Dell EMC SmartFabric OS10 User Guide Release 10.5.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Change history............................................................................................................................................. 30 2 Getting Started............................................................................................................................................32 Switch with factory-installed OS10................................................................................................................................33 Log in ..........
do................................................................................................................................................................................. 64 end...............................................................................................................................................................................65 exit................................................................................................................................................
Using OS9 commands.....................................................................................................................................................99 feature config-os9-style........................................................................................................................................... 99 5 Zero-touch deployment..............................................................................................................................
Packet format and options.......................................................................................................................................161 DHCP server............................................................................................................................................................. 163 Automatic address allocation..................................................................................................................................
Energy-efficient Ethernet............................................................................................................................................. 230 Enable energy-efficient Ethernet............................................................................................................................231 Clear EEE counters...................................................................................................................................................
speed (Fibre Channel).............................................................................................................................................262 speed (Management)..............................................................................................................................................262 switch-port-profile...................................................................................................................................................
feature fc npg............................................................................................................................................................312 show npg devices..................................................................................................................................................... 313 F_Port and NPG commands.........................................................................................................................................
Enable FEFD globally................................................................................................................................................341 Enable FEFD on interface....................................................................................................................................... 342 Reset FEFD err-disabled interface.........................................................................................................................
Rapid per-VLAN spanning-tree plus...................................................................................................................... 407 Rapid Spanning-Tree Protocol.................................................................................................................................415 Multiple Spanning-Tree............................................................................................................................................423 Virtual LANs.................
Best path selection.................................................................................................................................................. 501 More path support.................................................................................................................................................. 502 Advertise cost..........................................................................................................................................................
Stateless autoconfiguration....................................................................................................................................583 Neighbor Discovery................................................................................................................................................. 584 Duplicate address discovery...................................................................................................................................
Set group priority.....................................................................................................................................................680 Authentication..........................................................................................................................................................680 Disable preempt........................................................................................................................................................
Egress mask..............................................................................................................................................................753 Spanned VLAN.........................................................................................................................................................753 Deployment considerations....................................................................................................................................
clear mac address-table dynamic nve remote-vtep............................................................................................. 818 clear mac address-table dynamic virtual-network............................................................................................... 819 show mac address-table count extended............................................................................................................. 819 show mac address-table count nve.....................................
Simple password check.................................................................................................................................................932 Obscure passwords....................................................................................................................................................... 932 Role-based access control............................................................................................................................................
ip ssh server vrf....................................................................................................................................................... 957 line vty....................................................................................................................................................................... 957 logging audit enable...........................................................................................................................................
OpenFlow controller.....................................................................................................................................................1002 OpenFlow version 1.3...................................................................................................................................................1002 Ports..................................................................................................................................................................
Auto-generated sequence number...................................................................................................................... 1039 Delete ACL rule.............................................................................................................................................................1039 L2 and L3 ACLs............................................................................................................................................................
ip prefix-list deny.................................................................................................................................................... 1063 ip prefix-list permit................................................................................................................................................. 1064 ip prefix-list seq deny.............................................................................................................................................
seq permit udp........................................................................................................................................................1094 seq permit udp (IPv6)........................................................................................................................................... 1095 show access-group................................................................................................................................................
Policing traffic................................................................................................................................................................ 1127 Mark Traffic....................................................................................................................................................................1128 Color traffic........................................................................................................................................
priority-flow-control mode..................................................................................................................................... 1164 qos-group dot1p...................................................................................................................................................... 1164 qos-group dscp.......................................................................................................................................................
trust-map................................................................................................................................................................. 1192 trust dot1p-map.......................................................................................................................................................1193 trust dscp-map.......................................................................................................................................................
Uplink failure detection on VLT................................................................................................................................... 1232 Sample configurations of UFD on VLT.................................................................................................................1233 UFD commands............................................................................................................................................................1235 clear ufd-disable.
sflow collector.........................................................................................................................................................1283 sflow enable............................................................................................................................................................ 1283 sflow max-header-size...........................................................................................................................................
Diagnostic tools..............................................................................................................................................................1311 Boot partition and image........................................................................................................................................1312 Monitor processes..................................................................................................................................................
Monitoring............................................................................................................................................................... 1375 26 Support resources..................................................................................................................................
1 Change history The following table provides an overview of the changes to this guide from OS 10.4.3 to OS 10.5.0 release. For more information about the new features, see the respective sections. Table 1. Change History Revisi on Date Feature A00 2019– 08 A00 Documented section Added or Changed in release VLT multicast routing OS10 supports multicast routing in a VLT domain for IPv4 networks. VLT multicast routing 10.5.0.
Revisi on Date Feature Description Documented section Added or Changed in release A00 2019– 08 RADIUS server source interface Specify an interface whose IP address is used RADIUS as the source IP address for user authentication authentication with RADIUS servers. 10.5.0.0 A00 2019– 08 Simple password check Turn off the default strong password check and Simple password configure simpler passwords with no check restrictions. 10.5.0.
2 Getting Started Dell EMC SmartFabric OS is a network operating system (NOS) supporting multiple architectures and environments. The SmartFabric OS solution allows multi-layered disaggregation of network functionality. SmartFabric OS bundles industry-standard management, monitoring, and Layer 2 and Layer 3 networking stacks over CLI, SNMP, and REST interfaces. Users can choose their own third-party networking, monitoring, management, and orchestration applications.
Switch with factory-installed OS10 A switch may come with OS10 Enterprise Edition factory-loaded. OS10 upgrades are available for download from the Dell Digital Locker (DDL). A factory-loaded OS10 image includes a perpetual license. On a factory-installed OS10 switch, you can perform these tasks after logging in: • Check the OS10 version. • Upgrade the OS10 image. • Re-install the license. If OS10 is pre-installed on a switch, zero-touch deployment (ZTD) is enabled by default.
Check OS10 version Dell EMC recommends that you upgrade a factory-loaded OS10 to the latest OS10 version. • To check the current version of the OS10 image, use the show version command. • To check the OS10 versions available for download, follow the procedure in OS10 upgrade->Download OS10 for upgrade. Check OS10 version OS10# show version Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. OS Version: 10.5.0.0 Build Version: 10.5.0.
Install OS10 upgrade After you download and unpack a new OS10 binary image as described in Download OS10 image for upgrade, follow these steps: NOTE: During the OS10 image upgrade process in a VLT setup, when the VLT peers are running different software versions, make no configuration changes on a VLT peer. Ensure that both nodes are upgraded to the same version before you make any configuration change. 1 (Optional) Back up the current running configuration to the startup configuration in EXEC mode.
10 Use the show version command in EXEC mode to verify that the downloaded OS10 image is installed as the current running version. The running OS10 image is in the active partition. OS10# show version Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. OS Version: 10.5.0.0 Build Version: 10.5.0.
image cancel Cancels an image or firmware file download that is in progress. Syntax image cancel Parameters None Default Not configured Command Mode EXEC Usage Information The image cancel command cancels a file download from a server, such as an OS10 binary image or firmware upgrade, that is in progress. After an image download completes, the command has no effect. The command also removes any pending firmware upgrades on the switch. Example OS10# image cancel Supported Releases 10.2.
Usage Information The image download command downloads image files to the image directory. Use the dir image command to display the contents of the image directory. OS10 SW image files are large, and occupy a significant amount of disk space. Dell EMC Networking recommends that you remove unnecessary image files from the image directory by using the delete command; for example: delete image://OS10EE-10.2.0.bin Use the show image status command to view the download progress.
Command Mode EXEC Usage Information Use the boot system command to set the boot partition for the next reboot. Example OS10# show boot Current system image information: =================================== Type Boot Type Active Standby Next-Boot ----------------------------------------------------------------------------------Node-id 1 Flash Boot [B] 10.5.0.0 [A] 10.5.0.
Supported Releases 10.5.0.0 or later show image status Displays image transfer and installation information. Syntax show image status Parameters None Default Not configured Command Mode EXEC Usage Information On older versions of OS10, the image install command may appear frozen and does not display the current image status. Duplicate the SSH or Telnet session and re-enter the show image status command to view the current status.
Supported Releases 10.2.0E or later Check OS10 license To check the status of the pre-installed OS10 license, use the show license status command. A factory-installed OS10 image runs with a perpetual license. A perpetual license allows you to run OS10 beyond the 120-day trial period. For more information, see the Setup Guide that is shipped with your device.
An OS10 image that you download has a 120-day trial license and requires a perpetual license to run beyond the trial period.
Download OS10 image If you purchase the OS10 Enterprise Edition image with an after point-of-sale order, your OS10 purchase allows you to download software images posted within the first 90 days of ownership. After the order is complete, you receive an email notification with a software entitlement ID, order number, and link to the DDL. To extend the software-entitled download period, you must have a Dell EMC ProSupport or ProSupport Plus contract on your hardware.
For an ONIE-enabled switch, go to the ONIE boot menu. An ONIE-enabled switch boots up with pre-loaded diagnostics (DIAGs) and ONIE software. +--------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | ONIE: Diag ONIE | +--------------------------------------------------------+ • Install OS — Boots to the ONIE prompt and installs an OS10 image using the Automatic Discovery process.
1 On the TFTP server, rename the OS10 image to a supported installer file name, such as onie-installer, using the mv imagename default-filename command. mv PKGS_OS10-Base-10.3.1B.144-installer-x86_64.bin onie-installer 2 Boot up the switch in ONIE: Install mode to install an OS10 image. Starting: discover... done. ONIE:/ # Info: eth0: Checking link... up. Info: Trying DHCPv4 on interface: eth0 ONIE: Using DHCPv4 addr: eth0: 10.10.10.17 / 255.0.0.0 Info: eth1: Checking link... down. ONIE: eth1: link down.
For example, enter ONIE:/ # onie-nos-install ftp://a.b.c.d/PKGS_OS10–Enterprise-x.x.xx.bin Where a.b.c.d represents the location to download the image file from, and x.x.xx represents the version number of the software to install. The OS10 installer image creates several partitions, including OS10-A and OS10-B. After installation completes, the switch automatically reboots and loads OS10 from OS10-A, which becomes the active partition by default. OS10-B becomes the standby partition.
-* *-* Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved. *-* *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*This product is protected by U.S. and international copyright and intellectual property laws. Dell EMC and the Dell EMC logo are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. OS10# configure terminal % Error: ZTD is in progress(configuration is locked).
File transfer method Default VRF Management VRF¹ Non-default VRF TFTP Yes Yes No USB Yes Yes Yes ¹ Before you configure the management VRF for use in OS10 license installation, remove all IP addresses on the management interface. Install license — SCP OS10# license install scp://user:userpwd@10.1.1.10/0A900Q2-NOSEnterprise-License.xml License installation success.
PPID : TW09H9MN282987130026 Service Tag : 9531XC2 Product Base : Product Serial Number: Product Part Number : License Details ---------------Software : OS10-Enterprise Version : 10.5.0.0 License Type : PERPETUAL License Duration: Unlimited License Status : Active License location: /mnt/license/9531XC2.lic --------------------------------------------------------Troubleshoot license installation failure An error message displays if the installation fails.
Ansible-automated switch provisioning Automate OS10 switch configuration using Ansible, a third-party DevOps tool. Create and execute Ansible playbooks to configure multiple devices. For more information, see Using Ansible. Remote access After you install or upgrade OS10 and log in, you can set up remote access to the OS10 command-line interface and the Linux shell. Connect to the switch using the serial port. Serial port settings are 115200 baud, 8 data bits, and no parity.
• ipv4-address/mask — Enter an IPv4 network address in dotted-decimal format (A.B.C.D), then a subnet mask in /prefixlength format (/x). • ipv6-address/prefix-length — Enter an IPv6 address in x:x:x:x::x format with the prefix length in /x format. The prefix range is /0 to /128. • forwarding-router-address — Enter the next-hop IPv4/IPv6 address of a forwarding router that serves as a management gateway to connect to a different subnet.
3 CLI Basics The OS10 CLI is the software interface you use to access a device running the software — from the console or through a network connection. The CLI is an OS10-specific command shell that runs on top of a Linux-based OS kernel. By leveraging industry-standard tools and utilities, the CLI provides a powerful set of commands that you can use to monitor and configure devices running OS10.
You can change this default behavior by switching to Transaction-Based Configuration mode. To switch to Transaction-Based Configuration mode, use the start transaction command. When you switch to the Transaction-Based Configuration mode and update the candidate configuration, changes to the candidate configuration are not added to the running configuration until you commit them to activate the configuration. The start transaction command applies only to the current session.
From CONFIGURATION mode, you can also configure L2 and L3 protocols with a specific protocol-configuration mode, such as SpanningTree Protocol (STP) or Border Gateway Protocol (BGP). Check device status Use show commands to check the status of a device and monitor activities.
1 up 2 fail AC NORMAL 1 13312 up -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 13195 up 2 up NORMAL 1 13151 up 3 up NORMAL 1 13239 up 4 up NORMAL 1 13239 up Command help To view a list of valid commands in any CLI mode, enter ?; for example: OS10# ? alarm alias batch boot clear clock commit configure copy crypto ...
Candidate configuration When you use OS10 configuration commands in Transaction-based configuration mode, changes do not take effect immediately and are stored in the candidate configuration. The configuration changes become active only after you commit the changes using the commit command. Changes in the candidate configuration are validated and apply to the running configuration. The candidate configuration allows you to avoid introducing errors during an OS10 configuration session.
To display only interface-related configurations in the candidate configuration, use the show candidate-configuration compressed and show running-configuration compressed commands. These views display only the configuration commands for VLAN and physical interfaces. OS10# show candidate-configuration compressed interface breakout 1/1/1 map 40g-1x interface breakout 1/1/2 map 40g-1x interface breakout 1/1/3 map 40g-1x interface breakout 1/1/4 map 40g-1x ...
policy-map type application policy-iscsi ! class-map type application class-iscsi Prevent configuration changes You can prevent configuration changes made on the switch in sessions other than the current CLI session using the lock command. To prevent and allow configuration changes in other sessions, use the lock and unlock commands in EXEC mode. When you enter the lock command, users in other active CLI sessions cannot make configuration changes.
Copy file to startup configuration OS10# copy {config://filepath | home://filepath | ftp://userid:passwd@hostip/filepath | scp://userid:passwd@hostip/filepath | sftp://userid:passwd@hostip/filepath | tftp://hostip/filepath} config://startup.xml Back up startup file OS10# copy config://startup.xml config://backup-9-28.xml Restore startup file from backup OS10# copy config://backup-9-28.xml config://startup.xml OS10# reload System configuration has been modified.
• grep — Displays only the text that matches a specified pattern. Special characters in regular expressions, such as ^ (matches the beginning of a text string), $ (matches the end of a string), and .. (matches any character in the string) are supported. • no-more — Does not paginate output. • save — Saves the output to a file. Display all output OS10# show running-configuration | no-more Common OS10 commands boot Configures the OS10 image to use the next time the system boots up.
configure Enters CONFIGURATION mode from EXEC mode. Syntax configure {terminal} Parameters terminal — Enters CONFIGURATION mode from EXEC mode. Default Not configured Command Mode EXEC Usage Information Enter conf t for auto-completion. Example OS10# configure terminal OS10(config)# Supported Releases 10.2.0E or later copy Copies the current running configuration to the startup configuration and transfers files between an OS10 switch and a remote device.
When using the scp and sftp options, always enter an absolute file path instead of a path relative to the home directory of the user account; for example: copy config://startup.xml scp://dellos10:password@10.1.1.1/home/dellos10/ backup.xml Use the copy command with the severity-profile option to download or upload severity profiles from a remote location.
delete Removes or deletes a file, including the startup configuration file. Syntax Parameters delete [config://filepath | coredump://filepath | home://filepath | image:// filepath | startup-configuration | severity-profile profile-name | supportbundle://filepath | usb://filepath] • config://filepath — (Optional) Delete from the configuration directory. • coredump://filepath — (Optional) Delete from the coredump directory. • home://filepath — (Optional) Delete from the home directory.
• severity-profile — (Optional) Folder containing alarm severity profiles. • supportbundle — (Optional) Folder containing support bundle files. • usb — (Optional) Folder containing files on a USB drive. Default Not configured Command Mode EXEC Usage Information The dir command requires at least one parameter. Use the dir config command to display configuration files.
Command Mode INTERFACE Usage Information None Example OS10(config)# interface ethernet 1/1/7 OS10(conf-if-eth1/1/7)# no shutdown OS10(conf-if-eth1/1/7)# do show running-configuration ... ! interface ethernet1/1/7 no shutdown ! ... Supported Releases 10.2.0E or later end Returns to EXEC mode from any other command mode.
hostname Sets the system host name. Syntax hostname name Parameters name — Enter the host name of the switch, a maximum of 64 characters. Default OS10 Command Mode • CONFIGURATION Usage Information The host name is used in the OS10 command-line prompt. The no version of this command resets the host name to OS10. Example OS10(conf)# hostname R1 R1(conf)# Supported Releases 10.3.0E or later license Installs a license file from a local or remote location.
lock Locks the candidate configuration and prevents any configuration changes on any other CLI sessions, either in Transaction or NonTransaction-Based Configuration mode. Syntax lock Parameters None Default Not configured Command Mode EXEC Usage Information The lock command fails if there are uncommitted changes in the candidate configuration. Example OS10# lock Supported Releases 10.2.0E or later management route Configures an IPv4/IPv6 static route the Management port uses.
move Moves or renames a file in the configuration or home system directories. Syntax move [config: | home: | usb:] Parameters • config: — Move from the configuration directory (config://filepath). • home: — Move from the home directory (home://filepath). • usb: — Move from the USB file system (usb://filepath). Default Not configured Command Mode EXEC Usage Information Use the dir config command to view the directory contents. Example OS10# move config://startup.xml config://startup-backup.
ping Tests network connectivity to an IPv4 device. Syntax Parameters ping [vrf {management | vrf-name}] [-4] [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface] [-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos] [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option] [w deadline] [-W timeout] [hop1 ...] destination • vrf management — (Optional) Pings an IPv4 address in the management virtual routing and forwarding (VRF) instance.
• -S sndbuf — (Optional) Set the sndbuf socket. By default, the sndbuf socket buffers one packet maximum. • -t ttl — (Optional) Enter the IPv4 time-to-live (TTL) value in seconds. • -T timestamp option — (Optional) Set special IP timestamp options. Valid values for timestamp option — tsonly (only timestamps), tsandaddr (timestamps and addresses), or tsprespec host1 [host2 [host3 [host4]]] (timestamp pre-specified hops). • -v — (Optional) Verbose output.
nodeinfo_option] [-p pattern] [-Q tclass] [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option] [-w deadline] [-W timeout] destination Parameters • vrf management — (Optional) Pings an IPv6 address in the management VRF instance. • vrf vrf-name — (Optional) Pings an IPv6 address in a specified VRF instance. • -a — (Optional) Audible ping. • -A — (Optional) Adaptive ping.
• -W timeout — (Optional) Enter the time to wait for a response in seconds. This setting affects the time-out only if there is no response, otherwise ping waits for two round-trip times (RTTs). • hop1 ... (Optional) Enter the IPv6 addresses of the pre-specified hops for the ping packet to take. • destination — Enter the IPv6 destination address in A:B::C:D format, where you are testing connectivity.
show boot Displays detailed information about the boot image. Syntax show boot [detail] Parameters None Default Not configured Command Mode EXEC Usage Information The Next-Boot field displays the partition that the next reload uses. Example OS10# show boot Current system image information: =================================== Type Boot Type Active Standby Next-Boot ----------------------------------------------------------------------------------Node-id 1 Flash Boot [B] 10.5.0.0 [A] 10.5.0.
• control-plane — (Optional) Current candidate control-plane configuration. • dot1x — (Optional) Current candidate dot1x configuration. • extcommunity-list — (Optional) Current candidate extcommunity-list configuration. • interface — (Optional) Current candidate interface configuration. • ip dhcp snooping — (Optional) Current candidate DHCP snooping information. • lacp — (Optional) Current candidate LACP configuration. • lldp — (Optional) Current candidate LLDP configuration.
switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! --more-Example (compressed) OS10# show candidate-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" logging monitor disable ip route 0.0.0.0/0 10.11.58.
1 1 1 1 1 1 Supported Releases 3 4 5 6 7 8 System Inlet Ambient-1 temp sensor System Inlet Ambient-2 temp sensor System Inlet Ambient-3 temp sensor Switch board 2 temp sensor Switch board 3 temp sensor NPU temp sensor 27 25 26 31 41 43 10.2.0E or later show inventory Displays system inventory information.
Usage Information Use this command to view the IPv4 static and connected routes configured for the Management port. Use the management route command to configure an IPv4 or IPv6 management route. Example OS10# show ip management-route Destination Gateway State Source ----------------------------------------------------------------192.168.10.0/24 managementethernet Connected Connected Supported Releases 10.2.
Vendor Name : DELL EMC Product Name : S4148F-ON Hardware Version : X01 Platform Name : x86_64-dell_s4100_c2338-r0 PPID : TW09H9MN282987130026 Service Tag : 9531XC2 Product Base : Product Serial Number: Product Part Number : License Details ---------------Software : OS10-Enterprise Version : 10.5.0.0 License Type : PERPETUAL License Duration: Unlimited License Status : Active License location: /mnt/license/9531XC2.lic -------------------------------------------------------Supported Releases 10.3.
• prefix-list — (Optional) Current operating prefix-list configuration. • qos-map — (Optional) Current operating qos-map configuration. • radius-server — (Optional) Current operating radius-server configuration. • route-map — (Optional) Current operating route-map configuration. • sflow — (Optional) Current operating sFlow configuration. • snmp — (Optional) Current operating SNMP configuration. • spanning-tree — (Optional) Current operating spanning-tree configuration.
logging monitor disable ip route 0.0.0.0/0 10.11.58.1 ! interface range ethernet 1/1/1-1/1/32 switchport access vlan 1 no shutdown ! interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.145/8 no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi Supported Releases 10.2.0E or later show startup-configuration Displays the contents of the startup configuration file.
! --more-Example (compressed) OS10# show startup-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" ip route 0.0.0.0/0 10.11.58.1 ! interface range ethernet 1/1/1-1/1/32 switchport access vlan 1 no shutdown ! interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.
Hardware Revision Software Version Physical Ports BIOS System CPLD Master CPLD Slave CPLD : X01 : 10.5.0.0 : 48x10GbE, 2x40GbE, 4x100GbE : 3.33.0.0-3 : 0.4 : 0.10 : 0.
-- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 13195 up Supported Releases 2 up NORMAL 1 13151 up 3 up NORMAL 1 13239 up 4 up NORMAL 1 13239 up 10.2.0E or later show version Displays software version information.
Supported Releases 10.3.1E or later system Executes a Linux command from within OS10. Syntax system command Parameters command — Enter the Linux command to execute. Default Not configured Command Mode • EXEC Usage Information None Example OS10# system bash admin@OS10:~$ pwd /config/home/admin admin@OS10:~$ exit OS10# Supported Releases 10.2.0E or later system-cli disable Disables the system command.
Usage Information The linuxadmin account allows you to access the Linux shell. Use the system-user linuxadmin disable command to disable Linux shell access. You can still run Linux commands from the OS10 command-line interface using the system command. To disable the system command from executing Linux commands, use the system-cli disable command. Example OS10(config)# system-user linuxadmin disable Supported Releases 10.4.3.
flow_label] [-w waittime] [-q nqueries] [-s src_addr] [-z sendwait] [-fwmark=num] host [packetlen] Parameters • vrf management— (Optional) Traces the route to an IP address in the management VRF instance. • vrf vrf-name — (Optional) Traces the route to an IP address in the specified VRF instance. • host — Enter the host to trace packets from. • -i interface — (Optional) Enter the IP address of the interface through which traceroute sends packets.
Example (IPv6) OS10# traceroute 20::1 traceroute to 20::1 (20::1), 30 hops max, 80 byte packets 1 20::1 (20::1) 2.622 ms 2.649 ms 2.964 ms Supported Releases 10.2.0E or later unlock Unlocks a previously locked candidate configuration file. Syntax unlock Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# unlock Supported Releases 10.2.
Command Mode Usage Information • The default privilege levels are level 1 for netoperator, and level 15 for sysadmin, secadmin, and netadmin. • CONFIGURATION • By default, the password must be at least nine alphanumeric characters. Only the following special characters are supported: ! # % & ' ( ) ; < = > [ ] * + - . / : ^ _ Enter the password in clear text. It is converted to SHA-512 format in the running configuration. For backward compatibility with OS10 releases 10.3.
4 Advanced CLI tasks Command alias Provides information to create shortcuts for commonly used commands, see Command alias. Batch mode Provides information to run a batch file to execute multiple commands, see Batch mode. Linux shell commands Provides information to run commands from the Linux shell, see Linux shell commands. OS9 commands Provides information to enter configuration commands using an OS9 command syntax, see Using OS9 commands.
View alias output for goint OS10(config)# goint 1/1/1 OS10(conf-if-eth1/1/1)# View alias information OS10# show alias Name ---govlt goint shconfig showint shver Type ---Config Config Local Local Local Number of config aliases : 2 Number of local aliases : 3 View alias information brief. Displays the first 10 characters of the alias value. OS10# show alias brief Name Type ------govlt Config goint Config shconfig Local showint Local shver Local Value ----"vlt-domain..." "interface ..." "show runni...
• Use the no form of the command to delete an alias in CONFIGURATION mode. no alias alias-name You can modify an existing multi-line alias by entering the corresponding ALIAS mode.
mTest Config line 1 "interface ..." line 2 "no shutdow..." line 3 "show confi..." default 1 "ethernet" default 2 "1/1/1" Number of config aliases : 1 Number of local aliases : 0 View alias detail. Displays the entire alias value.
