-lsa-checking • ietf —This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations.
Syntax nsf [ietf] restart-interval seconds no nsf [ietf] restart-interval • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. • seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode. The restarting router includes the restart interval in its grace LSAs (range 1–1800 seconds).
Default Configuration Passive interface mode is disabled by default. Command Mode Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface vlan 1 passive-interface default The passive-interface default command enables the global passive mode by default for all interfaces. It overrides any interface level passive mode. Use the “no” form of this command to disable the global passive mode by default for all interfaces.
redistribute (OSPFv3) Use the redistribute command in Router OSPFv3 Configuration mode to configure the OSPFv3 protocol to allow redistribution of routes from the specified sources. Syntax redistribute protocol [metric metric-value] [tag tag-value] [route-map routetag] no redistribute protocol • protocol —One of the following: – static—Specifies that static routes are to be redistributed. – connected—Specifies that connected routes are to be redistributed.
Example The following example configures the OSPFv3 protocol to allow redistribution of routes to connected devices. console(config)#ipv6 router ospf console(config-rtr)#redistribute connected router-id Use the router-id command in Router OSPFv3 Configuration mode to set a 4-digit dotted-decimal number uniquely identifying the Router OSPF ID. Syntax router-id router-id • router-id — Router OSPF identifier. (Range: 0-4294967295) Default Configuration This command has no default configuration.
Syntax show ipv6 ospf [area-id] area-id — Identifier for the OSPF area being displayed. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Some of the information below displays only if you enable OSPF and configure certain features.
Default Route Advertise When enabled, OSPF originates a type 5 LSA advertising a default route. Always When this option is configured, OSPF only originates a default route when the router has learned a default route from another source. Metric Shows the metric for the advertised default routes. If the metric is not configured, this field is not configured. Metric Type Shows whether the metric for the default route is advertised as External Type 1 or External Type 2.
LSAs Received Shows the number of link-state advertisements received determined to be new instantiations. LSA Count The number of LSAs in the link state database. Maximum Number The limit on the number of LSAs that the router can store in its of LSAs link state database. LSA High Water Mark The maximum number of LSAs that have been in the link state database since OSPF began operation. Retransmit List Entries The current number of entries on all neighbors’ retransmit lists.
Source Shows source protocol/routes that are being redistributed. Possible values are static, connected, or BGP. Tag Shows the decimal value attached to each external route. Subnets When this option is not configured, OSPF will only redistribute classful prefixes. Distribute-List Shows the access list used to filter redistributed routes. Example The following example enables OSPF traps. console#show ipv6 ospf Router ID...................................... OSPF Admin Mode............................
Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ipv6 ospf abr Type Router Id Cost Area ID ---INTRA INTRA Next Hop Next Hop Intf -------- ---- -------- ----------------------- ----3.3.3.3 10 0.0.0.1 FE80::211:88FF:FE2A:3CB3 vlan11 4.4.4.4 10 0.0.0.1 FE80::210:18FF:FE82:8E1 vlan12 show ipv6 ospf area Use the show ipv6 ospf area command to display information about the area.
AreaID........................................ External Routing.............................. Spf Runs...................................... Area Border Router Count...................... Area LSA Count................................ Area LSA Checksum............................. Stub Mode..................................... Import Summary LSAs........................... 0.0.0.
Syntax show ipv6 ospf border-routers Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes show ipv6 ospf database Use the show ipv6 ospf database command to display information about the link state database when OSPFv3 is enabled.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If no parameters are entered, the command displays the LSA headers. Optional parameters specify the type of link state advertisements to display. The information below is only displayed if OSPF is enabled. Example The following example displays information about the link state database when OSPFv3 is enabled.
Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 1 8000003C 9F31 2.2.2.2 0 2 8000004D 9126 Router Link States (Area 0.0.0.1) Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 1 8000002E 35AD V6E--R- --V-B 2.2.2.2 0 0 8000004A D2F3 V6E--R- ----B Network Link States (Area 0.0.0.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the number of each type of LSA in the database and the total number of LSAs in the database. console#show ipv6 ospf database database-summary OSPF Router with ID (0.0.0.2) Router database summary Router......................................... 0 Network........................................ 0 Inter-area Prefix..
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the information in VLAN 11’s virtual interface tables. console#show ipv6 ospf interface vlan 11 IP Address..................................... ifIndex........................................ OSPF Admin Mode................................ OSPF Area ID................................... Router Priority............
User Guidelines This command has no user guidelines. Example The following example displays brief ospf interface information. console#show ipv6 ospf interface brief Admin Interface Mode Area ID --------- -------- -------- Hello Dead Retrax LSA Router Int. Int. Int. Retrax Ack Prior. Cost Val. Val. Val. Delay Intval ------ ----- ----- ----- ------ ------ ----- show ipv6 ospf interface stats Use the show ipv6 ospf interface stats command to display the statistics for a specific interface.
Area Border Router Count....................... 1 AS Border Router Count......................... 0 Area LSA Count................................. 6 IPv6 Address................................... FE80::202:BCFF:FE00:3146/1283FFE::2/64 OSPF Interface Events.......................... 53 Virtual Events................................. 13 Neighbor Events................................ 6 External LSA Count............................. 0 LSAs Received.................................. 660 Originate New LSAs...
User Guidelines This command has no user guidelines. Example The following example displays OSPF interface VLAN information. console#show ipv6 ospf interface vlan 10 IPv6 Address............................. ifIndex.................................. OSPF Admin Mode.......................... OSPF Area ID............................. Router Priority.......................... Retransmit Interval...................... Hello Interval........................... Dead Interval............................
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following examples display information about OSPF neighbors, in the first case in a summary table, and in the second in a table specific to tunnel 1.
• areaid — Identifies the OSPF area whose ranges are being displayed. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information about the area ranges for area 1.
Example The following example displays the OSPF stub table. console#show ipv6 ospf stub table AreaId TypeofService Metric Val ------------ ---------------------0.0.0.10 Normal 1 Import SummaryLSA ----------------Enable show ipv6 ospf virtual-links Use the show ipv6 ospf virtual-links command to display the OSPF Virtual Interface information for a specific area and neighbor or for all areas in the system.
Iftransit Delay Interval....................... Retransmit Interval............................ State.......................................... Metric......................................... Neighbor State................................. 1 5 point-to-point 10 Full show ipv6 ospf virtual-link brief Use the show ipv6 ospf virtual-link brief command to display the OSPFV3 Virtual Interface information for all areas in the system.
Syntax timers throttle spf spf-start spf-hold spf-maximum no timers throttle spf • spf-start—Configures the delay used when no SPF calculation has been scheduled during the current wait interval. (Range: 1–60000 milliseconds) • spf-hold—Configures the initial wait interval. (Range: 1–60000 milliseconds) • spf-maximum—Configures the maximum wait interval. (Range: 1–60000 milliseconds) Default Configuration The default value for spf-start is 2000 milliseconds.
Example console(config-router6)#timers throttle spf 3000 6000 18000 Layer 3 Routing Commands 1796
Router Discovery Protocol Commands Dell EMC Networking N3000/N3100/N4000 Series Switches Routers can be configured to periodically send router discovery messages to announce their presence to locally attached hosts. The router discovery message advertises one or more IP addresses on the router that hosts can use as their default gateway.
• multicast—Configure the address that the interface uses to send the router discovery advertisements to be 224.0.0.1, the all-hosts IP multicast address. Use the no form of the command to use 255.255.255.255, the limited broadcast address. • holdtime seconds—Integer value in seconds of the holdtime field of the router advertisement sent from this interface. (Range: 4-9000 seconds) • maxadvertinterval seconds—Maximum time in seconds allowed between sending router advertisements from the interface.
Example The following example enables router discovery on the selected interface. console(config)#interface vlan 15 console(config-if-vlan15)#ip irdp ip irdp holdtime Use the ip irdp holdtime command in Interface Configuration mode to configure the value, in seconds, of the holdtime field of the router advertisement sent from this interface. Use the no form of the command to set the time to the default value.
ip irdp maxadvertinterval Use the ip irdp maxadvertinterval command in Interface Configuration mode to configure the maximum time, in seconds, allowed between sending router advertisements from the interface. Use the no form of the command to set the time to the default value. Syntax ip irdp maxadvertinterval integer no ip irdp maxadvertinterval • integer — Maximum time in seconds allowed between sending router advertisements from the interface.
console(config-if-vlan15)#ip irdp maxadvertinterval 600 ip irdp minadvertinterval Use the ip irdp minadvertinterval command in Interface Configuration mode to configure the minimum time, in seconds, allowed between sending router advertisements from the interface. Use the no form of the command to set the time to the default value. Syntax ip irdp minadvertinterval integer no ip irdp minadvertinterval • integer — Minimum time in seconds allowed between sending router advertisements from the interface.
ip irdp multicast To send router advertisements as IP multicast packets, use the ip irdp multicast command in Interface Configuration mode. To send router advertisements to the limited broadcast address (255.255.255.255), use the no form of this command. Syntax ip irdp multicast no ip irdp multicast Default Configuration Router discovery packets are sent to the all hosts IP multicast address (224.0.0.1) by default.
Syntax ip irdp preference integer no ip irdp preference • integer — Preference of the address as a default router address, relative to other router addresses on the same subnet. (Range: -2147483648 to 2147483647) Default Configuration 0 is the default value. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the ip irdp preference to 1000 for VLAN 15.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows router discovery information for VLAN 15. console#show ip irdp vlan 15 Interface Ad Mode Advertise Address Max Int Min Int Hold Time Preference --------- ------- ----------------- ------- ------- -------- ---------vlan15 Enable 224.0.0.
Routing Information Protocol Commands Dell EMC Networking N1500/N2000/N2100-ON/N3000/N3100ON/N4000 Series Switches The Routing Information Protocol (RIP) has been a long-standing protocol used by routers for exchanging route information. RIP is a distance vector protocol whereby each route is characterized by the number of gateways, or hops, a packet must traverse to reach its intended destination. Categorized as an interior gateway protocol, RIP operates within the scope of an autonomous system.
Syntax auto-summary no auto-summary Default Configuration Disabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#auto-summary default-information originate (Router RIP Configuration) Use the default-information originate command in Router RIP Configuration mode to control the advertisement of default routes.
User Guidelines Only routers that actually have Internet connectivity should advertise a default route. All other routers in the network should learn the default route from routers that have connections out to the Internet. Example console(config-router)#default-information originate default-metric Use the default-metric command in Router RIP Configuration mode to set a default for the metric of distributed routes. Use the no form of the command to return the metric to the default value.
distance rip Use the distance rip command in Router RIP Configuration mode to set the route preference value of RIP in the router. Lower route preference values are preferred when determining the best route. Use the no form of the command to return the preference to the default value. Syntax distance rip integer no distance rip • integer — RIP route preference. (Range: 1-255) Default Configuration 15 is the default configuration. Command Mode Router RIP Configuration mode.
no distribute-list accesslistname out {bgp | ospf | static | connected} • accesslistname — The name used to identify the existing ACL. The range is 1-31 characters. • bgp — Apply the specified access list when BGP is the source protocol. • ospf — Apply the specified access list when OSPF is the source protocol. • static — Apply the specified access list when packets come through a static route. • connected — Apply the specified access list when packets come from a directly connected route.
no enable Default Configuration Enabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#enable hostroutesaccept Use the hostroutesaccept command in Router RIP Configuration mode to enable the RIP hostroutesaccept mode. Use the no form of the command to disable the RIP hostroutesaccept mode. Syntax hostroutesaccept no hostroutesaccept Default Configuration Enabled is the default configuration.
ip rip Use the ip rip command in Interface Configuration mode to enable RIP on a router interface. Use the no form of the command to disable RIP on the interface. Syntax ip rip no ip rip Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
• encrypt — Use MD5 encryption for the RIP interface. • key-id — Authentication key identifier for authentication type encrypt. (Range: 0-255) Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the RIP Version 2 Authentication Type and Key for VLAN 11.
Default Configuration Both is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example allows no RIP control packets to be received by VLAN 11. console(config-if-vlan11)#ip rip receive version none ip rip send version Use the ip rip sent version command in Interface Configuration mode to configure the interface to allow RIP control packets of the specified version to be sent.
Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example allows no RIP control packets to be sent by VLAN 11. console(config-if-vlan11)#ip rip send version none redistribute (RIP) The redistribute command configures RIP protocol to redistribute routes from the specified sources. If the source protocol is OSPF, there are five possible match options.
• bgp — Redistributes BGP originated routes. • connected — Redistributes directly-connected routes. Default Configuration metric integer — not configured match — internal Command Mode Router RIP Configuration mode. User Guidelines When redistributing a route metric, the receiving protocol must understand the metric. The OSPF metric is a cost value equal to 108/ link bandwidth in bits/sec. For example, the OSPF cost of GigabitEthernet is 1 = 108/108 = 1.
Command Mode Global Configuration mode. User Guidelines Use the enable and no enable commands in router RIP mode to enable and disable RIP globally. Example The following example enters Router RIP mode. console(config)#router rip console(config-router)# show ip rip Use the show ip rip command to display information relevant to the RIP router. Syntax show ip rip Default Configuration The command has no default configuration.
Host Routes Accept Mode........................ Global route changes........................... Global queries................................. Default Metric................................. Default Route Advertise........................ Redistributing................................. Source......................................... Metric......................................... Distribute List................................ Redistributing................................. Source..........................
Send version................................... Receive version................................ RIP Admin Mode................................. Link State..................................... Authentication Type............................ Authentication Key............................. Authentication Key ID.......................... Bad Packets Received........................... Bad Routes Received............................ Updates Sent...................................
split-horizon Use the split-horizon command in Router RIP Configuration mode to set the RIP split horizon mode. Use the no form of the command to return the mode to the default value. Syntax split-horizon {none | simple | poison} no split-horizon • none — RIP does not use split horizon to avoid routing loops. • simple — RIP uses split horizon to avoid routing loops. • poison — RIP uses split horizon with poison reverse (increases routing packet update size).
Tunnel Interface Commands Dell EMC Networking N3000/N3100/N4000 Series Switches Dell EMC Networking provides for the creation, deletion, and management of tunnel interfaces. They are dynamic interfaces that are created and deleted by user configuration. Tunnel interfaces are used for the following purposes. • IPv4 tunnels • IPv6 tunnels Each router interface (port or VLAN interface) may have associated tunnel interfaces. Each interface can have multiple tunnel interfaces.
Syntax interface tunnel tunnel-id no interface tunnel tunnel-id • tunnel-id — Tunnel identifier. (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example enables the interface configuration mode for tunnel 1.
User Guidelines This command has no user guidelines. Examples The following examples show the parameters related to an individual tunnel and to all tunnel interfaces. console#show interfaces tunnel 1 Interface Link Status.......................... down MTU size....................................... 1480 bytes console#show interfaces tunnel TunnelId Interface TunnelMode ------------------------1 tunnel 1 IPv6OVER4 2 tunnel 2 IPv6OVER4 SourceAddress ------------10.254.25.
console(config)#interface tunnel 1 console(config-if-tunnel1)#tunnel destination 10.1.1.1 tunnel mode ipv6ip Use the tunnel mode ipv6ip command in Interface Configuration mode to specify the mode of the tunnel. Syntax tunnel mode ipv6ip [6to4] no tunnel mode • 6to4 — Sets the tunnel mode to automatic. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines.
no tunnel source • ip-address—Valid IPv4 address. • interface-type—Valid interface type. VLAN is the only type supported. • interface-number—Valid interface number. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines. Example The following example specifies VLAN 11 as the source transport address of the tunnel.
Virtual Router Commands Dell EMC Networking N3000/N3100/N4000 Series Switches Dell EMC Networking VRF is an implementation of Virtual Routing and Forwarding (VRF). Virtual Routing and Forwarding allows multiple independent instances for the forwarding plane to exist simultaneously. This allows the administrator to segment the network without incurring the costs of multiple routers. Each VRF operates as an independent VPN. The IP addresses assigned to each VPN may overlap.
console#configure terminal console(config)#vlan 100-109 console(config-vlan100-109)#exit 3 Assign the VLAN to an interface. console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan 100 console(config-if-Gi1/0/1)#exit 4 Create the VRF and enable routing. console(config)#ip vrf red console(config-vrf-red)#ip routing console(config-vrf-red)#exit 5 Assign IP addresses to the interfaces. console(config)#interface vlan 100 console(config-if-vlan100)#ip address 192.168.0.
bootpdhcprelay maxhopcount ip dhcp snooping limit bootpdhcprelay minwaittime ip dhcp snooping log-invalid – ip dhcp snooping trust – ip dhcp snooping verify mac-address ip dhcp relay information check ip helper-address (global configuration) ip dhcp relay information check-reply ip helper-address (interface configuration) ip dhcp relay information option ip icmp echo-reply ip dhcp relay information option-insert ip icmp error-interval ip dhcp snooping ip redirects ip dhcp snooping binding
Example The following example shows the assignment of descriptive text to a VRF. console(config)#ip vrf Red console(config-vrf-Red)#description “Backbone to Gateway” console(config-vrf-Red)#exit ip vrf This command creates a virtual router with a specified name and enters Virtual Router Configuration mode. If the virtual router instance already exists, it simply enter virtual router configuration mode.
The ARP table, among others, is a shared resource and is not allocated or partitioned on a VRF basis. Global commands such as arp cachesize still limit the physical router’s shared resources. Example The following example creates two virtual router instances. The routing in the virtual router instance is enabled only when the ip routing command is issued at the virtual router level.
L3 configuration on an interface, including the IP address, is retained when the interface migrated to a new VRF instance. A interface may be migrated from the global routing instance to a VRF or from any non-global VRF instances as well. Example The following example shows the configuration of two VRFs (Red and Blue) for IPv4 routing. Both VRFs will operate over two trunk ports (te1/0/1-2) on their respective VLANs (100 and 200).
Default Configuration A VRF is limited by the number of unreserved routes available. Command Mode Virtual Router Configuration mode User Guidelines Use the no maximum routes command to reset the limit to the default (unlimited). Use the no maximum routes warn command to reset the threshold limit to the default. A VRF instance cannot exceed the configured number of routes, nor may other VRFs utilize the resources allocated to a VRF if a limit is specified for the VRF.
• vrf-name—The name of the VRF for which information is displayed. If no vrf is specified, all VRFs are shown. The VRF name must match the configured VRF name exactly, including capitalization. • detail—Displays detailed information regarding the VRF. Default Configuration This command has no default configuration. Command Mode Exec mode, Privileged Exec mode, and all show modes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
Export VPN route-target communities None Import VPN route-target communities None console(Config)#show ip vrf Red VRF Identifier.......... 2 Description............. “India office bangalore” Route Distinguisher..... 2:200 Maximum Routes.......... 512 Warning-only............
Virtual Router Redundancy Protocol Commands Dell EMC Networking N1500/N2000/N2100-ON/N3000/N3100/N4000 Series Switches An end station running IP needs to know the address of its first hop router. While some network administrators choose to install dynamic router discovery protocols such as DHCP, others prefer to statically allocate router addresses. If the router identified by such a statically allocated address goes down, the end station loses connectivity.
RFC defines a new configuration option that allows the router to accept any packet sent to a VRRP address, regardless of whether the VRRP Master is the address owner. The Pingable VRRP Interface feature, when enabled, allows the VRRP master to respond to both fragmented and unfragmented ICMP echo requests packets destined to a VRRP address (or addresses). A virtual router in backup state discards these.
Interface Tracking For interface tracking, VRRP is a routing event client. When a routing interface goes up or down (or routing is disabled globally, implying all routing interfaces are down), VRRP checks if the interface is tracked. If so, it adjusts the priority. Interface tracking is useful for tracking interfaces that are not configured for VRRP. Only IP interfaces are tracked. Route Tracking The network operator may perform this task to track the reachability of an IP route.
Virtual Router Redundancy Protocol Commands ip vrrp Use the ip vrrp command in Global Configuration mode to enable the administrative mode of VRRP for the router. Use the no form of the command to disable the administrative mode of VRRP for the router. Syntax ip vrrp no ip vrrp Default Configuration VRRP is disabled by default. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example enables VRRP protocol on the router.
• vrid — Virtual router identification. (Range: 1-255) Default Configuration The default configuration is disabled. Command Mode Interface Configuration (VLAN) mode. User Guidelines The VRRP IP address is not pingable from within the switch. vrrp authentication Use the vrrp authentication command in Interface Configuration mode to set the authentication details value for the virtual router configured on a specified interface.
Example The following example sets the authorization details value for VRRP router group 5 on VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#vrrp 2 authentication simple test123 vrrp description Use the vrrp description command in Interface Configuration mode to assign a description to the Virtual Router Redundancy Protocol (VRRP) group. To remove the description, use the no form of the command.
vrrp ip Use the vrrp ip command in Interface Configuration mode to enable VRRP and set the virtual router IP address value for an interface. Use the no form of the command remove the secondary IP address. It is not possible to remove the primary IP address once assigned. Remove the VRRP group instead. Syntax vrrp group ip ip-address [secondary] no vrrp group ip ip-address vlan secondary • group—The virtual router identifier. (Range: 1-255) • ip-address—The IP address of the virtual router.
Example The following example configures VRRP on VLAN 15. console#configure console(config)#vlan 15 console(config-vlan)#interface vlan 15 console(config-if-vlan15)#ip address 192.168.5.1 255.255.255.0 console(config-if-vlan15)#vrrp 20 console(config-if-vlan15)#vrrp 20 ip 192.168.5.1 console(config-if-vlan15)#vrrp 20 mode console(config)#ip routing console(config)#ip vrrp vrrp mode Use the vrrp mode command in Interface Configuration mode to enable the virtual router configured on an interface.
vrrp preempt Use the vrrp preempt command in Interface Configuration mode to set the preemption mode value for the virtual router configured on a specified interface. Use the no form of the command to disable preemption mode. Syntax vrrp group preempt [delay seconds] no vrrp group preempt • group—The virtual router identifier. (Range: 1-255) • seconds—The number of seconds the VRRP router will wait before issuing an advertisement claiming master ownership.
vrrp priority Use the vrrp priority command in Interface Configuration mode to set the priority value for the virtual router configured on a specified interface. Use the no form of the command to return the priority to the default value. Syntax vrrp group priority level no vrrp group priority level • group — The virtual router identifier. (Range: 1-255) • level — Priority value for the interface. (Range: 1-254) Default Configuration Priority has a default value of 100.