Eth 1/1/6 up 40G A 1 Eth 1/1/7 up 40G A 1 Eth 1/1/8 up 40G A 1 Eth 1/1/9 up 40G A 1 Eth 1/1/10 up 40G A 1 Eth 1/1/11 up 40G A 1 Eth 1/1/12 up 40G A 1 Eth 1/1/13 up 40G A 1 Eth 1/1/14 up 40G A 1 Eth 1/1/15 up 40G A 1 Eth 1/1/16 up 40G A 1 Eth 1/1/17 up 40G A 1 Eth 1/1/18 up 40G A 1 Eth 1/1/19 up 40G A 1 Eth 1/1/20 up 40G A 1 Eth 1/1/21 up 40G A 1 Eth 1/1/22 up 40G A 1 Eth 1/1/23 up 40G A 1 Eth 1/1/24 up 40G A 1 Eth 1/1/25 up 40G A 1 Eth 1/1/26 up 40G A 1 Eth 1/1/27 up 40G A 1 Eth 1/1/28 up 40G A 1 Eth 1/1/29
default (alias) Configures default values for input parameters in a multi-line alias. Syntax default n value Parameters • n — Enter the number of the argument, from 1 to 9. • value — Enter the value for the input parameter. Default Not configured Command Mode ALIAS Usage Information To use special characters in the input parameter value, enclose the string in double quotation marks ("). The no version of this command removes the default value.
Parameters • nn — Enter the line number, from 1 to 99. The commands are executed in the order of the line numbers. • command — Enter the command to execute enclosed in double quotation marks ("). Default Not configured Command Mode ALIAS Usage Information The no version of this command removes the line number and the corresponding command from the multi-line alias.
Number of config aliases : 3 Number of local aliases : 3 Example (detail — displays the entire alias value) OS10# show alias detail Name Type ------govlt Config goint Config mTest Config shconfig showint shver Local Local Local Value ----"vlt-domain $1" "interface ethernet $1" line 1 "interface $1 $2" line 2 "no shutdown" line 3 "show configuration" default 1 "ethernet" default 2 "1/1/1" "show running-configuration" "show interface $*" "show version" Number of config aliases : 3 Number of local aliases
batch Executes a series of commands in a batch file using non-interactive processing. Syntax Parameters batch /home/username/filename • username — Enter the user name that was used to copy the command file. • filename — Enter the name of a batch command file. Default Not configured Command Mode EXEC Usage Information Use this command to create a batch command file on a remote machine. Copy the command file to the home directory on your switch. This command executes commands in batch mode.
– Execute the batch file. admin@OS10:/opt/dell/os10/bin$ clish -B ~/batch_cfg.txt New user admin logged in at session 15 – Verify the BGP settings configured by the batch file. admin@OS10:/opt/dell/os10/bin$ clish -c "show running-configuration bgp" New user admin logged in at session 16 ! router bgp 100 ! neighbor 100.1.1.1 remote-as 104 no shutdown admin@OS10:/opt/dell/os10/bin$ • User admin logged out at session 16 Use the ifconfig -a command to display the interface configuration.
Enter the $ ssh admin@ip-address "show-command" command, where ip-address is the IP address of the switch. $ ssh admin@10.11.98.39 "show version" admin@10.11.98.39's password: Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. OS Version: 10.5.0.0 Build Version: 10.5.0.
5 Zero-touch deployment Zero-touch deployment (ZTD) allows OS10 users to automate switch deployment: • Upgrade an existing OS10 image. • Execute a CLI batch file to configure the switch. • Execute a post-ZTD script to perform additional functions. ZTD is enabled by default when you boot up a switch with a factory-installed OS10 for the first time or when you perform an ONIE: OS Install from the ONIE boot menu.
• In the ZTD provisioning script, enter the URL locations of an OS10 image, CLI batch file, and/or post-ZTD script. Enter at least one URL, otherwise the ZTD fails and exits to CLI Configuration mode. ZTD guidelines • You can store the ZTD provisioning script, OS10 image, CLI batch file, and post-ZTD script on the same server, including the DHCP server. • Write the ZTD provisioning script in bash. • Write the post-ZTD script in bash or Python.
When ZTD is enabled, the CLI configuration is locked. If you enter a CLI command, the error message configuration is locked displays. To configure the switch, disable ZTD by entering the ztd cancel command. OS10# configure terminal % Error: ZTD is in progress(configuration is locked). OS10# ztd cancel ZTD DHCP server configuration For ZTD operation, configure a DHCP server in the network by adding the required ZTD options; for example: option domain-name "example.org"; option domain-name-servers ns1.
# # Example OS10 ZTD Provisioning Script # # #################################################################### ########## UPDATE THE BELOW CONFIG VARIABLES ACCORDINGLY ########### ########## ATLEAST ONE OF THEM SHOULD BE FILLED #################### IMG_FILE=”http://50.0.0.1/OS10.bin” CLI_CONFIG_FILE="http://50.0.0.1/cli_config" POST_SCRIPT_FILE="http://50.0.0.1/no_post_script.py" ################### DO NOT MODIFY THE LINES BELOW ####################### sudo os10_ztd_start.
ip name-server 8.8.8.8 1.1.1.1 ! ntp server 132.163.96.5 key 1 prefer ntp server 129.6.15.32 ! ! logging server 10.22.0.99 Post-ZTD script As a general guideline, use a post-ZTD script to perform any additional functions required to configure and operate the switch. In the ZTD provisioning script, specify the post-ZTD script path for the POST_SCRIPT_FILE variable. You can use a script to notify an orchestration server that the ZTD configuration is complete.
----------------------------------ZTD Status : disabled ZTD State : completed Protocol State : idle Reason : ZTD process completed successfully at Mon Jul 16 19:31:57 2018 ----------------------------------OS10# show ztd-status ----------------------------------ZTD Status : disabled ZTD State : failed Protocol State : idle Reason : ZTD process failed to download post script file ----------------------------------- Supported Releases • ZTD Status — Current operational status: enabled or disabled.
6 OS10 provisioning OS10 supports automated switch provisioning — configuration and monitoring — using: • RESTCONF API — REST-like protocol that uses HTTPS connections. Use the OS10 RESTCONF API to set up the configuration parameters on OS10 switches with JavaScript Object Notation (JSON)-structured messages. You can use any programming language to create and send JSON messages; see RESTCONF API.
• dellos10_facts: Retrieves the running configuration from an OS10 switch. Dell EMC Networking Ansible roles Ansible roles allow you to automatically load variable files (vars_files) and tasks based on a known file structure. Grouping content by roles allows the roles to be easily shared with other users. These roles are abstracted for OS6, OS9 and OS10. Download Dell EMC Ansible Networking roles from https://galaxy.ansible.com/.
• • • 1 User name and password NTP server Syslog server Install Ansible on a controller node. You can find the latest version of Ansible on the Ansible Installation Guide page. You can run Ansible from any device with Python 2 (version 2.7) or Python 3 (version 3.5 or higher) installed, including Red Hat, Debian, Ubuntu, CentOS, OS X, any of the BSDs and so on. In this example, Ansible 2.7.12 is installed on an Ubuntu 16.04 virtual machine.
dellos_cfg_generate: True build_dir: /home/user/config ansible_ssh_user: admin ansible_ssh_pass: admin dellos_logging: logging: - ip: 1.1.1.1 state: present dellos_users: - username: u1 password: Test@1347 role: sysadmin privilege: 0 state: present dellos_ntp: server: - ip: 3.3.3.3 The dellos_cfg_generate parameter creates a local copy of the configuration commands applied to the remote switch on the Ansible controller node, and saves the commands in the directory defined in the build_dir path.
7 System management System banners Provides information to configure a system login and message of the day (MOTD) text banners, see System banners. User session management Provides information to manage the active user sessions, see User session management. Telnet server Provides information to set up Telnet TCP/IP connections on the switch, see Telnet server. To set up secure, encrypted the secure shell (SSH) connections to the switch, see SSH server.
Enter your username and password % To delete a login banner and reset it to the Dell EMC default banner, use the no banner login command. To disable banner display before login, use the banner login disable command. MOTD banner Configure a message of the day banner that displays after you log in. Enter up to 4096 characters. To start and end the MOTD banner, enter a single delimiter character or the key combination ^C. You can enter any character as the delimiter.
Example OS10(config)# banner login % Welcome to DellEMC Z9100-ON Enter your username and password % Supported Releases 10.4.1.0 or later banner motd Configures a multi-line message of the day banner that displays after you log in. Syntax banner motd delimiter banner-text banner-text ... delimiter Parameters • delimiter — Enter a single delimiter character or the key combination ^C to specify the start and end of the text banner.
View active user sessions OS10# show sessions Current session's operation mode: Non-transaction Session-ID User In-rpcs In-bad-rpcs Out-rpc-err Out-notify Login-time Lock ------------------------------------------------------------------------------------------3 snmp_user 114 0 0 0 2017-07-10T23:58:39Z 4 snmp_user 57 0 0 0 2017-07-10T23:58:40Z 6 admin 17 0 0 4 2017-07-12T03:55:18Z *7 admin 10 0 0 0 2017-07-12T04:42:55Z OS10# The asterisk (*) in the Session-ID column indicates the current OS10 session.
show sessions Displays the active management sessions. Syntax show sessions Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to view information about the active user management sessions.
ip telnet server enable Enables Telnet TCP/IP connections to an OS10 switch. Syntax ip telnet server enable Parameters None Default Disabled Command Mode • CONFIGURATION Usage Information By default, the Telnet server is disabled. When you enable the Telnet server, use the IP address configured on the management or any front-panel port to connect to an OS10 switch. After you reload the switch, the Telnet server configuration is maintained.
OS10 supports standard and private SNMP MIBs, including all get requests. MIBs are hierarchically structured and use object identifiers to access managed objects. For a list of MIBs supported in the OS10 version running on a switch, see the OS10 Release Notes for the release. OS10 supports different security models and levels in SNMP communication between SNMP managers and agents. Each security model refers to an SNMP version used in SNMP messages.
Module Standard SFLOW-MIB RFC 3176 SNMP-FRAMEWORK-MIB RFC 3411 SNMP-MPD-MIB RFC 3412 SNMP-NOTIFICATION-MIB RFC 3413 SNMP-TARGET-MIB RFC 3413 SNMP-USER-BASED-SM-MIB RFC 3414 SNMP-VIEW-BASED-ACM-MIB RFC 3415 SNMPv2-MIB RFC 3418 TCP-MIB RFC 4022 UDP-MIB RFC 4113 Table 4.
SNMP groups and users A member of an SNMP group that accesses the local SNMP agent is known as an SNMP user. An SNMP user on a remote device is identified by an IP address and UDP port from which the user accesses the local agent. In OS10, users are assigned SNMP access privielges according to the group they belong to. You configure each group for access to SNMP MIB tree views. SNMP views In OS10, you configure views for each security model and level in an SNMP user group.
To display the localized authentication and privacy keys in an SNMPv3 user configuration, use the show snmp engineID local command. Generate SNMPv3 localized keys OS10(config)# snmp-server engineID local 80:00:02:b8:04:61:62:63 OS10(config)# snmp-server engineID remote 1.1.1.
To configure an SNMPv3 user's authentication and privacy settings, use the snmp-server user command. To display the configured SNMP groups, use the show snmp group command.
Configure SNMPv3 users OS10(config)# snmp-server user privuser v3group 3 encrypted auth md59fc53d9d908118b2804fe80e3ba8763d priv des56 d0452401a8c3ce42804fe80e3ba8763d OS10(config)# snmp-server user n3user ngroup remote 172.31.1.3 udp-port 5009 3 auth md5 authpasswd Display SNMP users OS10# show snmp user User name Group Version Authentication Protocol Privacy Protocol : : : : : privuser v3group 3 MD5 AES SNMP commands show snmp community Displays the SNMP communities configured on the switch.
Example OS10# show snmp engineID remote Remote Engine ID IP-addr 0x0712 1.1.1.1 Port 23 OS10# show snmp engineID local Local default SNMP engineID: 0x80001f880390b11cf4abe7 Supported Releases 10.4.2.0 or later show snmp group Displays the SNMP groups configured on the switch, including SNMP views and security models. Syntax show snmp group Parameters None Defaults None Command Mode EXEC Usage Information To configure an SNMP group, use the snmp-server group command.
show snmp view Displays the SNMP views configured on the switch, including the SNMP object ID at which the view starts. Syntax show snmp view Parameters None Defaults None Command Mode EXEC Usage Information Use the show snmp view command to verify the OID starting point for SNMP views in MIB trees. To configure an SNMP view, use the snmp-server view command. Example OS10# show snmp view view name OID excluded Supported Releases : readview : 1.3.6.5 : True 10.4.2.
snmp-server contact Configures contact information for troubleshooting the local SNMP switch. Syntax snmp-server contact text Parameters text — Enter an alphanumeric text string. A maximum of 55 characters. Default The SNMP server contact is support. Command Mode • CONFIGURATION Usage Information The no version of this command resets the SNMP server contact to the default value. Example OS10(config)# snmp-server contact administrator Supported Releases 10.2.
Usage Information If you do not enter a notification-type or notification-option parameter with the command, all traps are enabled. If you enter only a notification-type, all notification-option traps associated with the type are enabled. Re-enter the command multiple times with different notification types and options to enable specific SNMP trap types. To configure a host to receive SNMP notifications, use the snmp-server host command. The no version of the command disables SNMP traps on the switch.
OS10(config)# snmp-server engineID remote 1.1.1.2 udp-port 432 0xabeecc Supported Releases 10.4.2.0 or later snmp-server group Configures the views allowed for the users in an SNMP group. Syntax snmp-server group group-name {v1 | v2c | v3 security-level} [access acl-name] [read view-name] [write view-name] [notify view-name] Parameters • group-name — Enter the name of the group. A maximum of 32 alphanumeric characters. • v1 — SNMPv1 provides no user authentication or privacy protection.
snmp-server host Configures a host to receive SNMP notifications. Syntax Parameters snmp-server host {ipv4–address | ipv6–address} {informs version version-number | traps version version-number | version version-number} [snmpv3-securitylevel] [community-name] [udp-port port-number] [entity | envmon | lldp | snmp] • ipv4–address | ipv6–address — Enter the IPv4 or IPv6 address of the SNMP host. • informs — Send inform messages to the SNMP host. • traps — Send trap messages to the SNMP host.
Example — Send SNMP informs to host OS10(config)# snmp-server host 1.1.1.1 informs version 2c public envmon snmp Example — Send SNMP notifications to host OS10(config)# snmp-server host 1.1.1.1 version 3 noauth u1 snmp lldp Supported Releases 10.2.0E or later snmp-server location Configures the location of the SNMP server. Syntax snmp-server location text Parameters text — Enter an alphanumeric string. A maximum of 55 characters.
– aes — Encrypt messages using AES 128-bit algorithm. – des — Encrypt messages using DES 56-bit algorithm. – priv-password — Enter a text string used to generate the privacy key used in encrypted messages. A maximum of 32 alphanumeric characters. For an encrypted password, enter the encrypted string instead of plain text. Defaults Command Mode Usage Information • localized — (SNMPv3 only) Generate an SNMPv3 authentication and/or privacy key in localized key format.
Parameters Defaults • view-name — Enter the name of a read-only, read-write, or notify view. A maximum of 32 characters. • oid-tree — Enter the SNMP object ID at which the view starts in 12-octet dotted-decimal format. • included — (Optional) Include the MIB family in the view. • excluded — (Optional) Exclude the MIB family from the view. Not configured Command Mode • CONFIGURATION Usage Information The oid-tree value specifies the OID in the MIB tree hierarchy at which a view starts.
OS10(config)# do show snmp group groupname : sngroup version : 2c notifyview : notofy_view groupname version security level readview : : : : snv3group 3 noauth read_view OS10(config)# do show snmp user User name : snuser Group : sngroup Version : 3 Authentication Protocol : SHA OS10(config)# do show snmp view view name : readview OID : 1.3.6.1.2.1.2.2 included : True view name OID excluded : snview : .
– time — Enter the time in the format hour:minute:second, where hour is 1 to 24; minute is 1 to 60; second is 1 to 60. For example, enter 5:15 PM as 17:15:00. – year-month-day — Enter the date in the format YYYY-MM-DD, where YYYY is a four-digit year, such as 2016; MM is a month from 1 to 12; DD is a day from 1 to 31. • Enter the time zone in CONFIGURATION mode.
Continent/Country City UTC offset Cairo +02:00 Casablanca +01:00 Ceuta +01:00 Conakry +00:00 Dakar +00:00 Dar_es_Salaam +03:00 Djibouti +03:00 Douala +01:00 El_Aaiun +00:00 Freetown +00:00 Gaborone +02:00 Harare +02:00 Johannesburg +02:00 Juba +03:00 Kampala +03:00 Khartoum +02:00 Kigali +02:00 Kinshasa +01:00 Lagos +01:00 Libreville +01:00 Lome +00:00 Luanda +01:00 Lubumbashi +02:00 Lusaka +02:00 Malabo +01:00 Maputo +02:00 Maseru +02:00 Mbabane +02
Continent/Country America 134 System management City UTC offset Tripoli +02:00 Tunis +01:00 Windhoek +02:00 Adak −10:00 Anchorage −09:00 Anguilla −04:00 Antigua −04:00 Araguaina −03:00 Argentina/Buenos_Aires −03:00 Argentina/Catamarca −03:00 Argentina/ComodRivadavia −03:00 Argentina/Cordoba −03:00 Argentina/Jujuy −03:00 Argentina/La_Rioja −03:00 Argentina/Mendoza −03:00 Argentina/Rio_Gallegos −03:00 Argentina/Salta −03:00 Argentina/San_Juan −03:00 Argentina/San_Luis
Continent/Country City UTC offset Caracas −04:00 Catamarca −03:00 Cayenne −03:00 Cayman −05:00 Chicago −06:00 Chihuahua −07:00 Coral_Harbour −05:00 Cordoba −03:00 Costa_Rica −06:00 Creston −07:00 Cuiaba −04:00 Curacao −04:00 Danmarkshavn +00:00 Dawson −08:00 Dawson_Creek −07:00 Denver −07:00 Detroit −05:00 Dominica −04:00 Edmonton −07:00 Eirunepe −05:00 El_Salvador −06:00 Ensenada −08:00 Fort_Nelson −07:00 Fort_Wayne −05:00 Fortaleza −03:00 Glace_Bay −04
Continent/Country 136 System management City UTC offset Indiana/Knox −06:00 Indiana/Marengo −05:00 Indiana/Petersburg −05:00 Indiana/Tell_City −06:00 Indiana/Vevay −05:00 Indiana/Vincennes −05:00 Indiana/Winamac −05:00 Indianapolis −05:00 Inuvik −07:00 Iqaluit −05:00 Jamaica −05:00 Jujuy −03:00 Juneau −09:00 Kentucky/Louisville −05:00 Kentucky/Monticello −05:00 Knox_IN −06:00 Kralendijk −04:00 La_Paz −04:00 Lima −05:00 Los_Angeles −08:00 Louisville −05:00 Lower
Continent/Country City UTC offset Montreal −05:00 Montserrat −04:00 Nassau −05:00 New_York −05:00 Nipigon −05:00 Nome −09:00 Noronha −02:00 North_Dakota/Beulah −06:00 North_Dakota/Center −06:00 North_Dakota/New_Salem −06:00 Ojinaga −07:00 Panama −05:00 Pangnirtung −05:00 Paramaribo −03:00 Phoenix −07:00 Port_of_Spain −04:00 Port-au-Prince −05:00 Porto_Acre −05:00 Porto_Velho −04:00 Puerto_Rico −04:00 Punta_Arenas −03:00 Rainy_River −06:00 Rankin_Inlet −06:00
Continent/Country City UTC offset St_Kitts −04:00 St_Lucia −04:00 St_Thomas −04:00 St_Vincent −04:00 Swift_Current −06:00 Tegucigalpa −06:00 Thule −04:00 Thunder_Bay −05:00 Tijuana −08:00 Toronto −05:00 Tortola −04:00 Vancouver −08:00 Virgin −04:00 Whitehorse −08:00 Winnipeg −06:00 Yakutat −09:00 Yellowknife −07:00 Casey +11:00 Davis +07:00 DumontDUrville +10:00 Macquarie +11:00 Mawson +05:00 McMurdo +12:00 Palmer −03:00 Rothera −03:00 South_Pole +12:00
Continent/Country City UTC offset Atyrau +05:00 Baghdad +03:00 Bahrain +03:00 Baku +04:00 Bangkok +07:00 Barnaul +07:00 Beirut +02:00 Bishkek +06:00 Brunei +08:00 Calcutta +05:30 Chita +09:00 Choibalsan +08:00 Chongqing +08:00 Chungking +08:00 Colombo +05:30 Dacca +06:00 Damascus +02:00 Dhaka +06:00 Dili +09:00 Dubai +04:00 Dushanbe +05:00 Famagusta +02:00 Gaza +02:00 Harbin +08:00 Hebron +02:00 Ho_Chi_Minh +07:00 Hong_Kong +08:00 Hovd +07:00 Irkuts
Continent/Country 140 System management City UTC offset Katmandu +05:45 Khandyga +09:00 Kolkata +05:30 Krasnoyarsk +07:00 Kuala_Lumpur +08:00 Kuching +08:00 Kuwait +03:00 Macao +08:00 Macau +08:00 Magadan +11:00 Makassar +08:00 Manila +08:00 Muscat +04:00 Novokuznetsk +07:00 Novosibirsk +07:00 Omsk +06:00 Oral +05:00 Phnom_Penh +07:00 Pontianak +07:00 Pyongyang +09:00 Qatar +03:00 Qyzylorda +05:00 Rangoon +06:30 Riyadh +03:00 Saigon +07:00 Sakhalin +11
Continent/Country Atlantic Australia City UTC offset Tokyo +09:00 Tomsk +07:00 Ujung_Pandang +08:00 Ulaanbaatar +08:00 Ulan_Bator +08:00 Urumqi +06:00 Ust-Nera +10:00 Vientiane +07:00 Vladivostok +10:00 Yakutsk +09:00 Yangon +06:30 Yekaterinburg +05:00 Yerevan +04:00 Azores −01:00 Bermuda −04:00 Canary +00:00 Cape_Verde −01:00 Faeroe +00:00 Faroe +00:00 Jan_Mayen +01:00 Madeira +00:00 Reykjavik +00:00 South_Georgia −02:00 St_Helena +00:00 Stanley −03:00
Continent/Country Brazil Canada City UTC offset North +09:30 NSW +10:00 Perth +08:00 Queensland +10:00 South +09:30 Sydney +10:00 Tasmania +10:00 Victoria +10:00 West +08:00 Yancowinna +09:30 Acre −05:00 DeNoronha −02:00 East −03:00 West −04:00 Atlantic −04:00 Central −06:00 Eastern −05:00 Mountain −07:00 Newfoundland −03:30 Pacific −08:00 Saskatchewan −06:00 Yukon −08:00 CET +01:00 Chile Continental −04:00 EasterIsland −06:00 CST6CDT −05:00 Cuba −0
Continent/Country City UTC offset Etc/GMT+2 −12:00 Etc/GMT+3 −02:00 Etc/GMT+4 −03:00 Etc/GMT+5 −04:00 Etc/GMT+6 −05:00 Etc/GMT+7 −06:00 Etc/GMT+8 −07:00 Etc/GMT+9 −08:00 Etc/GMT0 −09:00 Etc/GMT-0 +00:00 Etc/GMT-1 +00:00 Etc/GMT-10 +01:00 Etc/GMT-11 +10:00 Etc/GMT-12 +11:00 Etc/GMT-13 +12:00 Etc/GMT-14 +13:00 Etc/GMT-2 +14:00 Etc/GMT-3 +02:00 Etc/GMT-4 +03:00 Etc/GMT-5 +04:00 Etc/GMT-6 +05:00 Etc/GMT-7 +06:00 Etc/GMT-8 +07:00 Etc/GMT-9 +08:00 Etc/Greenwich
Continent/Country 144 System management City UTC offset Bucharest +01:00 Budapest +02:00 Busingen +01:00 Chisinau +01:00 Copenhagen +02:00 Dublin +01:00 Gibraltar +00:00 Guernsey +01:00 Helsinki +00:00 Isle_of_Man +02:00 Istanbul +00:00 Jersey +03:00 Kaliningrad +00:00 Kiev +02:00 Kirov +02:00 Lisbon +03:00 Ljubljana +00:00 London +01:00 Luxembourg +00:00 Madrid +01:00 Malta +01:00 Mariehamn +01:00 Minsk +02:00 Monaco +03:00 Moscow +01:00 Nicosia +03:0
Continent/Country City UTC offset Sofia +02:00 Stockholm +01:00 Tallinn +02:00 Tirane +01:00 Tiraspol +02:00 Ulyanovsk +04:00 Uzhgorod +02:00 Vaduz +01:00 Vatican +01:00 Vienna +01:00 Vilnius +02:00 Volgograd +04:00 Warsaw +01:00 Zagreb +01:00 Zaporozhye +02:00 Zurich +01:00 GB +00:00 GB-Eire +00:00 GMT +00:00 GMT+0 +00:00 GMT0 +00:00 GMT-0 +00:00 Greenwich +00:00 Hongkong +08:00 HST −10:00 Iceland +00:00 Indian Iran Antananarivo +03:00 Chagos +06:
Continent/Country City UTC offset Israel +02:00 Jamaica −05:00 Japan +09:00 Kwajalein +12:00 Libya +02:00 MET +01:00 Mexico BajaNorte −08:00 BajaSur −07:00 General −06:00 MST −07:00 MST7MDT −07:00 Navajo −07:00 NZ +12:00 NZ-CHAT +12:45 Pacific 146 System management Apia +13:00 Auckland +12:00 Bougainville +11:00 Chatham +12:45 Chuuk +10:00 Easter −06:00 Efate +11:00 Enderbury +13:00 Fakaofo +13:00 Fiji +12:00 Funafuti +12:00 Galapagos −06:00 Gambier
Continent/Country City UTC offset Niue −11:00 Norfolk +11:00 Noumea +11:00 Pago_Pago −11:00 Palau +09:00 Pitcairn −08:00 Pohnpei +11:00 Ponape +11:00 Port_Moresby +10:00 Rarotonga −10:00 Saipan +10:00 Samoa −11:00 Tahiti −10:00 Tarawa +12:00 Tongatapu +13:00 Truk +10:00 Wake +12:00 Wallis +12:00 Yap +10:00 Poland +01:00 Portugal +00:00 PRC +08:00 PST8PDT −08:00 ROC +08:00 ROK +09:00 Singapore +08:00 Turkey +03:00 UCT +00:00 Universal +00:00 US Al
Continent/Country City UTC offset Mountain −07:00 Pacific −08:00 Pacific-New −08:00 Samoa −11:00 UTC +00:00 WET +00:00 W-SU +03:00 Zulu +00:00 System Clock commands clock set Sets the system time. Syntax clock set time year-month-day Parameters Default time Enter time in the format hour:minute:second, where hour is 1 to 24; minute is 1 to 60; second is 1 to 60. For example, enter 5:15 PM as 17:15:00.
• Default Command Mode minutes — Enter the minute offset from UTC, ranging from 0 to 59. Not configured • CONFIGURATION Usage Information The standard time zone option applies the predefined offset for the selected standard time zone, including DST changes that apply to the local time. After you configure this command, OS10 uses the updated local time in all logs and timestamps. You can use the ? character or press the tab key for command completion and view a list of supported standard time zones.
Supported Releases 10.5.0.0 or later Network Time Protocol Network Time Protocol (NTP) synchronizes timekeeping among a set of distributed time servers and clients. The protocol coordinates time distribution in a large, diverse network. NTP clients synchronize with NTP servers that provide accurate time measurement. NTP clients choose from several NTP servers to determine which offers the best available source of time and the most reliable transmission of information.
Enable NTP NTP is disabled by default. To enable NTP, configure an NTP server where the system synchronizes. To configure multiple servers, enter the command multiple times. Multiple servers may impact CPU resources. • Enter the IP address of the NTP server where the system synchronizes in CONFIGURATION mode.
Source IP address Configure one interface IP address to include in all NTP packets. The source address of NTP packets is the interface IP address the system uses to reach the network by default. • Configure a source IP address for NTP packets in CONFIGURATION mode. ntp source interface – ethernet node/slot/port[:subport] — Enter the Ethernet interface information. – port-channel channel-id — Enter the port-channel ID, from 1 to 128. – vlan vlan-id — Enter the VLAN ID number, from 1 to 4093.
Configure NTP OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# ntp ntp ntp ntp ntp authenticate trusted-key 345 authentication-key 345 mdf 0 5A60910FED211F02 server 1.1.1.1 key 345 master 7 View NTP configuration OS10(config)# do show running-configuration ! ntp authenticate ntp authentication-key 345 mdf 0 5A60910FED211F02 ntp server 1.1.1.1 key 345 ntp trusted-key 345 ntp master 7 ... Sample NTP configuration The following example shows an NTP master (11.0.0.2), server (10.0.0.
OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# forwarding red OS10(conf-if-eth1/1/5)# 11.0.0.1/24 OS10(conf-if-eth1/1/5)# OS10(config)# b c no switchport ip vrf b Configure the NTP server IP address on the NTP client. OS10(config)# ntp server 10.0.0.1 OS10(config)# do show runningconfiguration ntp ntp server 10.0.0.1 OS10(config)# c Configure NTP in the VRF Red instance. OS10(config)# ntp enable vrf red ip address exit Configure the NTP master IP address on the NTP server.
5 Verify that the NTP server (10.0.0.1) is connected to the NTP master (11.0.0.2) running in VRF Red. OS10(config)# do show ntp associations vrf red remote poll reach delay refid offset st t when jitter ============================================ ================================== LOCAL(0) 111 64 *11.0.0.2 43 64 .LOCL. 0.000 2 0.000 LOCAL(0) 0.441 0.026 3 8 l 0.000 9 u 0.047 OS10(config)# do show ntp status vrf red associd=0 status=0615 leap_none, sync_ntp, 1 event, clock_sync, system peer: 11.
ntp authenticate-key Configures the authentication key for trusted time sources. Syntax ntp authenticate-key number md5 [0 | 7] key Parameters Default • number — Enter the authentication key number, from 1 to 4294967295. • md5 — Set to MD5 encryption. • 0 — Set to unencrypted format, the default. • 7 — Set to hidden encryption. • key — Enter the authentication key.
Command Mode • INTERFACE Usage Information Use this command to configure OS10 to not listen to a particular server and prevent the interface from receiving NTP packets. The no version of this command re-enables NTP on an interface. Example OS10(conf-if-eth1/1/7)# ntp disable Supported Releases 10.2.0E or later ntp enable vrf Enables NTP for the management or non-default VRF instance.
ntp server Configures an NTP time-serving host. Syntax ntp server {hostname | ipv4-address | ipv6-address} [key keyid] [prefer] Parameters Default • hostname — Enter the host name of the server. • ipv4–address | ipv6–address — Enter the IPv4 address in A.B.C.D format or IPv6 address in A::B format of the NTP server. • key keyid — (Optional) Enter the NTP peer key ID, from 1 to 4294967295. • prefer — (Optional) Configures this peer to have priority over other servers.
ntp trusted-key Sets a key to authenticate the system to which NTP synchronizes with. Syntax ntp trusted-key number Parameters number — Enter the trusted key ID, from 1 to 4294967295. Default Not configured Command Mode • CONFIGURATION Usage Information The number parameter must be the same number as the number parameter in the ntp authenticationkey command. If you change the ntp authentication-key command, you must also change this command. The no version of this command removes the key.
Example • offset — Relative time of the NTP peer’s clock to the network device clock in milliseconds. • disp — Dispersion. OS10# show ntp associations remote ref clock st when poll reach delay offset disp ============================================================= 10.10.120.5 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 *172.16.1.33 127.127.1.0 11 6 16 377 -0.08 -1499.9 104.16 172.31.1.33 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 192.200.0.2 0.0.0.0 16 - 256 0 0.00 0.000 16000.
reference time: system flags: jitter: stability: broadcastdelay: authdelay: OS10# ddc78084.f17ea38b ntp kernel stats 0.000000 s 0.000 ppm 0.000000 s 0.000000 s Tue, Nov 28 2017 6:28:20.943 OS10# show ntp status vrf red associd=0 status=0618 leap_none, sync_ntp, 1 event, no_sys_peer, system peer: 11.0.0.2:123 system peer mode: client leap indicator: 00 stratum: 10 log2 precision: -24 root delay: 0.338 root dispersion: 1136.790 reference ID: 11.0.0.2 reference time: dbc7a951.
The following options are commonly used in DHCP packets.
DHCP server The Dynamic Host Configuration Protocol (DHCP) server provides network configuration parameters to DHCP clients on request. A DHCP server dynamically allocates four required IP parameters to each computer on the virtual local area network (VLAN) — the IP address, network mask, default gateway, and name server address. DHCP IP address allocation works on a client/server model where the server assigns the client reusable IP information from an address pool.
Address lease time Use the lease {days [hours] [minutes] | infinite} command to configure an address lease time. The default is 24 hours. OS10(config)# ip dhcp server OS10(conf-dhcp)# pool Dell OS10(conf-dhcp-Dell)# lease 36 Default gateway Ensure the IP address of the default router is on the same subnet as the client. 1 Enable DHCP server-assigned dynamic addresses on an interface in CONFIGURATION mode. ip dhcp server 2 Create an IP address pool and provide a name in DHCP mode.
NetBIOS WINS address resolution DHCP clients can be one of four types of NetBIOS nodes — broadcast, peer-to-peer, mixed, or hybrid. Dell EMC recommends using hybrid as the NetBIOS node type. 1 Enable DHCP server-assigned dynamic addresses on an interface in DHCP mode. ip dhcp server 2 Create an IP address pool and enter the pool name in DHCP mode. pool name 3 Enter the NetBIOS WINS name servers in the order of preference that they are available to DHCP clients in DHCP mode.
With a fixed host configuration, also known as manual binding, you must configure a network pool with a matching subnet. The static hostto-MAC address mapping pool inherits the network mask from the network pool with subnet configuration, which includes the host’s address range. In the following example, the pool host1, which is the fixed host mapping pool, inherits the subnet and other attributes from the pool hostnetwork, which is the DHCP client IP address pool.
This option secures all DHCP traffic that goes through a DHCP relay agent, and ensures that communication between the DHCP relay agent and the DHCP server is not compromised. The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the DHCP server. The DHCP server includes Option 82 back in its response to the relay agent. The relay agent uses this information to forward a reply out the interface on which the request was received rather than flooding it on the entire VLAN.
OS10(config)# ip domain-list vrf-vrfblue dns3 OS10(config)# ip domain-list vrf vrf-blue dns4 OS10(config)# ip domain-list vrf vrf-blue dns5 View local system domain name information OS10# show running-configuration ! Version 10.2.9999E ! Last configuration change at Feb 20 04:50:33 2017 ! username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/VKx8SloIhp4NoGZs0I/ UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication system:local ip domain-name dell.com ip domain-list f10.com ip name-server 1.1.
NOTE: If you move a DHCP client from an untrusted port to another untrusted port within the VLAN, the DHCP snooping binding database is not updated. The switch drops subsequent packets from the host. However, if you move a DHCP client from an untrusted port to a trusted port, there is no impact to the traffic from the host. Restrictions for DHCP snooping • DHCP snooping is not supported for the management VLAN. • DHCP snooping is not supported with VxLAN bridges.
DHCP snooping in a VLT environment OS10 supports DHCP snooping in a VLT environment. DHCP snooping switches in a VLT topology synchronize DHCP snooping binding information between them. The system interprets the VLTi link between VLT peers as trusted ports. To configure DHCP snooping in a VLT environment: • Enable DHCP snooping on both VLT peers. • Configure the VLT port-channel interfaces that egress towards the DHCP server as trusted ports.
Enable and configure DHCP snooping globally 1 Enable DHCP snooping globally in CONFIGURATION mode. ip dhcp snooping 2 Specify physical or port-channel interfaces that have connections towards DHCP servers as trusted in INTERFACE mode. ip dhcp snooping trust Add static DHCP snooping entry in the binding table • Add a static DHCP snooping entry in the binding table in CONFIGURATION mode.
Remove static DHCP snooping entry from the binding table • Remove a static DHCP snooping entry from the binding table in CONFIGURATION mode.
DHCP server OS10(config)# interface ethernet 1/1/1 S10(conf-if-eth1/1/1)# no shutdown OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# ip address 10.1.1.1/24 OS10(conf-if-eth1/1/1)# exit OS10(config)# ip dhcp server OS10(config-dhcp)# no disable OS10(config-dhcp)# pool dell_server1 OS10(config-dhcp-dell_server1)# lease 0 1 0 OS10(config-dhcp-dell_server1)# network 10.1.1.0/24 OS10(config-dhcp-dell_server1)# range 10.1.1.2 10.1.1.
OS10(conf-if-eth1/1/4)# ip address dhcp OS10(conf-if-eth1/1/4)# end DHCP snooping switch as relay agent This example uses a simple topology with a DHCP snooping switch configured as a DHCP relay agent. A DHCP server and a DHCP client are connected to the snooping switch through different VLANs. A rouge DHCP server attempts to pose as a legitimate DHCP server.
OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# switchport access vlan 100 exit ethernet 1/1/3 no shutdown switchport access vlan 100 end DHCP server OS10# configure terminal OS10(config)# ip dhcp server OS10(config-dhcp)# no disable OS10(config-dhcp)# pool dell_1 OS10(config-dhcp-dell_1)# network 10.1.1.0/24 OS10(config-dhcp-dell_1)# range 10.1.1.2 10.1.1.
SW 1 DHCP snooping configuration • Enable DHCP snooping globally. OS10(config)# ip dhcp snooping Spanning tree configuration • Enable a Spanning Tree Protocol. OS10(config)# spanning-tree mode rstp VLAN configuration • Create a VLAN. OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no shutdown VLT configuration Create a VLT domain and configure VLTi.
3 Specify the management IP address of the VLT peer as a backup link. 4 Configure VLT port channels. VLT port channel to VM OS10(conf-vlt-1)# backup destination 10.10.10.
OS10(conf-range-eth1/1/4-1/1/5)# no switchport OS10(conf-range-eth1/1/4-1/1/5)# exit OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/4-1/1/5 3 Specify the management IP address of the VLT peer as a backup link. OS10(conf-vlt-1)# backup destination 10.10.10.1 4 Configure VLT port channels.
IPv4 Address MAC Address Expires(Sec) Type Interface VLAN ======================================================================================= 10.1.1.2 14:18:77:0d:05:e9 3600 D port-channel10 vlan100 DHCP snooping with DHCP relay agent in a VLT setup — Default VRF In this VLT setup, DHCP clients on the virtual machine are connected to SW1 and SW2 and acquire IP addresses from the DHCP server. The VLAN of both the client and the DHCP server are in the default VRF on SW 1 and SW 2.
• Create another VLAN and assign an IP address to it which can communicate with the DHCP server. OS10# configure terminal OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# no shutdown OS10(conf-if-vl-200)# ip address 10.2.1.1/24 OS10(conf-if-vl-200)# exit • Configure SW 1 as the DHCP relay agent for the hosts in the VM. The IP address that you specify here is the IP address of the DHCP server OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip helper-address 10.2.1.
DHCP snooping configuration • Enable DHCP snooping globally. OS10(config)# ip dhcp snooping Spanning tree configuration • Enable a Spanning Tree Protocol. OS10(config)# spanning-tree mode rstp VLAN configuration • Create a VLAN and assign an IP address to it which acts as the gateway for the VMs. OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no shutdown OS10(conf-if-vl-100)# ip address OS10(conf-if-vl-100)# ip address 10.1.1.
OS10(conf-if-eth1/1/2-1/1/3)# no shutdown OS10(conf-if-eth1/1/2-1/1/3)# channelgroup 10 SW 2 to DHCP server configuration OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# description SW2ToDHCP-Server OS10(conf-if-po-20)# vlt-port-channel 20 OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# switchport trunk allowed vlan 100,200 OS10(conf-if-po-20)# ip dhcp snooping trust OS10(conf-if-po-20)# exit OS10(config)# interface ethernet 1/1/1,1/1/6 OS10(conf-if-eth1/1/1,1/1/6)# no shutdown
======================================================================================= 10.1.1.3 14:18:77:0d:05:e9 3600 D port-channel10 Dynamic ARP inspection Dynamic Address Resolution Protocol (ARP) Inspection (DAI) is a security feature that protects LAN networks from man-in-the-middle ARP spoofing attacks. When you enable DAI, the switch intercepts ARP packets on DAI-enabled VLANs.
Bypass Dynamic ARP Inspection on an interface • Use the following command in INTERFACE mode of a physical or port-channel interface: arp inspection-trust Clear DAI statistics • Clear DAI statistics in EXEC mode. clear ip arp inspection statistics [vlan vlan-name] View DAI database • View DAI database in EXEC mode show ip arp inspection database [vlan vlan-name] Use the vlan option to view DAI database for a specific VLAN.
Source Address Validation Source Address Validation (SAV) is a security feature which helps switches to permit IP traffic only from the clients present in the DHCP snooping binding table. When you enable SAV, the switch compares the source IP and MAC addresses in the packet with the DHCP snooping binding table. If there is a match, the device forwards the packet. If there is no match, it drops the packet. SAV is disabled by default.
Use the vlan option to optionally specify SAV for one or more VLANs. The range is from 1 to 4093. If you do not specify the vlan option, SAV is enabled on all VLANs of an interfaces. Enable source IP and MAC address validation • Enable source IP and MAC address validation in INTERFACE mode. ip dhcp snooping source-address-validation ipmac [vlan vlan-name] Use the VLAN option to optionally specify SAV for one or more VLANs. The range is from 1 to 4093.
Example OS10(conf-dhcp)# no disable Supported Releases 10.2.0E or later dns-server address Assigns a DNS server to clients based on the address pool. Syntax Parameters dns-server address [address2...address8] • address — Enter the DNS server IP address that services clients on the subnet in A.B.C.D or A::B format. • address2...address8 — (Optional) Enter up to eight DNS server addresses, in order of preference.
Example OS10(conf-dhcp-static)# hardware-address 00:01:e8:8c:4d:0a Supported Releases 10.2.0E or later host Assigns a host to a single IPv4 or IPv6 address pool for manual configurations. Syntax host A.B.C.D/A::B Parameters A.B.C.D/A::B — Enter the host IP address in A.B.C.D or A::B format. Default Not configured Command Mode DHCP-POOL Usage Information The host address is the IP address that a client machine uses for DHCP. Example OS10(conf-dhcp-Dell)# host 20.1.1.
Usage Information The DHCP server is supported only on L3 interfaces. After you configure an IP helper address, the address forwards UDP broadcasts to the DHCP server. You can configure multiple helper addresses on an interface by repeating the same command for each DHCP server address. The no version of this command returns the value to the default.The client-facing and server-facing interfaces must be in the same VRF.
Example (Infinite) OS10(conf-dhcp-Dell)# lease infinite Supported Releases 10.2.0E or later netbios-name-server address Configures a NetBIOS WINS server which is available to DHCP clients. Syntax netbios-name-server ip-address [address2...address8] Parameters ip-address — Enter the address of the NetBIOS WINS server. address2...address8 — (Optional) Enter additional server addresses.
Default Not configured Command Mode DHCP-POOL Usage Information Use the network command to configure the IPv4 or IPv6 subnet address from which the DHCP server may assign addresses. The prefix length for the mask is 18 to 31 bits. Example OS10(config-dhcp-Dell)# network 20.1.1.1/24 Supported Releases 10.2.0E or later pool Configures an IP address pool name. Syntax pool pool-name Parameters pool-name — Enter the DHCP server pool name.
show ip dhcp binding Displays the DHCP binding table with IPv4 addresses. Syntax show ip dhcp binding Parameters None Default Not configured Command Mode EXEC Usage Information After configuring a static IP-to-MAC address mapping with the host and hardware-address commands in DHCP POOL mode, use this command to verify the single manual binding for a host in the DHCP binding table.
Usage Information NOTE: Dell EMC Networking recommends configuring the arp inspection-trust command on the DHCP snooping trusted interfaces when DAI is enabled for a VLAN. This command is accessible to users with sysadmin and secadmin roles. Example OS10(conf-if-eth1/1/33)# arp inspection-trust Supported Release 10.5.0.0 or later arp inspection violation logging Enables Dynamic ARP Inspection (DAI) on a VLAN.
clear ip dhcp snooping binding Clears the dynamic entries in the DHCP snooping binding table. Syntax clear ip dhcp snooping binding [mac mac-address] [vlan vlan-id] [interface {ethernetslot/port/sub-port> | port-channel port-channel-id}] Parameters • mac mac-address—Enter mac and the MAC address of the host to which the server is leasing the IP address. • vlan vlan-id—Enter vlan and the VLAN ID. The range is from 1 to 4093. • interface type—Enter interface and the interface type information.
Example OS10(config)# ip dhcp snooping Supported Releases 10.5.0.0 or later or later ip dhcp snooping (interface) Enables DHCP snooping on a VLAN. Syntax ip dhcp snooping Parameters None Defaults Enabled if enabled globally Command Mode INTERFACE VLAN Usage Information When you enable this feature, the switch begins to monitor all transactions between DHCP servers and DHCP clients and use the information to build the DHCP snooping binding table.
Before creating a static entry for a VLAN, create the VLAN. If you do not create a VLAN before creating a static entry, the system displays an error message. Before deleting a port-channel or VLAN, remove any associated DHCP snooping entries. This command is accessible to users with sysadmin and secadmin roles. The no version of this command deletes the static entry from the DHCP snooping binding table. Example OS10(config)# ip dhcp snooping binding mac 00:04:96:70:8a:12 vlan 100 ip 100.1.1.
Supported Releases 10.5.0.0 or later show ip arp inspection database Displays the contents of the DAI database. Syntax show ip arp inspection database Parameters None Defaults None Command Mode EXEC Usage Information This command displays the list of snooped hosts from which ARP packets were processed. Example OS10# show ip arp inspection database Number of entries : 3 Address Hardware Address Interface VLAN -----------------------------------------------------------------------------55.2.1.
show ip arp inspection logging Displays violated ARP packet information about DAI-enabled VLANs. Syntax show ip arp inspection logging Defaults None Command Mode EXEC Example Total Number of Clients : 0 New Clients learnt in current Interval : 0 Invalid ARP packets in current interval : 0 Address Hw-Address Port VLAN First-detected-time Packet-count ---------------------------------------------------------------------------------------10.1.1.
ip domain-list Adds a domain name to the DNS list. Syntax Parameters ip domain-list [vrf vrf-name] [server-name] name • vrf vrf-name — (Optional) Enter vrf and then the name of the VRF to add a domain name to the DNS list corresponding to that VRF. • server-name — (Optional) Enter the server name to add a domain name to the DNS list. • name — Enter the name of the domain to append to the DNS list.
• host-name — (Optional) Enter the name of the host. • address — Enter an IPv4 or IPv6 address of the name server in A.B.C.D or A::B format. Default Not configured Command Mode CONFIGURATION Usage Information The name-to-IP address table uses this mapping information to resolve host names. The no version of this command disables the mapping. Example OS10(config)# ip host dell 1.1.1.1 Supported Releases 10.2.
============================================= Static Host to IP mapping Table ============================================= Host IP-Address --------------------------------------------dell-pc1 20.1.1.1 Supported Releases 10.2.0E or later IPv4 DHCP limitations This section lists the DHCP limitations. IPv4 DHCP asymmetric routing OS10 does not support DHCP relay with IPv4 asymmetric routing. OS10 supports DHCP relay with IPv6 asymmetric routing. The DHCP relay agent listens on the best DHCP server path.
8 Interfaces You can configure and monitor physical interfaces (Ethernet), port-channels, and virtual local area networks (VLANs) in Layer 2 (L2) or Layer 3 (L3) modes. Table 7.
Figure 1. S4148U-ON unified port groups To enable Ethernet interfaces in a unified port group: 1 Configure a unified port group in CONFIGURATION mode. Enter 1/1 for node/slot. The port-group range depends on the switch. port-group node/slot/port-group 2 Activate the unified port group for Ethernet operation in PORT-GROUP mode. To activate a unified port group in Fibre Channel mode, see Fibre Channel interfaces. The available options depend on the switch.
Each pair of odd and even numbered ports is configured as a port group. For example: hybrid-group port-group1/1/1 profile restricted port-group1/1/2 restricted port-group1/1/3 restricted . . .
OS10(conf-pg-1/1/2)# exit OS10(config)# interface ethernet 1/1/3:2 OS10(conf-if-eth1/1/3:2)# View the interface OS10(config)# interface ethernet 1/1/3:2 OS10(conf-if-eth1/1/3:2)# show configuration ! interface ethernet1/1/3:2 no shutdown Port-groups on S5200F-ON switches On the S5200F-ON series switches, port-groups determine the available front-panel Ethernet ports and supported breakout interfaces.
Port Group Ports Port-group1/1/6 15 Supported breakout modes • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x The following shows the supported port groups and breakout modes on the S5224F-ON switch: OS10# show port-group Port-group port-group1/1/1 port-group1/1/2 port-group1/1/3 port-group1/1/4 port-group1/1/5 port-group1/1/6 port-group1/1/7 port-group1/1/8 port-group1/1/9 port-group1/1/10 Mode Eth 10g-4x Eth 10g-4x Eth 10g-4x Eth 10g-4x Eth 10g-4x Eth 10g-4x Eth 100g-1x Eth 100g-1x Eth 100g-1x Eth 100
Port Group Ports Port-group1/1/9 27 Port-group1/1/10 28 Supported breakout modes • • 25g-4x 10g-4x • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x The following shows the supported port groups and breakout modes on the S5248F-ON switch: OS10# show port-group Port-group Mode Ports port-group1/1/1 Eth 25g-4x 1 2 3 4 port-group1/1/2 Eth 25g-4x 5 6 7 8 port-group1/1/3 Eth 25g-4x 9 10 11 12 port-group1/1/4 Eth 25g-4x 13 14 15 16 port-group1/1/5 Eth 25g-4x 1
Port Group Ports Port-group1/1/5 17, 18, 19, 20 Port-group1/1/6 21, 22, 23, 24 Port-group1/1/7 25, 26, 27, 28 Port-group1/1/8 29, 30, 31, 32 Port-group1/1/9 33, 34, 35, 36 Port-group1/1/10 37, 38, 39, 40 Port-group1/1/11 41, 42, 43, 44 Port-group1/1/12 45, 46, 47, 48 Port-group1/1/13 49, 50 Port-group1/1/14 51, 52 Port-group1/1/15 53 Port-group1/1/16 54 208 Interfaces Supported breakout modes • • 25g-4x 10g-4x • • 25g-4x 10g-4x • • 25g-4x 10g-4x • • 25g-4x 10g-4x • • 25g
Port Group Ports Port-group1/1/17 55 Port-group1/1/18 56 Supported breakout modes • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x The following shows the supported port groups and breakout modes on the S5296F-ON switch: OS10# show port-group Port-group port-group1/1/1 port-group1/1/2 port-group1/1/3 port-group1/1/4 port-group1/1/5 port-group1/1/6 port-group1/1/7 port-group1/1/8 port-group1/1/9 port-group1/1/10 port-group1/1/11 port-group1/1/12 port-group
Port Group Ports Port-group1/1/3 9, 10, 11, 12 Port-group1/1/4 13, 14, 15, 16 Port-group1/1/5 17, 18, 19, 20 Port-group1/1/6 21, 22, 23, 24 Port-group1/1/7 25, 26, 27, 28 Port-group1/1/8 29, 30, 31, 32 Port-group1/1/9 33, 34, 35, 36 Port-group1/1/10 37, 38, 39, 40 Port-group1/1/11 41, 42, 43, 44 Port-group1/1/12 45, 46, 47, 48 Port-group1/1/13 49, 50, 51, 52 Port-group1/1/14 53, 54, 55, 56 Port-group1/1/15 57, 58, 59, 60 Port-group1/1/16 61, 62, 63, 64 Port-group1/1/17 65, 66,
Port Group Ports Port-group1/1/19 73, 74, 75, 76 Port-group1/1/20 77, 78, 79, 80 Port-group1/1/21 81, 82, 83, 84 Port-group1/1/22 85, 86, 87, 88 Port-group1/1/23 89, 90, 91, 92 Port-group1/1/24 93, 94, 95, 96 Port-group1/1/25 97 Port-group1/1/26 98 Port-group1/1/27 99 Port-group1/1/28 100 Port-group1/1/29 101 Supported breakout modes • 10g-4x • • 25g-4x 10g-4x • • 25g-4x 10g-4x • • 25g-4x 10g-4x • • 25g-4x 10g-4x • • 25g-4x 10g-4x • • 25g-4x 10g-4x • • • • • 100g-1x 50
Port Group Ports Port-group1/1/30 102 Port-group1/1/31 103 Port-group1/1/32 104 Supported breakout modes • 10g-4x • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x To configure breakout modes: 1 Configure a port group in CONFIGURATION mode. Enter 1/1 for node/slot and the port group number. port-group node/slot/port-group 2 Configure the breakout mode in PORT-GROUP mode.