Syntax vrrp group timers advertise interval no vrrp group timers advertise interval • group — The virtual router identifier. (Range: 1-255) • interval — The frequency at which an interface on the specified virtual router sends a virtual router advertisement. (Range: 1-255 seconds) Default Configuration Interval has a default value of 1. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
Default Configuration Timer learning is disabled by default and the router uses the configured advertisement. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following configures VLAN 15 virtual router to learn the advertisement interval used by the master virtual router.
Use the no form of this command to remove the interface from the tracked list or to restore the priority decrement to its default. When removing an interface from the tracked list, the priority is incremented by the decrement value if that interface is down. Syntax vrrp group track interface vlan vlan-id [decrement priority] no vrrp group track interface vlan vlan-id • group—The virtual router identifier. (Range: 1-255) • vlan vlan-id—Valid VLAN ID.
route. By default no routes are tracked. If we specify just the route to be tracked without specifying the optional parameter, then the default priority will be set. Use the no form of this command to remove the route from the tracked list or to restore the priority decrement to its default. When removing a tracked IP route from the tracked list, priority should be incremented by the decrement value if the route is not reachable.
Syntax show vrrp [brief | group] • group—The virtual router group identifier. Range 1-255. • brief—Provide a summary view of the VRRP group information. Default Configuration Show information on all VRRP groups. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays detailed VRRP status. console# show vrrp Admin Mode.....................................
Track Route Reachable ......................... False Track Route DecrementPriority ................. 20 Vlan 7 – Group 2 Primary IP Address............................. VMAC Address................................... Authentication Type............................ Priority....................................... Configured Priority............................ Advertisement Interval (secs).................. Accept Mode ................................... Pre-empt Mode..................................
Default Configuration Show information for each group in the specified interface. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays all configuration information about the VLAN 15 virtual router. console#show vrrp interface vlan 15 Vlan 7 – Group 1 Primary IP Address........................... 192.168.5.55 VMAC Address................................ 0000.5E00.
State Transitioned to Master................... Advertisement Received......................... Advertisement Interval Errors.................. Authentication Failure......................... IP TTL Errors.................................. Zero Priority Packets Received................. Zero Priority Packets Sent..................... Invalid Type Packets Received.................. Address List Errors............................ Invalid Authentication Type.................... Authentication Type Mismatch....
Layer 3 Routing Commands 1852
Switch Management Commands 8 This section of the document contains the following Utility command topics: Application Deployment DHCP Server Commands RMON Commands Telnet Server Commands Auto-Install Commands DHCPv6 Server Commands Serviceability Commands Time Ranges Commands CLI Macro Commands HiveAgent Commands Sflow Commands USB Flash Drive Commands Clock Commands IP Addressing Commands SNMP Commands User Interface Commands Command Line Configuration Scripting Commands Line Commands Supp
Application Deployment This section contains commands to manage Dell-supplied or end-user generated applications. Commands in this Section This section explains the following commands: application install application stop application start show application application install Use the application install command to install or remove an application.
• max-megabytes — Set the maximum memory resource that the application process(es) are allowed to consume. Expressed as megabytes between 0 and 200. If 0 is specified, the application process(es) are not limited. If this keyword is not specified, the default value is used. The default is 0. Default Configuration By default, no applications are installed. Command Mode Global Configuration User Guidelines Application names may be up to 16 characters in length.
Default Configuration By default, no applications are installed. Command Mode Privileged Exec mode User Guidelines Applications must be downloaded and installed prior to scheduling execution with the application start command. Application names may be up to 16 characters in length. The name specified in the application-name parameter must match the filename output of the show application command exactly. Application names are case sensitive.
User Guidelines Applications must be downloaded and installed prior to scheduling execution. Application names may be up to 16 characters in length. The name specified in the application-name parameter must match the filename output of the show application command exactly. Application names are case sensitive. Command History Introduced in version 6.3.0.1 firmware. Example console#application stop support-assist This action will terminate the support-assist agent.
Parameter Definition filename Name of the application start-on-boot Yes or No stating if the application is configured to start on boot auto-restart Yes or No stating if the application is configured to restart when the application process ends Max-CPU-Util Configured application CPU utilization limit expressed as a percentage. “None” if unlimited. Max-memory Configured application memory limit in megabytes. “None” if unlimited.
Auto-Install Commands Auto-Install provides automatic update of the image and configuration of Dell EMC Networking devices on boot up from a TFTP server as controlled by received DHCP options. It plays a critical role in the Dell EMC Networking offering of touchless or low-touch provisioning, in which configuration and imaging of a device is greatly simplified. This is highly desirable as device can be setup with minimum interaction from a skilled technician.
Commands in this Section This section explains the following commands: boot auto-copy-sw boot host retry-count boot auto-copy-sw allow-downgrade boot auto-copy-sw boot host auto-reboot show auto-copy-sw boot host auto-save show boot boot host dhcp – boot auto-copy-sw Use the boot auto-copy-sw command to enable or disable Stack Firmware Synchronization. Use the no form of the command to disable Stack Firmware Synchronization.
boot auto-copy-sw allow-downgrade Use the boot auto-copy-sw allow-downgrade command to enable downgrading the firmware version on the stack member if the firmware version on the manager is older than the firmware version on the member. Use the no form of the command to disable downgrading the image. Syntax boot auto-copy-sw allow-downgrade no boot auto-copy-sw allow-downgrade Default Configuration The default value is Enable.
boot host auto-reboot Use the boot host auto-reboot command in Global Configuration mode to enable rebooting the device (no administrative intervention) when the autoimage is successfully downloaded. Use the no form of this command to disable rebooting the device (no administrative intervention) when the autoimage is successfully downloaded. Syntax boot host auto-reboot no boot host auto-reboot Default Configuration The default value is enabled.
Syntax boot host auto-save no boot host auto-save Default Configuration The default value is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example console# console#configure console(config)#boot host auto-save console(config)#no boot host auto-save boot host dhcp Use the boot host dhcp command in Global Configuration mode to enable Auto-Install and Auto Configuration on the switch.
Command Mode Global Configuration. User Guidelines This command has no user guidelines Example console# console#configure console(config)#boot host dhcp console(config)#no boot host dhcp boot host retry-count The boot host retry-count command sets the number of attempts to download a configuration. Use the no form of this command to reset the number of attempts to download a configuration to the default.
console(config)#no boot host retry-count show auto-copy-sw Use the show auto-copy-sw command to display Stack Firmware Synchronization configuration status. Syntax show auto-copy-sw Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The show switch command also displays the switch firmware synchronization status.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show boot Auto-Install Mode.............................. Enabled AutoInstall Operational Mode................... Disabled Auto-Install State............................. AutoInstall is completed. The host retry count value is: 6 Auto Save mode is Disabled Auto Reboot mode is Enabled.
CLI Macro Commands CLI Macros provides a convenient way to save and distribute common configurations. A CLI macro is a set of the CLI commands having a unique name. When a CLI macro is applied, the CLI commands contained within the macro are executed and added to the Running Configuration File. When the macro is applied to an interface, the existing configuration is not lost; the new commands are added configuration.
• profile-compellent-nas, the interface configuration, used when connecting the switch to a Dell Compellent NAS. Commands in this Section This section explains the following commands: macro name macro apply macro global apply macro trace macro global trace macro description macro global description show parser macro macro name Use the macro name command in Global Configuration mode to create a user-defined macro. Use the no form of the command to delete a macro.
Macro Context Name Service interface profile-desktop Configure port security and spanning-tree portfast for a desktop user. interface profile-phone Enable an interface for the Voice VLAN service. interface profile-switch Configure a trunk mode port for a switch. interface profile-router Configure a trunk mode port for a router. interface profile-wireless Configure a port for connection to a wireless AP. global profile-compellent-nas Configure a port for connection to a Compellent NAS.
macro global apply Use the macro global apply command in Global Configuration mode to apply a macro. Syntax macro global apply macro-name [parameter value] [parameter value][parameter value] • • • macro-name—The name of the macro. parameter—The name of the parameter recognized by the macro. The parameter must begin with a dollar sign ($). value—The string to be substituted within the macro for the specified parameter name.
• • parameter—The name of the parameter recognized by the macro. The parameter must begin with a dollar sign ($). value—The string to be substituted within the macro for the specified parameter name. Default Configuration No parameters are substituted unless supplied on the command line. Command Mode Global Configuration mode User Guidelines The line number of the first error encountered is printed. The script is aborted after the first error. Commands applied are additive in nature.
User Guidelines This command is intended to give the administrator an easy way to remember which macros have been applied globally. All text up to the new line is included in the description. The line is appended to the global description. macro apply Use the macro apply command in Interface Configuration mode to apply a macro. Syntax macro apply macro-name [parameter value] [parameter value][parameter value] • • • macro-name—The name of the macro.
Syntax macro trace macro-name [parameter value] [parameter value][parameter value] no macro name name • • • macro-name—The name of the macro. parameter—The name of the parameter recognized by the macro. The parameter must begin with a dollar sign ($). value—The string to be substituted within the macro for the specified parameter name. Default Configuration No parameters are substituted unless supplied on the command line.
Default Configuration There is no description by default. Command Mode Interface Configuration mode User Guidelines This command is intended to give the administrator an easy way to remember which macros have been applied to an interface. All text up to the new line is included in the description. The line is appended to the interface description. show parser macro Use the show parser macro command to display information about defined macros.
Clock Commands Real-time Clock The Dell EMC Networking supports a real-time clock that maintains the system time across reboots. The system time is used to timestamp messages in the logging subsystem as well as for the application of time based ACLs. The administrator has the ability to configure and view the current time, time zone, and summer time settings. The earliest date that can be configured is Jan 1, 2010.
Commands in this Section This section explains the following commands: show sntp configuration sntp trusted-key show sntp server sntp unicast client enable show sntp status clock set sntp authenticate clock timezone hours-offset sntp authentication-key no clock timezone sntp broadcast client enable clock summer-time recurring sntp client poll timer clock summer-time date sntp server no clock summer-time sntp source-interface show clock show sntp configuration Use the show sntp configuratio
Example The following example displays the current SNTP configuration of the device. console#show sntp configuration Polling interval: 64 seconds MD5 Authentication keys: Authentication is not required for synchronization. Trusted keys: No trusted keys No trusted keys. Unicast clients: Disable Unicast servers: Server Key -------------- ----------10.27.128.
Server Server Server Server Server Stratum: Reference Id: Mode: Maximum Entries: Current Entries: 2 NTP Srv: 158.108.96.32 Server 3 2 SNTP Servers -----------Host Address: 2001::01 Address Type: IPv6 Priority: 1 Version: 4 Port: 123 Last Update Time: Dec 22 11:10:00 2009 Last Attempt Time: Dec 22 11:10:00 2009 Last Update Status: Success Total Unicast Requests: 955 Failed Unicast Requests: 1 Host Address: 3.north-america.pool.ntp.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following example shows the status of the SNTP. console#show sntp status Client Mode: Unicast Last Update Time: Mar 8 18:43:56 2017 Unicast servers: Server Status Last response --------------- ---------------------- -------------------------pool.ntp.org Success 18:43:56 Mar 8 2017 23.101.187.
Example The following example, after defining the authentication key for SNTP, grants authentication. console(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8 console(config)# sntp authenticate sntp authentication-key Use the sntp authentication-key command in Global Configuration mode to define an authentication key for Simple Network Time Protocol (SNTP). To remove the authentication key for SNTP, use the no form of this command.
sntp broadcast client enable Use the sntp broadcast client enable command in Global Configuration mode to enable a Simple Network Time Protocol (SNTP) Broadcast client. To disable an SNTP Broadcast client, use the no form of this command. Syntax sntp broadcast client enable no sntp broadcast client enable Default Configuration The SNTP Broadcast client is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Default Configuration The default polling interval is 64 seconds. Command Mode Global Configuration mode User Guidelines If a user enters a value which is not an exact power of two, the nearest powerof-two value is applied. Example The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 1024 seconds.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The SNTP authentication parameter is an MD5 checksum sent to the NTP server. The key index identified in the sntp server command should be configured with the sntp authentication-key command. Example The following example configures the device to accept Simple Network Time Protocol (SNTP) traffic from the server at IP address 192.1.1.1. console(config)# sntp server 192.1.1.
Command Mode Global Configuration User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP). This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function. Command History Introduced in version 6.3.0.1 firmware.
Command Mode Global Configuration mode User Guidelines This command is relevant for both received Unicast and Broadcast. Example The following defines SNTP trusted-key. console(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8 console(config)# sntp authenticate sntp unicast client enable Use the sntp unicast client enable command in Global Configuration mode to enable a client to use Simple Network Time Protocol (SNTP) predefined Unicast clients.
console(config)# sntp unicast client enable clock set Use the clock set command to manually set the system time. Syntax clock set { | } Default Configuration The system time is local. Command Mode Global Configuration User Guidelines It is advisable to set both the time and date.
Command Mode Global Configuration Default Value No default setting User Guidelines No specific guidelines Example console(config)#clock timezone -5 minutes 30 zone IST no clock timezone Use the no clock timezone command to reset the time zone settings. Syntax no clock timezone Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no specific user guidelines.
clock summer-time recurring Use the clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone acronym] command to set the summertime offset to UTC recursively every year. If the optional parameters are not specified, they are read as either '0' or '\0', as appropriate. Syntax clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone acronym] • • • • • • week — Week of the month.
clock summer-time date Use the clock summer-time date {{date|month}|{month|date}} year hh:mm {{date|month}|{month|date}} year hh:mm [offset offset] [zone acronym] command to set the summertime offset to UTC. If the optional parameters are not specified, they are read as either '0' or '\0', as appropriate. Syntax clock summer-time date {date | month} {month | date} year hh:mm {date | month} {month | date} year hh:mm [offset offset] [zone acronym] • • • • • • date — Day of the month.
console(config)# clock summer-time date Apr 1 2014 02:00 Oct 28 2014 02:00 offset 60 zone EST no clock summer-time Use the no clock summer-time command to reset the summertime configuration. Syntax no clock summer-time Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines No specific guidelines Example console(config)#no clock summer-time show clock Use the show clock command to display the time and date from the system clock.
Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows the time and date only. console# show clock 15:29:03 PDT(UTC-7) Jun 17 2014 Time source is SNTP The following example shows the time, date, timezone, and summertime configuration.
Command Line Configuration Scripting Commands The Configuration Scripting feature allows the user to generate textformatted files representing the current system configuration. These configuration script files can be uploaded to a computer and edited, then downloaded to the system and applied to the system. This feature allows the flexibility of creating command configuration scripts that can be applied to several switches with minor or no modifications.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example applies the config.scr script to the switch. console#script apply config.scr script delete Use the script delete command to delete a specified script. Syntax script delete {scriptname | all} • scriptname — Script name of the file being deleted.
script list Use the script list command to list all scripts present on the switch as well as the remaining available space. Syntax script list Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays all scripts present on the switch. console#script list Configuration Script Name Size(Bytes) -------------------------------- ----------0 configuration script(s) found.
Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays the contents of the script file config.scr. console#script show config.scr interface gigabitethernet 1/0/1 ip address 176.242.100.100 255.255.255.0 exit script validate Use the script validate command to validate a script file by parsing each line in the script file.The validate option is intended for use as a tool in script development.
Example The following example validates the contents of the script file config.scr. console#script validate config.
Configuration and Image File Commands File System Commands CLI commands allow the user to show the contents of the current directory in the flash file system (dir command). These files may also be deleted from the flash using the delete command or renamed with the rename command. Also, the syntax of the copy command has been changed slightly to add additional flash targets and sources for the above commands.
filedescr boot system Use the boot system command to specify the system image that the device loads at startup. Syntax boot system [unit-id][active|backup] • • • unit-id—Unit to be used for this operation. If absent, command executes on this node. active—Boot from the currently active image. backup—Boot from the backup image. Default Configuration This command has no default configuration.
Serial Number..................... Manufacturer...................... Burned In MAC Address............. System Object ID.................. CPU Version....................... SOC Version....................... HW Version........................ CPLD Version...................... X00-32C-10 0xbc00 001E.C9F0.0039 1.3.6.1.4.1.674.10895.3042 XLP308L BCM56842_A1 1 17 unit active backup current-active next-active ---- ----------- ----------- -------------- -------------6.0.0.1 6.0.0.0 6.0.0.1 6.0.0.
Syntax copy source-url destination-url Parameter Description source-url The location URL or or reserved keyword of the source file being copied. (Range: 1-160 characters.) List of valid source parameters for uploading from the switch: backup-config Uploads Backup Config file. active|backup Uploads code file. log-files Uploads the system logs. operational-log Uploads Operational Log file. running-config Uploads system config file. script Uploads Configuration Script file.
Parameter Description destination-url The URL or reserved keyword of the destination file. (Range: 1-160 characters. List of valid destination parameters for downloading to the switch: application [filename] Download a PYTHON application. backup-config Downloads a backup config file using FTP, SFTP, or TFTP. ca-root [index] A Certificate Authority (CA) root or intermediate X.509 PEM-encoded certificate file. The contents of the source URL are copied into the CAindex.pem file on the switch.
Parameter Description destination-url openflow-ssl-cert (cont.) An OpenFlow client certificate file. The contents of the source URL are copied into the of-cert.pem file on the switch. script Downloads a configuration script by FTP, SFTP, or TFTP. startup-config Downloads a startup configuration file using FTP or TFTP. ias-users Downloads the ias-users database file.
• • • • • filename is extracted from the source url. If the filename has a .tar or .tgz extension, the archive is unpacked in the user-apps directory and deleted after unpacking. If there is an error during unpacking, the file is deleted anyway. If the file name does not include a .tar or .tgz extension, it is simply copied into the user-apps directory as is. username — The user name for logging into the remote server via SSH.
Reserved Keyword Description tftp: Source or destination URL for a TFTP network server. The syntax for this alias is tftp:[[//location]/directory]/filename. An out-ofband IP address can be specified as described in the User Guidelines. usb: Source or destination URL for a file on a mounted USB file system. flash: Source or destination URL for the switch flash-based file system. backup-config Represents the backup configuration file.
Downloaded scripts are executed from privileged exec mode and should contain a configure command as the first line of the script in order to enter global configuration mode. To configure TLS to use a particular CA root certificate with a client certificate and client key for connecting to a SYSLOG server, all three of the files must have the same index as is configured for the SYSLOG server.
Example – Downloading new code to the switch console#copy tftp://10.27.9.99/jmclendo/N4000v6.0.1.3.stk backup Transfer Mode.................................. Server IP Address.............................. Source File Path............................... Source Filename................................ Data Type...................................... Destination Filename........................... TFTP 10.27.9.99 jmclendo/ N4000v6.0.1.3.
Example – Downloading and applying ias users file console#copy tftp://10.131.17.104/aaa_users.txt ias-users Transfer Mode.................................. TFTP Server IP Address.............................. 10.131.17.104 File Path...................................... ./ File Name...................................... aaa_users.txt Data Type......................................
linux>tar czf ha.tgz hiveagent_pr hiveagent_pr_s On the switch, issue the following command: console#copy tftp://172.25.122.22/ha.tgz application See what files are installed: console#show application files OpEN application process directory contents: 62 53926 53926 74062 1143002 1143002 10517 2544 3461 4465 12464 3729 8707 16358 SupportAssist ah_ha.conf ah_ha.conf_s hiveagent hiveagent_pr hiveagent_pr_s sa-main.pyc saCommitUpl.pyc saGetConfig.pyc saGlobal.pyc saSendChunk.pyc saStartUpl.pyc saSubmitTop.
-rwx -rw -rwx -rwx 62 3461 53926 1143002 Jul Jul May May 19 19 05 05 2016 2016 2016 2016 13:44:02 13:44:01 12:17:12 12:17:12 SupportAssist saGetConfig.pyc ah_ha.conf_s hiveagent_pr Total Size: 215265280 Bytes Used: 2535481 Bytes Free: 212729799 Command History Description and options revised in 6.3.5 release. delete Use the delete command to delete files from flash. Files cannot be deleted from the USB device.
User Guidelines The file name may optionally include the path to the file, e.g., delete crashlogs/crash.0. Example console#delete file1.scr Delete file1.scr (Y/N)?y dir Use the dir command to print the contents of the flash file system or of a subdirectory. Syntax dir [subdir] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
-rw-rw- 0 2497 Jan 28 2022 23:05:12 Jan 21 2022 22:37:38 olog0.txt fastpath.cfg Total Size: 1001914368 Bytes Used: 128319488 Bytes Free: 873594880 erase Use the erase command to erase the startup configuration, the backup configuration, or the backup image, or a Dell-supplied application. Syntax erase {filename | startup-config | backup | backup-config | application filename} • • • • • filename—The name of a file on the flash drive.
Syntax filedescr {active | backup} description no filedescr {active | backup} • • active | backup—Image file. description—Block of descriptive text. (Range: 0-128 characters) Default Configuration No description is attached to the active or backup image. Use the show bootvar command to display the image description. Command Mode Privileged Exec mode User Guidelines The description accepts any printable characters except a question mark.
• dest — Destination file name Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines Renaming the image1 or image2 files may cause the switch to not boot. Example console#rename file1.scr file2.scr show backup-config Use the show backup-config command to display the contents of the backup configuration file. Syntax show backup-config Default Configuration This command has no default configuration.
!Current Configuration: !System Description “Dell Networking N4032, 6.0.0.0, Linux 2.6.32.9" !System Software Version 6.0.0.0 !Cut-through mode is configured as disabled ! configure slot 1/0 1 ! Dell Networking N4032 stack member 1 1 ! N4032 exit interface vlan 1 exit snmp-server engineid local 800002a203001122334455 exit show bootvar Use the show bootvar command in User Exec mode to display the active system image file that the device loads at startup. Syntax show bootvar [unit] • unit —Unit number.