10000 Set speed to 10000 Mbps auto Automatic Settings (default) OS10(conf-if-eth1/1/1:1)# speed 1000 L2 mode configuration Each physical Ethernet interface uses a unique MAC address. Port-channels and VLANs use a single MAC address. By default, all the interfaces operate in L2 mode. From L2 mode you can configure switching and L2 protocols, such as VLANs and Spanning-Tree Protocol (STP) on an interface. Enable L2 switching on a port interface in Access or Trunk mode.
OS10(conf-if-eth1/1/9)# ip address 10.10.1.92/24 OS10(conf-if-eth1/1/9)# no shutdown View L3 configuration error OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip address 1.1.1.1/24 % Error: remove Layer 2 configuration before assigning an IP Fibre Channel interfaces OS10 unified port groups support FC interfaces. A unified port group operates in Fibre Channel or Ethernet mode. To activate FC interfaces, configure a port group to operate in Fibre Channel mode and specify the port speed.
Configure FC interface OS10(config)# port-group 1/1/15 OS10(conf-pg-1/1/15)# mode FC 16g-4x OS10(conf-pg-1/1/15)# exit OS10(config)# interface fibrechannel 1/1/43:1 OS10(conf-if-fc-1/1/43:1)# speed 32 OS10(conf-if-fc-1/1/43:1)# no shutdown View FC interface OS10(config)# interface fibrechannel 1/1/43:1 OS10(conf-if-fc-1/1/43:1)# show configuration ! interface fibrechannel1/1/43:1 no shutdown speed 32 vfabric 100 OS10# show interface fibrechannel 1/1/43:1 Fibrechannel 1/1/43:1 is up, FC link is up Address is
show interface phy-eth interface transceiver | grep "Tunable wavelength" OS10# show interface phy-eth 1/1/14 transceiver | grep "Tunable wavelength" SFP1/1/14 Tunable wavelength= 1530.000nm NOTE: To specify the wavelength value, you must enter exactly six digits - four before and two after the decimal point. The value must conform to the following format: ABCD.EF; for example, 1545.23. Any number that does not conform to this format is rejected including whole numbers such as 1568.
Configure VLAN OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ip address 1.1.1.2/24 You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. User-configured default VLAN By default, VLAN1 serves as the default VLAN for switching untagged L2 traffic on OS10 ports in Trunk or Access mode. The default VLAN is used for untagged protocol traffic sent and received between switches, such as STPs.
Apply VLAN scale profile OS10(config)# scale-profile vlan OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# mode L3 Loopback interfaces A Loopback interface is a virtual interface where the software emulates an interface. Because a Loopback interface is not associated to physical hardware entities, the Loopback interface status is not affected by hardware status changes. Packets routed to a Loopback interface process locally to the OS10 device.
Member ports of a LAG are added and programmed into the hardware based on the port ID, instead of the order the ports come up. Load balancing yields predictable results across resets and reloads. Create port-channel You can create a maximum of 128 port-channels, with up to 32 port members per group. Configure a port-channel similarly to a physical interface, enable or configure protocols, or ACLs to a port channel. After you enable the port-channel, place it in L2 or L3 mode.
LACP enables ports to dynamically bundle as members of a port-channel. To configure a port for LACP operation, use the channelgroup mode {active|passive} command. Active and Passive modes allow LACP to negotiate between ports to determine if they can form a port channel based on their configuration settings.
Delete port-channel OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# no interface port-channel 10 Load balance traffic Use hashing to load balance traffic across member interfaces of a port-channel. Load balancing uses source and destination packet information to distribute traffic over multiple interfaces when transferring data to a destination. For packets without an L3 header, OS10 automatically uses the load-balancing mac—selection destination-mac command for hash algorithms by default.
Configure interface ranges Bulk interface configuration allows you to apply the same configuration to multiple physical or logical interfaces, or to display their current configuration. An interface range is a set of interfaces that you apply the same command to. You can use interface ranges for: • Ethernet physical interfaces • Port channels • VLAN interfaces A bulk configuration includes any non-existing interfaces in an interface range from the configuration.
To change the port profile at the next reboot, use the switch-port-profile command with the desired profile, save it to the startup configuration, and use the reload command to apply the changes. 1 Configure a platform-specific port profile in CONFIGURATION mode. For a standalone switch, enter 1/1 for node/unit. switch-port-profile node/unit profile 2 Save the port profile change to the startup configuration in EXEC mode. write memory 3 Reload the switch in EXEC mode.
• 100GE mode is a QSFP28 port. NOTE: For S4148U-ON port profiles with both unified and Ethernet ports, see S4148U-ON port profiles. An S4148U-ON unified port supports Fibre Channel and Ethernet modes. For example, profile-1 enables 10G speed on forty-eight ports (1-24 and 31-54), and 4x10G breakouts on QSFP28 ports 25-26 and 29-30; QSFP+ ports 27 and 28 are deactivated. profile-3 enables 10G speed on forty ports, and 4x10G breakouts on all QSFP28 and QSFP+ ports.
• • 10GE mode is an SFP+ 10GE port or a 4x10G breakout of a QSFP+ port. 40GE mode is a QSFP+ port. For example, all S4148U-ON activate support 10G speed on unified ports 1-24 and Ethernet ports 31-54, but only profile-1 and profile-2 activate QSFP+ ports 27-28 in 40GE mode with 4x10G breakouts. Similarly, all S4148U-ON profiles activate 8GFC speed on unified ports 1-24, but only profile-1, profile-2, and profile-3 activate 2x16GFC in port groups 1-6.
To disable negotiation, use the following command: negotiation off To reset the negotiation mode to the default setting of the media you use, use one of the following commands: negotiation auto no negotiation The following examples show that the nondefault configuration is added to the running configuration: OS10(conf-if-eth1/1/50)# negotiation off OS10(conf-if-eth1/1/50)# show configuration ! interface ethernet1/1/50 no shutdown switchport access vlan 1 negotiation off flowcontrol receive on OS10(conf-if-e
Configure breakout mode Using a supported breakout cable, you can split a 40GE QSFP+ or 100GE QSFP28 Ethernet port into separate breakout interfaces. All breakout interfaces have the same speed. You can set a QSFP28 port to operate in 40GE mode with a QSFP+ transceiver. interface breakout node/slot/port map {10g-4x | 25g-4x | 40g-1x | 50g-2x | 100g-1x} • node/slot/port — Enter the physical port information. • 10g-4x — Split a QSFP28 or QSFP+ port into four 10G interfaces.
Before you plug a cable in Ethernet port 1/1/25: OS10# show interface status -----------------------------------------------------------------Port Description Status Speed Duplex Mode Vlan Tagged-Vlans -----------------------------------------------------------------Eth 1/1/1 down 0 auto Eth 1/1/2 down 0 auto A 1 Eth 1/1/25 down 0 auto A 1 Eth 1/1/29 down 0 auto A 1 After you enter feature auto-breakout and plug a breakout cable in Ethernet port 1/1/25: OS10# show interface status --------------------------
Reset default Ethernet configuration OS10(conf-if-eth1/1/2)# show configuration ! interface ethernet 1/1/2 no shutdown no switchport negotiation on ip address 1.2.3.4/24 ip address 2.2.2.2/24 secondary ip address 3.3.3.
Configure FEC OS10(config)# interface ethernet 1/1/41 OS10(conf-if-eth1/1/41)# fec CL91-RS View FEC configuration OS10# show interface ethernet 1/1/41 Ethernet 1/1/41 is up, line protocol is up Hardware is Dell EMC Eth, address is e4:f0:04:3e:1a:06 Current address is e4:f0:04:3e:1a:06 Pluggable media present, QSFP28 type is QSFP28_100GBASE_CR4_2M Wavelength is 64 Receive power reading is Interface index is 17306108 Internet address is not set Mode of IPv4 Address Assignment: not set Interface IPv6 oper stat
Changing the EEE configuration resets the interface because the device restarts Layer 1 auto-negotiation. You may want to enable Link Layer Discovery Protocol (LLDP) for devices that require longer wake-up times before they are able to accept data on their receive paths. Doing so enables the device to negotiate extended system wake-up times from the transmitting link partner. Enable energy-efficient Ethernet EEE is disabled by default. To reduce power consumption, enable EEE.
Eth Eth Eth Eth 1/1/49 1/1/50 1/1/51 1/1/52 n/a n/a n/a n/a View EEE statistics for a specified interface OS10# show interface ethernet 1/1/48 eee statistics Eth 1/1/48 EEE : on TxIdleTime(us) : 2560 TxWakeTime(us) : 5 Last Clearing : 18:45:53 TxEventCount : 0 TxDuration(us) : 0 RxEventCount : 0 RxDuration(us) : 0 View EEE statistics on all interfaces OS10# show interface eee statistics Port EEE TxEventCount TxDuration(us) RxEventCount RxDuration(us) ------------------------------------------------------
Default Not configured Command Mode EXEC Usage Information None Example OS10# clear counters interface 1/1/48 eee Clear eee counters on ethernet1/1/48 [confirm yes/no]:yes Supported Releases 10.3.0E or later eee Enables or disables energy-efficient Ethernet (EEE) on physical ports. Syntax eee Parameters None Default Enabled on Base-T devices and disabled on S3048-ON and S4048T-ON switches. Command Mode Interface Usage Information To disable EEE, use the no version of this command.
show interface eee statistics Displays EEE statistics for all interfaces. Syntax show interface eee statistics Parameters None Default Not configured Command Mode EXEC Example OS10# show interface eee statistics Port EEE TxEventCount TxDuration(us) RxEventCount RxDuration(us) -----------------------------------------------------------------------------Eth 1/1/1 off 0 0 0 0 ... Eth 1/1/47 on 0 0 0 0 Eth 1/1/48 on 0 0 0 0 Eth 1/1/49 n/a ... Eth 1/1/52 n/a Supported Releases 10.3.
EEE TxIdleTime(us) TxWakeTime(us) Last Clearing TxEventCount TxDuration(us) RxEventCount RxDuration(us) Supported Releases : : : : : : : : on 2560 5 18:45:53 0 0 0 0 10.3.0E or later View interface configuration To view basic interface information, use the show interface, show running-configuration, and show interface status commands. Stop scrolling output from a show command by entering CTRL+C.
Output 0 Mbits/sec, 0 packets/sec, 0% of line rate Time since last interface status change: 02:46:36 Ethernet 1/1/2 is up, line protocol is up Hardware is Eth, address is 00:0c:29:66:6b:94 Current address is 00:0c:29:66:6b:94 Pluggable media present, QSFP+ type is QSFP+ 40GBASE CR4 Wavelength is 64 Receive power reading is 0.
! interface ethernet1/1/2 no ip address shutdown ! interface ethernet1/1/3 no ip address shutdown ! interface ethernet1/1/4 no ip address shutdown ... View L3 interfaces OS10# show ip interface brief Interface Name IP-Address OK Method Status Protocol ========================================================================================= Ethernet 1/1/1 unassigned NO unset up down Ethernet 1/1/2 unassigned YES unset up up Ethernet 1/1/3 3.1.1.1/24 YES manual up up Ethernet 1/1/4 4.1.1.
23 24 25 26 27 28 29 30 Active Inactive Inactive Inactive Inactive Inactive Inactive Inactive A Eth1/1/2 Digital optical monitoring The digital optical monitoring (DOM) feature monitors the digital optical media for temperature, voltage, bias, transmission power (Tx), and reception power (Rx). This feature also generates event logs, alarms, and traps for any fluctuations, when configured thresholds are reached.
Alarm Category Alarm Name Traps Generated? Severity Level Rx low warning N Minor You can enable or disable the DOM feature, configure traps, and view the DOM status. Enable DOM and DOM traps To generate DOM alarms, do the following. 1 Enable DOM. OS10(config)# dom enable 2 Enable DOM traps. OS10(config)# snmp-server enable traps dom You can run the show alarms command in EXEC mode to view any alarms that are generated.
3.6.1.4.1.674.11000.5000.100.4.1.3.2.4 = INTEGER: 1 iso.3.6.1.4.1.674.11000.5000.100.4.1.3.2.2 = STRING: "SET media 1/1/21 high threshold crossed, 6.00:3.63" iso. 3.6.1.4.1.674.11000.5000.100.4.1.3.2.5 = INTEGER: 21 Interface commands channel-group Assigns an interface to a port-channel group. Syntax channel-group channel-number mode {active | on | passive} Parameters • channel-number — Enter a port-channel number, from 1 to 128. • mode — Sets LACP Actor mode.
• An Ethernet interface is assigned to the default VLAN. The default interface command removes all software settings and all L3, VLAN, and port-channel configurations on a physical interface. You must manually remove configured links to the interface from other software features; for example, if you configure an Ethernet interface as a discovery interface in a VLT domain. Enter multiple interfaces in a comma-separated string or a port range using the default interface range command.
! interface ethernet1/1/3 no shutdown no switchport ip address 192.28.43.1/31 ipv6 address 2000:28:43::28:43:1/127 ! interface ethernet1/1/4 no shutdown no switchport ip address 192.41.43.1/31 ipv6 address 2000:41:43::41:43:1/127 OS10(conf-range-eth1/1/1-1/1/4)# exit OS10(config)# default interface range ethernet 1/1/1,1/1/2-1/1/4 Proceed to cleanup interface range config? [confirm yes/no]:yes Mar 5 22:21:12 OS10 dn_l3_core_services[590]: Node.1-Unit.
default vlan-id Reconfigures the VLAN ID of the default VLAN. Syntax default vlan-id vlan-id Parameters vlan-id — Enter the default VLAN ID number, from 1 to 4093. Default VLAN1 Command Mode CONFIGURATION Usage Information By default, VLAN1 serves as the default VLAN for switching untagged L2 traffic on OS10 ports in Trunk or Access mode. If you use VLAN1 for network-specific data traffic, reconfigure the VLAN ID of the default VLAN.
• Spaces between characters are not preserved after entering this command unless you enclose the entire description in quotation marks; for example, “text description”. • Enter a text string after the description command to overwrite any previously configured text string. • Use the show running-configuration interface command to view descriptions configured for each interface. • The no version of this command deletes the description.
enable dom traps Enables DOM traps if the specified parameter crosses the defined threshold three times. Syntax snmp-server enable traps dom {temperature | voltage | rx-power | tx-power | bias} Parameters temperature | voltage | rx-power | tx-power | bias — Enter the keyword to enable DOM traps for the specified category. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the DOM traps.
Defaults • off — Disables FEC • For 25G and 50G interfaces: off • For 100G interfaces: CL91-RS Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example OS10(config)# interface ethernet 1/1/41 OS10(conf-if-eth1/1/41)# fec CL91-RS Supported Releases 10.3.0E or later interface breakout Splits a front-panel Ethernet port into multiple breakout interfaces.
Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the interface. Example OS10(config)# interface ethernet 1/1/10:1 OS10(conf-if-eth1/1/10:1)# Supported Releases 10.2.0E or later interface loopback Configures a Loopback interface. Syntax interface loopback id Parameters id — Enter the Loopback interface ID number, from 0 to 16383.
Default 0 Command Mode CONFIGURATION Usage Information You cannot delete the Null interface. The only configuration command possible in a Null interface is ip unreachables. Example OS10(config)# interface null 0 OS10(conf-if-nu-0)# Supported Releases 10.3.0E or later interface port-channel Creates a port-channel interface. Syntax interface port-channel channel-id Parameters channel-id — Enter the port-channel ID number, from 1 to 128.
• You can only use VLAN and port-channel interfaces created using the interface vlan and interface port-channel commands. • You cannot create virtual VLAN or port-channel interfaces using the interface range command. • The no version of this command deletes the interface range. Example OS10(config)# interface range ethernet 1/1/7-1/1/24 OS10(conf-range-eth1/1/7-1/1/24)# Supported Releases 10.2.0E or later interface vlan Creates a VLAN interface.
mode Configures a front-panel unified port group to operate in Fibre Channel or Ethernet mode, or a QSFP28-DD or QSFP28 port group to operate in Ethernet mode, with the specified speed on activated interfaces.
Supported Releases 10.3.1E or later mode l3 Enables L3 routing on a VLAN after you configure the VLAN scale profile. Syntax mode l3 Parameters None Defaults Not configured Command Mode INTERFACE VLAN Usage Information To configure the VLAN scale profile, use the scale-profile vlan command. The scale profile globally applies L2 mode on all VLANs you create and disables L3 transmission. To enable L3 routing traffic on a VLAN, use the mode L3 command.
For example, the VLAN contains tagged members with Link MTU of 1522 and IP MTU of 1500 and untagged members with Link MTU of 1518 and IP MTU of 1500. The VLAN’s Link MTU cannot be higher than 1518 bytes and its IP MTU cannot be higher than 1500 bytes. Example OS10(conf-if-eth1/1/7)# mtu 3000 Supported Releases 10.2.0E or later negotiation Configures a negotiation mode on an interface. Syntax negotiation {auto | on | off} Parameters auto — Sets the negotiation mode to the default setting.
switchport access vlan 1 negotiation on flowcontrol receive on OS10(conf-if-eth1/1/50)# no negotiation OS10(conf-if-eth1/1/50)# show configuration ! interface ethernet1/1/50 no shutdown switchport access vlan 1 flowcontrol receive on OS10(conf-if-eth1/1/50)# do show interface ethernet 1/1/50 Ethernet 1/1/50 is up, line protocol is up Hardware is Eth, address is e4:f0:04:3e:2d:86 Current address is e4:f0:04:3e:2d:86 Pluggable media present, QSFP28 type is QSFP28 100GBASE-CR4-2.
port-group Configures a group of front-panel unified ports, or a double-density QSFP28 (QSFP28-DD) or single-density QSFP28 port group. Syntax port-group node/slot/port-group Parameters • node/slot — Enter 1/1 for node/slot when you configure a port group. • port-group — Enter the port-group number, from 1 to 16. The available port-group range depends on the switch.
Example OS10(config)# port-group 1/1/2 OS10(conf-pg-1/1/2)# profile restricted Supported releases 10.4.3.0 or later scale-profile vlan Configures the L2 VLAN scale profile on a switch. Syntax scale-profile vlan Parameters None Defaults Not configured Command Mode CONFIGURATION Usage Information Use the VLAN scale profile when you scale the number of VLANs so that the switch consumes less memory. Enable the scale profile before you configure VLANs on the switch.
Receive power reading is 0.
Queuing strategy: fifo Input statistics: 0 packets, 0 octets Output statistics: 0 packets, 0 octets Time since last interface status change: 00:05:15 Supported Releases 10.2.0E or later show interface transceiver “Tunable wavelength” Display the configured wavelength value of the optical interface. Syntax show interface phy-eth interface transceiver | grep “Tunable wavelength” Parameters interface — Specify the interface corresponding to which you want to view the optical wavelength details.
1/1/15 1/1/16 1/1/17 1/1/18 ... Supported Releases SFP+ SFP+ SFP+ SFP+ SFP+ SFP+ SFP+ SFP+ 10GBASE 10GBASE 10GBASE 10GBASE SR SR SR SR AK60QJN AL30KWM AQ22DMB AQM146U false true true true 10.2.0E or later show link-bundle-utilization Displays information about the link-bundle utilization.
OS10(conf-range-eth1/1/12-1/1/13,1/1/15,1/1/17-1/1/18)# do show port-channel summary Flags: D - Down U - member up but inactive P - member up and active U - Up (port-channel) Group Port-Channel Type Protocol Member Ports 22 port-channel22 (U) Eth STATIC 1/1/10(P) 1/1/11(P) 1/1/14(P) 1/1/16(P) 1/1/19(P) 23 port-channel23 (D) Eth STATIC Supported Releases 10.2.0E or later show port-group Displays the current port-group configuration on a switch.
show switch-port-profile Displays the current and default port profile on a switch. Syntax show switch-port-profile node/slot Parameters • node/slot — Enter the switch information. For a standalone switch, enter 1/1. Default profile-1 Command Mode EXEC Usage Information A switch-port profile determines the available front-panel ports and breakout modes on Ethernet and unified ports. To display the current port profile, use the show switch-port-profile command.
Hardware Revision Software Version Physical Ports BIOS System CPLD Master CPLD Slave CPLD Supported Releases : X01 : 10.5.0.0 : 48x10GbE, 2x40GbE, 4x100GbE : 3.33.0.0-3 : 0.4 : 0.10 : 0.7 10.4.3.0 or later show vlan Displays the current VLAN configuration. Syntax show vlan [vlan-id] Parameters vlan-id — (Optional) Enter a VLAN ID, from 1 to 4093.
speed (Fibre Channel) Configures the transmission speed of a Fibre Channel interface. Syntax speed {8 | 16 | 32 | auto} Parameters Set the speed of a Fibre Channel interface to: • 8 — 8GFC • 16 — 16GFC • 32 — 32GFC • auto — Set the port speed to the speed of the installed media. Defaults Auto Command Mode INTERFACE Usage Information The speed command is supported only on Management and Fibre Channel interfaces. This command is not supported on Ethernet interfaces.
• The no version of this command resets the port speed to the default value auto. Example OS10(conf-if-ma-1/1/1)# speed auto Supported Releases 10.3.0E or later switch-port-profile Configures a port profile on the switch. The port profile determines the available front-panel ports and breakout modes. Syntax Parameters switch-port-profile node/unit profile • node/unit — Enter switch information. For a standalone switch, enter 1/1. • profile — Enter the name of a platform-specific profile.
◦ QSFP28 unified ports 26 and 30 operate in Ethernet 40GE mode by default and support 4x10G breakouts. QSFP28 ports 26 and 30 support 1x32GFC, 2x16GFC, and 4x8GFC in FC mode. ◦ QSFP+ Ethernet ports operate at 40GE by default and support 4x10G breakouts. ◦ SFP+ Ethernet ports operate at 10GE. – profile-2 — SFP+ unified ports (1-24), QSFP28 unified ports (25-26 and 29-30), QSFP+ Ethernet ports (27-28), and SFP+ Ethernet ports (31-54) are enabled.
OS10(config)# do write memory OS10(config)# do reload Supported Releases 10.3.0E or later switchport access vlan Assigns access VLAN membership to a port in L2 Access or Trunk mode. Syntax switchport access vlan vlan-id Parameters vlan vlan-id — Enter the VLAN ID number, from 1 to 4093. Default VLAN 1 Command Mode INTERFACE Usage Information This command enables L2 switching for untagged traffic and assigns a port interface to default VLAN1.
Supported Releases 10.2.0E or later switchport trunk allowed vlan Configures the tagged VLAN traffic that a L2 trunk interface can carry. An L2 trunk port has no tagged VLAN membership and does not transmit tagged traffic. Syntax switchport trunk allowed vlan vlan-id-list Parameters vlan-id-list — Enter the VLAN numbers of the tagged traffic that the L2 trunk port can carry. Commaseparated and hyphenated VLAN number ranges are supported.
9 Fibre Channel OS10 switches with Fibre Channel (FC) ports operate in one of the following modes: Direct attach (F_Port), NPIV Proxy Gateway (NPG), or FIP Snooping Bridge (FSB). In the FSB mode, you cannot use the FC ports. F_Port Fibre Channel fabric port (F_Port) is the switch port that connects the FC fabric to a node. S4148U-ON switches support F_Port. Enable Fibre Channel F_Port mode globally using the feature fc domain-ID domain-ID command in CONFIGURATION mode.
Fibre Channel over Ethernet Fibre Channel over Ethernet (FCoE) encapsulates Fibre channel frames over Ethernet networks. FCoE Initialization protocol (FIP) establishes Fibre channel connectivity with Ethernet ports. FIP snooping bridge (FSB) implements security characteristics to admit valid FCoE traffic in the Ethernet networks. FIP and FCoE provide FC emulation over Ethernet links.
5 Configure the maximum number of ENode sessions to be allowed using the fcoe max-sessions-per-enodemac maxsession-number command in CONFIGURATION mode, from 1 to 64. NOTE: OS10 switches do not support multi-hop FIP snooping bridge (multi-hop FSB) capability; links to other FIP snooping bridges on a FIP snooping-enabled device (bridge-to-bridge links) are not supported.
-------------------------- ---- -------54:7f:ee:37:34:40 port-channel5 100 0e:fc:00 -------------- -------------4000 2 OS10# show fcoe enode Enode MAC Enode Interface VLAN FCFs Sessions ----------------- ---------------- ---- ---- -------d4:ae:52:1b:e3:cd ethernet1/1/54 100 1 5 Terminology ENode End Node or FCoE node FC Fibre Channel FC ID A 3-byte address used by FC to identify the end points FC Map A 3-byte prefix configured per VLAN, used to frame FCoE MAC address FCF Fibre Channel Forwarder
Example configuration of vfabric in F_Port mode OS10(config)# vfabric 100 OS10(conf-vfabric-100)# name 100 OS10(conf-vfabric-100)# vlan 1023 OS10(conf-vfabric-100)# fcoe fcmap 0xEFC64 OS10(conf-vfabric-100)# zoneset activate set OS10(conf-vfabric-100)# zone default-zone permit OS10(conf-vfabric-100)# exit OS10(config)# interface fibrechannel 1/1/1 OS10(conf-if-fc1/1/1)# vfabric 100 View vfabric configuration OS10(conf-vfabric-100)# show configuration ! vfabric 100 name 100 vlan 1023 fcoe fcmap 0xEFC64 zones
To configure a vfabric in NPG mode: 1 Configure a vfabric using the vfabric fabric-ID command in CONFIGURATION mode. The switch enters vfabric CONFIGURATION mode. 2 Associate a VLAN ID to the vfabric with the vlan vlan-ID command. 3 Add FCoE parameters with the fcoe {fcmap fc-map | fcf-priority fcf-priority-value | fka-adv-period adv-period | vlan-priority vlan-priority-value | keep-alive} command. 4 (Optional) Add a name to the vfabric using the name vfabric-name command.
can have a maximum of 255 unique members. Create zonesets and add the zones to a zoneset. A switch can have multiple zonesets, but you can activate only one zoneset at a time in a fabric. 1 (Optional) Create an FC alias using the fc alias alias-name command in CONFIGURATION mode. The switch enters Alias CONFIGURATION mode. 2 Add members to the alias using the member {wwn wwn-ID | fc-id fc-id} command in Alias CONFIGURATION mode. You can add a maximum of 255 unique members.