Image Descriptions active : backup : Images currently available on Flash unit active backup current-active next-active ----- ------------ ------------ ----------------- ----------------1 6.0.0.0 9.25.16.57 6.0.0.0 6.0.0.0 show running-config Use the show running-config command to display the contents of the currently running configuration file, including banner configuration.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example This example shows the truncated output for the configuration of interface Gi1/0/1. Since the all parameter is given, both the non-default and the default values are shown.
show startup-config Use the show startup-config command to display the startup configuration file contents. Syntax show startup-config Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the contents of the startup-config file.
write Use the write command to copy the running configuration image to the startup configuration. Syntax write Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command is equivalent to the copy running-config startup-config command functionally.
DHCP Client Commands Dell EMC Networking switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP. The options are mutually exclusive. When the operator enables DHCPv4 on an IP interface, all manually configured IP addresses on that interface are removed from the running configuration.
release dhcp Use the release dhcp command to force the DHCPv4 client to release a leased address. Syntax release dhcp interface-id • interface-id—Any valid VLAN interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration.
Syntax renew dhcp {interface-id | out-of-band} • • interface-id—Any valid IP interface. See Interface Naming Conventions for interface representation. out-of-band—Keyword to identify the out-of-band interface. The DHCP client renews the leased address on this interface. Default Configuration This command has no default configuration.
show dhcp lease Use the show dhcp lease command to display IPv4 addresses leased from a DHCP server. Syntax show dhcp lease [interface {out-of-band | vlan vlan-id}] • • out-of-band—The out-of-band interface. vlan-id—The VLAN identifier. Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command lists all IPv4 addresses currently leased from a DHCP server on an IP interface.
Term Description Retry count Number of times the DHCPv4 client sent a DHCP REQUEST message to which the server did not respond. Examples The following example shows the output from this command when the device has leased two IPv4 addresses from the DHCP server. console#show dhcp lease IP address: 10.27.22.186 on interface Vl1 Subnet mask: 255.255.252.0 DHCP lease server: 10.27.192.
DHCP Server Commands Dell EMC Networking N2000/N2100/N3000/N3100/N4000 Series Switches DHCP is based on the Bootstrap Protocol (BOOTP). It also captures the behavior of BOOTP relay agents and DHCP participants can inter operate with BOOTP participants. The host RFC’s standardize the configuration parameters which can be supplied by the DHCP server to the client. After obtaining parameters via DHCP, a DHCP client should be able to exchange packets with any other host in the Internet.
• Using DHCP a centralized management policy can be implemented as the DHCP server keeps information about all the subnets. This allows a system operator to update a single server when configuration changes take place.
no ip dhcp pool [pool-name] • pool-name—The name of an existing or new DHCP address pool. The pool name can be up to 31 characters in length and can contain the following characters: a-z, A-Z, 0-9, ’-’, ’_’, ’ ’. Enclose the entire pool name in quotes if an embedded blank is to appear in the pool name. Default Configuration The command has no default configuration. Command Mode Global Configuration mode User Guidelines This capability requires the DHCP service to be enabled.
• Client address lease time – lease Administrators may also configure manual bindings for clients using the host command in DHCP Pool Configuration mode. This is the most often used for DHCP clients for which the administrator wishes to reserve an ip address, for example a computer server or a printer. A DHCP pool can contain automatic or dynamic address assignments or a single static address assignment.
bootfile Use the bootfile command in DHCP Pool Configuration mode to set the name of the image for the DHCP client to load. Use the no form of the command to remove the bootfile configuration. Use the show ip dhcp pool command to display pool configuration parameters. Syntax bootfile filename no bootfile • filename—The name of the file for the DHCP client to load. Default Configuration There is no default bootfile filename.
Default Configuration The command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example console#clear ip dhcp binding 1.2.3.4 clear ip dhcp conflict Use the clear ip dhcp conflict command to remove DHCP server address conflicts. Use the show ip dhcp conflict command to display address conflicts detected by the DHCP server. Syntax clear ip dhcp conflict {ip-address | *} • *—Clear all automatic dhcp bindings.
client-identifier Use the client-identifier command in DHCP Pool Configuration mode to identify a Microsoft DHCP client to be manually assigned an address. Use the no form of the command to remove the client identifier configuration. Syntax client-identifier unique-identifier no client-identifier • unique-identifier—The identifier of the Microsoft DHCP client. The client identifier is specified as 7 bytes of the form XX:XX:XX:XX:XX:XX:XX where X is a hexadecimal digit.
Syntax client-name name no client-name • name—The name of the DHCP client. The client name is specified as up to 31 printable characters. Default Configuration There is no default client name. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The client name should not include the domain name as it is specified separately by the domain-name (IP DHCP Pool Config) command.
• ip-address1—The IPv4 address of the first default router for the DHCP client. • ip-address2—The IPv4 address of the second default router for the DHCP client. Default Configuration No default router is configured. Command Mode DHCP Pool Configuration mode User Guidelines This command has no user guidelines. Example console(config-dhcp-pool)#default-router 192.168.22.1 192.168.23.
User Guidelines This command has no user guidelines. domain-name (IP DHCP Pool Config) Use the domain-name command in IP DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCP client by the DHCP server. The DNS name is an alphanumeric string up to 255 characters in length. Use the no form of the command to remove the domain name. Syntax domain-name domain no domain-name domain • domain — DHCP domain name.
Default Configuration There are no default MAC address manual bindings. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. It may be necessary to use the no host command prior to executing the no hardware-address command. Example console(config-dhcp-pool)#hardware-address 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.
User Guidelines Use the client-identifier or hardware-address command prior to using this command for an address pool. Use the show ip dhcp pool command to display pool configuration parameters. Example console(config-dhcp-pool)#client-identifier 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.131 32 ip dhcp bootp automatic Use the ip dhcp bootp automatic command in Global Configuration mode to enable automatic BOOTP address assignment.
ip dhcp conflict logging Use the ip dhcp conflict logging command in Global Configuration mode to enable DHCP address conflict detection. Use the no form of the command to disable DHCP conflict logging. Syntax ip dhcp conflict logging no ip dhcp conflict logging Default Configuration Conflict logging is enabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
• high-address—An IPv4 address indicating the ending range for exclusion from automatic DHCP address assignment. The high-address must be numerically greater than the low-address. Default Configuration By default, no IP addresses are excluded from the lists configured by the IP DHCP pool configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp excluded-address 192.168.20.1 192.168.20.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp ping packets 5 lease Use the lease command in DHCP Pool Configuration mode to set the period for which a dynamically assigned DHCP address is valid. Use the infinite parameter to indicate that addresses are to be automatically assigned. Use the no form of the command to return the lease configuration to the default. Use the show ip dhcp pool command to display pool configuration parameters.
User Guidelines The Dell EMC Networking DHCP server does not offer infinite duration DHCP leases. The maximum lease offered is 60 days, which corresponds to an “infinite” setting in the UI. Example The following examples sets a lease period of 1 day, 12 minutes and 59 seconds. console(config)#ip dhcp pool asd console(config-dhcp-pool)#network 10.0.0.0 255.0.0.0 console(config-dhcp-pool)#lease 1 12 59 console(config-dhcp-pool)#exit console(config)#show ip dhcp pool asd Pool: asd Pool Type...................
User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. Up to eight name server addresses may be specified. The NetBIOS WINS information is conveyed in the Option 44 TLV of the DHCP OFFER, DCHP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#netbios-name-server 192.168.21.1 192.168.22.1 netbios-node-type Use the netbios-node-type command in DHCP Pool Configuration mode to set the NetBIOS node type for a Microsoft DHCP client.
• hybrid (h-node) Example console(config-dhcp-pool)#netbios-node-type h-node network Use the network command in IP DHCP Pool Configuration mode to define a pool of IPv4 addresses for distributing to clients. Syntax network network-number [mask | prefix-length] • network-number—A valid IPv4 address • mask—A valid IPv4 network mask with contiguous left-aligned bits. • prefix-length—An integer indicating the number of leftmost bits in the network-number to use as a prefix for allocating cells.
Default Configuration There is no default IPv4 next server configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address is conveyed in the SIADDR field of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#next-server 192.168.21.
Default Configuration There is no default option configured. Command Mode DHCP Pool Configuration mode User Guidelines The option information must match the selected option type and length. Options cannot be longer than 255 characters in length. The option information is conveyed in the TLV specified by the code parameter in the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages.
Table 8-1 lists the other options that can be configured and their fixed length, minimum length, and length multiple requirements. Refer to the relevant documentation for the DHCP client to identify what information, if any, is accepted by the client for the options listed below. Table 8-1.
Table 8-1.
Table 8-1.
service dhcp Use the service dhcp command in Global Configuration mode to enable the local IPv4 DHCP server on the switch. Use the no form of the command to disable the DHCPv4 service. Syntax service dhcp no service dhcp Default Configuration The service is disabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address of the NTP server is conveyed in the Option 42 TLV of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#sntp 192.168.21.2 show ip dhcp binding Use the show ip dhcp binding command to display the configured DHCP bindings.
show ip dhcp conflict Use the show ip dhcp conflict command in User Exec mode to display DHCP address conflicts for all relevant interfaces or a specified interface. If an interface is specified, the optional statistics parameter is available to view statistics for the specified interface. Syntax show ip dhcp conflict [address] • address—A valid IPv4 address for which the conflict information is desired. Default Configuration The command has no default configuration.
User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics show ip dhcp pool Use the show ip dhcp pool command in User Exec or Privileged Exec mode to display the configured DHCP pool or pools. If no pool name is specified, information about all pools is displayed. Syntax show ip dhcp pool [all | poolname] • poolname—Name of the pool. (Range: 1-32 characters) Default Configuration This command has no default configuration.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics Automatic Bindings............................. 100 Expired Bindings............................... 32 Malformed Bindings............................. 0 Messages Received ------------------DHCP DISCOVER.................................. 132 DHCP REQUEST................................... 132 DHCP DECLINE.............
DHCPv6 Server Commands Dell EMC Networking N2000/N2100/N3000/N3100/N4000 Series Switches This section explains the following commands: clear ipv6 dhcp service dhcp dns-server (IPv6 DHCP Pool Config) show ipv6 dhcp domain-name (IPv6 DHCP Pool Config) show ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp interface (User Exec) ipv6 dhcp relay show ipv6 dhcp interface (Privileged Exec) ipv6 dhcp server show ipv6 dhcp pool prefix-delegation show ipv6 dhcp statistics clear ipv6 dhcp Use the clear ipv
Examples The following examples clears DHCPv6 statistics for VLAN 11. console#clear ipv6 dhcp interface vlan 11 statistics\ dns-server (IPv6 DHCP Pool Config) Use the dns-server command in IPv6 DHCP Pool Configuration mode to set the IPv6 DNS server address which is provided to a DHCPv6 client by the DHCPv6 server. DNS server address is configured for stateless server support. Syntax dns-server ipv6-address no dns-server ipv6-address • ipv6-address —Valid IPv6 address.
Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines DHCPv6 pool can have multiple number of domain names with maximum of 8. Example The following example sets the DNS domain name “test”, which is provided to a DHCPv6 client by the DHCPv6 server.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters IPv6 DHCP Pool Configuration mode. console(config)#service dhcpv6 console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)# ipv6 dhcp relay Use the ipv6 dhcp relay command in Interface Configuration mode to configure an interface for DHCPv6 relay functionality.
User Guidelines The IPv6 DHCP service must be enabled to use this feature. Enable the IPv6 DHCP service using the service dhcpv6 command. If relay-address is an IPv6 global address, then relay-interface is not required. If relay-address is a linklocal or multicast address, then relay-interface is required. Finally, a value for relay-address is not specified, then a value for relay-interface must be specified and the DHCPV6-ALLAGENTS multicast address (i.e.
Default Configuration The default preference value is 20. Rapid commit is not enabled by default. Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines This feature requires the IPv6 DHCP service. Enable the IPv6 DHCP service using the service dhcpv6 command. The ipv6 dhcp server command enables DHCP for IPv6 service on a specified interface using the pool for prefix delegation and other configuration through that interface.
prefix-delegation Use the prefix-delegation command in IPv6 DHCP Pool Configuration mode to define multiple IPv6 prefixes within a pool for distributing to specific DHCPv6 Prefix delegation clients. Syntax prefix-delegation ipv6-prefix/prefix-length client-DUID [name hostname] [valid-lifetime {valid-lifetime | infinite}] [preferred-lifetime {preferredlifetime | infinite}] no prefix-delegation ipv6-prefix/prefix-length • prefix/prefix-length—Delegated IPv6 prefix. • client-DUID—Client DUID (e.g.
Example The following example defines a Multiple IPv6 prefix and client DUID within a pool for distributing to specific DHCPv6 Prefix delegation clients. console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)#prefix-delegation 2020:1::1/64 00:01:00:09:f8:79:4e:00:04:76:73:43:76 The following example defines a unique local address prefix with the MAC address 00:1D:BA:06:37:64 converted to EUI-64 format and a preferred lifetime of 5 days.
show ipv6 dhcp Use the show ipv6 dhcp command to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The DUID value of the server will only appear in the output when a DHCPv6 lease is active. Example The following example displays the DHCPv6 server name and status.
Command Mode Privileged Exec and User Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool based on the entered IPv6 address. console#show ipv6 dhcp binding 2020:1:: show ipv6 dhcp interface (User Exec) Use the show ipv6 dhcp interface command in User Exec mode to display DHCPv6 information for all relevant interfaces or for the specified interface.
Examples The following examples display DHCPv6 information for VLAN 11 when configured in relay mode. console> show ipv6 dhcp interface vlan 11 IPv6 Interface................................. Mode........................................... Relay Address.................................. Relay Interface Number......................... Relay Remote ID................................ Option Flags...................................
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command shows the DHCP status. Information displayed depends on the mode. The command output provides the following information for an interface configured in client mode. Not all fields will be shown for an inactive client. Term Description Mode Displays whether the specified interface is in Client, Relay, or Server mode.
Term Description Valid Lifetime The valid life time (in seconds) of the IPv6 Address leased by the DHCPv6 Server. Renew Time The time remaining (in seconds) to send a DHCPv6 Renew request to DHCPv6 Server for the leased address. Expiry Time The time (in seconds) when the DHCPv6 leased address expires. Example The following example shows the output from this command when the device has leased an IPv6 address from the DHCPv6 server on interface Gi1/0/1. NOTE: Note that the interface is in client mode.
Option Flags................................... console#show ipv6 dhcp interface vlan 10 statistics DHCPv6 Server Interface Vl10 Statistics DHCPv6 Solicit Packets Received................ DHCPv6 Request Packets Received................ DHCPv6 Confirm Packets Received................ DHCPv6 Renew Packets Received.................. DHCPv6 Rebind Packets Received................. DHCPv6 Release Packets Received................ DHCPv6 Decline Packets Received................ DHCPv6 Inform Packets Received......
Syntax show ipv6 dhcp pool poolname • poolname — Name of the pool. (Range: 1-32 characters) Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool.
User Guidelines This command has no user guidelines. Example The following example displays the DHCPv6 server name and status. console> show ipv6 dhcp statistics DHCPv6 Interface Global Statistics -----------------------------------DHCPv6 Solicit Packets Received................ DHCPv6 Request Packets Received................ DHCPv6 Confirm Packets Received................ DHCPv6 Renew Packets Received.................. DHCPv6 Rebind Packets Received................. DHCPv6 Release Packets Received........
HiveAgent Commands The commands in this section enable configuration of the Dell HiveAgent. Commands in this Section This section explains the following commands: eula-consent source-interface vlan-id hiveagent url server show hiveagent debug debug show hiveagent source-interface enable show hiveagent status proxy-ip-address show eula-consent hiveagent eula-consent Use the eula-consent command to accept or decline the end-user license agreement (EULA) for the hive agent.
User Guidelines Messages are shown for both the accept and reject use cases with information directing the user to URLs for further information. If the user rejects or has not yet accepted the EULA, the configuration mode for the specified service is not usable. If there is existing configuration for that feature, the configuration is not removed, but the feature is disabled. This command can be executed multiple times. It overwrites the previous information each time.
no hiveagent Default Configuration By default, no HiveManager NG is configured by default. Command Mode Global Configuration User Guidelines This command enters HiveAgent Configuration mode. It allows the administrator to configure HiveAgent information. The configured information is stored in the running config. Use the write command to save the information into the startup-config. Command History Introduced in version 6.3.0.1 firmware. Example In this example, the HiveAgent EULA has been accepted.
Syntax server server-name no server server-name server-name — The name of the server. The server name has a maximum length of 20 characters. Any printable character other than a question mark may be used in the server name. Enclose the server name in quotes if an embedded blank is desired in the server name. Default Configuration The default server HiveManagerNG is configured.
Default Configuration By default, HiveAgent debug is disabled. Command Mode HiveAgent Configuration mode User Guidelines This command enables HiveAgent debug. Command History Command introduced in version 6.5 firmware. Example console(config)#hiveagent console(conf-hiveagent)#debug enable Use the enable command to enable a HiveAgent server. Use the no form of the command to disable a HiveAgent server. Syntax enable no enable Default Configuration By default, the default server is enabled.
Command History Introduced in version 6.3.0.1 firmware. Example console(config)# hiveagent console(conf-hiveagent)#server HiveManagerNG console(conf-hiveagent-HiveManagerNG)#enable proxy-ip-address Use the proxy-ip-address command to configure a proxy server to be used to contact the HiveManager NG. Use the no form of the command to remove the proxy server information.
Command Mode HiveAgent Server Configuration User Guidelines Passwords are always stored and displayed as encrypted, even if entered in unencrypted format. Example console(config)#support-assist console(conf-support-assist)#server 10.0.0.1 console(conf-support-assist-10.0.0.1)#proxy-ip-address 10.0.0.2 port 1025 username admin password 0 password Command History Introduced in version 6.3.0.1 firmware.
User Guidelines The source VLAN must have an IP address assigned for it to be used by HiveAgent. Command History Command introduced in version 6.5 firmware. Example console(config)#interface vlan 1 console(conf-vlan1)#ip address 172.16.32.11 /24 console(conf-vlan1)#exit console(config)#hiveagent console(conf-hiveagent)#source interface vlan-id 1 url Use the url command to configure the URL to reach on HiveManager NG. Use the no form of the command to remove the URL information.
Command History Introduced in version 6.3.0.1 firmware. Example console(config)#hiveagent console(conf-hiveagent)" server HiveManagerNG console(conf-hiveagent-HiveManagerNG)#url cloud-rd.aerohive.com show hiveagent debug Use the show hiveagent debug command to view information on HiveAgent debug configuration. Status may also be obtained from the HiveManager NG web page. Syntax show hiveagent debug Default Configuration This command has no defaults.
Syntax show hiveagent source-interface Default Configuration This command has no defaults. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The source VLAN must have an IP address assigned for it to be used by HiveAgent. Command History Command introduced in version 6.5 firmware.
User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.3.0.1 firmware. Example console# show hiveagent status HiveAgent: Enabled EULA: Accepted HiveManager Server Name: HiveManagerNG HiveManager NG (enabled): HiveAgent Version.............................. HiveAgent Status............................... HiveAgent AssociationUrl....................... HiveAgent AssociationMethod.................... HiveAgent PollUrl..............................
User Guidelines Acceptance of the HiveAgent EULA is enabled by default. Command History Introduced in version 6.3.0.1 firmware. Example console#show eula-consent hiveagent HiveAgent EULA has been: Accepted This switch includes a feature that enables it to work with HiveManager (an optional management suite), by sending the switch’s service tag number to HiveManager to authenticate your entitlement to use HiveManager.
IP Addressing Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON/N4000 Series Switches Interfaces on the Dell EMC Networking switches support a variety of capabilities to support management of the switch. In addition to performing switching and routing of network traffic, Dell EMC Networking switches act as a host for management of the switch.
ip domain-lookup show ip helper-address ip domain-name show ipv6 dhcp interface out-of-band statistics ip host show ipv6 interface out-of-band clear host Use the clear host command to delete entries from the host name-to-address cache. Syntax clear host {name | *} • name — Host name to be deleted from the host name-to-address cache. (Range: 1-255 characters) • * — Deletes all entries in the host name-to-address cache. Default Configuration This command has no default configuration.
Syntax clear ip address-conflict-detect [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, counters for the default (global) router instance is cleared. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
User Guidelines This command is not available on the N1100-ON/N1500/N2000 Series switches, nor on the N2128PX-ON switch. Example console(config)#interface out-of-band console(config-if)# ip address Use the ip address command to configure an IP address on an in-band VLAN or loopback interface. Also use this command to configure one or more secondary IP addresses on the interface.
Command Mode Interface Configuration (VLAN, Loopback) mode User Guidelines This command also implicitly enables the VLAN or loopback interface for routing (i.e. as if the user had issued the ‘routing’ interface command). By default, configuring an IP address on a VLAN enables in-band management for interfaces configured with that VLAN. Setting up an IP address on VLAN 1 enables switch management on all in-band interfaces except for those where VLAN 1 is specifically excluded.
ip address (Out-of-Band) Use the ip address command in Interface Configuration mode to set an IP address for the out-of-band interface. Use the no form of this command to return the ip address configuration to its default value. Syntax ip address {ip-address {mask | prefix-length} | dhcp|none} no ip address • ip-address—Specifies a valid IPv4 address in dotted-quad notation. • mask—Specifies a valid subnet (network) mask IPv4 address in dotted quad notation.
A out-of-band interface configured for DHCP address assignment will send the following text string in DHCP Option 60 of the DHCPDISCOVER message to assist the DHCP server in identification of the switch: "DellEMC;;;". The left and right angle brackets and quotation marks are not sent. An example option 60 string might be: DellEMC;N2128PXON;6.5.2.
User Guidelines When in virtual router configuration mode, this command operates within the context of the virtual router instance. When in global config mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the Dell EMC Networking N3000/N3100-ON/N4000 switches.
In addition to leasing an IP address and subnet mask, the DHCP client may learn the following parameters from a DHCP server: • The IPv4 address of a default gateway. If the device learns different default gateways on different interfaces, the system uses the first default gateway learned. The system installs a default route in the routing table, with the default gateway’s address as the next hop address. This default route has a preference of 254. • The IPv4 address of a DNS server.
Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines When the system does not have a more specific route to a packet’s destination, it sends the packet to the default gateway. The system installs a default IPv4 route with the gateway address as the next hop address. The route preference is 253. A default gateway configured with this command is more preferred than a default gateway learned from a DHCP server, which has a route preference of 254.