View FC zoneset configuration OS10(conf-fc-zoneset-set)# show configuration ! fc zoneset set member hba1 member hba2 OS10# show fc zoneset active vFabric id: 100 Active Zoneset: set ZoneName ZoneMember ================================================ hba2 *20:01:00:0e:1e:e8:e4:99 20:35:78:2b:cb:6f:65:57 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:1f hba1 *10:00:00:90:fa:b8:22:19 *21:00:00:24:ff:7b:f5:c8 OS10# show fc zoneset set ZoneSetName ZoneName ZoneMember ====================
FCoE LAG is the port-channel used for FIP and FCoE traffic in the intermediate switches between server and storage devices. VLT provides Active/Active LAN connectivity on converged links by forwarding traffic in multiple paths to multiple upstream devices without STP blocking any of the uplinks. This works for Ethernet traffic, but FCoE requires dedicated links for each SAN Fabric. FCoE traffic sent on VLT breaks SAN fabric isolation.
Fibre Channel
Sample FSB configuration on VLT network 1 Enable the FIP snooping feature globally. OS10(config)# feature fip-snooping 2 Create the FCoE VLAN. OS10(config)#interface vlan 1001 OS10(conf-if-vl-1001)# fip-snooping enable 3 Configure the VLTi interface. OS10(config)# interface ethernet 1/1/27 OS10(conf-if-eth1/1/27)# no shutdown OS10(conf-if-eth1/1/27)# no switchport 4 Configure the VLT. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.151.
OS10(conf-if-eth1/1/2)# service-policy input type network-qos PFC OS10(conf-if-eth1/1/2)# priority-flow-control mode on OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# ethernet 1/1/3 description downlink_port_channel_member1 no shutdown channel-group 20 mode active fcoe-pinned-port no switchport service-policy input type network-qos PFC priority-flow-control mode o
FCoE sessions: Enode MAC Enode Interface FCF MAC FCF interface VLAN FCoE MAC FC-ID PORT WWPN PORT WWNN -------------------------------------------------------------------------------------------------------------------------------------------------------f4:e9:d4:a4:7d:c3 Po20(Eth 1/1/3) 14:18:77:20:78:e0 Po 10(Eth 1/1/1) 1001 0e:fc:00:01:00:00 01:34:02 20:01:f4:e9:d4:a4:7d:c3 20:00:f4:e9:d4:a4:7d:c3 Pinned port status: OS10# show fcoe pinned-port Interface pinned-port FCoE Status ----------------- ---------
10 Apply the PFC configuration on the downlink interfaces. Include the interfaces to the port-channel and configure one of the interfaces as pinned-port.
OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 3 5 Create uplink and downlink port-channels, and configure the FCF facing port.
--------------------------------------------------------f4:e9:d4:a4:7d:c3 Po20(Eth 1/1/3) 14:18:77:20:78:e0 Po 10(Eth 1/1/1) 1001 0e:fc:00:01:00:00 01:34:02 20:01:f4:e9:d4:a4:7d:c3 20:00:f4:e9:d4:a4:7d:c3 Pinned port status: OS10# show fcoe pinned-port Interface pinned-port FCoE Status ----------------- ---------------- ----------------Po 10 Eth 1/1/1 Up Po 20 Eth 1/1/3 Up Sample FC Switch configuration on non-VLT network 1 Enable the F_PORT mode.
View configuration Name server entries: OS10# show fc ns switch brief Total number of devices = 2 Intf# Domain port-channel10(Eth 1/1/9) 1 20:00:f4:e9:d4:a4:7d:c3 fibrechannel1/1/26 1 0e FC-ID 01:00:00 Enode-WWPN 20:01:f4:e9:d4:a4:7d:c3 Enode-WWNN 01:68:00 21:00:00:24:ff:7c:ae:0e 21:00:00:24:ff:7c:ae: Zoneset details: vFabric id: 1 Active Zoneset: zonesetA ZoneName ZoneMember =========================================================== zoneA *20:01:f4:e9:d4:a4:7d:c3 *21:00:00:24:ff:7c:ae:0e Pinned por
long time to identify the issue and to recover from it. At times, interface flapping occurs and might require manual intervention to recover. To recover automatically, FSB sends a Clear Virtual Link (CVL) frame from the FCF to the ENode. Configuration notes • If you configure FSB with port pinning on the uplink or downlink side, you must configure the FCF-facing interface as FCF port mode.
d Create class-maps. L2switch(config)# class-map type network-qos c3 L2switch(config-cmap-nqos)# match qos-group 3 L2switch(config)# class-map type queuing q0 L2switch(config-cmap-queuing)# match queue 0 L2switch(config-cmap-queuing)# exit L2switch(config)# class-map type queuing q3 L2switch(config-cmap-queuing)# match queue 3 L2switch(config-cmap-queuing)# exit e Create policy-maps.
b Enable FIP snooping with cvl option. FSB1(config)# feature fip-snooping with-cvl c Enable DCBX. FSB1(config)# dcbx enable d Create an FCoE VLAN and configure FIP snooping on the FCoE VLAN. FSB1(config)# interface vlan 777 FSB1(conf-if-vl-777)# fip-snooping enable e Create class-maps.
FSB1(conf-if-eth1/1/5)# switchport trunk allowed vlan 777 FSB1(config)# interface ethernet 1/1/2 FSB1(conf-if-eth1/1/2)# switchport mode trunk FSB1(conf-if-eth1/1/2)# switchport trunk allowed vlan 777 j Configure FIP snooping port mode on the L2 DCBX switch connected interface and FSB2 connected interface. The default port mode is ENode. Hence, CNA1-connected interface does not require additional configuration.
FSB2(conf-if-eth1/1/2)# FSB2(conf-if-eth1/1/2)# FSB2(conf-if-eth1/1/2)# FSB2(conf-if-eth1/1/2)# trust-map dot1p default qos-map traffic-class tc-q-map1 service-policy input type network-qos nqpolicy service-policy output type queuing ets_policy FSB2(config)# interface ethernet 1/1/13 FSB2(conf-if-eth1/1/13)# priority-flow-control mode on FSB2(conf-if-eth1/1/13)# ets mode on FSB2(conf-if-eth1/1/13)# trust-map dot1p default FSB2(conf-if-eth1/1/13)# qos-map traffic-class tc-q-map1 FSB2(conf-if-eth1/1/13)# se
FCF(config)# class-map type queuing q3 FCF(config-cmap-queuing)# match queue 3 FCF(config-cmap-queuing)# exit FCF(config)# policy-map type network-qos nqpolicy FCF(config-pmap-network-qos)# class c3 FCF(config-pmap-c-nqos)# pause FCF(config-pmap-c-nqos)# pfc-cos 3 FCF(config)# policy-map type queuing ets_policy FCF(config-pmap-queuing)# class q0 FCF(config-pmap-c-que)# bandwidth percent 30 FCF(config-pmap-c-que)# class q3 FCF(config-pmap-c-que)# bandwidth percent 70 i Create a qos-map.
14:18:77:20:86:ce 2 Eth 1/1/2 F 777 0e:fc:00 8000 FSB2# show fcoe fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No. of Enodes FCF Mode ------------------------------------------------------------------------------------------------------------14:18:77:20:86:ce Eth 1/1/13 777 0e:fc:00 8000 0 FT • To verify the list of FCoE sessions, use the show fcoe sessions command.
In this topology: • FSB1 and FSB2—access FSBs. • FSB3 and FSB4—core FSBs. • VLT is configured between FSB1 and FSB2, and requires port-pinning for VLT port channels configured between access FSBs and core FSBs. The port modes are: – Directly-connected CNA ports—ENode – Ports connected to FSB3 and FSB4—FCF • VLT is configured between FSB3 and FSB4, and requires port-pinning for VLT port channels configured between access and core FSBs.
FSB1/FSB2 FSB3/FSB4 FCF1/FCF2 8 9 10 11 8 9 10 11 7 8 9 10 12 Configure VLTi interface member links. Configure VLT domain. Configure VLAN. Apply QoS configurations on uplink (FSB3/FSB4) and downlink interfaces (CNA-1/CNA-2). Configure the uplink interface as pinned-port. Configure FIP snooping port mode on the uplink interface. 12 Configure VLTi interface member links. Configure VLT domain. Configure VLAN. Apply QoS configurations on the uplink (FCF1/FCF2) and downlink interfaces (FSB1/FSB2).
8 Configure VLTi interface member links.
2 Enable DCBX. FSB2(config)# dcbx enable 3 Create FCoE VLAN and configure FIP snooping. FSB2(config)#interface vlan1001 FSB2(conf-if-vl-1001)# fip-snooping enable FSB2(conf-if-vl-1001)# no shutdown FSB2(config)#interface vlan1002 FSB2(conf-if-vl-1002)# fip-snooping enable FSB2(conf-if-vl-1002)# no shutdown 4 Create class-maps.
10 Configure VLAN on FSB2.
5 Create policy-maps. FSB3(config)# policy-map type network-qos nqpolicy FSB3(config-pmap-network-qos)# class c3 FSB3(config-pmap-c-nqos)# pause FSB3(config-pmap-c-nqos)# pfc-cos 3 FSB3(config)# policy-map type queuing ets_policy FSB3(config-pmap-queuing)# class q0 FSB3(config-pmap-c-que)# bandwidth percent 30 FSB3(config-pmap-c-que)# class q3 FSB3(config-pmap-c-que)# bandwidth percent 70 6 Create a qos-map.
FSB3(conf-if-eth1/1/36)# FSB3(conf-if-eth1/1/36)# FSB3(conf-if-eth1/1/36)# FSB3(conf-if-eth1/1/36)# FSB3(conf-if-eth1/1/36)# FSB3(conf-if-eth1/1/36)# 12 ets mode on trust-map dot1p default qos-map traffic-class tc-q-map1 service-policy input type network-qos nqpolicy service-policy output type queuing ets_policy fcoe-pinned-port Configure FIP snooping port mode on the port channel and the interface connected to FCF1.
FSB4(conf-if-eth1/1/34)# no switchport FSB4(conf-if-eth1/1/34)# channel-group 10 FSB4(config)# interface ethernet1/1/37 FSB4(conf-if-eth1/1/37)# no shutdown FSB4(conf-if-eth1/1/37)# no switchport FSB4(conf-if-eth1/1/37)# channel-group 10 9 Configure VLT domain. FSB4(config)# vlt-domain 3 FSB4(conf-vlt-2)# discovery-interface ethernet1/1/40 FSB4(conf-vlt-2)# vlt-mac 1a:2b:3c:2a:1b:1c 10 Configure VLAN on FSB4.
6 Enable DCBX. FCF1(config)# dcbx enable 7 Create class-maps. FCF1(config)# class-map type network-qos c3 FCF1(config-cmap-nqos)# match qos-group 3 FCF1(config)# class-map type queuing q0 FCF1(config-cmap-queuing)# match queue 0 FCF1(config-cmap-queuing)# exit FCF1(config)# class-map type queuing q3 FCF1(config-cmap-queuing)# match queue 3 FCF1(config-cmap-queuing)# exit 8 Create policy-maps.
5 Create vfabric and activate the zoneset. FCF2(config)# vfabric 2 FCF2(conf-vfabric-2)# vlan 1002 FCF2(conf-vfabric-2)# fcoe fcmap 0xEFC00 FCF2(conf-vfabric-2)# zoneset activate zonesetB 6 Enable DCBX. FCF2(config)# dcbx enable 7 Create class-maps.
------------------------------------------------------------------------------------------------------------------------------f4:e9:d4:f9:fc:42 Eth 1/1/31 14:18:77:20:86:ce Po 10(Eth 1/1/36) 1001 0e:fc:00:02:02:00 02:02:00 23:05:22:11:0d:64:67:11 22:04:22:13:0d:64:67:00 FSB1# show fcoe fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No.
FCFs Enodes Sessions : 1 : 1 : 1 FSB4 FSB4# show fcoe sessions Enode MAC Enode Interface FCF MAC FCF interface VLAN FCoE MAC FC-ID PORT WWPN PORT WWNN ---------------------------------------------------------------------------------------------------------------------------------------------00:0e:1e:f1:f1:84 Po 10(Eth 1/1/37) 14:18:77:20:80:ce Eth 1/1/42 1002 0e:fc: 00:02:01:00 02:01:00 20:01:00:0e:1e:f1:f1:84 20:00:00:0e:1e:f1:f1:84 FSB4# show fcoe fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No.
Configuration guidelines When configuring different modes; for example, F_Port, NPG, or FSB, consider the following: • F_Port, NPG, and FSB modes are mutually exclusive. You can enable only one at a time. • You can enable the mode-specific commands only after enabling the specific feature. • Before you disable the F_Port and NPG features, delete the mode-specific configurations. When you disable FSB, the system automatically removes the configurations.
4 Apply the vFabric configuration on the interface that connects to CNA 1. OS10(config)# interface ethernet 1/1/50 OS10(conf‐if‐eth1/1/50)# vfabric 2 5 Enable DCBX globally. OS10(config)# dcbx enable 6 Create a class map and policy map.
6 Create a class map and policy map. OS10(config)# class‐map type network‐qos cmap1 OS10(config‐cmap‐nqos)# match qos‐group 3 OS10(config)# policy‐map type network‐qos pmap1 OS10(config‐pmap‐network‐qos)# class cmap1 OS10(config‐pmap‐c‐nqos)# pause OS10(config‐pmap‐c‐nqos)# pfc‐cos 3 7 Disable LLFC on the interface that connects to CNA 2. OS10(config)# interface ethernet 1/1/1 OS10(conf‐if‐eth1/1/1)# no flowcontrol receive 8 Enable PFC mode on the interface that connects to CNA 2.
Parameters zone-name — Enter a name for the zone. Defaults Not configured Command Mode • CONFIGURATION Usage Information The no version of this command deletes the FC zone. To delete an FC zone, first remove it from the FC zoneset. Example OS10(config)# fc zone hba1 OS10(config-fc-zone-hba1)# member wwn 10:00:00:90:fa:b8:22:19 OS10(config-fc-zone-hba1)# member wwn 21:00:00:24:ff:7b:f5:c8 Supported Releases 10.3.
member (alias) Add members to existing FC aliases. Identify a member by an FC alias, a world wide name (WWN), or an FC ID. Syntax Parameters member {wwn wwn-ID | fc-id fc-id} • wwn-ID — Enter the WWN name. • fc-id — Enter the FC ID name. Defaults Not configured Command Mode Alias CONFIGURATION Usage Information The no version of this command removes the member from the FC alias.
Defaults Not configured Command Mode Zoneset CONFIGURATION Usage Information The no version of this command removes the zone from the zoneset. Example OS10(config)# fc zoneset set OS10(conf-fc-zoneset-set)# member hba1 Supported Releases 10.3.1E or later show fc alias Displays the details of a FC alias and its members. Syntax show fc alias [alias-name] Parameters alias-name — (Optional) Enter the FC alias name.
show fc ns switch Displays the details of the FC NS switch parameters.
21:00:00:24:ff:7f:ce:ef 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 hba2 Example (with zone name) OS10# show fc zone hba1 Supported Releases 10.3.1E or later Zone Name Zone Member ================================================= hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa:b8:22:19 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef show fc zoneset Displays the FC zonesets, the zones in the zoneset, and the zone members.
vFabric id: 100 Active Zoneset: set ZoneName ZoneMember =========================================================== hba2 20:01:00:0e:1e:e8:e4:99 20:35:78:2b:cb:6f:65:57 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:1f hba1 Example (with zoneset name) *10:00:00:90:fa:b8:22:19 *21:00:00:24:ff:7b:f5:c8 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef OS10# show fc zoneset set ZoneSetName ZoneName ZoneMember ================================================================== set hba1 21:
Defaults Not configured Command Mode • Vfabric CONFIGURATION Usage Information After you disable an active zoneset, the zone default-zone permit command configuration takes effect. Based on this configuration, the default zone allows or denies access between all the logged-in FC nodes of the vfabric. The no version of this command deactivates the zoneset. Example OS10(config)# vfabric 100 OS10(conf-vfabric-100)# zoneset activate set Supported Releases 10.3.
Supported Releases 10.4.0E(R1) or later show npg devices Displays the NPG devices connected to the switch. Syntax show npg devices [brief] Parameters None Default Not configured Command Mode EXEC Usage Information Use the brief option to display minimum details.
Usage Information None Example OS10# clear fc statistics vfabric 100 OS10# clear fc statistics interface fibrechannel1/1/25 Supported Releases 10.4.1.0 or later fcoe Adds FCoE parameters to the vfabric. Syntax fcoe {fcmap fc-map | fcf-priority fcf-priority-value | fka-adv-period advperiod | vlan-priority vlan-priority-value | keep-alive} Parameters Defaults • fc-map — Enter the FC map ID, from 0xefc00 to 0xefcff. • fcf-priority-value — Enter the FCF priority value, from 1 to 255.
Example OS10(config)# vfabric 100 OS10(conf-vfabric-100)# name test_vfab Supported Releases 10.3.1E or later show fc statistics Displays the FC statistics. Syntax Parameters show fc statistics {vfabric vfabric-ID | interface fibrechannel} • vfabric-ID — Enter the vfabric ID. • fibrechannel — Enter the Fibre Channel interface name.
Example OS10# show fc switch Switch Mode : FPORT Switch WWN : 10:00:14:18:77:20:8d:cf Supported Releases 10.3.1E or later show running-config vfabric Displays the running configuration for the vfabric. Syntax show running-config vfabric Parameters None Defaults Not configured Command Mode EXEC Usage Information None Example OS10# show running-configuration vfabric ! vfabric 10 vlan 100 fcoe fcmap 0xEFC00 fcoe fcf-priority 140 fcoe fka-adv-period 13 Supported Releases 10.4.
========================================= Members fibrechannel1/1/25 port-channel10(Eth 1/1/9) Supported Releases 10.3.1E or later vfabric Configures a vfabric. Syntax vfabric fabric-ID Parameters fabric-ID — Enter the fabric ID, from 1 to 255. Defaults Not configured Command Mode Usage Information • CONFIGURATION Enable the F_Port or NPG feature before configuring a vfabric. You can configure only one vfabric in F_Port mode.
vlan Associates an existing VLAN ID to the vfabric to carry traffic. Syntax vlan vlan-ID Parameters vlan-ID — Enter an existing VLAN ID. Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information Create the VLAN ID before associating it to the vfabric. Do not use spanned VLAN as vfabric VLAN. The no version of this command removes the VLAN ID from the vfabric.
Supported Releases 10.4.0E(R1) or later fip-snooping enable Enables FIP snooping on a specified VLAN. Syntax fip-snooping enable Parameters None Defaults Disabled Command Mode VLAN INTERFACE Usage Information Enable FIP snooping on a VLAN only after enabling the FIP snooping feature globally using the feature fipsnooping command. OS10 supports FIP snooping on a maximum of 12 VLANs. The no version of this command disables FIP snooping on the VLAN.
Command Mode INTERFACE Usage Information OS10 supports this configuration only on a switch running FSB mode, and on Ethernet and port-channel interfaces. You cannot configure FIP snooping port mode on a port channel member. Use this command to change the port mode. By default, the port mode of an interface is set to ENode. Configure the port mode only after you enable FIP snooping. Before you disable FIP snooping, reset the port mode to its default value, ENode.
clear fcoe statistics Clears FCoE statistics for specified interface. Syntax clear fcoe statistics [interface interface-type] Parameters interface-type — (Optional) Enter the interface type. The interface may be ethernet, VLAN, or port-channel. Default Not configured Command Mode EXEC Usage Information If you do not specify the interface interface-type information, the command clears the statistics for all the interfaces and VLANs.
Usage Information The no version of this command resets the number of sessions to the default value. Example OS10(config)# fcoe max-sessions-per-enodemac 64 Supported Releases 10.4.0E(R1) or later fcoe priority-bits Configures the priority bits for FCoE application TLVs. Syntax fcoe priority-bits priority-value Parameter priority-value — Enter PFC priority value advertised in FCoE application TLV. You can enter one of the following values: 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, or 0x80.
show fcoe enode Displays the details of ENodes connected to the switch. Syntax show fcoe enode [enode-mac-address] Parameters enode-mac-address — (Optional) Enter the MAC address of ENode. This option displays details pertaining to the specified ENode.
Default Not configured Command Mode EXEC Usage Information None Example OS10# show fcoe pinned-port Interface pinned-port FCoE Status ----------------- ---------------- ----------------- Po 10 Eth 1/1/1 Up Po 20 Eth 1/1/3 Up Po 30 Eth 1/1/7 Down Supported Releases 10.4.2.0 or later show fcoe sessions Displays the details of the established FCoE sessions. Syntax show fcoe sessions [interface vlan vlan-id] Parameters vlan-id — (Optional) Enter the VLAN ID.
Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number Number Supported Releases of of of of of of of of of of of of of of of of of of of of Vlan Notifications :0 Multicast Discovery Solicits :2 Unicast Discovery Solicits :0 FLOGI :2 FDISC :16 FLOGO :0 Enode Keep Alive :9021 VN Port Keep Alive :3349 Multicast Discovery Advertisement :4437 Unicast Discovery Advertisement :2 FLOGI Accepts :2 FLOGI Rejects :0 FDISC Accepts :16 FDIS
Example OS10# show fcoe vlan * = Default VLAN VLAN FC-MAP FCFs Enodes ---- ------ ---- -----*1 100 0X0EFC00 1 2 Supported Releases 326 10.4.
10 Layer 2 802.1X Verifies device credentials before sending or receiving packets using the Extensible Authentication Protocol (EAP), see 802.1X Commands. Link Aggregation Control Protocol (LACP) Exchanges information between two systems and automatically establishes a link aggregation group (LAG) between the systems, see LACP Commands.
NOTE: OS10 supports only RADIUS as the back-end authentication server. The authentication process involves three devices: • Supplicant — The device attempting to access the network performs the role of supplicant. Regular traffic from this device does not reach the network until the port associated to the device is authorized. Before that, the supplicant can only exchange 802.1x messages (EAPOL frames) with the authenticator.
6 If the identity information the supplicant provides is valid, the authentication server sends an Access Accept frame that specify the network privileges. The authenticator changes the port state to authorize and forwards an EAP Success frame. If the identity information is invalid, the server sends an Access Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. EAP over RADIUS 802.
Enable 802.1X 1 Enable 802.1X globally in CONFIGURATION mode. dot1x system-auth-control 2 Enter an interface or a range of interfaces in INTERFACE mode. interface range 3 Enable 802.1X on the supplicant interface only in INTERFACE mode. dot1x port-control auto Configure and verify 802.
Identity retransmissions If the authenticator sends a Request Identity frame but the supplicant does not respond, the authenticator waits 30 seconds and then retransmits the frame. There are several reasons why the supplicant might fail to respond — the supplicant maybe booting when the request arrived, there may be a physical layer problem, and so on.
Failure quiet period If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default. The quiet period is a transmit interval time after a failed authentication. The Request Identity Retransmit interval is for an unresponsive supplicant. You can configure the interval for a maximum of 10 times for an unresponsive supplicant.
force-authorized (default) This is an authorized state. A device connected to this port does not use the authentication process but can communicate on the network. Placing the port in this state is the same as disabling 802.1X on the port. forceauthorized is the default mode. force-unauthorized This is an unauthorized state. A device connected to a port does not use the authentication process but is not allowed to communicate on the network.
Configure and verify reauthentication time period OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout re-authperiod 3600 OS10(conf-range-eth1/1/7-1/1/8)# show dot1x interface ethernet 1/1/7 802.
Port Auth Status: Re-Authentication: Tx Period: Quiet Period: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: Host Mode: Auth PAE State: Backend State: UNAUTHORIZED Enable 120 seconds 120 seconds 45 seconds 60 seconds 3600 seconds 5 MULTI_HOST Initialize Initialize View interface running configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface ...
dot1x max-req Changes the maximum number of requests that the device sends to a supplicant before restarting 802.1X authentication. Syntax dot1x max-req retry-count Parameters max-req retry-count — Enter the retry count for the request sent to the supplicant before restarting 802.1X reauthentication, from 1 to 10. Default 2 Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
Example OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication Supported Releases 10.2.0E or later dot1x timeout quiet-period Sets the number of seconds that the device remains in the quiet state following a failed authentication exchange with a supplicant. Syntax dot1x timeout quiet-period seconds Parameters quiet period seconds — Enter the number of seconds for the 802.1X quiet period timeout, from 1 to 65535.
Supported Releases 10.2.0E or later dot1x timeout supp-timeout Sets the number of seconds that the device waits for the supplicant to respond to an EAP request frame before the device retransmits the frame. Syntax dot1x timeout supp-timeout seconds Parameters supp-timeout seconds — Enter the number of seconds for the 802.1X supplicant timeout, from 1 to 65535. Default 30 seconds Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
Supported Releases 10.2.0E or later show dot1x interface Displays 802.1X configuration information. Syntax show dot1x interface ethernet node/slot/port[:subport] Parameters ethernet node/slot/port[:subport] — Enter the Ethernet interface information. Command Mode EXEC Usage Information Use this command to view the dot1x interface configuration for a specific interface. Example OS10# show dot1x interface 802.
FEFD helps detect far-end failure when the following problems occur: • • Only one side receives packets although the physical layer (L1) of the link is up on both sides. Transceivers are not connected to the correct ports. FEFD states FEFD comprises the following four states: • Idle—FEFD is disabled. • Unknown—Shown when FEFD is enabled and changes to bi-directional after successful handshake with the peer. Also shown if the peer goes down in normal mode.