Syntax ip domain-lookup no ip domain-lookup Default Configuration DNS name resolution is enabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables the IP Domain Naming System (DNS)-based host name-to-address translation. console(config)#ip domain-lookup ip domain-name Use the ip domain-name command in Global Configuration mode to define a default domain name used to complete unqualified host names.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a default domain name of dell.com. console(config)#ip domain-name dell.com ip host Use the ip host command in Global Configuration mode to define static host name-to-address mapping in the host cache. To delete the name-to-address mapping, use the no form of this command. Syntax ip host name address no ip host name • name — Host name. • address — IP address of the host.
console(config)#ip host accounting.dell.com 176.10.23.1 ip name-server Use the ip name-server command in Global Configuration mode to define available IPv4 or IPv6 name servers. To delete a name server, use the no form of this command. Syntax ip name-server server-address1 [server-address2 … server-address8] no ip name-server [server-address1 … server-address8] • server-address — Valid IPv4 or IPv6 addresses of the name server.
Syntax ip name-server source-interface {loopback loopback-id | tunnel tunnel-id | vlan vlan-id } no ip name-server source-interface • loopback-id— A loopback interface identifier. • tunnel-id— A tunnel identifier. • vlan-id— A VLAN identifier. Default Configuration By default, the switch uses the assigned switch IP address as the source IP address for DNS packets. This address is either the IP address assigned to the VLAN from which the DNS packet originates or the out-of-band interface IP address.
Example The following example configures a source interface for a VLAN interface that obtains its address via DHCP: console#configure console(config)#interface vlan 1 console(config-if-vlan1)#ip address dhcp console(config-if-vlan1)#exit console(config)#ip name-server source-interface vlan 1 This example configures a source interface for a loopback interface. Using a loopback address is the recommended method for assigning a source interface.
Default Configuration There is no IPv6 address configured by default. Command Mode Interface Configuration mode (VLAN, tunnel, loopback) User Guidelines When setting the prefix length on an IPv6 address, no space can be present between the address and the mask. Multiple globally reachable addresses may be assigned to an interface. Creation of a link local address is automatically performed by this command. IPv6 addresses may be expressed in up to eight blocks.
ipv6 address (OOB Port) Use the ipv6 address command in Interface (out-of-band) Configuration mode to set the IPv6 prefix on the out-of-band port. If a prefix is specified, the address will be configured using the prefix and length A link local address in EUI-64 format may also be assigned. The autoconfig parameter specifies that a link local address in the EUI-64 format is assigned to the interface. The DHCP parameter indicates that the port should obtain its address via DHCP.
IPv6 auto configuration mode can be enabled in the Out-of-Band interface only when IPv6 auto configuration or DHCPv6 is not enabled on any of the in-band management interfaces. The optional eui64 parameter indicates that the IPv6 address is configured to use the EUI-64 interface ID in the low order 64 bits of the address. In this parameter is specified, the prefix-length must be 64. This command is only valid for switches equipped with an out-of-band interface.
console#config console(config)#interface vlan 2 console(config-if-vlan2)#ipv6 address dhcp ipv6 enable (Interface Configuration) Use the ipv6 enable command in Interface Configuration mode to enable IPv6 on a routing interface. Use the no form of this command to reset the IPv6 configuration to the defaults. Syntax ipv6 enable no ipv6 enable Default Configuration IPv6 is not enabled by default.
Default Configuration By default, IPv6 is not enabled on the out-of-band port. Command Mode Interface (out-of-band) Configuration mode User Guidelines This command is not necessary if an IPv6 address has been assigned to the interface. This command is only valid for switches equipped with an out-ofband interface. ipv6 gateway (OOB Configuration) Use the ipv6 gateway command in Interface (out-of-band) Configuration mode to configure the address of the IPv6 gateway.
show hosts Use the show hosts command in User Exec mode to display the default domain name, a list of name server hosts, and the static and cached list of host names and addresses. Syntax shows hosts [hostname]. • hostname—(Range: 1–255 characters). The command allows spaces in the host name when specified in double quotes. For example, console(config)#show hosts “host name” Default Configuration This command has no default configuration.
show ip address-conflict Use the show ip address-conflict command in User Exec or Privileged Exec mode to display the status information corresponding to the last detected address conflict. Syntax show ip address-conflict [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration.
Term Description Time Since Conflict The time in days, hours, minutes, and seconds since the last Detected address conflict was detected. Example console#show ip address-conflict Address Conflict Detection Status...Conflict Detected Last Conflicting IP Address.........10.131.12.56 Last Conflicting MAC Address........00:01:02:04:5A:BC Time Since Conflict Detected........5 days 2 hrs 6 mins 46 secs console#show ip address-conflict Address Conflict Detection Status..............
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N3100-ON/N4000 series switches. This command is not available on the N1100-ON Series switches. Example console#show ip helper-address IP helper is enabled Interface UDP Port Discard Hit Count Server Address -------------------- ----------- ---------- ---------- ---------------vlan 25 domain No 0 192.168.40.2 vlan 25 dhcp No 0 192.168.40.
Example console#show ipv6 dhcp interface out-of-band statistics DHCPv6 Client Statistics ------------------------DHCPv6 Advertisement Packets Received.......... DHCPv6 Reply Packets Received.................. Received DHCPv6 Advertisement Packets Discard.. Received DHCPv6 Reply Packets Discarded........ DHCPv6 Malformed Packets Received.............. Total DHCPv6 Packets Received.................. DHCPv6 Solicit Packets Transmitted............. DHCPv6 Request Packets Transmitted.............
IPv6 Prefix is..................FE80::21E:C9FF:FEAA:AD79/64 ::/128 IPv6 Default Router.............FE80::A912:FEC2:A145:FEAD Configured IPv6 Protocol........None IPv6 AutoConfiguration mode............Enabled Burned In MAC Address...........001E.C9AA.
Line Commands This section explains the following commands: accounting line authorization login authentication enable authentication login-banner exec-banner motd-banner exec-timeout password (Line Configuration) history show line history size speed terminal length Authentication commands related to line configuration mode are in DHCP Client Commands. accounting Use the accounting command in Line Configuration mode to apply an accounting method to a line config.
Default Configuration Accounting is not enabled by default. Command Mode Line Configuration User Guidelines When enabling accounting for exec mode for the current line-configuration type, users logged in with that mode will be logged out. Examples Use the following command to enable exec type accounting for telnet. console(config)#line telnet console(config-telnet)# accounting exec default authorization Use the authorization command to apply a command authorization method to a line config.
Default Configuration Authorization is not enabled on any line method by default. Command Mode Line console, line telnet, line SSH User Guidelines When command authorization is configured for a line-mode, the switch sends information about the entered command to the method specified in the command list. The authorization method validates the received command and responds with either a PASS or FAIL response. If approved, the command is executed.
Default Configuration Uses the default set with the command aaa authentication enable. Command Mode Line Configuration mode User Guidelines Use of the no form of the command does not disable authentication. Instead, it sets the authentication list to the default list (same as enable authentication default). Example The following example specifies the default authentication method when accessing a higher privilege level console.
User Guidelines The exec banner can consist of multiple lines. Enter a quote to complete the message and return to configuration mode. Example console(config-telnet)# no exec-banner exec-timeout Use the exec-timeout command in Line Configuration mode to set the interval that the system waits for user input before timeout. To restore the default setting, use the no form of this command. Syntax exec-timeout minutes [seconds] no exec-timeout • • minutes — Integer that specifies the number of minutes.
history Use the history command in Line Configuration mode to enable the command history function. To disable the command history function, use the no form of this command. Syntax history no history Default Configuration The default value for this command is enabled. Command Mode Line Interface mode User Guidelines This command has no user guidelines. Example The following example disables the command history function for the current terminal session.
Default Configuration The default command history buffer size is 10. Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the command history buffer size to 20 commands for the current terminal session. console(config-line)#history size 20 line Use the line command in Global Configuration mode to identify a specific line for configuration and enter the line configuration command mode.
User Guidelines The default authentication list for telnet and SSH is enableNetList. The enableNetList uses a single method: enable. This implies that users accessing the switch via telnet or SSH must have an enable password defined in order to access privileged mode. Alternatively, the administrator can set the telnet and ssh lists to enableList, which has the enable and none methods defined.
Default Configuration Uses the default set with the command aaa authentication login. Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example specifies the default authentication method for a console. console(config)# line console console(config-line)# login authentication default login-banner Use the login-banner command to enable login banner on the console, telnet or SSH connection. To disable, use the no form of the command.
Example console(config-telnet)# no login-banner motd-banner Use the motd-banner command to enable motd on the console, telnet or SSH connection. To disable, use the no form of the command. Syntax motd-banner no motd-banner • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Line Configuration User Guidelines This command has no user guidelines.
• • password — Password for this level. (Range: 8- 64 characters) The special characters allowed in the password include ! # $ % & ‘ ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. User names can contain blanks if the name is surrounded by double quotes. encrypted — Encrypted password to be entered, copied from another switch configuration. Default Configuration No password is specified. Command Mode Line Configuration mode User Guidelines This command has no user guidelines.
Command Mode User Exec and Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console(config-telnet)#show line Console configuration: Serial Port Login Timeout (mins) (secs)........ Baud Rate (bps)................................ Character Size (bits).......................... Flow Control................................... Stop Bits...................................... Parity.........................................
Default Configuration This default speed is 9600 for all platforms other than the N1100ON/N2100/N3100 Series switches. The N1100-ON/N2100/N3100 Series switches default to 115200 BAUD. Command Mode Line Interface (console) mode User Guidelines This configuration applies only to the current session. Example The following example configures the console BAUD rate to 9600. console(config-line)#speed 9600 terminal length Use the terminal length command to set the terminal length.
User Guidelines Setting the terminal length to 0 disables paging altogether. It is recommended that the terminal length either be set to 0 or a value larger than 4 as terminal lengths in the range of 1 to 4 may give odd output due to prompting. The terminal length command is specific to the current session. Logging out, rebooting or otherwise ending the current session will require that the command be reentered.
PHY Diagnostics Commands This section explains the following commands: show copper-ports tdr test copper-port tdr show fiber-ports optical-transceiver – show copper-ports tdr Use the show copper-ports tdr command to display the stored information regarding cable lengths. Syntax show copper-ports tdr [interface] • interface — A valid Ethernet interface identifier. Default Configuration This command has no default configuration.
Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 OK Short 50 13:32:00 23 July 2004 Test has not been performed Open 128 13:32:08 23 July 2004 Fiber - show fiber-ports optical-transceiver Use the show fiber-ports optical-transceiver command to display the optical transceiver diagnostics. Syntax show fiber-ports optical-transceiver [interface] • interface — A valid SFP, XFP or SFP+ port. Default Configuration This command has no default configuration.
test copper-port tdr Use the test copper-port tdr command to diagnose with Time Domain Reflectometry (TDR) technology the quality and characteristics of a copper cable attached to a 1GBaseT or 10GBaseT port. Syntax test copper-port tdr interface • interface — A valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines. This command prompts the user to shut down the port for the duration of the test.
console#test copper-port tdr te2/0/3 This command takes the port offline to measure the cable length. Use the show copper-port tdr command to view the results..
Power Over Ethernet Commands The Dell EMC Networking PoE solution implements the PoE+ specification (IEEE 802.3at) for power sourcing equipment (PSE). IEEE 802.3at allows power to be supplied to Class 4 PD devices that require power up to 34.2 Watts. This allows the PoE+ enabled network switches and routers to be used for deployment with devices that require more power than the 802.3AF specification allows. PoE+ 802.3at is compatible with 802.3AF.
The Dell EMC Networking PoE solution also provides a global usage threshold feature in order to limit the PoE switch from reaching an overload condition. The operator can specify the limit as a percentage of the maximum power. NOTE: PoE commands are only applicable to copper ports.
User Guidelines Auto enables the switch to deliver power to the powered device. The power inline management parameter should be set to class-based mode to enable power negotiation via LLDP-MED. Dell EMC Networking PoE-enabled ports should not be connected to other Power Sourcing Equipment (PSE) with PoE enabled. If the switch detects PSE equipment supplying power to a port, PoE power is disabled on the port.
Command Mode Global Configuration mode User Guidelines If no unit number is specified, the entire stack is configured. If the detection mode is configured at dot3at, class-based allocation will reserve the full amount of power (33W). To use legacy 802.3af allocation, configure detection as dot3at+legacy. Command History Release 6.3.6 deprecates the legacy-only parameter in favor of dot3at+legacy as the legacy-only capability is not present in the hardware.
• • • In class mode, the port limit is twice the class power. In dynamic mode, up to 62W may be delivered. In static mode, the port is limited to the configured limit. Use this command only with devices that require up to 60W of power. Command History Introduced in version 6.3.0.1 firmware.
User Guidelines User defined limits are only operational if the power management mode is configured as static. By default, the power management mode is dynamic. If the operator attempts to set a user-defined limit and the power management mode is not configured as static, a warning is issued. On systems that support four-pair power, the UI does not check the limit against the port capability or the configuration. To deliver 60W power, ensure that the port is configured in four-pair mode.
console(config)#power inline management static console(config)#interface gi1/0/2 console(config-if-Gi1/0/2)#power inline four-pair forced console(config-if-Gi1/0/2)#power inline limit user-defined 50000 This example displays an interface configured in four-pair power mode.
• • • static—Static power management class—Class-based power management unit-id—A stack unit ID. Default Configuration Default management is dynamic. Command Mode Global Configuration User Guidelines If no unit is specified, all members of the stack are configured. Static, dynamic and class-based modes differ in how the available power is calculated and how much power may be delivered to the Powered Device.
Port Configuration ================== Port Powered Device State Priority Status Class Power[mW] --------- ---------------------- ----- -------- ----------- ------ --------Gi1/0/1 auto Low Searching Unknown Gi1/0/2 auto Low Searching Unknown Gi1/0/3 auto Low Searching Unknown Gi1/0/4 auto Low Searching Unknown Command History Description revised in version 6.3.1.5 release. Description revised in version 6.3.1.6 release. Example revised in 6.4 release.
power inline priority The power inline priority command configures the port priority level, for the delivery of power to an attached device. The switch may not be able to supply power to all connected devices, so the port priority is used to determine which ports will supply power if adequate power capacity is not available for all enabled ports. For ports that have the same priority level, the lower-numbered port has higher priority.
Syntax power inline reset Default Configuration This command has no default configuration. Command Mode Interface Configuration User Guidelines This command is useful if the port is stuck in an Error state. Power to the powered devices may be interrupted as the port is reset. power inline usage-threshold The power inline usage-threshold command configures the system power usage threshold level at which lower priority ports are disconnected.
User Guidelines If no unit number is specified, all stack members are configured. The power limit beyond which ports are disconnected has a configurable range as a percentage of total available power for the individual unit. The maximum power available is given in the table shown in the power inline management command. The usage threshold check calculates the actual consumed power and compares it against the (unit power maximum multiplied by the threshold)/100.
show power inline Use the show power inline command to report current PoE configuration and status. If no port is specified, the command displays global configuration and status of all the ports. If a port is specified, then the command displays the details for the single port. Use the detailed parameter to show power limits, detection type and high power mode for the interface. Syntax show power inline [interface-id] [detailed] • interface-id—Any PoE-capable Ethernet interface.
Output Volts................................... 53 Output Current................................. 0 Temperature.................................... 39 In the next example, the port is specified and the command displays the details for the single port. The detected class and power is shown, followed by the power limit configuration. Then port counters, voltage, current and temperate are displayed.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays the PoE firmware version for each stack member individually.
RMON Commands The Dell EMC Networking SNMP component includes an RMON (remote monitoring) agent. RMON is a base technology used by network management applications to manage a network. Troubleshooting and network planning can be accomplished through the network management applications. The network monitor monitors traffic on a network and records selected portions of the network traffic and statistics. The collected traffic and statistics are retrieved using SNMP.
no rmon alarm number • • • • • • • • • • number—The alarm index. (Range: 1–65535) variable—A fully qualified SNMP object identifier that resolves to a particular instance of a MIB object. interval—The interval in seconds over which the data is sampled and compared with the rising and falling thresholds. (Range: 1– 2147483647) rising-threshold value—Rising Threshold value. (Range: -2147483648 – 2147483647) falling-threshold value—Falling Threshold value.
User Guidelines This command has no user guidelines. Example The following example configures the following alarm conditions: • • • • • • • Alarm index — 1 Variable identifier — 1.3.6.1.2.1.2.2.1.10.5 Sample interval — 10 seconds Rising threshold — 500000 Falling threshold — 10 Rising threshold event index — 1 Falling threshold event index — 1 console(config)#rmon alarm 1 1.3.6.1.2.1.2.2.1.1.10.
Default Configuration The buckets configuration is 50. The interval configuration is 1800 seconds. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode. User Guidelines This command cannot be executed on multiple ports using the interface range command. Example The following example enables a Remote Monitoring (RMON) MIB history statistics group on port 1/0/8 with the index number “1” and a polling interval period of 2400 seconds.
• owner—Enter a name that specifies who configured this event. If unspecified, the name is an empty string. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures an event with the trap index of 10. console(config)#rmon event 10 log rmon hcalarm Use the rmon hcalarm to configure high capacity alarms.Use the no form of the command to remove the alarm.
• • • • • • • • absolute—Specifies to use a fixed value for the threshold (Default value). delta—Specifies to use the difference between the current value and the previous value. rising-threshold value-64—Rising threshold value (−(263) to 263 − 1) rising-event-index—Event to trigger when the rising threshold is crossed (1–65535). falling-threshold-high value-64—Falling threshold value (−(263) to 263 − 1) falling-event-index—Event to trigger when the rising threshold is crossed (1–65535).
show rmon alarm Use the show rmon alarm command in User Exec mode to display alarm configuration. Also see the rmon alarm command. Syntax show rmon alarm number • number — Alarm index. (Range: 1–65535) Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays RMON 1 alarms.
Field Description Alarm Alarm index. OID Monitored variable OID. Last Sample Value The statistic value during the last sampling period. For example, if the sample type is delta, this value is the difference between the samples at the beginning and end of the period. If the sample type is absolute, this value is the sampled value at the end of the period. Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds.
show rmon alarms Use the show rmon alarms command in User Exec mode to display the alarms summary table. Syntax show rmon alarms Default Configuration This command has no arguments or keywords. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the alarms summary table: console> show rmon alarms Index OID -------------------------1 1.3.6.1.2.1.2.2.1.10.1 2 1.
show rmon collection history Use the show rmon collection history command in User Exec mode to display the requested group of statistics. Also see the rmon collection history command. Syntax show rmon collection history [{gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
1 2 Gi1/0/1 Gi1/0/1 30 1800 50 50 50 50 CLI Manager show rmon events Use the show rmon events command in User Exec mode to display the RMON event table. Also see the rmon event command. Syntax show rmon events Default Configuration This command has no default configuration.
Example The following example displays the RMON event table. console> show rmon events Index Description Type Community ----- ---------------------1 Errors Log CLI 2 High Broadcast Log-Trap switch Owner ------ Last time sent ------------------Jan 18 2005 23:58:17 Manager Jan 18 2005 23:59:48 show rmon hcalarm Use the show rmon hcalarm command to display high capacity (64-bit) alarms configured with the rmon hcalarm command.
Rising Threshold Status: Positive Falling Threshold High: 20 Falling Threshold Low: 10 Falling Threshold Status: Positive Rising Event: 1 Falling Event: 2 Startup Alarm: Rising Owner: dell-owner console#show rmon hcalarms Index OID Owner ---------------------------------------------2 ifInOctets.1 dell-owner show rmon history Use the show rmon history command in User Exec mode to display RMON Ethernet Statistics history. Also see the rmon collection history command.
Field Description Time Date and Time the entry is recorded. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The number of packets (including bad packets) received during this sampling interval. Broadcast The number of good packets received during this sampling interval that were directed to the Broadcast address.
Field Description Jabbers The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). Dropped The total number of events in which packets were dropped by the probe due to lack of resources during this sampling interval.
console> show rmon history 1 other Sample Set: 1 Owner: Me Interface: Gi1/0/1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 270 Time Dropped Collisions ----------------------------- ----------10-Mar-2005 22:06:00 3 0 10-Mar-2005 22:06:20 3 0 show rmon log Use the show rmon log command in User Exec mode to display the RMON logging table. Syntax show rmon log [event] • event — Event index. (Range: 1–65535) Default Configuration This command has no default configuration.
console> show rmon log Maximum table size: 100 Event Description Time ----- -----------------------------1 Errors Jan 18 2005 23:48:19 1 Errors Jan 18 2005 23:58:17 2 High Broadcast Jan 18 2005 23:59:48 console> show rmon log Maximum table size: 100 (100 after reset) Event Description Time ----- -----------------------------1 Errors Jan 18 2005 23:48:19 1 Errors Jan 18 2005 23:58:17 2 High Broadcast Jan 18 2005 23:59:48 show rmon statistics Use the show rmon statistics command in User Exec mode to display
Field Description Dropped The total number of events in which packets are dropped by the probe due to lack of resources. This number is not always the number of packets dropped; it is the number of times this condition has been detected. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The total number of packets (including bad packets, Broadcast packets, and Multicast packets) received.
Field Description Collisions The best estimate of the total number of collisions on this Ethernet segment. 64 Octets The total number of packets (including bad packets) received that are 64 octets in length (excluding framing bits but including FCS octets). 65 to 127 Octets The total number of packets (including bad packets) received that are between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets).
HC HC HC HC HC Overflow Overflow Overflow Overflow Overflow Pkts Pkts Pkts Pkts Pkts 65 - 127 Octets: 0 HC Pkts 65 - 127 Octets: 0 128 - 255 Octets: 0 HC Pkts 128 - 255 Octets: 0 256 - 511 Octets: 0 HC Pkts 256 - 511 Octets: 0 512 - 1023 Octets: 0 HC Pkts 512 - 1023 Octets: 0 1024 - 1518 Octets: 0 HC Pkts 1024 - 1518 Octets: 0 Switch Management Commands 2058
Serviceability Commands Debug commands cause the output of the enabled trace to display on a serial port or telnet console. Note that the output resulting from enabling a debug trace always displays on the serial port. The output resulting from enabling a debug trace displays on all login sessions for which any debug trace has been enabled. The configuration of a debug command remains in effect the whole login session.
debug bfd debug ip igmp debug ospfv3 show debugging debug cfm debug ip mcache debug ping show supported mibs debug clear debug ip pimdm packet debug rip show supported mibs debug console debug ip pimsm packet debug sflow snapshot bgp debug crashlog debug ipv6 dhcp debug spanningtree write core debug dhcp packet debug ipv6 mcache debug udld – debug dhcp server packet debug ipv6 mld debug vpc – debug dot1ag debug ipv6 pimdm debug vrrp – debug dot1x debug ospf – ip http timeoutp
User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example console#debug aaa accounting debug arp Use the debug arp command to enable tracing of ARP packets. Use the no form of this command to disable tracing of ARP packets. Use of the optional vrf parameter executes the command within the context of the VRF specific routing table.
Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug arp debug authentication interface Use this command to enable Authentication Manager debug traces for the interface.Use the no form of this command to set the debug trace to factory default value.
debug auto-voip Use the debug auto-voip command to enable Auto VOIP debug messages. See the optional parameters to trace H323, SCCP, or SIP packets respectively. Use the “no” form of this command to disable Auto VOIP debug messages. Syntax debug auto-voip [H323 | SCCP | SIP] no debug auto-voip [H323 | SCCP | SIP] Default Configuration Auto VOIP tracing is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution.
Default Configuration Debug is disabled by default. Command Mode Privileged Exec User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example console# configure console(config)# vlan 100 console(config-vlan100)# exit console(config)# interface vlan 100 console(config-if-vlan100)# bfd interval 100 min_rx 100 multiplier 5 debug cfm Use the debug cfm command to enable CFM debugging.
Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example The following examples enables display of CFM events on the console. console#debug cfm event debug clear Use the debug clear command to disable all debug traces.
debug console Use the debug console to enable the display of “debug” trace output on the login session in which it is executed. Debug console display must be enabled in order to view any trace output. The output of debug trace commands appears on all login sessions for which debug console has been enabled. The configuration of this command remains in effect for the life of the login session. The effect of this command is not persistent across resets.
• • • • • • • • proc—Display the process crash log. kernel—Display the kernel crash data. data—Display the crash summary data. deleteall—Delete all existing crash logs. unit-index—An optional specifier identifying the stack unit number from which to obtain the crash log. comp-id— item-number— add-param— Default Configuration By default, this command displays all crash logs for the specified index.
si_code: si_addr: Date/Time: SW ver: 1 0x0 8/13/2011 16:37:31 0.0.0.
$083da883$ osapiSigTrace + 0x14f $083c9ac0$ osapiCrashDump + 0x449 $0804b8f6$ sigsegv_handler + 0xa7 $0012e40c$ ????? $083c73c3$ osapiFree + 0x187 $083c7211$ osapiDebugCorruptHeap + 0x65 $082b05e3$ cliDevShell + 0x2ab $081ed66c$ commandDevShell + 0x373 $0839db78$ ewsCliExec + 0xbf $083a0c22$ ewsCliData + 0x3045 $0839b295$ ewaNetTelnetDataInternal + 0x959 $0839a928$ ewaNetTelnetData + 0x30 $083a7b73$ ewsTelnetParse + 0x2b9 $08387592$ ewsParse + 0x162a $08372fbc$ ewsRun + 0x149 $08395caf$ ewmain + 0x17c $0839
User Guidelines The DHCP client has an internal packet tracing capability. This command turns the packet tracing on. Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example This example enables DHCP client packet tracing for both transmit and receive flows. console#debug dhcp packet The second example is for transmit flow. console#debug dhcp packet transmit The third example is for receive flow.
Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example This example enables DHCP server packet tracing. console#debug dhcp server packet debug dot1ag Use this command to enable or disable the tracing of CFM components for events and CFM PDUs based on the type of packet for reception and transmission.
Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug dot1ag all Dot1ag CCM, LBM, LBR, LTM, LTR tracing enabled. console# console#debug dot1ag events Dot1ag events tracing enabled. console# console#debug dot1ag ccm Dot1ag CCM tracing enabled. console# console#no debug dot1ag ccm Dot1ag CCM tracing disabled. debug dot1x Use the debug dot1x command to enable dot1x packet tracing.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug dot1x packet debug igmpsnooping Use the debug igmpsnooping to enable tracing of IGMP Snooping packets transmitted and/or received by the switch. IGMP Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface.
debug ip acl Use the debug ip acl command to enable debug of IP Protocol packets matching the ACL criteria. Use the “no” form of this command to disable IP ACL debugging. Syntax debug ip acl acl no debug ip acl acl • acl — The number of the IP ACL to debug. Default Configuration Display of IP ACL traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution.
• • • • • • • • • • • vrf vrf-name—Displays aggregate address information associated with the named VRF. ipv4-address—(Optional) The IPv4 address of a BGP peer. Debug traces are enabled for a specific peer when this option is specified. The command can be issued multiple times to enable simultaneous tracing for multiple peers. ipv6-address [interface interface-id]—The IPv6 address of a BGP peer. Debug traces are enabled for a specific peer when this option is specified.
Enabling one of the packet type options enables packet tracing in both the inbound and outbound directions. Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. If the vrf-name is specified, information pertaining to that VRF is displayed. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console#debug ip bgp 10.27.21.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ip dvmrp packet debug ip igmp Use the debug ip igmp command to trace IGMP packet reception and transmission. The receive option traces only received IGMP packets and the transmit option traces only transmitted IGMP packets. When neither keyword is used in the command, then all IGMP packet traces are dumped.
debug ip mcache Use the debug ip mcache command for tracing MDATA packet reception and transmission. The receive option traces only received data packets and the transmit option traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped. Vital information such as source address, destination address, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
Use the no form of this command to disable debug tracing of PIMDM packet reception and transmission. Syntax debug ip pimdm packet [receive | transmit] no debug ip pimdm packet [receive | transmit] Default Configuration Display of PIMDM traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
Default Configuration Display of PIMSM traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ip pimsm packet debug ipv6 dhcp Use the debug ipv6 dhcp command to display debug information about DHCPv6 client activities and to trace DHCPv6 packets to and from the local DHCPv6 client.
Examples console#debug ipv6 dhcp debug ipv6 mcache Use the debug ipv6 mcache command to trace MDATAv6 packet reception and transmission. The receive option traces only received data packets and the transmit option traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped. Vital information such as source address, destination address, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Use the “no” form of this command to disable MLD tracing. Syntax debug ipv6 mld packet [receive | transmit] no debug ipv6 mld packet [receive | transmit] Default Configuration Display of MLD traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution.
no debug ipv6 pimdm packet [receive | transmit] Default Configuration Display of PIMDMv6 traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ipv6 pimdm packet debug ipv6 pimsm Use the debug ipv6 pimsm command to trace PIMSMv6 packet reception and transmission.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ipv6 pimsm packet debug isdp Use the debug isdp command to trace ISDP packet reception and transmission. The receive option traces only received ISDP packets and the transmit option traces only transmitted ISDP packets. When neither keyword is used in the command, then all ISDP packet traces are dumped.
debug lacp Use the debug lacp command to enable tracing of LACP packets received and transmitted by the switch. Use the “no” form of this command to disable tracing of LACP packets. Syntax debug lacp packet no debug lacp packet Default Configuration Display of LACP traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
Syntax debug mldsnooping packet [receive | transmit] no debug mldsnooping packet [receive | transmit] Default Configuration Display of MLD Snooping traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
Command Mode Privileged Exec mode. User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Only IPv4 addresses are supported with the vrf parameter. This command is only available on the N3000/N3100/N4000 switches. Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
Example console#debug ospfv3 packet debug ping Use the debug ping command to enable tracing of ICMP echo requests and responses. This command traces pings on the network port and on the routing interfaces. Use the no form of this command to disable tracing of ICMP echo requests and responses. Use of the optional vrf parameter executes the command within the context of the VRF specific routing table.
Example The following example displays. console#debug ping packet debug rip Use the debug rip command to enable tracing of RIP requests and responses. Use the no form of this command to disable tracing of RIP requests and responses. Syntax debug rip packet no debug rip packet Default Configuration Display of RIP traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution.
Default Configuration Display of sFlow traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug sflow packet debug spanning-tree Use the debug spanning-tree command to trace spanning tree BPDU packet reception and transmission.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug spanning-tree bpdu debug udld Use the debug udld command to enable the display of UDLD packets or event processing. Use the no form of the command to disable debugging.
debug vpc Use the debug vpc command to enable debug traces for the specified protocols. Use the no form of the command to disable all or some of the debug trace display. Syntax debug vpc {peer-keepalive [packet]| peer-link {control-message | datamessage} | peer detection | core} no debug vpc [{peer-keepalive [packet]| peer-link {control-message | datamessage} | peer detection | core] • • • • peer-keepalive—Displays the debug traces for the keepalive state machine transitions.
VPC peer link data message tracing enabled. debug vrrp Use the debug vrrp command to enable VRRP debug protocol messages. Use the no form of this command to disable VRRP debug protocol messages. Syntax debug vrrp all no debug vrrp all Default Configuration The display of VRRP traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution.
• • hostname — Includes the switch host name in the core file name. If not configured, uses the switch MAC address in the core file name. time-stamp—Includes the switch TOD in the core file name. Default Configuration By default, the core file name has no prefix and no host name and uses the time stamp of the switch in the core file name. Command Modes Global Configuration mode User Guidelines The configuration parameters are not validated when this command is entered.
Syntax exception dump {tftp-server ip-address | ftp-server ip-address [username user-name {nopassword | password password} ] | file-path dir | compression | stack-ip-address [protocol {dhcp | static} | add ip-address netmask [gateway]] no exception dump {tftp-server | file-path} • • • • • • • • ip-address—The IPv4 address of a TFTP server. ftp-server—Transfer the core information to an FTP server.
The TFTP or FTP server must be reachable over the out-of-band interface. Front panel ports cannot be used during exception processing. Configuration parameters are not validated when the command is entered. Use the write core test command to validate the configured parameters and that the core dump is likely to succeed. Crash dump retrieval via FTP or TFTP occurs after the system has crashed. During this time, the switch is not available for normal operation.
• • • • • • • • • tftp — Store the core dump on a TFTP server reachable on the out-ofband port. ftp—Enable core transfer to an FTP server reachable on the out-of-band port. user-name—The login id on the FTP server. nopassword—The user id configured on the FTP server does not require a password. password – the user id configured on the FTP server requires a password. password—The password associated with the user id on the FTP server. ip address—The IPv4 address of an FTP or TFTP server.
User Guidelines Crash dump retrieval via FTP or TFTP occurs after the system has crashed. During this time, the switch is not available for normal operation. If no DHCP server is available for assignment of addresses to switches, the exception dump stack-ip-address protocol static add command should be used once for each member of the stack. It is recommended that these addresses be unique in the network.
Bytes Used: 51904512 Bytes Free: 950255616 exception switch-chip-register Use the exception switch-chip-register command to enable dumping the switch chip registers in case of an exception. The register dump is taken only for the master unit and not for the stack member units. Use the no form of the command to disable dumping of the switch-chip registers. Syntax exception switch-chip-register no exception switch-chip-register Default Configuration By default, switch register dumps are disabled.
• seconds—For the idle parameter, the approximate number of seconds after which an idle connection is closed. For the life parameter, the approximate number of seconds since login after which a session is closed. Default Configuration The default values are as follows: • • idle—180 seconds. Range: 1-3600 life—1800 seconds. Range: 1-86400 Command Mode Global Configuration User Guidelines This command configures the timeout for both HTTP and HTTPS sessions.
Syntax show debugging no show debugging Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Enabled packet tracing configurations are displayed.
show exception Use the show exception command to display the core dump configuration parameters, the current or previous exception log, or the core dump file listing. Syntax show exception [log [previous] | core-dump-file] • • • log—Display the current exception log. log previous—Display the previous exception log. core-dump-file—Display the core-dump file listing. Default Configuration This command has no default configuration.
Parameter Description File path File path for TFTP or FTP server Protocol Exception protocol (TFTP, USB, Core default none). Switch-chip-register Include register dump (True or False) Compression mode Compress core file (True or False) Stack IP Address Protocol Obtain switch IP address (DHCP or Static) Example The following example shows the default core transfer values. console(config)#show exception Coredump file name............................. Coredump filename uses hostname................
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.3.0.1 firmware.
USM-TARGET-TAG-MIB DELL-POWER-ETHERNET-MIB POWER-ETHERNET-MIB SFLOW-MIB DELL-SFLOW-MIB DELL-ISDP-MIB DELL-UDLD-MIB DELL-BOXSERVICES-PRIVATE-MIB DIFFSERV-DSCP-TC IANA-ADDRESS-FAMILY-NUMBERS-MIB DELL-DHCPSERVER-PRIVATE-MIB DELL-DHCPCLIENT-PRIVATE-MIB DELL-DNS-RESOLVER-CONTROL-MIB DELL-DENIALOFSERVICE-PRIVATE-MIB DELL-GREENETHERNET-PRIVATE-MIB Ethernet DELL-DEVICE-FILESYSTEM-MIB DELL-KEYING-PRIVATE-MIB Utility LLDP-MIB LLDP-EXT-DOT3-MIB LLDP-EXT-MED-MIB DELL-LLPF-PRIVATE-MIB DISMAN-PING-MIB DNS-SERVER-MI
DNS-RESOLVER-MIB SMON-MIB DELL-OUTBOUNDTELNET-PRIVATE-MIB Telnet DELL-TIMERANGE-MIB DELL-TIMEZONE-PRIVATE-MIB DISMAN-TRACEROUTE-MIB LAG-MIB RFC 1213 - RFC1213-MIB RFC 1493 - BRIDGE-MIB RFC 2674 - P-BRIDGE-MIB RFC 2674 - Q-BRIDGE-MIB RFC 2737 - ENTITY-MIB RFC 2863 - IF-MIB RFC 3635 - Etherlike-MIB DELL-SWITCHING-MIB DELL-INVENTORY-MIB DELL-PORTSECURITY-PRIVATE-MIB INET-ADDRESS-MIB IANAifType-MIB DELL-LOGGING-MIB MAU-MIB DELL-MVR-PRIVATE-MIB DELL-SNTP-CLIENT-MIB DELL-VPC-MIB IEEE8021-PAE-MIB The MIB m
DELL-DOT1X-ADVANCED-FEATURES-MIB Advanced DELL-DOT1X-AUTHENTICATION-SERVERMIB DELL-RADIUS-AUTH-CLIENT-MIB RADIUS-ACC-CLIENT-MIB RADIUS-AUTH-CLIENT-MIB TACACS-CLIENT-MIB DELL-CAPTIVE-PORTAL-MIB DELL-AUTHENTICATION-MANAGER-MIB DELL-MGMT-SECURITY-MIB RFC 1724 - RIPv2-MIB RFC 1850 - OSPF-MIB RFC 1850 - OSPF-TRAP-MIB RFC 2787 - VRRP-MIB DELL-ROUTING-MIB IP-FORWARD-MIB IP-MIB DELL-LOOPBACK-MIB RFC 1657 - BGP4-MIB DELL-BGP-MIB DELL-QOS-MIB DELL-QOS-ACL-MIB DELL-QOS-COS-MIB DELL-QOS-AUTOVOIP-MIB DELL-QOS-DIFFSER
DVMRP-STD-MIB IANA-RTPROTO-MIB DELL-MULTICAST-MIB IPMROUTE-STD-MIB MGMD-STD-MIB DELL-NSF-MIB configure RFC 2465 - IPV6-MIB RFC 2466 - IPV6-ICMP-MIB RFC 3419 - TRANSPORT-ADDRESS-MIB DELL-ROUTING6-MIB DELL-DHCP6SERVER-PRIVATE-MIB DELL-IPV6-LOOPBACK-MIB DELL-IPV6-TUNNEL-MIB Dell-LAN-SYSMNG-MIB Dell-LAN-TRAP-MIB Dell-Vendor-MIB Distance-Vector Multicast Routing Protocol MIB IANA IP Route Protocol and IP MRoute Protocol Textual Conventions The MIB definitions for Multicast Routing Flex package.
Default Configuration There is no default configuration. Command Mode Support mode User Guidelines This command has no user guidelines. Command History Introduced in version 6.2.0.1 firmware. write core Use the write core command to generate a core file on demand and either reboot the switch or test the core file configuration. Syntax write core [test [dest-file-name]] • dest-file-name — The file name used if a tftp-server is configured with the exception dump tftp-server command.
The write core test command is useful for validating the core dump setup. For example, if the protocol is configured as tftp, the command write core test communicates with the tftp server and informs the administrator if the tftp server can be contacted. Similarly, if the protocol is configured as usb, it mounts and unmounts the file system and then informs the administrator regarding the status. Example console#write core The system has unsaved changes.
Sflow Commands sFlow® is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources. The sFlow monitoring system consists of an sFlow Agent (embedded in a switch or router or in a stand-alone probe) and a central sFlow Collector. The sFlow Agent uses sampling technology to capture traffic statistics from the device it is monitoring.
Syntax sflow rcvr_index destination {ip-address [port] | maxdatagram size | owner “owner_string” {notimeout|timeout rcvr_timeout}} no sflow rcvr_index destination [ip-address | maxdatagram | owner] • • • • • • rcvr_index — The index of this sFlow Receiver (Range: 1–8). ip-address — The sFlow receiver IP address. If set to 0.0.0.0, no sFlow datagrams will be sent. size — The maximum number of data bytes that can be sent in a single sample datagram.
User Guidelines An sflow destination entry must have an owner assigned in order for polling or sampling to be operational. The last set of command parameters are optional in the no form of the command. Sflow commands with a timeout value supplied do not show in the running config. Because the timer is actively running, the command is ephemeral and is therefore not shown in the running config.
Command Mode Global Configuration mode. User Guidelines The sflow instance must be configured using the sflow destination owner command before this command can successfully execute. Example console(config)#sflow 1 polling gigabitethernet 1/0/1-10 200 sflow polling (Interface Mode) Use the sflow polling command in Interface Mode to enable a new sflow poller instance for this interface if rcvr_idx is valid. An sflow poller sends counter samples to the receiver.
Example console(config-if-Gi1/0/2)#sflow 1 polling 6055 sflow sampling Use the sflow sampling command to enable a new sflow sampler instance for this data source if rcvr_idx is valid. An sflow sampler collects flow samples to send to the receiver. Use the “no” form of this command to reset sampler parameters to the default.
User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver. Lowering the sampling rate (higher numerical value) will help to ensure that all collected samples can be sent to the receiver. The sflow instance must be configured using the sflow destination owner command before this command can successfully execute.
Command Mode Interface Configuration (Ethernet) mode User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver. Lowering the sampling rate (higher numerical value) will help to ensure that all collected samples can be sent to the receiver.
Command Mode Global Configuration mode User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP). Use the show sflow source-interface command to display the assigned source interface. This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function.
sFlow Version Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: MIB Version: 1.3, the version of this MIB. Organization: Dell Corp. Revision: 1.0 IP Address The IP address associated with this agent. Example console#show sflow agent sFlow Version.......................... 1.3;Dell Inc.;10.23.18.28 IP Address............................. 10.27.21.
Owner String The identity string for receiver, the entity making use of this sFlowRcvrTable entry. Time Out The time (in seconds) remaining before the receiver is released and stops sending samples to sFlow receiver. IP Address The destination IP address (the sFlow receiver host). Address Type 1 for IPv4 and 2 for IPv6. Port The destination Layer4 UDP port for sFlow datagrams. Datagram Version The sFlow record format version. For example, 5 indicates sFlow version 5.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Poller Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Ethernet ports only. Receiver Index The sFlowReceiver associated with this sFlow counter poller.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Sampler Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Ethernet ports only. Receiver Index The sFlowReceiver configured for this sFlow sampler. Packet Sampling Rate The statistical sampling rate for packet sampling from this source.
Command Mode Privileged Exec, Global Configuration, and all sub-modes User Guidelines Use the sflow source-interface command to assign an IP address other than the default for transmitted sFlow packets. This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function.
SNMP Commands The SNMP component provides a machine-to-machine interface for the Dell EMC Networking product family. This includes the ability to configure the network device, view settings and statistics, and upload or download code or configuration images. The agent includes a get-bulk command to reduce network management traffic when retrieving a sequence of Management Information Base (MIB) variables and an elaborate set of error codes for improved reporting to the network control station.
show snmp Use the show snmp command to display the SNMP communications status. Syntax show snmp Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the SNMP communications status.
Port name Sec ---------------- ------- -------------------- ------- ------ -------- --- ----- Version 3 notifications Target Address Type Retries Username Security UDP Filter TO Level Port name Sec ---------------- ------- ------------------ -------- ------ -------- --- ------ System Contact: System Location: Source Interface: SNMP trap Client Source Interface..............
console# show snmp engineID Local SNMP engineID: 08009009020C0B099C075878 show snmp filters Use the show snmp filters command to display the configuration of filters. Syntax show snmp filters filtername • filtername — Specifies the name of the filter. (Range: 1-30) Default Configuration This command has no default configuration.
show snmp group Use the show snmp group command to display the configuration of groups. Syntax show snmp group [groupname] • groupname — Specifies the name of the group. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The group name accepts any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name.
Field Description Views • Read–A string that is the name of the view that enables you only to view the contents of the agent. If unspecified, all the objects except the community-table and SNMPv3 user and access tables are available. • Write–A string that is the name of the view that enables you to enter data and manage the contents of the agent. • Notify–A string that is the name of the view that enables you to specify an inform or a trap.
Syntax show snmp user [username] • username — Specifies the name of the user. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The user name accepts any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name.
Syntax show snmp views [viewname] • viewname — Specifies the name of the view. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following examples display the configuration of views with and without a view name specified.
• • • ospf—Display OSPFv2 specific trap settings. ospfv3—Display OSPFv3 specific trap settings. captive-portal—Display captive-portal specific trap settings. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example #1 console#show trapflags Authentication Flag............................ Auto-copy-sw Flag..............................
lsa: all....................................... overflow: all....................................... retransmit: all....................................... state-change: all....................................... Disabled Disabled Disabled Disabled snmp-server community Use the snmp-server community command in Global Configuration mode to set the community string to allow access to the switch SNMP MIBs. To remove the specified community string, use the no form of this command.