If the interface state changes to err-disabled, use the fefd reset [interface] global command to reset these interfaces. The unknown or err-disabled state brings the line protocol down so that the protocols above it can detect that the peer link is down. Table 14.
• Configure FEFD Aggressive mode globally using the fefd-global mode aggressive command in CONFIGURATION mode. OS10(Config)# fefd-global mode aggressive 2 (Optional) Configure the FEFD interval using the fefd-global interval command in CONFIGURATION mode and enter the interval in seconds. The range is from 3 to 255 seconds. OS10(Config)# fefd-global interval 20 3 (Optional) Disable FEFD on a specific interface if required using the fefd disable command in INTERFACE mode.
The following is a sample output of FEFD information for an interface: rt-maa-s4248FBL-3# show fefd ethernet 1/1/1 FEFD is globally 'ON', interval is 15 seconds, mode is Normal. INTERFACE MODE INTERVAL STATE ============================================================ eth1/1/1 NA NA Idle (Not running) FEFD Commands debug fefd Enables debugging of FEFD. Syntax Parameters debug fefd {all | events | packets} [interface] • all—Enter the keyword to view all FEFD debug information.
To disable FEFD on an interface when FEFD globally enabled, use the fefd disable command on the interface. To unconfigure FEFD on an interface, use either the no fefd command or the no fefd mode command. To return to the default FEFD interval, use the no fefd interval command. Example OS10(conf-if-eth1/1/9)# fefd OS10(conf-if-eth1/1/9)# fefd mode aggressive OS10(conf-if-eth1/1/9)# fefd mode interval 10 Supported Releases 10.4.3.0 or later fefd-global Configures FEFD globally.
Default Not configured Command Mode EXEC Usage Information If you do not enter the interface name, this command resets the error-disabled state of all interfaces because FEFD is set to Aggressive mode. Example OS10# fefd reset OS10# fefd reset ethernet 1/1/2 Supported Releases 10.4.3.0 or later show fefd Displays FEFD information globally or for a specific interface. Syntax Parameters show fefd [interface] • (Optional) interface—Enter the interface information.
eth1/1/4 eth1/1/5 eth1/1/6 eth1/1/7 eth1/1/8 eth1/1/9 eth1/1/10 Supported Releases Normal Normal Normal Normal Normal Aggressive Normal 22 22 22 22 22 22 22 Unknown Unknown Unknown Unknown Unknown Err-disabled Unknown 10.4.3.0 or later Link Aggregation Control Protocol Group Ethernet interfaces to form a single link layer interface called a LAG or port-channel.
Configuration LACP is enabled globally by default. You can configure aggregated ports with compatible active and passive LACP modes to automatically link them. 1 Configure the system priority in CONFIGURATION mode (1 to 65535; the higher the number, the lower the priority; default 32768). lacp system-priority priority-value 2 Configure the LACP port priority in INTERFACE mode (1 to 65535; the higher the number, the lower the priority; default 32768).
OS10(conf-if-eth1/1/11)# no switchport OS10(conf-if-eth1/1/11)# channel-group 10 mode active Rates Protocol data units (PDUs) are exchanged between port-channel (LAG) interfaces to maintain LACP sessions. PDUs are transmitted at either a slow or fast transmission rate, depending on the LACP timeout value. The timeout value is the amount of time that a LAG interface waits for a PDU from the remote system before bringing the LACP session down. By default, the LACP rate is normal (long timeout).
Alpha LAG configuration summary OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# exit OS10(config)# interface ethernet 1/1/29 OS10(conf-if-eth1/1/29)# no switchport OS10(conf-if-eth1/1/29)# channel-group 1 mode active OS10(conf-if-eth1/1/29)# interface ethernet 1/1/30 OS10(conf-if-eth1/1/30)# no switchport OS10(conf-if-eth1/1/30)# channel-group 1 mode active OS10(conf-if-eth1/1/30)# interface ethernet 1/1/31 OS10(conf-if-eth1/1/31)# no switchport OS10(conf-if-eth1/1/31)# channel-group 1 mode activ
Interface index is 16866812 Internet address is not set Mode of IPv4 Address Assignment : not set MTU 1532 bytes, IP MTU bytes LineSpeed auto Flowcontrol rx tx ARP type: ARPA, ARP Timeout: 240 Last clearing of show "interface" counters : Queuing strategy : fifo Input statistics: 466 packets, 45298 octets 224 64-byte pkts,1 over 64-byte pkts, 241 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 466 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 4
LACP LAG ID 1 is an aggregatable link A E I L O - Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout Aggregatable Link, F - Individual Link, G - IN_SYNC, H - OUT_OF_SYNC, Collection enabled, J - Collection disabled, K - Distribution enabled, Distribution disabled, M - Partner Defaulted, N - Partner Non-defaulted, Receiver is in expired state, P - Receiver is not in expired state Port ethernet1/1/29 is Enabled, LACP is enabled and mode is lacp Actor Admin: State Key 1 Priority 32768 Oper:
LACP fallback LACP fallback allows downstream devices, like Servers, connected to ports of a switch configured as LACP to establish a link when the system is not able to finalize the LACP handshake. For example, when servers boot in PXE mode, the server cannot exchange LACP PDUs and the switch does not enable the ports. Whenever a PXE server reboots, both the port-channel and ports go down. While rebooting, the ports come up, but not the port-channel.
OS10(conf-if-po-1)# lacp fallback enable OS10(conf-if-po-1)# lacp fallback timeout 20 OS10(conf-if-po-1)# lacp fallback preemption enable View LACP fallback configuration OS10# show port-channel summary Flags: D - Down I - member up but inactive P - member up and active U - Up (port-channel) F - Fallback enabled -------------------------------------------------------------------------------Group Port-Channel Type Protocol Member Ports ---------------------------------------------------------------------
LACP fallback in VLT domain In a VLT domain, LACP fallback enables rebooting of ToR or server connected to VLT nodes through VLT port-channel. The other end of the VLT nodes are connected to a DHCP/PXE server, as shown in the following illustration: In the above scenario, LACP fallback works as follows: 1 The ToR/server boots up. 2 One of the VLT peers takes care of controlling the LACP fallback mode.
Parameters • number — Enter the port-channel group number (1 to 128). The maximum number of port-channels is 128. The maximum physical port/maximum NPU is supported. • mode — Enter the interface port-channel mode. • active — Enter to enable the LACP interface. The interface is in the Active Negotiating state when the port starts negotiations with other ports by sending LACP packets. • on — Enter so that the interface is not part of a dynamic LAG but acts as a static LAG member.
lacp fallback enable Enables LACP fallback mode. Syntax lacp fallback enable Parameters None Default Disabled Command Mode Port-channel INTERFACE Usage Information The no version of this command disables LACP fallback mode. Example OS10# configure terminal OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# lacp fallback enable Supported Releases 10.3.2E(R3) or later lacp fallback preemption Enables or disables LACP fallback port preemption.
lacp fallback timeout Configures LACP fallback time out period. Syntax lacp fallback timeout timer-value Parameters timer-value—Enter the timer values in seconds, ranging from 0 to 100 seconds. Default 15 seconds Command Mode Port-channel INTERFACE Usage Information The no version of this command returns the timer to default value. Example OS10# configure terminal OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# lacp fallback timeout 20 Supported Releases 10.3.
Supported Releases 10.2.0E or later lacp rate Sets the rate at which LACP sends control packets. Syntax lacp rate {fast | normal} Parameters • fast — Enter the fast rate of 1 second. • normal — Enter the default rate of 30 seconds. Default 30 seconds Command Mode INTERFACE Usage Information Change the LACP timer rate to modify the duration of the LACP timeout. The no version of this command resets the rate to the default value.
Example OS10# show lacp counter interface port-channel 1 LACPDUs Marker Marker Response LACPDUs Port Sent Recv Sent Recv Sent Recv Pkts Err ---------------------------------------------------------------port-channel1 Ethernet1/1 554 536 0 0 0 0 0 Ethernet1/2 527 514 0 0 0 0 0 Ethernet1/3 535 520 0 0 0 0 0 Ethernet1/4 515 502 0 0 0 0 0 Ethernet1/5 518 505 0 0 0 0 0 Ethernet1/6 540 529 0 0 0 0 0 Ethernet1/7 541 530 0 0 0 0 0 Ethernet1/8 547 532 0 0 0 0 0 Ethernet1/9 544 532 0 0 0 0 0 Ethernet1/10 513 501 0 0
Neighbor: 178 MAC Address=00:00:00:00:00:00 System Identifier=,00:00:00:00:00:00 Port Identifier=0,00:01:e8:8a:fd:9e Operational key=1 LACP_Activity=passive LACP_Timeout=Long Timeout(30s) Synchronization=IN_SYNC Collecting=true Distributing=true Partner Admin State=BCEGIKNP Partner Oper State=BDEGIKMO Supported Releases 10.2.0E or later show lacp neighbor Displays information about LACP neighbors.
Usage Information All channel groups display if you do not enter the channel-number parameter.
Protocol data units LLDP devices exchange system information represented as type, length, and value (TLV) segments: Type Information included in the TLV. Length Value in bytes of the TLV after the Length field. Value System information the agent advertises. tlv segment LAN devices transmit LLDPDUs, which encapsulate TLVs, to neighboring LAN devices.
NOTE: The maximum supported size of the LLDP PDUs is 1500 bytes on the transmission side. If the size of the TLVs that are transmitted exceeds 1500 bytes, optional TLVs may not be included in the PDU. Optional TLVs OS10 supports basic TLVs, IEEE 802.1, and 802.3 organizationally-specific TLVs, and TIA-1057 organizationally-specific TLVs. A basic TLV is an optional TLV sub-type. This kind of TLV contains essential management information about the sender.
TLV Subtype Description provides the aggregated port identifier if the link is aggregated. Port VLAN ID 1 Untagged VLAN to which a port belongs. Protocol identity 4 Not supported. Table 17. 802.3 organizationally-specific TLVs (Type – 127, OUI – 00-12-0F) TLV Subtype Description MAC/PHY configuration/status 1 Indicates duplex and bit rate capability and the current duplex and bit rate settings of the sending device.
TLV Subtype Description IOM slot label 11 Slot label of the IOM device. For example, A1, B1, A2, B2, and so on (applicable only to blade servers). IOM port number 12 Port number of the NIC. For example, 1, 2, 3, and so on. Table 19. Isilon-related TLVs (Type – 127, OUI – 0xF8-0xB1-0x56) TLV Subtype Description Subtypes used in LLDP custom TLVs that are transacted by the Isilon nodes Originator 1 Indicates the Isilon string that is used as originator.
Table 21. Solution ID TLVs (Type – 127, OUI – 0xF8-0xB1-0x56) TLV Subtype Description Product base 22 Indicates the product base. Product serial number 23 Indicates the product serial number. Product part number 24 Indicates the product part number. Media endpoint discovery LLDP-MED provides additional organizationally-specific TLVs to allow endpoint devices and network-connectivity devices to advertise their characteristics and configuration information.
LLDP-MED capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and network-connectivity device support. The value of the LLDP-MED capabilities field in the TLV is a 2–octet bitmap. Each bit represents an LLDP-MED capability. LLDP-MED is enabled by default on an interface. If you disable LLDP-MED, use the lldp med enable command to re-enable it on an interface. The device transmits MED PDUs only when it receives a TLV from a peer.
• L2 priority • DSCP value An integer represents the application type the Type integer shown in the following table, which indicates a device function where a unique network policy is defined. An individual LLDP-MED network policy TLV generates for each application type that you use with OS10 commands, see Advertise LLDP-MED TLVs. NOTE: Signaling is a series of control packets that exchange between an endpoint device and a network-connectivity device to establish and maintain a connection.
OS10(config)# lldp med network-policy 1 app voice-signaling vlan 10 vlan-type tag priority 2 dscp 1 Packet timer values LLDPDUs transmitt periodically. You can configure LLDP packet timer values for LLPDU transmission. 1 Configure the LLDP packet timer value in CONFIGURATION mode. lldp timer 2 Enter the multiplier value for the hold time in CONFIGURATION mode. lldp holdtime-multiplier 3 Enter the delay in seconds for LLDP initialization on any interface in CONFIGURATION mode.
Disable LLDP OS10(config)# no lldp timer 100 OS10(config)# no lldp holdtime-multiplier 10 OS10(config)# no lldp reinit 8 Disable LLDP interface OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet 1/1/4 no lldp med no lldp tlv-select no lldp transmit no lldp receive Enable LLDP OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# lldp transmit OS10(conf-if-eth1/1/1)# lldp receive Disable LLDP globally OS10(config)# no ll
Advertise TLVs Configure the system to advertise TLVs from all interfaces or specific interfaces. If you configure an interface, only the interface sends LLD PDUs with the specified TLVs. 1 Enable basic TLV attributes to transmit and receive LLDP packets in INTERFACE mode. lldp tlv-select basic-tlv {port-description | system-name | system-description | systemcapabilities | management-address} 2 Enable dot3 TLVs to transmit and receive LLDP packets in INTERFACE mode.
3 Enter INTERFACE VLAN mode from CONFIGURATION mode. OS10(config)# interface vlan 1 4 Specify a name for VLAN 1 in INTERFACE VLAN mode. OS10(conf-if-vl-1)#vlan-name vlan1 Transmit the VLAN names of a specific set of VLANs An interface can transmit a maximum of eight VLAN names. If you specify 10 VLANs and if the default VLAN has a name configured, the interface transmits LLDP PDUs with VLAN names of the default VLAN and the first seven configured VLANs that have a name configured.
OS10(conf-if-eth1/1/1)# switchport trunk allowed vlan 2-10 OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)#lldp vlan-name-tlv allowed vlan 2,3,4,5,6,7,8,9,10 The following shows that the interface transmits the names of VLANs 1 to 8. The interface transmits the name of the default VLAN even if it is not explicitly configured. The interface transmits the first eight VLAN names and excludes the names of VLAN 9 and VLAN 10.
VLAN Name(s): VLAN NAME --------------------1 vlan1 2 vlan2 4 vlan4 5 vlan5 6 vlan6 7 vlan7 8 vlan8 9 vlan9 Maximum size of LLDP PDU: 1500 Current LLDP PDU Size: 386 LLDP PDU Truncated(Too many TLV's): false LLDP MED Capabilities: Supported: LLDP-MED Capabilities, Network Policy, Inventory Management Current: LLDP-MED Capabilities, Network Policy LLDP MED Device Type: Network connectivity Network policy advertisement LLDP-MED is enabled on all interfaces by default.
View LLDP configuration • View the LLDP configuration in EXEC mode. show running-configuration • View LLDP error messages in EXEC mode. show lldp errors • View LLDP timers in EXEC mode. show lldp timers • View the LLDP traffic in EXEC mode.
Adjacent agent advertisements • • • View brief information about adjacent devices in EXEC mode. show lldp neighbors View all information that neighbors are advertising in EXEC mode. show lldp neighbors detail View all interface-specific information that neighbors are advertising in EXEC mode.
H/W Revision : 12.1.1 F/W Revision : 10.1.9750B S/W Revision : 10.1.9750B Serial Number : B11G152 Manufacturer : Dell Model : S6010-ON Asset ID : E1001 Power-via-MDI: Power Type: PD Device Power Source: Local and PSE Power Priority: Low Power required: 6.
Command Mode EXEC Usage Information The counter default value resets to zero for all physical interfaces. Example OS10# clear lldp counters Supported Releases 10.2.0E or later clear lldp table Clears LLDP neighbor information for all interfaces. Syntax clear lldp table Parameters None Default Not configured Command Mode EXEC Usage Information Neighbor information clears on all interfaces. Example OS10# clear lldp table Supported Releases 10.2.
Usage Information Hold time is the amount of time in seconds that a receiving system waits to hold the information before discarding it. Formula: Hold Time = (Updated Frequency Interval) X (Hold Time Multiplier). The no version of this command resets the value to the default. Example OS10(config)# lldp holdtime-multiplier 2 Supported Releases 10.2.0E or later lldp med fast-start-repeat-count Configures the number of packets sent during the activation of the fast start mechanism.
Parameters • number — Enter a network policy index number, from 1 to 32. • app — Enter the type of applications available for the network policy: – voice — Voice network-policy application. – voice-signaling — Voice-signaling network-policy application. – guest-voice — Guest voice network-policy application. – guestvoice-signaling — Guest voice signaling network policy application. – softphone-voice — SoftPhone voice network-policy application.
lldp med tlv-select Configures the LLDP-MED TLV type to transmit or receive. Syntax Parameters lldp med tlv-select {network—policy | inventory} • network-policy — Enable or disable the port description TLV. • inventory — Enable or disable the system TLV. Default Enabled Command Mode INTERFACE Usage Information None Example OS10(conf-if-eth1/1/3)# lldp med tlv-select network-policy Supported Releases 10.2.
Example OS10(conf-if-eth1/1/3)# lldp receive Supported Releases 10.2.0E or later lldp reinit Configures the delay time in seconds for LLDP to initialize on any interface. Syntax lldp reinit seconds Parameters seconds — Enter the delay timer value in seconds, from 1 to 10. Default 2 seconds Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example OS10(config)# lldp reinit 5 Supported Releases 10.2.
Default Enabled Command Mode INTERFACE Usage Information The no form of the command disables TLV attribute transmission and reception in LLDP packets. Example OS10(conf-if-eth1/1/3)# lldp tlv-select basic-tlv system-name Supported Releases 10.2.0E or later lldp tlv-select dot1tlv Enables or disables the dot.1 TLVs to transmit in LLDP packets. Syntax Parameters lldp tlv-select dot1tlv { port-vlan-id | link-aggregation | vlan-name} • port-vlan-id — Enter the port VLAN ID.
Example OS10(conf-if-eth1/1/3)# lldp tlv-select dot3tlv macphy-config Supported Releases 10.2.0E or later lldp transmit Enables the transmission of LLDP packets on a specific interface. Syntax lldp transmit Parameters None Default Not configured Command Mode INTERFACE Usage Information The no version of this command disables the transmission of LLDP packets on a specific interface. Example OS10(conf-if-eth1/1/9)# lldp transmit Supported Releases 10.2.
show lldp interface Displays the LLDP information advertised from a specific interface. Syntax Parameters show lldp interface ethernet node/slot/port[:subport] [local—device | med] • ethernet node/slot/port[:subport] — Enter the Ethernet interface information. • local-device — Enter the interface to view the local-device information. • med — Enter the interface to view the MED information.
Example (MED) OS10# show lldp interface ethernet 1/1/20:1 med Port |Capabilities|Network Policy|Location|Inventory|POE ----------------|------------|--------------|--------|---------|--ethernet1/1/20:1| Yes| Yes| No| No| No Network Polices : Supported Releases 10.2.0E or later show lldp errors Displays the LLDP errors related to memory allocation failures, queue overflows, and table overflows.
ethernet1/1/16 ethernet1/1/17 ethernet1/1/18 ethernet1/1/19 ethernet1/1/20 ethernet1/1/21 ethernet1/1/22 ethernet1/1/23 ethernet1/1/24 ethernet1/1/25 ethernet1/1/26 ethernet1/1/27 ethernet1/1/28 ethernet1/1/29 ethernet1/1/30 ethernet1/1/31 ethernet1/1/32 Supported Releases | | | | | | | | | | | | | | | | | Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| No| No| No| No| No| No| No| No
Remote Aggregation Status: false MAC PHY Configuration: Auto-neg supported: 1 Auto-neg enabled: 1 Auto-neg advertised capabilities: 1000BASE-T half duplex mode Dell EMC Organization Specific Detail: Originator: Switch Service Tag: B8D1XC2 Product Base: base1 Product Serial Number: sn1 Product Part Number: pn1 Example (Interface) OS10# show lldp neighbors interface ethernet 1/1/1 Loc PortID Rem Host Name Rem Port Id Rem Chassis Id ----------------------------------------------------------------------etherne
link-aggregation max-frame-size vlan-name Supported Releases 10.2.0E or later show lldp traffic Displays LLDP traffic information including counters, packets transmitted and received, discarded packets, and unrecognized TLVs. Syntax show lldp traffic [interface ethernet node/slot/port[:subport]] Parameters interface ethernet node/slot/port[:subport] — (Optional) Enter the Ethernet interface information to view the LLDP traffic.
Command Mode EXEC Usage Information If you do not enter the network profile ID, all configured network policy profiles display. Example OS10# show network-policy profile 10 Network Policy Profile 10 voice vlan 17 cos 4 Interface: none Network Policy Profile 30 voice vlan 30 cos 5 Interface: none Network Policy Profile 36 voice vlan 4 cos 3 Interface: ethernet 1/1/1,ethernet 1/1/3-5 Supported Releases 10.2.
MAC Address Table OS10 maintains a list of MAC address table entries. • View the contents of the MAC address table in EXEC mode. show mac address-table {dynamic | static} [address mac-address | vlan vlan-id | interface {ethernet node/slot/port[:subport] | port-channel number}] [count [vlan vlan-id] [interface {type node/slot/port[:subport] | port-channel number}] – dynamic — (Optional) Displays dynamic MAC address table entry information.
MAC Commands clear mac address-table dynamic Clears L2 dynamic address entries from the MAC address table. Syntax clear mac address-table dynamic {all | address mac_addr | vlan vlan-id | interface {ethernet node/slot/port[:subport] | port-channel number}} Parameters • all — (Optional) Delete all MAC address table entries. • address mac_addr — (Optional) Delete a configured MAC address from the address table in nn:nn:nn:nn:nn:nn format.
mac address-table static Configures a static entry for the L2 MAC address table. Syntax Parameters mac address-table static mac-address vlan vlan-id interface {ethernet node/ slot/port[:subport] | port-channel number} • mac-address — Enter the MAC address to add to the table in nn:nn:nn:nn:nn:nn format. • vlan vlan-id — Enter the VLAN to apply the static MAC address to, from 1 to 4093. • interface — Enter the interface type: – ethernet node/slot/port[:subport] — Enter the Ethernet information.
Usage Information The network device maintains static MAC address entries saved in the startup configuration file, and reboots and deletes dynamic entries.
Spanning-tree extensions STP extensions provide a means to ensure efficient network convergence by securely enforcing the active network topology. OS10 supports BPDU filtering, BPDU guard, root guard, and loop guard STP extensions. The system discards regular data traffic after a BPDU violation. BPDU filtering Protects the network from unexpected flooding of BPDUs from an erroneous device. Enabling BPDU Filtering on an interface causes the system to send or receive BPDUs.
• • root — Set the guard type to root. none — Set the guard type to none. Port enabled with loop guard conditions • Loop guard is supported on any STP-enabled port or port-channel interface in RPVST+ mode. • You cannot enable root guard and loop guard at the same time on an STP port. The loop guard configuration overwrites an existing root guard configuration and vice versa.
ethernet1/1/4 of vlan1 is root Forwarding Edge port:no (default) port guard :none (default) Link type is point-to-point (auto) Boundary: NO bpdu filter : bpdu guard : bpduguard shutdown-onviolation :disable RootGuard: enable LoopGuard disable Bpdus (MRecords) sent 7, received 33 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ------------------------------------------------------------------ethernet1/1/4 128.272 128 500 BLK 500 32769 90b1.1cf4.a911 128.
If the number of calls sent to the hardware is too high, traffic is dropped or flooded impacting system performance. To prevent traffic drops and flooding, you can use the MAC flush optimization feature. This feature fine-tunes the MAC flush-related parameters, such as the MAC flush threshold and the MAC flush timer to reduce the number of calls sent to the hardware. The clear request sent to clear the MAC address table entry is called a flush indication.
Debug configurations Use the debug spanning-tree bpdu command to monitor and verify that the MST configuration is communicating as configured. To ensure all necessary parameters match — region name, region version, and VLAN to instance mapping, examine your individual devices. Use the show spanning-tree mst command to view the MST configuration, or use the show running-configuration command to view the overall MST configuration.
clear spanning-tree counters Clears the counters for STP. Syntax clear spanning-tree counters [interface {ethernet node/slot/port[:subport] | port—channel number}}] Parameters • interface — Enter the interface type: – ethernet node/slot/port[:subport] — Deletes the spanning-tree counters from a physical port. – port-channel number — Deletes the spanning-tree counters for a port-channel interface, from 1 to 128.
Usage Information This command applies only to STP-enabled ports. The command takes effect only when the BPDU guard is configured on a port. When the detect cause option is enabled, the port is shut down whenever there is a BPDU guard violation. When the option is disabled, the port is not shut down but moved to BLOCKING state whenever there is a BPDU guard violation.
The recovery timer starts whenever there is a BPDU guard violation. The no version of the command resets the timer to the default value. Example OS10(config)# errdisable recovery interval 45 Supported Releases 10.4.2.0 or later clear spanning-tree detected-protocol Forces the MST ports to renegotiate with neighbors.
spanning-tree bpduguard Enables or disables the BPDU guard on an interface. Syntax Parameters spanning-tree bpduguard {enable | disable} • enable — Enables the BPDU guard filter on an interface. • disable — Disables the BPDU guard filter on an interface. Default Disabled Command Mode INTERFACE Usage Information BPDU guard prevents a port from receiving BPDUs. If the port receives a BPDU, it is placed in the Error-Disabled state.
Usage Information Root guard and loop guard configurations are mutually exclusive. Configuring one overwrites the other from the active configuration. Command Mode INTERFACE Example OS10(conf-if-eth1/1/4)# spanning-tree guard root Supported Releases 10.2.0E or later spanning-tree link-type Sets the spanning-tree link-type for faster convergence.
Example OS10(config)# spanning-tree mac-flush-timer 500 OS10(config)# no spanning-tree mac-flush-timer Supported Releases 10.4.3.0 or later spanning-tree mode Enables an STP type: RSTP, Rapid-PVST+, or MST. Syntax Parameters spanning-tree mode {rstp | mst | rapid-pvst} • rstp — Sets STP mode to RSTP. • mst — Sets STP mode to MST. • rapid-pvst — Sets STP mode to RPVST+.
• recovery—Displays details of recovery cause, recovery interval, and recovery status of the error disabled port.
Rapid per-VLAN spanning-tree plus Rapid per-VLAN spanning-tree plus (RPVST+) is used to create a single topology per VLAN. RPVST+ is enabled by default; it provides faster convergence than STP and runs on the default VLAN (VLAN 1). Configuring Rapid-PVST+ is a four-step process: 1 Ensure the interfaces are in L2 mode. 2 Place the interfaces in VLANs. By default, switchport interfaces are members of the default (VLAN1). 3 Enable Rapid-PVST+.