Default Configuration No community is defined. Defaults to read–only access if not specified. Command Mode Global Configuration mode User Guidelines The @ character is reserved for future use. It is not accepted in a community string. The question mark is the CLI help trigger. It may not be used in a community name. The backslash is a programatic escape character. It may not be used in a community name. You cannot specify a view-name for su, which has access to the whole MIB.
snmp-server community-group Use the snmp-server community-group command in Global Configuration mode to map the internal security name for SNMP v1 and SNMP v2 security models to the group name. To remove the specified community string, use the no snmp-server community command. Syntax snmp-server community-group community-string group-name [ipaddress ipaddress] no snmp-server community-group community-string • • • community-string — The SNMP community identifier.
• Maps the internal security-name for SNMPv1 and SNMPv2 security models to the group-name. The community name may include any printable characters except a question mark, a backslash, or an at sign. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character, or reject the entry entirely.
Example The following example displays setting up the system contact point as “Dell_Technical_Support”. console(config)# snmp-server contact Dell_Technical_Support snmp-server enable traps Use the snmp-server enable traps command in Global Configuration mode to enable sending SNMP traps globally or to enable sending individual SNMP traps. Use the no form of this command to disable sending SNMP traps individually or globally.
• • • • • • • • • • • • • • • • • • • • • • • all—Enable all traps (not recommended). auto-copy-sw—Enable traps on automatic download of switch software. bgp state-changes limited—Enable the two traps defined in the standard BGP MIB, RFC 4273. A trap is sent when an adjacency reaches the ESTABLISHED state and when a backward adjacency state transition occurs. captive-portal—Enable captive-portal traps. dot1q—Enable traps on VLAN configuration failures.
Default Configuration SNMP authentication, link, multiple-user, spanning-tree, dot1q, and ACL traps are enabled by default. Port-security traps are enabled by default. Command Mode Global Configuration mode. User Guidelines Use the command with no parameters to globally enable sending of traps. Use the no form of the command with no parameters to globally disable sending of traps without changing the configured traps.
link multiple-users ospf ospfv3 pim port-security snmp spanning-tree vrf vrrp Enable/Disable switch level Link Up/Down trap flag. Configure multiple users login traps. Enable/Disable OSPF Traps. Enable/Disable OSPFv3 Traps. Enable/Disable traps for protocol-independent multicast. Enable/Disable switch level Maclock Violation trap flag. Enable SNMP traps. Configure spanning tree traps. Specify VPN Routing/Forwarding instance. Enable/Disable VRRP trap.
User Guidelines If you want to use SNMPv3, an engine ID is required for the switch. You can specify your own ID or use the default string that is generated using the MAC address of the device. If the SNMPv3 engine ID is changed, or the configuration file is erased, then SNMPv3 cannot be used until the SNMPv3 users are reconfigured.
• • • oid-tree — Specifies the object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system. Replace a single subidentifier with the asterisk (*) wild card to specify a subtree family; for example, 1.3.*.4. included — Indicates that the filter type is included. excluded — Indicates that the filter type is excluded. Default Configuration No filter entry exists.
snmp-server group Use the snmp-server group command in Global Configuration mode to configure a new Simple Management Protocol (SNMP) group or a table that maps SNMP users to SNMP views. To remove a specified SNMP group, use the no form of this command.
• writeview — A string that is the name of the view that enables the user to enter data and configure the contents of the agent. If unspecified, nothing is defined for the write view. (Range: 1-30 characters.) Default Configuration No group entry exists. There will be some default groups for Read/Write/Super users. These groups cannot be deleted or modified by the user. This command is used only to configure the user-defined groups.
• • • • • • • • • • host-addr—Specifies the IP address of the host (targeted recipient) or the name of the host. Both IPv4 and IPv6 addresses are accepted.(Range:1-158 characters) community-string—Specifies a password-like community string sent with the notification operation. (Range: 1-20 characters). The community-string may include any printable characters except a question mark, a backslash, or an at sign. traps —Indicates that SNMP traps are sent to this host.
User Guidelines If a DNS host name is entered instead of an IP address, the switch attempts to resolve the host name immediately using DNS. Use the ip domain-lookup command and the ip name-server command to enable resolution of DNS host names. Example The following example enables SNMP traps for host 192.16.12.143. console(config)# snmp-server host 192.16.12.
console(config)# snmp-server location New_York snmp-server user Use the snmp-server user command in Global Configuration mode to configure a new SNMP Version 3 user. To delete a user, use the no form of this command.
• • • • • • • priv-des-key — CBC-DES Symmetric Encryption privacy mode. The administrator should enter a pre-generated DES encryption key. des-key — The pregenerated DES encryption key. The length is determined by the authentication method selected . Enter 32 hex characters if MD5 Authentication is selected, 40 hex characters if SHA Authentication is selected. priv-3des— The CBC 3DES Symmetric Encryption privacy level. Enter a shared password to generate the key.
Example The following example configures an SNMPv3 user “John” in group “usergroup”. console(config)# snmp-server user John user-group snmp-server view Use the snmp-server view command in Global Configuration mode to create or update a Simple Network Management Protocol (SNMP) server view entry. To delete a specified SNMP server view entry, use the no form of this command.
User Guidelines A view is a set of ASN.1 objects the SNMP server is allowed to access. Multiple view statements may be entered for a particular view. This command can be entered multiple times for the same view record. The view name accepts any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name.
• • • • • • • • • • • hostname — Specifies the name of the host. (Range: 1-158 characters.) The command allows spaces in the host name when specified in double quotes. For example, #snmp-server v3-host “host name”. Note that the switch will not resolve host names that are not in conformance with RFC 1035. username — Specifies user name used to generate the notification. (Range: 1-30 characters.) traps — Indicates that SNMP traps are sent to this host.
User Guidelines The username can include any printable characters except a question mark. Enclose the string in double quotes to include spaces within the key. The surrounding quotes are not used as part of the key. The CLI does not filter illegal characters but may accept entries up to the first illegal character or reject the entry entirely. Example The following example configures an SNMPv3 host, and sets it to send SNMP INFORMS with user name John using authentication without encryption.
Default Configuration By default, the switch uses the assigned switch IP address as the source IP address for SNMP packets. This is either the IP address assigned to the VLAN from which the SNMP packet originates or the out-of-band interface IP address. Command Mode Global Configuration User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP). This command is not supported on Dell EMC N1100-ON switches.
SupportAssist Commands The commands in this section enable configuration of SupportAssist. Commands in this Section This section explains the following commands: eula-consent proxy-ip-address contact-company server contact-person show eula-consent support-assist enable show support-assist status proxy-ip-address support-assist – url eula-consent Use the eula-consent command to accept or reject the end-user license agreement (EULA) for the SupportAssist service.
User Guidelines Messages are shown for both the accept and reject use cases with information directing the user to URLs for further information. If the user rejects or has not yet accepted the EULA, the configuration mode for the specified service will not be usable. If there is existing configuration for that feature, the configuration will not be removed but the feature will be disabled. This command can be executed multiple times. It overwrites the previous information each time.
downloading SupportAssist on behalf of a company or other legal entity, you are further certifying to Dell that you have appropriate authority to provide this consent on behalf of that entity. If you do not consent to the collection, transmission and/or use of the Collected Data, you may not download, install or otherwise use SupportAssist. Example 2 console(config)# eula-consent support-assist reject I do not accept the terms of the license agreement.
Command Mode Support Assist Configuration User Guidelines This information is transmitted to Dell if the SupportAssist service is enabled. This command can be executed multiple times. It overwrites the previous information each time. The collected information is stored in the runningconfig. The administrator must write the configuration in order to persist it across reboots. Command History Introduced in version 6.3.0.1 firmware.
• • phone—The complete phone number. Maximum of 23 printable characters. preferred-method—The preferred method of contact. May be either email or phone. Default Configuration No contact person information is populated by default. Command Mode Support Assist Configuration User Guidelines The email address must conform to RFC 5322 sections 3.2.3 and 3.4.1 and RFC 5321. Additionally, the character set is further restricted to ASCII characters.
Syntax enable no enable Default Configuration By default, the default server is enabled. It may be disabled using the no enable form of the command. Command Mode Support Assist Configuration User Guidelines Only one SupportAssist server may be enabled. If contact with the server fails, the switch sleeps for the quiet period (default 1 hour) before attempting contact again. Command History Introduced in version 6.3.0.1 firmware.
• • • • • ipv6-address — The IPv6 address of the proxy server in IPv6 notation. port-number — The TCP port number of the proxy server. Range 165535. Default 443. userid— The user name used to log into the proxy server. encryption-type— 0 indicates an unencrypted password. 7 indicates an encrypted password. password— An unencrypted or encrypted password. Maximum length is 64 characters for an unencrypted password. Encrypted passwords must be 128 characters in length.
• server-name — The server name has a maximum length of 20 characters. Any printable character may be used in the server name other than a question mark. Enclose the server name in quotes if an embedded blank is desired in the server name. Default Configuration A default server named “default” exists at URL stor.g3.ph.dell.com. This server is pre-configured and may not be removed or modified other than to disable it.
Default Configuration The SupportAssist EULA is Accepted by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Acceptance of the SupportAssist EULA is enabled by default. Command History Introduced in version 6.3.0.1 firmware.
this consent on behalf of that entity. If you do not consent to the collection, transmission and/or use of the Collected Data, you may not download, install or otherwise use SupportAssist. show support-assist status Use the show support-assist status command to display information on SupportAssist feature status including any activities, status of communication, last time communication sent, etc. Syntax show support-assist status Default Configuration This command has no defaults.
support-assist Use the support-assist command to enable support-assist configuration mode if the EULA has been accepted. Use the no form of the command to remove the configured SupportAssist information. Syntax support-assist no support-assist Default Configuration By default, a server named “default” is configured. It may be disabled by the administrator. Command Mode Global Configuration User Guidelines This command enters support-assist-conf mode.
SupportAssist EULA has not been accepted. SupportAssist cannot be configured until the SupportAssist EULA is accepted. console(config)# url Use the url command to configure the URL to reach on the SupportAssist remote server. Use the no form of the command to remove the URL information.
console(config)support-assist console(conf-support-assist)#server new console(conf-support-assist-new)#url https://stor.g3.ph.dell.
SYSLOG Commands The Dell EMC Networking supports a centralized logging service with support for local in-memory logs, crash dump logs, and forwarding messages to syslog servers. All switch components use the logging service.
<189> Oct 24 02:10:26 10.27.23.197-1 CMDLOGGER[emWeb]: cmd_logger_api.c(83) 438 %% NOTE CLI:EIA-232::logging buffered info If enabled, the CLI command logger subsystem begins to log commands immediately after the user is authenticated. After authentication, the CLI generates an explicit message and invokes the command logger. The format of the message at login is: <189> Jan 10 18:58:56 10.27.21.22-2 CMDLOGGER[209809328]: cmd_logger_api.c(83) 361 %% NOTE CLI:10.27.21.
clear logging Use the clear logging command to clear messages from the internal logging buffer. Syntax clear logging Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example clears messages from the internal syslog message logging buffer.
User Guidelines This command has no user guidelines. Example The following example shows the clear logging file command and confirmation response. console#clear logging file Clear logging file [y/n] description (Logging) Use the description command in Logging mode to describe the SYSLOG server. Syntax description description • description — Sets the description of the syslog server. (Range: 1-64 characters.) Default Configuration This command has no default value.
level Use the level command in Logging mode to specify the severity level of SYSLOG messages. To reset to the default value, use the no form of the command. Syntax level no level • level—The severity level for syslog messages. (emergencies, alerts, critical, errors, warnings, notifications, informational, debugging) Default Configuration The default value for level is info.
Syntax logging cli-command no logging cli-command Default Configuration Disabled Command Mode Global Configuration User Guidelines See the CLI commands by using the show logging command. Example console(config)#logging cli-command console(config)#do show logging console#show logging Logging is enabled Logging protocol version: 0 Source Interface............................... Default Console Logging: Level warnings.
<189> Jan 10 18:59:27 10.27.21.22-2 TRAPMGR[209809328]: traputil.c(614) 372 %% Multiple Users: Unit: 0 Slot: 5 Port: 1 <189> Jan 10 18:59:27 10.27.21.22-2 CMDLOGGER[209809328]: cmd_logger_api.c(83) 373 %% NOTE CLI:10.27.21.22:admin:User admin logged in <190> Jan 10 18:59:27 10.27.21.22-2 CLI_WEB[209809328]: cmd_logger_api.c(260) 374 %% INFO [CLI:admin:10.27.21.22] User has successfully logged in <190> Jan 10 18:59:28 10.27.21.22-2 CLI_WEB[209809328]: cmd_logger_api.c(260) 375 %% INFO [CLI:admin:10.27.21.
Command Mode Global Configuration mode User Guidelines A signed X509 certificate must be present on the switch in order for DTLS (logging protocol 1) to operate. See the crypto commands for further information on certificates. Up to eight syslog servers can be configured. The Dell EMC Networking uses the local7(23) facility in the syslog message by default. Syslog messages will not exceed 96 bytes in length. Syslog protocol version 0 messages use the following format: <190> Jan 01 00:00:06 0.0.0.
Stack ID The assigned stack ID. 1 is used for systems without stacking capability. The top of stack is used to collect messages for the entire stack. Component Name Component name for the logging component. Components must use the new APIs in order to enable identification of the logging component. Component UNKN is substituted for components that do not use the new logging APIs. Thread ID The thread ID of the logging component. File Name The name of the file containing the invoking macro.
Example console(config)#logging audit logging buffered Use the logging buffered command in Global Configuration mode to limit syslog messages displayed from an internal buffer based on severity. To cancel the buffer use, use the no form of this command. Syntax logging buffered [severity–level] no logging buffered • severity–level—(Optional) The number or name of the desired severity level.
the large number of messages generated, can adversely affect switch operations. Only set the logging level to debug under the direction of support personnel. Example The following example limits syslog messages collected in the internal buffer to those of severity level “error” and above (numerically lower). console(config)#logging buffered error logging console Use the logging console command in Global Configuration mode to limit messages logged to the console based on severity.
User Guidelines Messages at the selected level and above (numerically lower) are displayed on the console. Debug level messages are intended for use by support personnel. The output is voluminous, cryptic, and because of the large number of messages generated, can adversely affect switch operations. Only set the logging level to debug under the direction of support personnel. Example The following example limits messages logged to the console based on severity level “alerts”.
logging file Use the logging file command in Global Configuration mode to limit SYSLOG messages sent to the logging file based on severity. To set the default logging level, use the no form of this command. Syntax logging file [severity–level-number | type] no logging file • severity–level—(Optional) The number or name of the desired severity level.
Example The following example limits SYSLOG messages stored in the logging file to severity level “warnings” and above (numerically lower). console(config)#logging file warnings logging monitor Use the logging monitor command in Global Configuration mode to enable logging messages to telnet and SSH sessions with the default severity level. Use the no logging monitor command to disable logging messages.
User Guidelines Messages logged to the console are filtered based on severity. Selecting a severity level will log that severity and higher (numerically lower) level messages. logging on Use the logging on command in Global Configuration mode to control error messages logging. This command globally enables the sending of logging messages to the currently configured locations. To disable the sending of log messages, use the no form of this command.
logging protocol Use this command to log messages in RFC5424 format, including time zone and subsecond resolution time stamps. Use the no form of this command to set the logging to the default format. Syntax logging protocol {protocol-selector} no logging protocol • protocol-selector—One of the following: – 0 – Generate RFC3164 format messages – 1 – Generate RFC5424 format messages Default Configuration Messages are logged in RFC3164 format by default (logging protocol 0).
console(config)#logging protocol 0 console(config)# <190> Oct 18 07:09:15 0.0.0.0-1 RADIUS[radius_task]: radius_api.c(10450) 58 %% INFO RADIUS: Sending Radius server state change event to interested users: 1 <189> Oct 18 07:09:15 0.0.0.0-1 TRAPMGR[trapTask]: traputil.c(721) 26 %% NOTE Unit 1 is the new stack master, Old stack master unit is 0 The following example shows the logging format when logging protocol is set to 1. console(config)#logging protocol 1 console(config)# <190>1 2017-10-18T07:09:23.
no logging snmp Default Configuration By default, logging snmp is disabled. Command Mode Global Configuration mode User Guidelines To see SNMP Set command logs use the show logging command. Example console(config)#logging snmp logging source-interface Use the logging source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted SYSLOG packets. Use the no form of the command to revert to the default IP address.
User Guidelines This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function.. Command History Introduced in version 6.3.0.1 firmware.
– info (6) – debug (7) Default Configuration The default severity level is info(6). Command Mode Global Configuration mode User Guidelines You can filter log messages that appear in the buffered log by severity level. You can specify the severity level of log messages that are e-mailed.
Example console(config)#logging web-session <133> Jan 12 13:51:55 10.130.185.29-6 CLI_WEB[emWeb]: cmd_logger_api.c(140) 9788 %% NOTE WEB:10.130.65.150:admin:session[0] created <133> Jan 12 13:51:55 10.130.185.29-6 CLI_WEB[emWeb]: cmd_logger_api.c(140) 9789 %% NOTE WEB:10.130.65.150:admin:User admin logged in port Use the port command in Logging mode to specify the port number of a SYSLOG server to which SYSLOG messages are sent. To reset to the default value, use the no form of the command.
show logging Use the show logging command to display all logging information, including auditing status and logging protocol version. Syntax show logging Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Command History Updated output in version 6.5.
Syslog Server Details: 0.0.0.0 : Level informational. Messages : 0 dropped 0 Messages dropped due to lack of resources Buffer Log: <186> Oct 18 07:09:12 0.0.0.0-1 General[fp_main_task]: bootos.c(191) 10 %% CRIT Event(0xaaaaaaaa) <189> Oct 18 07:09:12 0.0.0.0-1 BSP[fp_main_task]: bootos.c(175) 9 %% NOTE BSP initialization complete, starting switch firmware. <190> Oct 18 07:09:12 0.0.0.0-1 OSAPI[fp_main_task]: osapi_crash.c(1297) 8 %% INFO Oldest crashlog (5) will be deleted if another crash happens.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the state of logging messages sorted in the logging file.
User Guidelines This command has no user guidelines. Example The following example displays the SYSLOG server settings. console#show syslog-servers IP address Port Severity Description ---------------------------------------------192.180.2.275 14 Info 7 192.180.2.
Use the no terminal monitor command to disable the display of system messages on the terminal for Telnet and SSH sessions. Use the logging monitor command to display logging messages in a Telnet or SSH session. Terminal monitor and logging monitor are enabled on console sessions by default. Example This example enables the display of system messages and logging messages on the current telnet session.
System and Stack Management Commands This section explains the following commands: asset-tag member show interfaces show system banner exec memory free lowwatermark show interfaces show system fan advanced firmware banner login nsf show interfaces utilization show system id banner motd ping show memory cpu show system power banner motd acknowledge process cpu threshold show nsf show system temperature buffers quit show power-usage- show tech-support history clear checkpoint statistics
logout show hardware profile show switch update bootcode asset-tag Use the asset-tag command in Global Configuration mode to specify the switch asset tag. To remove the existing asset tag, use the no form of the command. Syntax asset-tag [unit] tag no asset-tag [unit] • • unit — Switch number. (Range: 1–12) tag — The switch asset tag. Default Configuration No asset tag is defined by default.
banner exec Use the banner exec command to set the message that is displayed after a successful login. Use the no form of the command to remove the set message. Syntax banner exec MESSAGE no banner exec • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The exec message may consist of multiple lines. Enter a quote to complete the message and return to configuration mode.
Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The login banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed. Different terminal emulators will exhibit different behaviors when logging in over SSH.
User Guidelines The motd banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed. The motd banner is usually displayed prior to logging into the switch, although some protocols, for example SSH, may enforce different behavior. See the user guidelines for banner motd acknowledge for some examples.
User Guidelines Various terminal emulators exhibit different behaviors with regards to the MOTD and the acknowledge prompt, for example, TeraTerm and putty. There are also different behaviors based upon the protocol used (SSH versus telnet). See below for some examples where the MOTD prompt occurs either before or after the acknowledge prompt. The banner motd in this example is “If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911.
[root@kevin ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911. Please, be advised this unit is under test by Kevin. dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test.
Syntax buffers {rising-threshold rising-threshold-val | falling-threshold fallingthreshold-val | severity severity-level} no buffers {rising-threshold | falling-threshold | severity } • • • rising-threshold-val—The rising message buffer threshold over which a trap will be issued. This is a percentage of messages buffers utilized and ranges from 0 to 100. falling-threshold-val—The falling threshold value.
The falling-threshold-val should be configured to be less than or equal to the rising-threshold-val. Command History Introduced in version 6.2.0.1 firmware. Example console(config)#buffers rising-threshold 90 clear checkpoint statistics Use the clear checkpoint statistics command to clear the statistics for the checkpointing process. Syntax clear checkpoint statistics Default Configuration This command has no default configuration.
Syntax clear counters stack-ports Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command resets all statistics shown by the show switch stack-ports counters and the show switch stack-ports diag commands. Example console#clear counters stack-ports connect Use this command to connect the serial console of a different stack member to the local unit.
User Guidelines This command is available from the Unit prompt on a member unit serial port. The user need not be currently connected over the serial port to connect to another unit. The stack member being connected to must be up and running and connected as part of the stack. This command connects the the serial console from the target stack member to the local unit. There is only one console session allowed per stack.
no cut-through mode Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines Cut-through mode is only supported on Dell EMC Networking N4000 series switches. It is not supported on Dell EMC Networking N1100ON/N1500/N2000/N2100-ON/N3000/N3100-ON Series switches. Example console(config)#cut-through mode The mode (enable) is effective from the next reload of Switch/Stack. disconnect Use the disconnect command to detach a UI session.
It is not possible to disconnect the EIA-232 (serial console) session. exit Use this command to disconnect the serial connection to a remote unit. Syntax exit Default Configuration There is no default configuration for this command. Command Modes User Exec mode on stack master. Unit prompt on the stack member. User Guidelines This command is available in User Exec mode on the master unit serial port and from the Unit prompt on member unit serial ports.
To disconnect a remote session to the stack master established from a stack member.