To achieve RPVST+ load balancing, assign a different priority on each bridge. Enable RPVST+ By default, RPVST+ is enabled and creates an instance only after you add the first member port to a VLAN. To participate in RPVST+, portchannel or physical interfaces must be a member of a VLAN. Add all physical and port-channel interfaces to the default VLAN (VLAN1). • Enable Rapid-PVST+ mode in CONFIGURATION mode.
Select the root bridge RPVST+ determines the root bridge by the VLAN bridge priority. Assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. The show spanning-tree brief command displays information about all ports regardless of the operational status. • Assign a number as the bridge priority or designate it as the root in CONFIGURATION mode, from 0 to 61440. spanning-tree {vlan vlan-id priority priority-value} – vlan-id — Enter a value between 1 to 4093.
ethernet1/1/12 128.304 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/13 128.308 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/14 128.312 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/15 128.316 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/16 128.320 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/17 128.324 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/18 128.328 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/19 128.332 128 200000000 FWD 0 32769 0000.0000.
---------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 24577 90b1.1cf4.a523 128.276 ethernet1/1/6 128.280 128 500 LRN 0 24577 90b1.1cf4.a523 128.280 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ------------------------------------------------------------ethernet1/1/5 Desg 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Desg 128.280 128 500 LRN 0 AUTO No Global parameters All non-root bridges accept the timer values on the root bridge.
Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32769, Address 74e6.e2f5.bb80 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32769, Address 74e6.e2f5.bb80 We are the root of VLAN 1 Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------------ethernet1/1/1 128.260 128 200000000 FWD 0 32769 0000.0000.0000 128.
Command Mode CONFIGURATION Usage Information The no version of this command enables spanning tree on the specified VLAN. Example OS10(config)# spanning-tree vlan 100 disable Supported Releases 10.4.0E(R1) or later spanning-tree vlan forward-time Configures a time interval for the interface to wait in the Blocking state or Learning state before moving to the Forwarding state. Syntax Parameters spanning-tree vlan vlan-id forward-time seconds • vlan-id— Enter a VLAN ID number, from 1 to 4093.
Usage Information Dell EMC recommends increasing the hello-time for large configurations, especially configurations with multiple ports. Example OS10(config)# spanning-tree vlan 10 hello-time 5 Supported Releases 10.2.0E or later spanning-tree vlan mac-flush-threshold Configures the MAC-flush threshold value for the specified VLAN. Syntax spanning-tree vlan vlan-id mac-flush-threshold threshold-value Parameters • vlan-id — Enter the spanning-tree VLAN ID number, from 1 to 4093.
Default Not configured Command Mode CONFIGURATION Usage Information The RPVST+ protocol determines the root bridge. Assign one bridge a lower priority to increase the probability of it being the root bridge. A lower priority value increases the probability of the bridge becoming a root bridge. Example OS10(config)# spanning-tree vlan 10 priority 0 Supported Releases 10.2.
1 Ensure that the interfaces are in L2 mode. 2 Globally enable RSTP. NOTE: Whenever a port becomes a designated port, it will start a timer called the edge delay while timer (hello-time + 1/2 * hello-time); if the hello-time is set to 2 seconds, the edge delay while timer is 3 seconds. If BPDUs are not received for 3 seconds, then the port is declared as oper edge on the fly and is moved to forwarding state.
ethernet1/1/4 128.272 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/5:1 128.276 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/5:2 128.277 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/5:3 128.278 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/5:4 128.279 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/6:1 128.280 128 2000 FWD 0 32768 3417.4455.667f ethernet1/1/6:2 128.281 128 2000 FWD 0 32768 3417.4455.667f ethernet1/1/6:3 128.282 128 2000 FWD 0 32768 3417.4455.667f ethernet1/1/6:4 128.
• 40-Gigabit Ethernet interfaces — 500 • Port-channel with 100 Mb/s Ethernet interfaces — 200000 • Port-channel with 1-Gigabit Ethernet interfaces — 20000 • Port-channel with 10-Gigabit Ethernet interfaces — 2000 • Port-channel with 1x40Gigabit Ethernet interface — 500 • Port-channel with 2x40Gigabit Ethernet interfaces — 250 • Change the forward-time in CONFIGURATION mode, from 4 to 30, default 15.
Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 90b1.1cf4.9b8a Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 90b1.1cf4.9b8a We are the root Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ------------------------------------------------------------------ethernet1/1/1 244.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.244 ethernet1/1/2 248.
To hasten the spanning-tree state transitions, you can set the link type to point-to-point. To set the link type to point-to-point: • Use the following command in INTERFACE mode. spanning-tree link-type point-to-point RSTP commands show spanning-tree active Displays the RSTP configuration and information for RSTP-active interfaces.
Usage Information All STP instances stop in the previous STP mode and restart in the new mode. You can also change to RSTP/MST mode. Example (RSTP) OS10(config)# spanning-tree mode rstp Example (MST) OS10(config)# spanning-tree mode mst Supported Releases 10.2.0E or later spanning-tree rstp force-version Configures a forced version of spanning tree to transmit BPDUs. Syntax spanning-tree rstp force-version stp Parameters stp — Force the version for the BPDUs transmitted by RSTP.
Example OS10(config)# spanning-tree rstp hello-time 5 Supported Releases 10.2.0E or later spanning-tree rstp mac-flush-threshold Sets the flush indication threshold value on the RSTP instance. Syntax spanning-tree rstp mac-flush-threshold threshold-value Parameters threshold-value—Enter the threshold value for the number of flushes, from 0 to 65535. The default value is 65535.
Command Mode CONFIGURATION Usage Information RSTP determines the root bridge but you can assign one bridge a lower priority to increase the probability of it being the root bridge. A lower priority value increases the probability of the bridge becoming a root bridge. Example OS10(config)# spanning-tree rstp priority 5002 Supported Releases 10.2.0E or later Multiple Spanning-Tree MSTP is one of the variations of the rapid spanning-tree protocol that mitigates some of the challenges of RPVST+.
Region Name: abc Revision: 0 MSTI VID 0 1,7-4093 1 2 2 3 3 4 4 5 5 6 Add or remove interfaces By default, all interfaces are enabled in L2 switchport mode, and all L2 interfaces are part of spanning-tree. • • Disable spanning-tree on an interface in INTERFACE mode. spanning-tree disable Enable MST on an interface in INTERFACE mode. no spanning-tree disable Create instances You can create multiple MSTP instances and map VLANs.
Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ----------------------------------------------------------------------------------ethernet1/1/1 128.260 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.260 ethernet1/1/2 128.264 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.264 ethernet1/1/3 128.268 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.268 ethernet1/1/4 128.272 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.272 ethernet1/1/5 128.276 128 500 FWD 0 32768 3417.4455.667f 128.
Root Bridge hello time 2, max age 20, forward delay 15, max hops 20 Bridge ID Priority 32768, Address 90b1.1cf4.a523 Configured hello time 2, max age 20, forward delay 15, max hops 20 CIST regional root ID Priority 32768, Address 90b1.1cf4.a523 CIST external path cost 500 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID --------------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 32768 3417.4455.667f 128.146 ethernet1/1/6 128.
Max-hops A maximum number of hops a BPDU travels before a receiving device discards it. NOTE: Dell EMC recommends that only experienced network administrators change MST parameters. Poorly planned modification of MST parameters can negatively affect network performance. 1 Change the forward-time parameter in CONFIGURATION mode, from 4 to 30, default 15. spanning-tree mst forward-time seconds 2 Change the hello-time parameter in CONFIGURATION mode, from 1 to 10, default 2.
• Port-channel with 10-Gigabit Ethernet interfaces — 1800 1 Change the port cost of an interface in INTERFACE mode, from 1 to 200000000. spanning-tree msti number cost 1 2 Change the port priority of an interface in INTERFACE mode, from 0 to 240 in increments of 16, default 128.
Example OS10(conf-mst)# name my-mst-region Supported Releases 10.2.0E or later revision Configures a revision number for the MSTP configuration. Syntax revision number Parameters number — Enter a revision number for the MSTP configuration, from 0 to 65535. Default 0 Command Mode MULTIPLE-SPANNING-TREE Usage Information To have a bridge in the same MST region as another, the default values for the revision number must match on all Dell EMC hardware devices.
Parameters • msti instance — Enter the MST instance number, from 0 to 63. • cost cost — (Optional) Enter a port cost value, from 1 to 200000000.
Example OS10(config)# spanning-tree mst 10 disable Supported Releases 10.4.0E(R1) or later spanning-tree mst force-version Configures a forced version of STP to transmit BPDUs. Syntax Parameters spanning-tree mst force-version {stp | rstp} • stp — Forces the version for the BPDUs transmitted by MST to STP. • rstp — Forces the version for the BPDUs transmitted by MST to RSTP.
Supported Releases 10.2.0E or later spanning-tree mst mac-flush-threshold Configures the mac-flush threshold value for a specific instance. Syntax spanning-tree mst instance-number mac-flush-threshold threshold-value Parameters • instance-number—Enter the instance number, from 0 to 4094. • threshold-value—Enter the threshold value for the number of flushes, from 0 to 65535. The default value is 5.
information that it holds for the port. The command configuration applies to all common IST (CIST) in the MST region. Example OS10(config)# spanning-tree mst max-hops 30 Supported Releases 10.2.0E or later show spanning-tree mst Displays MST configuration information. Syntax show spanning-tree mst configuration Parameters None Default Not configured Command Mode EXEC Usage Information Enable MSTl before using this command.
Root ID Priority 32768, Address 90b1.1cf4.9b8a Root Bridge hello time 2, max age 20, forward delay 15, max hops 20 Bridge ID Priority 32768, Address 90b1.1cf4.9b8a We are the root of MSTI 0 Configured hello time 2, max age 20, forward delay 15, max hops 20 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------ethernet1/1/1 132.128 128 200000000 BLK 0 32768 90b1.1cf4.9b8a 128.132 ethernet1/1/2 136.
Virtual LANs VLANs segment a single flat L2 broadcast domain into multiple logical L2 networks. Each VLAN is uniquely identified by a VLAN ID or tag consisting of 12 bits in the Ethernet frame. VLAN IDs range from 1 to 4093 and provide a total of 4093 logical networks. You can assign ports on a single physical device to one or more VLANs creating multiple logical instances on a single physical device.
Q: A-Access (Untagged), T-Tagged x-Dot1x untagged, X-Dot1x tagged G-GVRP tagged, M-Vlan-stack, H-VSN tagged i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports * 1 up A Eth1/1/2 1/1/3:2 1/1/3:3 1/1/3:4 1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 1/1/17 1/1/18 1/1/19 1/1/20 1/1/21 1/1/22 1/1/23 1/1/24 1/1/25:1 1/1/25:2 1/1/25:3 1/1/25:4 1/1/26 1/1/27 1/1/28 1/1/30 1/1/32 A Po40 200 up T Eth1/1/3:2 T Po40 A Eth1/1/31 320
Vlan 320 is up, line protocol is up Address is , Current address is Interface index is 69209184 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Access mode An access port is an untagged member of only one VLAN. Configure a port in Access mode and configure which VLAN carries the traffic for that interface.
3 Enter the allowed VLANs on the trunk port in INTERFACE mode. switchport trunk allowed vlan vlan-id Configure port in Trunk mode OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# switchport mode trunk OS10(conf-if-eth1/1/6)# switchport trunk allowed vlan 108 View running configuration OS10# show running-configuration ... ! interface ethernet1/1/8 switchport mode trunk switchport trunk allowed vlan 108 no shutdown ! interface vlan1 no shutdown ! ...
Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 200 is up, line protocol is up Address is , Current address is Interface index is 69209064 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 320 is up, line pro
Interface index is 69208865 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 200 is up, line protocol is up Address is , Current address is Interface index is 69209064 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Que
Supported Releases 10.2.0E or later interface vlan Creates a VLAN interface. Syntax interface vlan vlan-id Parameters vlan-id — Enter the VLAN ID number, from 1 to 4093. Default VLAN 1 Command Mode CONFIGURATION Usage Information FTP, TFTP, MAC ACLs, and SNMP operations are not supported. IP ACLs are supported on VLANs only. The no version of this command deletes the interface. Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# Supported Releases 10.2.
• Remote port monitoring (RPM) — Port monitoring is done on traffic running across a remote device in the same network. The L2 network carries the monitored traffic. • Encapsulated remote port monitoring (ERPM) — Port monitoring is done on the L3 network. The traffic from the source port is encapsulated and forwards to the destination port in another switch. Local port monitoring For local port monitoring, the monitored source ports and monitoring destination ports are on the same device.
Session and VLAN requirements RPM requires the following: • Source session, such as monitored ports on different source devices. • Reserved tagged VLAN for transporting monitored traffic configured on source, intermediate, and destination devices. • Destination session, where destination ports connect to analyzers on destination devices. Configure any network device with source and destination ports.
• Use the default VLAN and native VLANs as a source VLAN. • You cannot configure the dedicated VLAN used to transport mirrored traffic as a source VLAN. Restrictions • When you use a source VLAN, enable flow-based monitoring using the flow-based enable command. • In a source VLAN, only received (rx) traffic is monitored.
• If the destination IP address is not reachable, the session goes down. • OS10 does not support an ERPM destination session and decapsulation of ERPM packets at the destination switch. • You can configure a maximum of four ERPM sessions with a maximum of 128 source ports in each session. You can configure these four ERPM sessions in one of the following methods: – Single directional with either four ingress or four egress sessions. – Bidirectional with two ingress and two egress sessions.
View running configuration of monitor session OS10# show running-configuration monitor ! monitor session 10 type erpm-source source-ip 1.1.1.1 destination-ip 3.3.3.3 source interface ethernet1/1/2 no shut Flow-based monitoring Flow-based monitoring conserves bandwidth by inspecting only specified traffic instead of all interface traffic. Using flow-based monitoring, you can monitor only traffic received by the source port that matches criteria in ingress access-lists (ACLs).
NOTE: • In VLT devices configured with RPM, when the VLT link is down, the monitored packets might drop for some time. The time is equivalent to the VLT failover recovery time, the delay restore. • ERPM does not work on VLT devices. RPM on VLT scenarios Consider a simple VLT setup where two VLT devices are connected using VLTi and a top-of-rack switch is connected to both the VLT peers using VLT LAGs in a ring topology.
Scenario Recommendation 2 Create a flow-based local session on the VLT device to monitor the VLTi LAG interface member (ethernet 1/1/1) as source. ! monitor session 10 type destination interface ethernet 1/1/10 flowbased enable source interface ethernet1/1/1 no shut ! Mirror a VLAN with a VLTi LAG as the member to the VLT LAG on the same VLT device. The packet analyzer connects to the ToR switch. — Mirror a VLT LAG of the ToR, or any port in the ToR to any orphan port in the VLT device.
Example OS10(conf-mon-local-1)# description remote OS10(conf-mon-rpm-source-5)# description "RPM Sesssion" OS10(conf-mon-erpm-source-10)# description "ERPM Session" Supported Releases 10.2.0E or later destination Sets the destination where monitored traffic is sent to. The monitoring session can be local or RPM. Syntax destination {interface interface-type | remote-vlan vlan-id} Parameters interface-type — Enter the interface type for a local monitoring session.
ip Configures the IP time-to-live (TTL) value and the differentiated services code point (DSCP) value for the ERPM traffic. Syntax ip {ttl ttl-number | dscp dscp-number} Parameters Default • ttl-number — Enter the TTL value, from 1 to 255. • dscp-number — Enter the DSCP value, from 0 to 63. • TTL: 255 • DSCP: 0 Command Mode MONITOR-SESSION (ERPM) Usage Information The no version of this command removes the configured TTL and DSCP values.
show monitor session Displays information about a monitoring session. Syntax Parameters show monitor session {session-id | all} • session-id — Enter the session ID number, from 1 to 18. • all — View all monitoring sessions. Default All Command Mode EXEC Usage Information In the State field, true indicates that the port is enabled. In the Reason field, Is UP indicates that hardware resources are all Example (specific session) OS10# show monitor session 1 S.
source Configures a source for port monitoring. The monitoring session can be: local, RPM, or ERPM. Syntax source interface interface-type {both | rx | tx} Parameters • interface-type — Enter the interface type: – ethernet node/slot/port[:subport] — Enter the Ethernet interface information as the monitored source. – port-channel id-number — Enter the port-channel interface number as the monitored source, from 1 to 128. – vlan vlan-id —Enter the VLAN identifier as the monitored source, from 1 to 4093.
11 Layer 3 Bidirectional Provides rapid failure detection in links with adjacent routers (see BFD commands). forwarding detection (BFD) Border Gateway Protocol (BGP) Provides an external gateway protocol that transmits inter-domain routing information within and between autonomous systems (see BGP Commands). Equal Cost MultiPath (ECMP) Provides next-hop packet forwarding to a single destination over multiple best paths (see ECMP Commands).
Configure management VRF OS10(config)# ip vrf management OS10(conf-vrf)# interface management You can enable various services in both management or default VRF instances. The services supported in the management and default VRF instances are: Table 23.
Application Management VRF Default VRF Non-default VRF VLT backup link Yes Yes No VRRP Yes Yes Yes Configure a static route for a management VRF instance • Configure a static route that directs traffic to the management interface. CONFIGURATION management route ip-address mask managementethernet or management route ipv6-address prefixlength managementethernet You can also configure the management route to direct traffic to a physical interface. For example: management route 10.1.1.
no switchport 3 Assign the interface to a non-default VRF. INTERFACE CONFIGURATION ip vrf forwarding vrf-test Before assigning an interface to a VRF instance, ensure that no IP address is configured on the interface. 4 Assign an IPv4 address to the interface. INTERFACE CONFIGURATION ip address 10.1.1.1/24 5 Assign an IPv6 address to the interface. INTERFACE CONFIGURATION ipv6 address 1::1/64 You can also auto configure an IPv6 address using the ipv6 address autoconfig command.
Assign an interface back to the default VRF instance Table 24. Configurations to be removed CONFIGURATION MODE COMMAND IP address — In interface configuration mode, undo the IP address configuration. INTERFACE CONFIGURATION OS10(conf-if-eth1/1/10:1)#no ip address ipv4-address or no ipv6 address ipv6– address Port — In interface configuration mode, INTERFACE CONFIGURATION remove the interface association corresponding to the VRF instance that you want to delete.
• Delete a non-default VRF instance using the following command: CONFIGURATION no ip vrf vrf-name NOTE: You cannot delete the default VRF instance. Configure a static route for a non-default VRF instance • Configure a static route in a non-default VRF instance. Static routes contain IP addresses of the next-hop neighbors that are reachable through the non-default VRF. These IP addresses could also belong to the interfaces that are part of the non-default VRF instance.
Figure 3. Setup VRF Interfaces Router 1 ip vrf blue ! ip vrf orange ! ip vrf green ! interface ethernet 1/1/1 no ip address no switchport no shutdown ! interface ethernet1/1/2 no shutdown no switchport ip vrf forwarding blue ip address 20.0.0.1/24 ! interface ethernet1/1/3 no shutdown no switchport ip vrf forwarding orange ip address 30.0.0.
no shutdown no switchport ip vrf forwarding green ip address 40.0.0.1/24 ! interface vlan128 mode L3 no shutdown ip vrf forwarding blue ip address 1.0.0.1/24 ! interface vlan192 mode L3 no shutdown ip vrf forwarding orange ip address 2.0.0.1/24 ! ! interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.1/24 ! ip route vrf green 30.0.0.0/24 3.0.0.
interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.1/24 ! ip route vrf green 31.0.0.0/24 3.0.0.
Vlan128 default Mgmt1/1/1 Vlan1,24-25,200 green Eth1/1/7 Vlan256 orange Eth1/1/6 Vlan192 OS10# show ip route vrf blue Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -------------------
Static route leaking Route leaking enables routes that are configured in a default or non-default VRF instance to be made available to another VRF instance. You can leak routes from a source VRF instance to a destination VRF instance. The routes need to be leaked in both source as well as destination VRFs in order to achieve end-to-end traffic flow. If there are any connected routes in the same subnet as statically leaked routes. then the connected routes take precedence.
ip route vrf src-vrf-name route nexthop-interface OS10(config)#interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip vrf forwarding VRF1 OS10(conf-if-eth1/1/1)# ip address 120.0.0.1/24 OS10(config)#interface ethernet 1/1/2 OS10(conf-if-eth1/1/1)# ip vrf forwarding VRF2 OS10(conf-if-eth1/1/1)# ip address 140.0.0.1/24 OS10(config)#ip route vrf VRF1 140.0.0.0/24 interface ethernet 1/1/2 OS10(config)#ip route vrf VRF2 120.0.0.
After you configure the source IP address in a leaked VRF, if ping is initiated without -I option, then the source IP address will be that of loopback interface. Route leaking using route targets You can leak routes in one VRF instance to another using route targets. NOTE: You can leak routes using route targets only on the default and non-default VRF instance. You cannot leak routes using route targets on the management VRF instance.
route-map route-map-name route-map xyz 4 Associate the prefix list to the route-map. CONFIGURATION route-map route-map-name {permit | deny} rule match ip address prefix-list prefix-list-name route-map xyz permit 10 match ip address prefix-list abc or route-map xyz deny 10 match ip address prefix-list abc 5 Export the routes from a VRF instance using route maps.
Parameters None Default Not configured Command Mode VRF CONFIGURATION Usage Information The no version of this command removes the management interface from the management VRF instance. Example OS10(config)# ip vrf management OS10(conf-vrf)# interface management Supported Releases 10.4.0E(R1) or later ip domain-list vrf Configures a domain list for the management VRF instance or any non-default VRF instance that you create.
Example OS10(config)# ip domain-name vrf management dell.com or OS10(config)# ip domain-name vrf blue dell.com Supported Releases 10.4.0E(R1) or later ip vrf Create a non-default VRF instance. Syntax ip vrf vrf-name Parameters • vrf-name—Enter the name of the non-default VRF that you want to create. Enter a VRF name that is not greater than 32 characters in length.
ip host vrf Configures a host name for the management VRF instance or a non-default VRF instance and maps the host name to an IPv4 or IPv6 address. Syntax Parameters ip host vrf {management | vrf-name} hostname {IP-address | Ipv6–address} • management—Enter the keyword management to configure a host name for the management VRF instance. • vrf-name—Enter the name of the non-default VRF instance to configure a host name for that VRF instance. • hostname—Enter the host name.
Parameters • management—Enter the keyword management to configure a DNS name server for the management VRF instance. • vrf-name—Enter the name of the non-default VRF instance to configure a DNS name server for that VRF instance. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the name server from the management or non-default VRF instance.
Use the no form of this command to undo the configuration. Example OS10(conf-vrf)# ip route-export 1:1 ==> No route-map attached OS10(conf-vrf)# ip route-export 1:1 route-map abc ==> Route-map abc attached to filter export routes Supported Releases 10.4.3.0 or later ipv6 route-import Imports an IPv6 static route into a VRF instance from another VRF instance. Syntax Parameters [no] ipv6 route-import route-target • route-target — Enter the route-target of the VRF instance.
ip scp vrf Configures an SCP connection for the management or non-default VRF instance. Syntax ip scp vrf {management | vrf vrf-name} Parameters • management — Enter the keyword to configure an SCP connection for the management VRF instance. • vrf vrf-name — Enter the keyword then the name of the VRF to configure an SCP connection for that VRF instance.
Command Mode CONFIGURATION Usage Information The no version of this command removes the management VRF instance configuration from the TFTP client. Example OS10(config)# ip tftp vrf management OS10(config)# ip tftp vrf vrf-blue Supported Releases 10.4.0E(R1) or later ip vrf management Configures the management VRF instance.
show ip vrf Displays the VRF instance information. Syntax show ip vrf [management | vrf-name] Parameters • management—Enter the keyword management to display information corresponding to the management VRF instance. • vrf-name—Enter the name of the non-default VRF instance to display information corresponding to that VRF instance.
BFD provides forwarding-path failure detection in milliseconds instead of seconds. Because BFD is independent of routing protocols, it provides consistent network failure detection. BFD eliminates multiple protocol-dependent timers and methods. Networks converge is faster because BFD triggers link-state changes in the routing protocol sooner and more consistently. BFD is a simple hello mechanism. Two neighboring routers running BFD establish a session using a three-way handshake.
BFD three-way handshake A BFD session requires a three-way handshake between neighboring routers. In the following example, the handshake assumes: • One router is active, and the other router is passive. • This is the first session established on this link. • The default session state on both ports is Down. 1 The active system sends a steady stream of control packets to indicate that its session state is Down until the passive system responds.
BFD configuration Before you configure BFD for a routing protocol, first enable BFD globally on both routers in the link. BFD is disabled by default. • OS10 supports: – 64 BFD sessions at 100 minimum transmit and receive intervals with a multiplier of 4 – 100 BFD sessions at 200 minimum transmit and receive intervals with a multiplier of 3 • OS10 does not support Demand mode, authentication, and Echo function. • OS10 does not support BFD on multi-hop and virtual links.
2 • multiplier number — Enter the number of consecutive packets that must not be received from a BFD peer before the session state changes to Down, from 3 to 50; default 3. • role {active | passive} — Enter active if the router initiates BFD sessions. Both BFD peers can be active at the same time. Enter passive if the router does not initiate BFD sessions, and only responds to a request from an active BFD to initialize a session. The default is active. Enable BFD globally in CONFIGURATION mode.
• Establish BFD sessions with all neighbors discovered by BGP using the bfd all-neighbors command. For example: Router 1 OS10(conf)# bfd enable OS10(conf)# router bgp 1 OS10(config-router-bgp-1)# neighbor 2.2.4.
OR Configure BFD sessions with all neighbors discovered by the BGP in ROUTER-BGP mode. The BFD session parameters you configure override the global session parameters configured in Step 1. bfd all-neighbors [interval milliseconds min_rx milliseconds multiplier number role {active | passive}] • interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000; default 200. Dell EMC recommends using more than 100 milliseconds.