This command takes effect only after rebooting the switch. hostname Use the hostname command in Global Configuration mode to specify or modify the switch host name. To restore the default host name, use the no form of the command. Syntax hostname name no hostname • name — The name of the host. (Range: 1–255 characters) The command allows spaces in the host name when specified in double quotes. For example, #snmp-server v3-host “host name”. Default Configuration No host name is configured.
initiate failover To manually force a failover from the management unit to the backup unit in a stack, use the initiate failover command in Stack Configuration mode. The initiate failover command checks for stack port errors and NSF synchronization prior to initiating failover. If stack port errors are found, or if the NSF status is not synchronized, a message is displayed and the user is prompted to continue or abort the operation (see example, below).
Example-Stack Port Errors console(config-stack)#initiate failover Warning! Stack errors detected on the following interfaces: Interface ---------------Gi1/0/1 Gi1/0/3 Error Count ---------------12 22 NSF Status: Not synchronized Stack port errors or lack of NSF synchronization may indicate a non-redundant stack topology exists. Fail-over on a non-redundant topology may cause the stack to split! Management unit will be reloaded.
User Guidelines This command has no user guidelines. Example console(config-if-Gi1/0/1)#load-interval 150 locate Use the locate command to locate a switch by LED blinking. Syntax locate [switch unit] [time time] • • switch unit—If multiple devices are stacked, you can choose which switch to identify. time time —LED blinking duration in seconds. Range 1-3600 seconds. Default Configuration Default value is 20 seconds.
logout Use this command to disconnect the serial connection to the remote unit on the stack member. Syntax logout Default Configuration There is no default configuration for this command. Command Modes User Exec mode on the stack master. Unit prompt on the stack member. User Guidelines This command is available in User Exec mode on the master unit serial port and from the Unit prompt on member unit serial ports. The user need not be currently connected over the serial port to connect to another unit.
(Unit 2 - CLI unavailable - please connect to master on Unit 1)> member Use the member command in Stack Configuration mode to preconfigure a switch stack member. Execute this command on the Management Switch. To remove a stack-member configuration from the stack, use the no form of the command. The no form of the command may not be used if the member is present in the stack. Syntax member unit switchindex no member unit • • unit — The switch identifier of the switch to be added or removed from the stack.
memory free low-watermark Use the memory free low-watermark command to configure the notification of a low memory condition on the switch. for the issuance of the CPU overload SNMP trap and notification via a SYSLOG message. Use the no form of the command to return the threshold to its default value. Syntax memory free low-watermark processor [kb] no memory free low-watermark processor • kb—The amount of free memory (in Kilobytes) below which a trap is issued and a message is logged.
nsf Use this command to enable non-stop forwarding. The no form of the command will disable NSF. Syntax nsf no nsf Default Configuration Non-stop forwarding is enabled by default. Command Mode Stack Configuration mode User Guidelines Nonstop forwarding allows the forwarding plane of stack units to continue to forward packets while the control and management planes restart as a result of a power failure, hardware failure, or software fault on the stack management unit.
Syntax ping [vrf vrf-name] {[ ip ]ip-address | hostname | { ipv6 { interface interface-id | vlan vlan-id | loopback loopback-id | out-of-band | tunnel tunnel-id} link-local-address | ipv6-address | hostname} [count count] [ interval interval] [ size size] [source { ip-address | ipv6-address | interface-id | vlan vlan-id | out-of-band}] • • • • • • • • • • • • • • ip-address—The IPv4 address to ping. ipv6-address—The IPv6 address to ping. link-local-address — The link local IPv6 address to ping.
Default Configuration The default mode is IPv4. The command defaults to an IPv4 address. The default ping count is 4. The default interval is 1 second. The default packet size is 0 data bytes. The packet size is specified in bytes and refers to the packet payload, not the frame size. Packets are padded to extend the frame to the minimum legal frame length by default.
If a host name is specified, a DNS server must be configured locally on the switch and the host name must resolve to an IPv4/IPv6 address as appropriate for the syntax entered. The command allows spaces in the host name when specified in double quotes, even though host names may only consist of letters, numbers and the hyphen character. The VRF identified in the parameter must have been previously created or an error is returned. Only IPv4 addresses are supported with the vrf parameter.
process cpu threshold Use the process cpu threshold command to configure the rising and falling thresholds for the issuance of the CPU overload SNMP trap and notification via a SYSLOG message. Use the no form of the command to return the thresholds to their default values.
where weight = 2 / ((TotalTimePeriod/samplePeriod) + 1). The sample period is 5 seconds. The utilization monitoring time period can be configured from 5 secs to 86400 seconds in multiples of 5 seconds. Setting a threshold or interval to 0 disables that individual function. The falling-threshold percentage should be configured to be less than or equal to the rising-threshold percentage. The switch reports the task level CPU utilization for the last 5 second, 1 minute and 5 minute periods.
Command Modes User Exec mode on the stack master. Unit prompt on the stack member. User Guidelines This command is available in User Exec mode on the master unit serial port and from the Unit prompt on member unit serial ports. The user need not be currently connected over the serial port to connect to another unit. The stack member being connected to must be up and running and connected as part of the stack. This command is an alias for the exit command.
• stack–member–number—The stack member to be reloaded. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines If no unit is specified, all units are reloaded. Examples Example-Reloading the Stack The following example displays how to reload the stack. console#reload 1 Management switch has unsaved changes.
service unsupported-transceiver Use this command to avoid the following on using an unsupported optic. • • Logging of a message. Generation of SNMP trap. Use the no form of this command to set the transceiver support to the factory default. Syntax service unsupported-transceiver no service unsupported-transceiver Default Configuration The default configuration is to log a message along with the SNMP trap generation on insertion or removal of an optic that is not qualified by Dell.
Syntax set description unit description • • unit — The switch identifier. (Range: 1–12) description — The text description. (Range: 1–80 alphanumeric characters) Default Configuration This command has no default configuration. Command Mode Stack Configuration mode User Guidelines This command has no user guidelines. Example The following example displays console(config)#stack console(config-stack)#set description 1 “unit 1" slot Use the slot command to configure a slot in the system.
• • • • • • • • • • • Dell EMC Networking N3024F Dell EMC Networking N3024P Dell EMC Networking N3048 Dell EMC Networking N3048P Dell EMC Networking N4032 Dell EMC Networking N4032F Dell EMC Networking N4064 Dell EMC Networking N4064F Dell SFP+ Card Dell QSFP Card Dell 10GBase-T Card Use the no form of the command to return the unit/slot configuration to the default value. Syntax slot unit/slot cardindex no slot unit/slot • • unit/slot — The slot identifier of the slot.
Example console(config)#slot 1/3 3 console(config)#slot 1/3 4 show banner Use the show banner command to display banner information. Syntax show banner Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show banner Banner:Exec Line Console...................... Enable Line SSH.......................... Disable Line Telnet.............
show buffers Use the show buffers command to display the system allocated buffers. Syntax show buffers Default Configuration There is no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The internal message buffers are partitioned into one transmit group reserved for system generated messages and five receive priority groups.
Mid1 Mid0 High 0 0 0 0 0 0 0% 0% 0% Transmit Attempts Failures %Failure ------------------------------------------------All 145 0 0% Monitoring Parameters --------------------Rising Threshold................................ 0% Falling Threshold............................... 0% Trap Severity................................. INFO show checkpoint statistics Use the show checkpoint statistics command to display the statistics for the checkpointing process.
Messages Checkpointed.....................6708 Bytes Checkpointed........................894305 Time Since Counters Cleared...............3d 01:05:09 Checkpoint Message Rate...................0.025 msg/sec Last 10-second Message Rate...............0 msg/sec Highest 10-second Message Rate............8 msg/sec show cut-through mode Use the show cut-through mode command to show the cut-through mode on the switch.
Syntax show hardware profile portmode [interface-id] Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is not available on the N1100-ON/N1500/N2000/N2100ON/N3000/N3100-ON switches.
Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows the optic parameters in user readable format. console#show idprom interface tengigabitethernet 1/0/9 Type.............................. Media............................. Serial Number..................... Dell EMC Qualified................
Default Configuration This command has no default configuration. Command Modes All modes User Guidelines The show interface command shows the actual operational status of the interface, which is not necessarily the same as the configuration. Input/output rate statistics are collected every 10 seconds. The RX and TX utilization (sum of the individual active links) is shown for port-channels. The utilization is measured in kilobits per second. Command History Updated examples and guidelines in version 6.
Total Packets Received Without Errors.......... Unicast Packets Received....................... Multicast Packets Received..................... Broadcast Packets Received..................... Total Packets Received with MAC Errors......... Jabbers Received............................... Fragments/Undersize Received................... Alignment Errors............................... FCS Errors..................................... Overruns.......................................
Syntax show interfaces advanced firmware interface • interface—A firmware upgradable Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is only applicable to firmware upgradable interfaces. 1G interfaces are never shown in the command output. Some 10G interfaces may show as not firmware upgradable.
Command Modes Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays interface transmit and receive utilization in bits/sec and packets/sec. The transmit utilization and transmit packet counts include packets generated by the CPU. Buffer utilization is the count of cells queued for transmission on a port.
Field Description Oper. Speed The operational speed, which is the speed at which the interface is currently operating (e.g., 1M, 10M, 100M, 1G, 10G, 40G). Rx Util The receive utilization which is the link utilization in the receive direction as a percentage of operational speed (range 0-100). The utilization is derived by dividing the link speed by the number of bytes received averaged over the last sampling interval. Tx Util The transmit utilization.
Example The following example shows a classical incast situation on interface Gi1/0/2 where the port is fully utilized or nearly fully utilized, buffering many frames (with increased latency) and beginning to drop frames as the internal thresholds for buffering on the port are reached.
User Guidelines No specific guidelines. Example console#show memory cpu Total Memory........................... 262144 KBytes Available Memory Space................. 121181 KBytes show nsf Use the show nsf command to show the status of non-stop forwarding. Syntax show nsf Default Configuration This command has no default configuration.
Parameter Description Range Default Last Startup Reason The type of activation that caused the software to start the last time. There are four options. “Power-On” means that the switch rebooted. This could have been caused by a power cycle or an administrative “Reload” command. “Administrative Move” means that the administrator issued a command for the stand-by manager to take over.
Parameter Description Range Time Since Last Copy When the running configuration was last copied from the management unit to the backup unit. Time Stamp Time Until Next Copy 0 - 120 seconds The number of seconds until the running configuration will be copied to the backup unit. This line only appears when the running configuration on the backup unit is Stale. Default Example The show nsf command is used to display which unit is the management unit and which is the backup unit.
Syntax show power-usage-history • unit-id—Stack unit for which to display the power history. Range 1-12. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Power draw is measured at the power supplies. Power draw is not measured at the interfaces. This command is not available on the Dell EMC Networking N1100-ON Series switches.
Syntax show process app-list Default Configuration This command does not have a default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Fields Description ID Application ID assigned by the Process Manager. Name Application Name PID Application Linux Process ID. Admin-Status Flag indicating if the application is administratively enabled.
2 syncdb-test 0 Disabled Disabled Stopped show process app-resource-list This command lists the configured and in-use resources for each application known to the Process Manager. Syntax show process app-resource-list Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed.
Command History Introduced in version 6.2.0.1 firmware. Example console#show process app-resource-list Memory CPU Memory Max Mem ID Name PID Limit Share Usage Usage ---------------------------------------------------------------------1 switchdrvr 280 Unlimited Unlimited 256MB 280MB 2 syncdb-test 0 10MB 20% 0MB 0MB show process cpu Use the show process cpu command to check the CPU utilization for each process currently running on the switch.
CPU Utilization: PID Name 5 Sec 1 Min 5 Min --------------------------------------------------------328bb20 tTffsPTask 0.00% 0.00% 0.02% 3291820 tNetTask 0.00% 0.00% 0.01% 3295410 tXbdService 0.00% 0.00% 0.03% 347dcd0 ipnetd 0.00% 0.00% 0.01% 348a440 osapiTimer 1.20% 1.43% 1.21% 358ee70 bcmL2X.0 0.40% 0.30% 0.12% 359d2e0 bcmCNTR.0 0.80% 0.42% 0.50% 3b5b750 bcmRX 0.00% 0.13% 0.12% 3d3f6d0 MAC Send Task 0.00% 0.07% 0.10% 3d48bd0 MAC Age Task 0.00% 0.00% 0.03% 40fdbf0 bcmLINK.0 0.00% 0.14% 0.
Syntax show process proc-list Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Fields Description PID Application Linux Process ID Process-Name Linux process name Application ID-VRID-Name Name of the application that started the process and the application ID assigned by the Process Manager.
Command History Introduced in version 6.2.0.1 firmware. Example console##show process proc-list Process Application VM Size VM Peak PID Name ID-VRID-Name Child (KB) (KB) FD Count ----------------------------------------------------------------280 switchdrvr 1-0-switchdrvr No 220992 230724 36 281 syncdb 2-0-syncdb No 2656 2656 8 281 proctest 3-55-proctest No 2656 2656 8 show router-capability Use this command to display the router capabilities of the loaded firmware image.
This example displays the capabilities of an N3000BGPv6.3.x.x firmware mixed stacking build. console#show router-capability This firmware supports a stack of up to eight switches. MVRP/MMRP capabilities are not available. show sessions Use the show sessions command to display a list of the open sessions from remote hosts. Syntax show sessions Default Configuration This command has no default configuration.
Field Description Session ID The session identifier. Use with the disconnect command. User Name The login ID associated with the session. Connection from The origin of the connection. Idle Time The elapsed time since session activity was last detected. Session Time The elapsed time since the session was connected. Session Type The type of connection (Serial, Telnet, SSH, HTTP, HTTPS).
The following table explains the output parameters. Parameter Description Slot The slot identifier in a slot/port format. Slot Status The slot is empty, full, or has encountered an error. Admin State The slot administrative mode is enabled or disabled. Power State The slot power mode is enabled or disabled. Configured Card Model Identifier The model identifier of the card preconfigured in the slot. Model identifier is a 32-character field used to identify a card.
1/0 1/1 Full Empty Enable Enable Dell Networking N4032 Disable Disable No Yes Command History Description updated in the 6.4 release. show supported cardtype Use the show supported cardtype command to display information about all card types supported in the system. Syntax show supported cardtype [cardindex] • cardindex — Displays the index into the database of the supported card types. This index is used when preconfiguring a slot. Default Configuration This command has no default configuration.
Parameter Description Card Index (CID) The index into the database of the supported card types. This index is used when preconfiguring a slot. Card Model Identifier The model identifier for the supported card type. If you supply a value for cardindex, the following additional information appears as shown in the table below. Parameter Description Card Type The 32-bit numeric card type for the supported card. Model Identifier The model identifier for the supported card type.
show supported switchtype Use the show supported switchtype command to display information about all supported switch types. Syntax show supported switchtype [switchindex] • switchindex — Specifies the index into the database of the supported switch types, indicating the type of the switch being preconfigured. The switch index is a 32-bit integer. (Range: 0–65535) Default Configuration This command has no default configuration.
The following table describes the fields in the second example. Field Description Switch Type This field displays the 32-bit numeric switch type for the supported switch. Model Identifier This field displays the model identifier for the supported switch type. Switch Description This field displays the description for the supported switch type. Example The following example displays the information for supported switch types.
Card Index (CID)............... 7 Model Identifier............... Dell 10GBase-T Card show switch Use the show switch command to display information about units in the stack. Syntax show switch [stack–member–number | stack–ports[counters | diag | stackpath {from-unit | all} to unit] | stack–standby] • • • • • • • • • • unitid—The unit number. stack–member–number—The stack member number. stack–ports—Display summary stack-port information for all interfaces.
status and the current code version. Both the pre-configured switch type (as set by the member command in stack mode) and the actual connected switchtype, if any, are shown. The show switch unitid command also shows details of the switch configuration including the SFS last attempt status for the specified unit. If there is a stack firmware synchronization (SFS) operation in progress, the switch status will show as Updating Code.
Unit Description Preconfigured Model Identifier This field displays the model identifier for this switch. Model Identifier is a 32-character field assigned by Dell to identify the switch. Plugged-in Model Identifier This field displays the model identifier for this switch. Model Identifier is a 32-character field assigned by Dell to identify the switch. If no physical unit is present for the unit number, this field is empty. Switch Status This field displays the switch status.
Unit Description Management Status This field indicates whether the switch is the Management Switch, a stack member, or the status is unassigned. Standby Status This field indicates whether the switch is the Standby Switch. Preconfigured Model Identifier This field displays the model identifier of a preconfigured switch ready to join the stack. The Model Identifier is a 32-character field assigned by Dell to identify the switch.
Switch Description................ Detected Code Version............. Detected Code in Flash............ SFS Last Attempt Status........... Serial Number..................... Up Time........................... Dell Networking N4064 6.0.0.0 6.0.0.0 None CN0H0F6C2829831P0023A00 3 days 1 hrs 16 mins 20 secs Example-Stack Ports This example displays information about the stack ports.
console#show switch Management Standby Preconfig Plugged-in Switch Code SW Switch Status Model ID Model ID Status Version --- ---------- --------- ------------- ------------- ------------- --------1 Mgmt Sw N3024 N3024 OK 6.0.0.0 2 Stack Mbr N3024 N3024 Updating Code 6.0.0.0 console#show switch 1 Switch............................ Management Status................. Switch Type....................... Preconfigured Model Identifier.... Plugged-in Model Identifier....... Switch Status.....................
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The temperature and power sections are only displayed for switches that have temperature or power monitoring capability. Example console#show system System Description: Dell Networking Switch System Up Time: 0 days, 03h:02m:30s System Contact: System Name: System Location: Burned In MAC Address: 001E.C9DE.B41B System Object ID: 1.3.6.1.4.1.674.10895.
Unit Description Status ---1 1 1 ----------System PS-1 PS-2 ----------OK Failure No Power Average Power (Watts) ---------39.8 Current Power (Watts) -------39.8 N/A N/A Since Date/Time ------------------- 01/01/1970 00:00:00 USB Port Power Status: ---------------------Device Not Present show system fan Use the show system fan command to explicitly display the fan status. Syntax show system fan Default Configuration This command has no default configuration.
show system id Use the show system id command to display the system identity information. Syntax show system id [unit] • unit — The unit number. Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The tag information is on a switch by switch basis. Example The following example displays the system service tag information.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is only available on switches with a power monitoring circuit. It is not available on the Dell EMC Networking N1100-ON Series switches.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The system temperature is read from one or more sensors placed at critical locations on the PCB. Status ranges are subdivided into Good (Cool), Medium (Warm), and High (Hot). Each status range has a lower, mid-range, and upper limit with the upper limit of the lower temperature status being the same as the lower limit of the adjacent higher temperature status.
1 PHY 34 show tech-support Use the show tech-support command to display system and configuration information for use in debugging or contacting technical support.
• usb — Write the output to a file on the USB drive instead of the console. A USB storage device must be inserted into the front panel USB port.
A USB device must be plugged in to the USB port, and cleanly mounted, if the usb parameter is given. Default Value This command has no defaults. Example console#show tech-support ***************** Show Version ****************** Switch: 1 System Description................ Dell Networking N4032, 6.0.0.0, Linux 2.6.32.9 Machine Description............... System Model ID................... Machine Type...................... Serial Number..................... Manufacturer......................
System Contact................................. System Object ID............................... System Up Time................................. 10/100 Ethernet/802.3 interface(s)............. Gig Ethernet/802.3 interface(s)................ 10Gig Ethernet/802.3 interface(s).............. 40Gig Ethernet/802.3 interface(s).............. Virtual Ethernet/802.3 interface(s)............ 1.3.6.1.4.1.674.10895.
console#show Username -------admin console#show users Protocol Location ---------------Serial EIA-232 users accounts Profile(s) -----------net-admin UserName Privilege ------admin user Password Password Lockout Aging Expiry date --------- -------- ------------- ------15 ----False Administrative Profile(s): network-admin 1 ----False Administrative Profile(s): network-operator show version Use the show version command in User Exec mode to displays the system version information.
Manufacturer...................... Burned In MAC Address............. System Object ID.................. CPU Version....................... SOC Version....................... HW Version........................ CPLD Version...................... 0xbc00 D067.E5C0.D19B 1.3.6.1.4.1.674.10895.3045 XLP308H-A1 BCM56846_A1 3 14 unit active backup current-active next-active ---- ----------- ----------- -------------- -------------1 6.0.0.1 5.1.0.1 6.0.0.1 5.1.0.1 console#show version 2 SOC Version................
User Guidelines If no stack configuration appears in the saved config, it is built at runtime and appears in the running config. The operator can save the stack configuration. Switches that do not match the saved config (are of a different type than as configured) after a reboot will show a config mismatch and do not join the stack. Units that do not join the stack will show their interfaces as detached. Example The following example sets the console command mode to Stack Config.
User Guidelines This command is used to configure Ethernet ports to operate as either stacking or Ethernet ports, or to configure stacking modules to operate as Ethernet ports. Once this command has been issued, the switch must be rebooted in order for the command to take effect. Issuing multiple stack-port commands for a single interface without intervening reboots results in undefined behavior and is not supported.
Changing the stacking link speed requires a reboot of the affected switch. 21G stacking is not compatible with 40G stacking. All stacking links in a stack must be configured to use the same speed. Changing the speed of one stacking link changes the speed on the adjacent stack port on the switch being configured as well. The connected switch stack port(s) must be similarly configured. It is not possible to operate the stacking links on a switch at different speeds.
User Guidelines This command must be used with caution, as disabling a stack port causes the stack to attempt to reconverge. Ensure that the stack is in an active ring topology in order to avoid a stack split. Check the stack ports for errors and also verify that NSF is synced before shutting down any stacking links. Application messages will appear in the logs during stack convergence.
Command Mode Stack Configuration mode User Guidelines This unit comes up as the master when the stack failover occurs. Use the no form of this command to reset to default, in which case, a standby is automatically selected from the existing stack units if there is no preconfiguration. Examples console(config)#stack console(config-stack)#standby 2 Command History User Guidelines updated in the 6.4 release.
detached. This means the interfaces show as detached in show interfaces status output and no switch type will show for the Plugged-in Model Id in the output of the show switch command. This command may be executed on the stack master or a standalone unit.This command reboots the renumbered switch. After renumbering a switch, it is important to let the master switch synchronize the NSF state before proceeding with additional stack management operations. Use the show nsf command to check the NSF state.
/debug Enable telnet debugging mode. /line Enable telnet linemode. /localecho Enable telnet localecho. Press ENTER to execute the command. port Enter the TCP port number. Default Configuration port — Telnet TCP port (decimal 23) on the host. Command Mode User Exec, Privileged Exec mode User Guidelines This command has no user guidelines. Example Following is an example of using the telnet command to connect to 176.213.10.50. console#telnet 176.213.10.50 Trying 176.213.10.50...
• • • • • • • • • • • • • vrf-name—The name of the VRF associated with the routing table context used by the command. If no vrf is specified, the global routing table context is used. ipaddress—Valid IP address of the destination host. hostname—Hostname of the destination host. (Range: 1–158 characters). The command allows spaces in the host name when specified in double quotes.
The default maxTtl is 30 hops. The default maxFail is 5 probes. Command Mode User Exec mode and Privileged Exec mode User Guidelines Use of the optional VRF parameter executes the command within the context of the VRF-specific routing table. Traceroute operates by sending a sequence of Internet Control Message Protocol (ICMP) echo request packets. The time-to-live (TTL) value, is used in determining the intermediate routers through which the packet flows toward the destination address.
traceroute ipv6 Use the traceroute command to discover the routers that packets traverse when traveling to their destination. Syntax traceroute [ipv6] ipv6address|hostname [init-ttl initTtl] [max-ttl maxTtl] [max-fail maxFail] [interval interval] [count count] [port port] [size size][source {src-ip-address|vlan vlan-id|loopback loopback-id}] • • ipv6address—Valid IPv6 address of the destination host. hostname—Hostname of the destination host. (Range: 1–158 characters).
• loopback-id—A configured loopback ID Default Configuration The default count is 3 probes. The default interval is 3 seconds. The default size is 0 data bytes. The default port is 33434. The default initTtl is 1 hop. The default maxTtl is 30 hops. The default maxFail is 5 probes. Command Mode Privileged Exec mode User Guidelines Traceroute operates by sending a sequence of Internet Control Message Protocol (ICMP) echo request packets.
update bootcode Use the update bootcode command to update the bootcode on one or more switches. For each switch, the bootcode is extracted from the active image and programmed to flash. Syntax update bootcode [unit ] • unit —Unit number. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines It is not required to update the boot code unless directed to do so in the release notes.
Telnet Server Commands The Telnet protocol (outlined in RFC 854) allows users (clients) to connect to multiuser computers (servers) on the network. Telnet is often employed when a user communicates with a remote login service. Telnet is the terminal emulation protocol in the TCP/IP suite. Telnet uses TCP as the transport protocol to initiate a connection between server and client.
dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test. console 2 SSH (Linux Terminal): [root ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact the owner at x38525. Please, be advised this unit is under test. dellradius@192.168.12.
Command History Examples updated in 6.4 release. Commands in this Section This section explains the following commands: ip telnet server disable show ip telnet ip telnet port – ip telnet server disable The ip telnet server disable command is used to enable/disable the Telnet service on the switch. Syntax ip telnet server disable no ip telnet server disable Command Mode Global Configuration User Guidelines No specific guidelines. Default Value This feature is enabled by default.
ip telnet port The ip telnet port command is used to configure the Telnet TCP port number on which the switch listens for Telnet connections. Syntax ip telnet port port number • port number — Telnet TCP port number (Range: 1025–65535) Default Configuration The default value for the Telnet TCP port is 23. Command Mode Global Configuration User Guidelines The Telnet server TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes Example console#show ip telnet Telnet Server is Enabled.
Time Ranges Commands Time ranges are used with time-based ACLs to restrict their application due to specific time slots. This section explains the following commands: time-range [name] periodic absolute show time-range time-range [name] Use the time-range command to globally enable or disable the event notification service of the time range component. If disabled, ACLs using time ranges are not started.
Command Mode Global Configuration User Guidelines The CLI mode changes to Time-Range Configuration mode when you successfully execute this command. Example console(config)#time-range timeRange_1 absolute Use the absolute command in Time Range Configuration mode to add an absolute time entry to a time range. Use the no form of this command to delete the absolute time entry in the time range.
Command Mode Time Range Configuration User Guidelines Only one absolute time entry is allowed per time-range. The time parameter is referenced to the currently configured time zone. Example console#time-range timeRange_1 console(config-time-range)#absolute end 12:00 16 Dec 2010 periodic Use the periodic command to add a periodic time entry to a time range. The time parameter is based off of the currently configured time zone.
• time—The first occurrence of this argument is the starting hours:minutes which the configuration that referenced the time range starts going into effect. The second occurrence is the ending hours:minutes at which the configuration that referenced the time range is no longer in effect. The hours:minutes are expressed in a 24-hour clock. For example, 8:00 is 8:00 am and 20:00 is 8:00 pm. Default Configuration This command has no default configuration.
console(config-time-range)#periodic tuesday 13:00 to wednesday 12:00 console(config-time-range)#periodic wednesday 12:30 to thursday 20:00 console(config-time-range)#periodic weekend 18:00 to 20:00 show time-range Use the show time-range command to display a time range and all the absolute/periodic time entries that are defined for the time range. The [name] parameter is used to identify a specific time range to display.
Parameter Description Periodic start Start time and day for periodic entry. Periodic end End time and day for periodic entry.
USB Flash Drive Commands When available, a USB flash drive can be used to configure, upgrade and provide consistency to a switching network. A USB flash drive can be plugged in sequentially to a set of routers/switches to upgrade to newer software versions without depending on the network to upgrade the switches with new firmware. New switches can be preloaded with configuration prior to deployment. The USB Configuration Port provides access to an optional secondary storage capability to the switch.
Files downloaded from USB flash drive are not copied to RAM to perform validations. Instead, the file is directly read from the USB flash device and copied to buffers to perform the necessary validations. Downloading and Uploading of Files After the file validations are successful, the switch proceeds with downloading of files from the USB flash device to the switch or uploading of files from the switch to the USB flash drive. The status of file download / upload is shown on the console.
Example console#unmount usb Command History Description updated in 6.4 release. show usb Use the show usb command to display the USB flash device details. Syntax show usb device Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines The following table explains the output parameters. Parameter Description Device Status This field specifies the current status of device. • Active if device is plugged-in and the device is recognized by the switch.
Parameter Description Protocol Device Protocol. Vendor ID Vendor specific details of device- Vendor ID. Product ID Vendor specific details of device- Product ID. Example The following example is the output if the device is plugged into the USB slot. console#show usb device Device Status.................................. Manufacturer................................... Product Name................................... Device Serial Number........................... Class Code............................
Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines Only the first 32 characters of the file name are displayed, even if the file name is longer. Examples console#dir usb Attr Size(bytes) drwx 2640 drwx 0 -rw96 -rw14363703 drwx 1024 Total Size: Bytes Used: Bytes Free: console#dir Creation Time Feb 02 2022 00:26:43 Feb 19 2014 15:22:53 Jan 28 2022 23:05:45 Jan 22 2022 03:36:08 Jan 22 2022 03:36:08 Name . .. snmpOprData.cfg image1.
drwx 1024 Jan 22 2022 03:36:08 examples/../examples Total Size: 1001914368 Bytes Used: 128319488 Bytes Free: 873594880 recover The recover command is implemented as a u-boot environment variable. It mounts the USB stick, copies the image from the USB root level directory into RAM, and executes the image. Syntax recover • image-name—The name of a valid firmware stack file located in the root of the mounted USB stick. Default Configuration This command has no default configuration.
User Interface Commands This section explains the following commands: configure terminal end do exit enable quit configure terminal Use the configure terminal command to enter Global Configuration mode. This command is equivalent to the configure command with no terminal argument. Syntax configure [terminal] Default Configuration This command has no default configuration.
Syntax do line do ? • line — Command to be executed. It must be an unambiguous command from the Privileged Exec mode. Commands such as configure are forbidden. Command line completion for the line parameter is supported. Users may only execute commands for which they have the appropriate privileges. Default Configuration This command has no default configuration. Command Mode All modes except Privileged Exec and User Exec modes.
dir disconnect dot1x enable erase exit filedescr help locate logout monitor ping quit release reload rename renew script show telnet terminal test traceroute udld unmount write Display directory information. Close remote console session(s). Initialize dot1x or re-authenticate clients. Enter into user privilege mode. Delete a file. Exit privileged exec mode. Set a text description for an image file. Display help for various special keys. Blink the locator LED. Exit this session.
Command Mode User Exec and Privileged Exec modes User Guidelines If there is no authentication method defined for enable, then a privilege level 1 user is not allowed to execute this command. Example The following example shows how to enter privileged mode. console>enable console# end Use the end command to return the CLI command mode back to the privileged execution mode or user execution mode. Syntax end Default Configuration This command has no default configuration.
exit Use the exit command to go to the next lower command mode or, in User Exec mode, to close an active terminal session by logging off the switch. Syntax exit Default Configuration This command has no default configuration. Command Mode All command modes. In User Exec mode, this command behaves identically to the quit command. User Guidelines There are no user guidelines for this command.
Default Configuration This command has no default configuration. Command Mode User Exec command mode User Guidelines There are no user guidelines for this command. Example The following example closes an active terminal session.
Web Server Commands If enabled, the Dell EMC Networking is manageable via industry standard web browsers. User privilege levels are the same as for the CLI. Over 95% of the management functions are available via the web interface, including configuration and firmware upgrades. Web Sessions The HTTP protocol does not provide support for persistent connections. Connections are constantly made and broken so there is no way to know who is accessing the web interface or for how long they are doing so.
Commands in this Section This section explains the following commands: common-name ip http secure-server crypto certificate generate key-generate crypto certificate import location crypto certificate request no crypto certificate duration organization-unit ip http port show crypto certificate mycertificate ip http server show ip http server status ip http secure-certificate show ip http server secure status ip http secure-port state common-name Use the common-name command in Crypto Certifi
User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example displays how to specify the name of “router.gm.com.” console(config-crypto-cert)#common-name router.gm.com country Use the country command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the country. Syntax country country • country — Specifies the country name.
crypto certificate generate Use the crypto certificate generate command to generate a self-signed HTTPS certificate. Syntax crypto certificate number generate • • number—Specifies the certificate number. (Range: 1–2) generate—Regenerates the SSL RSA key. Default Configuration This command has no default configuration.
• • • Generate a certificate request using the crypto certificate request command. This command uses the DSA keys and the self signed certificate. Copy the certificate request displayed on the screen and send it to a CA. When the signed certificate is received, copy the signed certificate onto the switch using the crypto certificate import command Example The following example generates a self-signed HTTPS certificate. This certificate can be used to request a certificate from a signing authority.
-----END CERTIFICATE REQUEST----- crypto certificate import Use the crypto certificate import command in Global Configuration mode to import a certificate signed by the Certification Authority for HTTPS. Syntax crypto certificate number import • number — Specifies the certificate number. (Range: 1–2) Default Configuration This command has no default configuration.
Example The following example imports a certificate signed by the Certification Authority for HTTPS. console(config)#crypto certificate 1 import Please paste the input now, add a period (.) on a separate line after the input, and press Enter.
BYY2a2YOtjoGcY7sBiEPJQbji+U9W7xCjz1q/Un8YRshdW/7dNmTwFTh55S2QmXV RN/UVjShWRmMn0vbiyyzHaKAON+9fBt3rMQCYiRyEuWISb31/3SlWY9iQJezwoOh ZX9DEgnxvzUjLMoYVRhqCE0+LoBWikhy6ROS+b4cubJpzTdv2n+zY8dbM9jSwiky 6rFhVznvamGap8Aw0rUnEvU5kM9MM0hsVU95H+QzWJwychy9Fhh1zhYzNTpr+VQs c4psyXEd8GE= -----END CERTIFICATE----Issued by: Dell Networking Valid from to Oct 22 17:46:02 2017 GMT Subject: /CN=DELL/OU=Dell Networking/L=Round Rock/ST=TX/C=US/emailAddress= no-reply@dell.
After receiving the certificate from the Certification Authority, use the crypto certificate import command in Global Configuration mode to import the certificate into the switch. This certificate replaces the self-signed certificate. Use the end command to exit Crypto Certificate Request mode without generating a certificate request. Use the exit command to exit Crypto Certificate Request mode and generate a certificate request.
Default Configuration This command defaults to 365 days. Command Mode Crypto Certificate Generation mode User Guidelines This command mode is entered using the crypto certificate generate command. Example The following example displays how specify that a certification is valid for a duration of 50 days. console(config-crypto-cert)#duration 50 ip http port Use the ip http port command to specify the TCP port on which the switch listens for HTTP connections.
User Guidelines The HTTP TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch. Example The following example shows how the http port number is configured to 10013. console(config)#ip http port 10013 ip http server Use the ip http server command to enable the switch to allow HTTP access to the switch. To disable this function use the no form of this command.
ip http secure-certificate Use the ip http secure-certificate command to configure the active certificate for HTTPS. To return to the default setting, use the no form of this command. Syntax ip http secure-certificate number no ip http secure-certificate • number—Specifies the certificate number. (Range: 1–2) Default Configuration The default value of the certificate number is 1.
• port-number— Port number for use by the secure HTTP server. (Range: 1025–65535) Default Configuration This default port number is 443. Command Mode Global Configuration mode User Guidelines The HTTPS TCP port should not be set to a value that might conflict with other well known protocol port numbers used on this switch. It is not possible for the administrator to directly configure the port number to 443 as 443 is out of range.
User Guidelines The switch must be configured with RSA and DSA keys (crypto key generate) prior to enabling the HTTP server. Optionally, the switch may be provisioned with up to two signed certificates. Dell EMC Networking N-Series switches support HTTPS over IPv4 and IPv6. Example The following example enables the switch to be configured from a browser using HTTPS.
of the common-name, country, location, state, organization-unit, and logging email commands must be issued prior to executing the key-generate command. Example The following example displays how to specify that you want to regenerate the SSL RSA key 1024 byes in length. console(config-crypto-cert)#key-generate 1024 location Use the location command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the location or city name.
Syntax no crypto certificate { openflow | number } • • number— The number of the SSH certificate to remove(between 1 to 2). openflow—Remove the openflow certificate and associated information. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The no crypto certificate openflow command erases the Certificate Authority certificates used for validating the OpenFlow Controllers from the switch.
Default Configuration This command has no default configuration. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example displays how to specify the Dell EMC Networking organization-unit.
-----BEGIN CERTIFICATE----MIIDBDCCAewCCQCP5mFCRmauaDANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMC VVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRIwEAYDVQQKDAlEZWxs LEluYy4xEzARBgNVBAsMCk5ldHdvcmtpbmcxGDAWBgNVBAMMD0RlbGwgTmV0d29y a2luZzEgMB4GCSqGSIb3DQEJARYRbm9yZXBsYXlAZGVsbC5jb20wHhcNMTYwNjA5 MTc0NjAyWhcNMTcxMDIyMTc0NjAyWjB6MQ0wCwYDVQQDDARERUxMMRgwFgYDVQQL DA9EZWxsIE5ldHdvcmtpbmcxEzARBgNVBAcMClJvdW5kIFJvY2sxCzAJBgNVBAgM AlRYMQswCQYDVQQGEwJVUzEgMB4GCSqGSIb3DQEJARYRbm8tcmVwbHlAZGVsbC5j b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0
User Guidelines This command has no user guidelines. Example The following example displays the HTTP server configuration. console#show ip http server status HTTP server enabled. Port: 80 show ip http server secure status Use the show ip http server secure status command to display the HTTP secure server status information. Syntax show ip http server secure status Default Configuration This command has no default configuration.
Subject: /CN=DELL/OU=Dell Networking/L=Round Rock/ST=TX/C=US/emailAddress= no-reply@dell.com Finger print: 1873B936 88DC3411 BC8932EF 782134BA The following example displays the HTTPS server configuration with DH Key exchange disabled. console(config)#show ip http server secure status HTTPS Server is Disabled. Port : 443 DH Key exchange disabled. Parameters are being generated. Certificate 1 is active.
Switch Management Commands 2326
Appendix A: List of Commands A aaa accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 862 aaa authentication dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . 865 aaa authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 866 aaa authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 868 aaa authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
area stub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1662, 1749 area stub no-summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1663, 1750 area virtual-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1664, 1750 area virtual-link authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1667 area virtual-link dead-interval . . . . . . . . . . . . . . . . . . . . . . . . .
banner login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2195 banner motd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2196 banner motd acknowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2197 bfd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1673 bfd echo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669 class-map rename . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671 classofservice dot1p-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 672 classofservice ip-dscp-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673 classofservice traffic-class-group . . . . . . . . . . . . . . . . . . . . . . . . . . . .
clear ipv6 dhcp snooping binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 clear ipv6 neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1538 clear ipv6 prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1431 clear ipv6 statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1539 clear isdp counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
crypto certificate generate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . crypto certificate import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . crypto certificate request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . crypto key generate dsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . crypto key generate rsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . crypto key pubkey-chain ssh . . . . . .
debug ipv6 pimsm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2083 debug isdp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2084 debug lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2085 debug lldp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557 debug mldsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
dhcp l2relay trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334 dhcp l2relay vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 diffserv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684 dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1910 dir usb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
dot1x max-reauth-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 981 dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 982 dot1x max-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 983 dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 983 dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
exception switch-chip-register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2099 exec-banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2009 exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2010 exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2205, 2304 exit (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
initiate failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2208 instance (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 742 interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394, 1023 interface loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1592 interface port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ip dhcp snooping limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 ip dhcp snooping log-invalid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 ip dhcp snooping trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 ip dhcp snooping verify mac-address . . . . . . . . . . . . . . . . . . . . . . . . . 352 ip domain-lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1989 ip domain-name . . .
ip igmp snooping report-suppression . . . . . . . . . . . . . . . . . . . . . . . . . 485 ip igmp snooping unregistered floodall . . . . . . . . . . . . . . . . . . . . . . . 486 ip igmp snooping vlan groupmembership-interval . . . . . . . . . . . . . . 483 ip igmp snooping vlan immediate-leave . . . . . . . . . . . . . . . . . . . . . . . 482 ip igmp snooping vlan last-member-query-interval . . . . . . . . . . . . . . 484 ip igmp snooping vlan mcrtrexpiretime . . . . . . . . . . . . . . . . . . . . . . .
ip pim dense-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1604 ip pim dr-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1605 ip pim hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1605 ip pim join-prune-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1606 ip pim rp-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ipv6 dhcp pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1954 ipv6 dhcp relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1955 ipv6 dhcp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1956 ipv6 dhcp snooping log-invalid . . . . . . . . . . . . . . . . . . . . 365, 1439, 1967 ipv6 dhcp snooping trust . . . . . . . . . . . . . . . . . . . . . . . . .
ipv6 nd nud retry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1554 ipv6 nd other-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1555 ipv6 nd prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1556 ipv6 nd ra hop-limit unspecified . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1550 ipv6 nd raguard attach-policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ipv6 unreachables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1565 ipv6 verify binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 ipv6 verify source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368, 1439, 1967 iscsi aging time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544 iscsi cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
lldp tlv-select dcbxp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1166 lldp transmit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564 lldp transmit-mgmt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 load-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2209 locale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
mac address-table aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 mac address-table multicast forbidden address . . . . . . . . . . . . . . . . . 296 mac address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 macro apply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1872 macro description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1873 macro global apply . . . .
match srcip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705 match srcip6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705 match srcl4port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 706 match vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 707 maximum routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
N name (Captive Portal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025 name (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 744 name (RADIUS server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 937 name (VLAN Configuration) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805 neighbor activate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
netbios-name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . netbios-node-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . network (BGP Router Configuration) . . . . . . . . . . . . . . . . . . . . . . . network (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . network area . . . . . . . . . . . . . . . . . . . . . . .
passwords strength minimum special-characters . . . . . . . . . . . . . . . 1078 passwords strength minimum uppercase-letters . . . . . . . . . . . . . . . 1076 passwords strength-check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1075 peer-detection enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588 peer-detection interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588 peer-keepalive destination . . . . . . . . . . . . .
protocol vlan group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 809 protocol vlan group all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 810 protocol-version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1195 proxy-ip-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1973, 2159 Q quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 952 revision (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745 rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2039 rmon collection history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2041 rmon event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
set ip next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1515 set ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1516 set local-preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1437 set metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1438 sflow destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show bgp ipv6 summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1362 show bgp ipv6 update-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1365 show boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1865 show bootvar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1914 show captive-portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show diffserv service interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 728 show dos-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1053 show dot1as . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1149 show dot1as statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1152 show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 show interfaces debounce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 show interfaces description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411 show interfaces detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 show interfaces loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip dhcp global configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 1949 show ip dhcp pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1950 show ip dhcp relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1483 show ip dhcp server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1950 show ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip multicast interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1613 show ip ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1705 show ip ospf abr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1711 show ip ospf area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1712 show ip ospf asbr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip verify source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540 show ip vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1532 show ip vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1831 show ipv6 access-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 show ipv6 brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ipv6 ospf database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1783 show ipv6 ospf database database-summary . . . . . . . . . . . . . . . . . . 1785 show ipv6 ospf interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1786 show ipv6 ospf interface brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1787 show ipv6 ospf interface stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1788 show ipv6 ospf interface vlan . . . . . . .
show link-dependency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552 show lldp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566 show lldp dcbx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1170 show lldp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567 show lldp local-device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show mvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1113 show mvrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1114 show nsf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2237 show openflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1197 show parser macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show snmp engineid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2126 show snmp filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2127 show snmp group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2128 show snmp user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2129 show snmp views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show users login-history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 896 show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2269 show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815 show vlan association mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817 show vlan association subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1882 sntp source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1883 sntp trusted-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1884 sntp unicast client enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1885 source-interface vlan-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
split-horizon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1819 stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2270 stack-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2271 stack-port shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2273 standby . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 968 tacacs-server source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 969 tacacs-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 970 telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2276 template peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
user group name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1044 user name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1037 user password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1038 user session-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1038 user-logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Printed in the U.S.A. www.dell.com | support.dell.