---------------------------------------------------------------------------* 150.150.1.2 150.150.1.1 vlan10 up 1000 1000 5 default bgp OS10# show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 2 Local Addr: 150.150.1.2 Local MAC Addr: 90:b1:1c:f4:ab:fd Remote Addr: 150.150.1.
Allow local AS number 0 times in AS-PATH attribute Prefixes ignored due to: Martian address 0, Our own AS in AS-PATH 0 Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 Local host: 20.1.1.2, Local port: 179 Foreign host: 20.1.1.1, Foreign port: 58248 BFD for OSPF You can configure BFD to monitor and notify reachability status between OSPF neighbors.
INTERFACE CONFIGURATION Mode Establishing BFD sessions with OSPFv2 neighbors in a non-default VRF instance To establish BFD sessions with OSPFv2 neighbors in a non-default VRF instance: 1 Enable BFD globally bfd enable CONFIGURATION Mode 2 Enter INTERFACE CONFIGURATION mode interface interface-name CONFIGURATION Mode 3 Associate a non-default VRF with the interface you have entered. ip vrf forwarding vrf1 INTERFACE CONFIGURATION Mode 4 Assign an IP address to the VRF.
In this example OSPF is enabled in non-default VRF red. BFD is enabled globally at the router OSPF level and all the interfaces associated with this VRF OSPF instance inherit the global BFD configuration. However, this global BFD configuration does not apply to interfaces in which the interface level BFD configuration is already present. Also, VLAN 200 takes the interface level BFD configuration as interface-level BFD configuration takes precedent over the global OSPF-level BFD configuration.
1 Enable BFD Globally. 2 Establish sessions with OSPFv3 neighbors. Establishing BFD sessions with OSPFv3 neighbors To establish BFD sessions with OSPFv3 neighbors: 1 Enable BFD globally bfd enable CONFIGURATION Mode 2 Enter ROUTER-OSPF mode router ospfv3 ospfv3-instance CONFIGURATION 3 Establish sessions with all OSPFv3 neighbors. bfd all-neighbors ROUTER-OSPFv3 Mode 4 Enter INTERFAC E CONFIGURATION mode.
ipv6 ospf bfd all-neoghbors VRF CONFIGURATION Mode 7 Enter ROUTER-OSPF mode in a non-default VRF instance. router ospf ospf-instance vrf vrf-name CONFIGURATION Mode 8 Establish BFD sessions with all OSPFv2 instances in a non-default VRF. bfd all-neighbors Changing OSPFv3 session parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: desired tx interval, required min rx interval, detection multiplier, and system role.
BFD for Static route The static Route BFD feature enables association of static routes with a BFD session in order to monitor the static route reachability. Depending on the status of the BFD session the static routes are added to or removed from the Routing Information Base (RIB). When BFD is configured, the nexthop reachability is dependent on the BFD state of the BFD session corresponding to the specified next hop.
ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] CONFIGURATION Mode NOTE: By default, OSPF uses the following BFD parameters for it's neighbors: min_tx = 200 msec, min_rx = 200 msec, multiplier = 3, role = active. The values are configured in milliseconds Disabling BFD for IPv4 Static Routes If you disable BFD, all static route BFD sessions are torn down.
ipv6 route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] CONFIGURATION Mode NOTE: By default, OSPF uses the following BFD parameters for it's neighbors: min_tx = 200 msec, min_rx = 200 msec, multiplier = 3, role = active. The values are configured in milliseconds Disabling BFD for IPv6 Static Routes To disable BFD for IPv6 static routes, use the following command. Disable BFD for static routes.
Supported releases 10.4.1.0 or later bfd all-neighbors Configures all BFD session parameters established between neighbors discovered by an L3 protocol. Syntax bfd all-neighbors [milliseconds min_rx milliseconds multiplier number role {active | passive}] Parameters Default • interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000. Dell EMC recommends using more than 100 milliseconds.
Usage Information Use the neighbor ip-address command in ROUTER-BGP mode to specify a neighbor. Use the bfd disable command to disable BFD sessions with the neighbor. Example OS10(conf)# router bgp 1 OS10(config-router-bgp-1)# neighbor 10.1.1.1 OS10(config-router-neighbor)# bfd disable Supported releases 10.4.1.0 or later bfd enable Enables BFD on all interfaces on the switch. Syntax bfd enable Parameters None Default BFD is disabled.
Usage Information Use the bfd interval command to configure global BFD session settings. To configure the BFD parameters used in sessions established with neighbors discovered by an L3 protocol, use the bfd all-neighbors command. To remove the configured global settings and return to the default values, enter the no version of the command. Example OS10(config)# bfd interval 250 min_rx 300 multiplier 4 role passive Supported releases 10.4.1.
To disable default BFD parameters for all OSPFv3 neighbors using the no ipv6 ospf bfd all-neighbors. Parameters Default • disable — Disables the BFD session on an interface alone. • interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000. You cannot configure a value that is less than 100 milliseconds. • min_rx milliseconds — Enter the maximum waiting time for receiving control packets from BFD peers, from 100 to 1000.
• Default role {active | passive} — Enter active if the router initiates BFD sessions. Both BFD peers can be active at the same time. Enter passive if the router does not initiate BFD sessions, and only responds to a request from an active BFD to initialize a session. The time interval for sending control packets to BFD peers is 200 milliseconds. The maximum waiting time for receiving control packets from BFD peers is 200 milliseconds.
Usage Information • This command can be used to enable or disable BFD for all the configured IPv6 static route for specified VRF. If VRF name is not specified the command will be applicable for default VRF. Example OS10(config)# ipv6 route bfd interval 250 min_rx 250 multiplier 4 role active Supported releases 10.4.2E or later show bfd neighbors Displays information about BFD neighbors from all interfaces using the default VRF.
Supported releases 10.4.1.0 or later Border Gateway Protocol Border Gateway Protocol (BGP) is an interautonomous system routing protocol that transmits interdomain routing information within and between autonomous systems (AS). BGP exchanges network reachability information with other BGP systems. BGP adds reliability to network connections by using multiple paths from one router to another. Unlike most routing protocols, BGP uses TCP as its transport protocol.
In an AS, a BGP network must be in full mesh for routes received from an internal BGP peer to send to another IBGP peer. Each BGP router talks to all other BGP routers in a session. For example, in an AS with four BGP routers, each router has three peers; in an AS with six routers, each router has five peers. Sessions and peers A BGP session starts with two routers communicating using the BGP. The two end-points of the session are called peers. A peer is also called a neighbor.
Routers B, C, D, E, and G are members of the same AS—AS100. These routers are also in the same route reflection cluster, where Router D is the route reflector. Routers E and G are client peers of Router D, and Routers B and C and nonclient peers of Router D. 1 Router B receives an advertisement from Router A through EBGP. Because the route is learned through EBGP, Router B advertises it to all its IBGP peers — Routers C and D.
• Next-hop Communities BGP communities are sets of routes with one or more common attributes. Communities assign common attributes to multiple routes at the same time. Duplicate communities are not rejected. Selection criteria Best path selection criteria for BGP attributes: 1 Prefer the path with the largest WEIGHT attribute, and prefer the path with the largest LOCAL_PREF attribute.
Weight and local preference The weight attribute is local to the router and does not advertise to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight is preferred. The route with the highest weight is installed in the IP routing table. The local preference — LOCAL_PREF represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route.
MEDs are nontransitive attributes. If AS 100 sends the MED to AS 200, AS 200 does not pass it on to AS 300 or AS 400. The MED is a locally relevant attribute to the two participating AS — AS 100 and AS 200. The MEDs advertise across both links—if a link goes down, AS 100 has connectivity to AS 300 and AS 400. Origin The origin indicates how the prefix came into BGP. There are three origin codes—IGP, EGP, and INCOMPLETE. IGP Prefix originated from information learned through an IGP.
arrive, and selects the best paths. Paths for active routes are grouped in ascending order according to their neighboring external AS number. OS10 follows deterministic MED to select different best paths from a set of paths. This may depend on the order the different best paths are received from the neighbors — MED may or may not get compared between adjacent paths. BGP best path selection is deterministic by default.
Advertise cost As the default process for redistributed routes, OS10 supports IGP cost as MED. Both auto-summarization and synchronization are disabled by default.
Router A, Router B, and Router C belong to AS 100, 200, and 300, respectively. Router A acquired Router B — Router B has Router C as its client. When Router B is migrating to Router A, it must maintain the connection with Router C without immediately updating Router C’s configuration. Local-AS allows Router B to appear as if it still belongs to Router B’s old network, AS 200, to communicate with Router C.
Configure Border Gateway Protocol BGP is disabled by default. To enable the BGP process and start to exchange information, assign an AS number and use commands in ROUTER-BGP mode to configure a BGP neighbor.
3 Add a remote AS in ROUTER-NEIGHBOR mode, from 1 to 65535 for 2-byte or 1 to 4294967295 for 4-byte. remote-as as-number 4 Enable the BGP neighbor in ROUTER-NEIGHBOR mode. no shutdown 5 (Optional) Add a description text for the neighbor in ROUTER-NEIGHBOR mode. description text To reset the configuration when you change the configuration of a BGP neighbor, use the clear ip bgp * command. To view the BGP status, use the show ip bgp summary command.
Capabilities received from neighbor for IPv4 Unicast: MULTIPROTO_EXT(1)ROUTE_REFRESH(2)CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast: MULTIPROTO_EXT(1)ROUTE_REFRESH(2)CISCO_ROUTE_REFRESH(128) Prefixes accepted 3, Prefixes advertised 0 Connections established 3; dropped 2 Closed by neighbor sent 00:03:26 ago Local host: 5.1.1.2, Local port: 43115 Foreign host: 5.1.1.
Configure Dual Stack OS10 supports dual stack for BGPv4 and BGPv6. Dual stack BGP allows simultaneous exchange of same IPv4 or IPv6 prefixes through different IPv4 and IPv6 peers. You can enable dual stack using the activate command in the corresponding address-family mode. By default, activate command is enabled for the IPv4 address family for all the neighbors. If a BGP-v4 neighbor wants to carry ipv6 prefix information, it activates the IPv6 address-family.
IPv4: OS10(configure-router-bgpv4-af)# distance bgp 21 200 200 IPv6: OS10(configure-router-bgpv6-af)# distance bgp 21 201 250 The example below provides the configuration for non-default VRF.
• advertisement-interval • next-hop-self • route-map out • route-reflector-client • send-community A neighbor may keep its configuration after it is added to a peer group if the neighbor configuration is more specific than the peer group and if the neighbor configuration does not affect outgoing updates. To display the peer-group configuration assigned to a BGP neighbor, enter the show ip bgp peer-group peer-group-name command.
router-id 100.0.0.8 ! template leaf_v4 description peer_template_1_abcd ! address-family ipv4 unicast distribute-list leaf_v4_in in distribute-list leaf_v4_out out route-map set_aspath_prepend in ! neighbor 100.5.1.1 description leaf_connected_ebgp_neighbor bfd inherit template leaf_v4 remote-as 64802 no shutdown ! neighbor 100.6.1.
• advertisement-interval • next-hop-self • route-map out • route-reflector-client • send-community A neighbor may keep its configuration after it is added to a peer group if the neighbor configuration is more specific than the peer group and if the neighbor configuration does not affect outgoing updates. To display the peer-group configuration assigned to a BGP neighbor, enter the show ip bgp peer-group peer-group-name command.
BGP version 4, remote router ID 3.3.3.
Configure password You can enable message digest 5 (MD5) authentication with a password on the TCP connection between two BGP neighbors. Configure the same password on both BGP peers. When you configure MD5 authentication between two BGP peers, each segment of the TCP connection is verified and the MD5 digest is checked on every segment sent on the TCP connection. Configuring a password for a neighbor establishes a new connection.
inherit template pass password 9 01320afb39f49134882b0a9814fe6e8e228f616f60a35958844775314c00f0e5 remote-as 10 no shutdown Peer 2 in ROUTER-NEIGHBOR mode OS10# configure terminal OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# no switchport ip OS10(conf-if-eth1/1/5)# ip address 11.1.1.2/24 OS10(conf-if-eth1/1/5)# router bgp 20 OS10(config-router-bgp-20)# neighbor 11.1.1.
! neighbor 3::1 remote-as 100 no shutdown ! address-family ipv6 unicast activate OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 3.1.1.3/24 no switchport no shutdown ipv6 address 3::3/64 OS10(conf-if-eth1/1/1)# shutdown OS10(conf-if-eth1/1/1)# do show ip bgp summary BGP router identifier 11.11.11.11 local AS number 300 Neighbor AS Down State/Pfx 3.1.1.
Passive peering When you enable a peer-template, the system sends an OPEN message to initiate a TCP connection. If you enable passive peering for the peer template, the system does not send an OPEN message but responds to an OPEN message. When a BGP neighbor connection with authentication rejects a passive peer-template, the system prevents another passive peer-template on the same subnet from connecting with the BGP neighbor.
6 Add a remote AS in ROUTER-TEMPLATE mode (1 to 65535 for 2 bytes, 1 to 4294967295 for 4 bytes). remote-as as-number Allow external routes from neighbor OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# neighbor 32.1.1.
OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv6 unicast OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# end OS10# show running-configuration bgp ! router bgp 100 ! neighbor 172:16:1::2 remote-as 100 no shutdown ! address-family ipv6 unicast activate allowas-in 1 OS10# show ip bgp BGP local RIB : Routes to be Added , Replaced , Withdrawn BGP local router ID is 100.1.1.
Enable additional paths OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# neighbor 32.1.1.2 OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# add-path both 3 MED attributes OS10 uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. MED comparison is not performed in paths from neighbors with different AS numbers. 1 Enable MED comparison in the paths from neighbors with different AS in ROUTER-BGP mode.
Configure and view local preference attribute OS10(config)# route-map bgproutemap 1 OS10(conf-route-map)# set local-preference 500 OS10(conf-route-map)# exit OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# neighbor 10.1.1.
Enable multipath You can have one path to a destination by default, and enable multipath to allow up to 64 parallel paths to a destination. The show ip bgp network command includes multipath information for that network. • Enable multiple parallel paths in ROUTER-BGP mode. maximum-paths {ebgp | ibgp} number Enable multipath OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# maximum-paths ebgp 10 Route-map filters Filtering routes allows you to implement BGP policies.
Configure clusters of routers where one router is a concentration router and the others are clients who receive their updates from the concentration router. 1 Assign an ID to a router reflector cluster in ROUTER-BGP mode. You can have multiple clusters in an AS. cluster-id cluster-id 2 Assign a neighbor to the router reflector cluster in ROUTER-BGP mode. neighbor {ip-address} 3 Configure the neighbor as a route-reflector client in ROUTER-NEIGHBOR mode, then return to ROUTER-BGP mode.
! neighbor 32.1.1.2 remote-as 104 no shutdown ! address-family ipv4 unicast Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, Dell EMC recommends BGP confederations only for IBGP peering involving many IBGP peering sessions per router. When you configure BGP confederations, you break the AS into smaller sub-ASs. To devices outside your network, the confederations appear as one AS.
Route dampening When EBGP routes become unavailable, they “flap” and the router issues both WITHDRAWN and UPDATE notices. A flap occurs when a route is withdrawn, readvertised after being withdrawn, or has an attribute change. The constant router reaction to the WITHDRAWN and UPDATE notices causes instability in the BGP process. To minimize this instability, configure penalties (a numeric value) for routes that flap.
View dampened paths OS10# show ip bgp dampened-paths BGP local router ID is 80.1.1.1 Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Reuse Path d* 3.1.2.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.3.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.4.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.5.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.6.0/24 80.1.1.
1 Enable soft-reconfiguration for the BGP neighbor and BGP template in ROUTER-BGP mode. BGP stores all the updates that the neighbor receives but does not reset the peer-session. Entering this command starts the storage of updates, which is required to do inbound soft reconfiguration. neighbor {ip-address} soft-reconfiguration inbound 2 Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]} 3 Configure soft-configuration for the neighbors belonging to the template.
! router bgp 20 network 192.168.100.0 neighbor 10.10.9.2 remote-as 20 address-family ipv4 unicast Configuration on Core 1 Core 1 has both OSPF and BGP configured. Core 1 has OSPF neighbor adjacency with Core 2 and BGP neighbor adjacency with BR. The iBGPtoOSPF prefix-list is configured and applied to a route-map. The match ip address prefix-list iBGPtoOSPF command processes the iBGP-learned routes. ip prefix-list iBGPtoOSPF seq 15 permit 192.168.100.
no switchport ip address 2030::1/64 ! ! address-family ipv6 unicast router bgp 20 neighbor 2030::2 remote-as 20 Configuration on Core 1 Core 1 has both OSPF and BGP configured. Core 1 has OSPF neighbor adjacency with Core 2 and BGP neighbor adjacency with BR. The iBGPtoOSPF prefix-list is configured and applied to a route-map. The match ip address prefix-list iBGPtoOSPF command processes the iBGP-learned routes.
BGP commands activate Enables the neighbor or peer group to be the current address-family identifier (AFI). Syntax activate Parameters None Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information This command exchanges IPv4 or IPv6 address family information with an IPv4 or IPv6 neighbor. IPv4 unicast Address family is enabled by default. To activate IPv6 address family for IPv6 neighbor, use the activate command.
address-family Enters Global Address Family Configuration mode for the IP address family. Syntax Parameters address-family {[ipv4 | ipv6] unicast} • ipv4 unicast — Enter an IPv4 unicast address family. • ipv6 unicast — Enter an IPv6 unicast address family. Default None Command Mode ROUTER-BGP Usage Information This command applies to all IPv4 or IPv6 peers belonging to the template or neighbors only. The no version of this command removes the subsequent address-family configuration.
Command Mode ROUTER-NEIGHBOR Usage Information The time interval applies to all the peer group members of the template in ROUTER-TEMPLATE mode. The no version of this command disables the advertisement-start time interval. Example OS10(conf-router-neighbor)# advertisement-start 30 Supported Releases 10.3.0E or later aggregate-address Summarizes a range of prefixes to minimize the number of entries in the routing table.
Example (IPv6) OS10(conf-router-template)# address-family ipv6 unicast OS10(conf-router-bgp-template-af)# allowas-in 5 Supported Releases 10.3.0E or later always-compare-med Compares MULTI_EXIT_DISC (MED) attributes in the paths received from different neighbors. Syntax always-compare-med Parameters None Default Disabled Command Mode ROUTER-BGP Usage Information After you use this command, use the clear ip bgp * command to recompute the best path.
bestpath as-path Configures the AS path selection criteria for best path computation. Syntax bestpath as-path {ignore | mutlipath-relax} Parameters • ignore — Enter to ignore the AS PATH in BGP best path calculations. • mutlipath-relax — Enter to include prefixes received from different AS paths during multipath calculation. Default Enabled Command Mode ROUTER-BGP Usage Information To enable load-balancing across different EBGP peers, configure the mutlipath-relax option.
bestpath router-id Ignores comparing router-id information for external paths during best-path selection. Syntax bestpath router-id {ignore} Parameters ignore — Enter to ignore AS path for best-path computation. Default Enabled Command Mode ROUTER-BGP Usage Information If you do not receive the same router ID for multiple paths, select the path that you received first. If you received the same router ID for multiple paths, ignore the path information.
Parameters • * — Enter to clear all BGP sessions. • vrf vrf-name — (OPTIONAL) Enter the vrf then the name of the VRF to clear BGP session information corresponding to that VRF. • ipv4 unicast — Enter to clear IPv4 unicast configuration. • ipv6 unicast — Enter to clear IPv6 unicast configuration. • soft — (Optional) Enter to configure and activate policies without resetting the BGP TCP session — BGP soft reconfiguration. • in — (Optional) Enter to activate only ingress (inbound) policies.
• ipv6–prefix — (Optional) Enter an IPv6 prefix to clear the flap counts of the given prefix. Default Not configured Command Mode EXEC Usage Information None Example (All Prefixes) OS10# clear ip bgp flap-statistics Example (IPv4) OS10# clear ip bgp 1.1.15.4 flap-statistics Example (Given Prefix) OS10# clear ip bgp flap-statistics 1.1.15.0/24 Supported Releases 10.3.0E or later connection-retry-timer Configures the timer to retry the connection to BGP neighbor or peer group.
autonomous system is fully meshed and contains a few connections to other autonomous systems. The next-hop (MED) and local preference information is preserved throughout the confederation. The system accepts confederation EBGP peers without a LOCAL_PREF attribute. OS10 sends AS_CONFED_SET and accepts AS_CONFED_SET and AS_CONF_SEQ. The no version of this command deletes the confederation configuration.
Command Mode ROUTER-BGP Usage Information If a cluster contains only one route reflector, the cluster ID is the route reflector’s router ID. For redundancy, a BGP cluster may contain two or more route reflectors. Without a cluster ID, the route reflector cannot recognize route updates from the other route reflectors within the cluster. The default format to display the cluster ID is A.B.C.D format. If you enter the cluster ID as an integer, an integer displays.
debug ip bgp Enables Border Gateway Protocol (BGP) debugging and displays messages related to processing of BGP. Syntax debug ip bgp Parameters None Defaults None Command Modes EXEC Usage Information The no debug ip bgp command stops displaying messages related to processing of BGP. Example OS10# debug ip bgp Supported Releases OS10 legacy command. description Configures a description for the BGP neighbor or for peer template.
effect only after you disable and re-enable route redistribution for a specified protocol. To re-enable route distribution use the redistribute {connected [route-map map-name] | ospf process-id | static [route-map map-name]} command, or use the clear ip bgp * command after you reset BGP. The no version of this command removes the default metric value. Example (IPv4) OS10(conf-router-bgpv4-af)# default-metric 60 Example (IPv6) OS10(conf-router-bgpv6-af)# default-metric 60 Supported Releases 10.3.
Usage Information This command is used to configure administrative distance for eBGP route, iBGP route, and local BGP route. Administrative distance indicates the reliability of the route; the lower the administrative distance, the more reliable the route is. Routes that are assigned an administrative distance of 255 are not installed in the routing table. Routes from confederations are treated as iBGP routes.
bgp default local-preference Changes the default local preference value for routes exchanged between internal BGP peers. Syntax default local-preference number Parameters number — Enter a number to assign to routes as the degree of preference for those routes. When routes compare, the route with the higher degree of preference or the local preference value is most preferred, from 1 to 4294967295.
NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command. 2 From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command. Example OS10(conf-router-bgp-1)# enforce-first-as Supported Releases 10.3.0E or later fall-over Enables or disables BGP session fast fall-over for BGP neighbors.
Supported Releases 10.3.0E or later graceful-restart Enables graceful or hitless restart and configures the required parameters for the restart process.
Parameters • ip-address—Enter the BGP neighbor IP address. • limit count—(Optional) Enter a maximum dynamic peer count, from 1 to 4294967295. Default Not configured Command Mode ROUTER-TEMPLATE Usage Information Enables a passive peering session for listening. The no version of this command disables a passive peering session. Example OS10(conf-router-template)# listen 1.1.0.0/16 limit 4 Supported Releases 10.2.0E or later local-as Configures a local AS number for a peer.
NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command. 2 From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command. Example OS10(conf-router-bgp-10)# log-neighbor-changes Supported Releases 10.3.0E or later maximum-paths Configures the maximum number of equal-cost paths for load sharing.
Default 75% threshold Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information If you configure this command and the neighbor receives more prefixes than the configuration allows, the neighbor goes down. To view the prefix information, use the show ip bgp summary command. The neighbor remains down until you use the clear ip bgp command for the neighbor or the peer group to which the neighbor belongs. The no version of this command resets the value to the default.
non-deterministic-med Compares paths in the order they arrive. Syntax non-deterministic-med Parameters None Default Disabled Command Mode ROUTER-BGP Usage Information Paths compare in the order they arrive. OS10 uses this method to choose different best paths from a set of paths, depending on the order they are received from the neighbors. MED may or may not be compared between adjacent paths.
password Configures a password for message digest 5 (MD5) authentication on the TCP connection between two neighbors. Syntax password {9 encrypted password-string| password-string} Parameters • 9 encrypted password-string—Enter 9 then the encrypted password. • password-string—Enter a password for authentication. A maximum of 128 characters. Default Disabled Command Mode ROUTER-NEIGHBOR ROUTER-TEMPLATE Usage Information You can enter the password either as plain text or in encrypted format.
Example (Static — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute static Example (OSPF — IPv4) OS10(conf-router-bgp-102)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# redistribute ospf 1 Example (OSPF — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute ospf 1 Supported Releases 10.2.0E or later remote-as Adds a remote AS to the specified BGP neighbor or peer group.
route-map Applies an established route-map to either incoming or outbound routes of a BGP neighbor or peer group. Syntax route-map route-map-name {in | out} Parameters • route-map-name — Enter the name of the configured route-map. • in — attaches the route-map as the inbound policy • out— attaches the route-map as the outbound policy Defaults None Command Modes ROUTER-BGP-TEMPLATE-AF Usage Information The no version of this command removes the route-map.
Default None Command Mode CONFIGURATION Usage Information The AS number can be a 16-bit integer. The no version of this command resets the value to the default. Example OS10(config)# router bgp 3 OS10(conf-router-bgp-3)# Supported Releases 10.3.0E or later router-id Assigns a user-given ID to a BGP router. Syntax router-id ip-address Parameters ip-address — Enter an IP address in dotted decimal format.
sender-side-loop-detection Enables the sender-side loop detection process for a BGP neighbor. Syntax sender-side-loop-detection Parameters None Default Enabled Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information This command helps detect routing loops, based on the AS path before it starts advertising routes. To configure a neighbor to accept routes use the neighbor allowas-in command. The no version of this command disables sender-side loop detection for that neighbor.
show ip bgp dampened-paths Displays BGP routes that are dampened or non-active. Syntax show ip bgp [vrf vrf-name] dampened-paths Parameters None Default Not configured Command Mode EXEC Usage Information Example • vrf vrf-name — (OPTIONAL) Enter vrf and then the name of the VRF to view routes that are affected by a specific community list corresponding to that VRF. • Network — Displays the network ID where the route is dampened.
Example OS10# show ip bgp flap-statistics BGP local router ID is 80.1.1.1 Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Flaps Duration Reuse Path *> 3.1.2.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.3.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.4.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.5.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.6.0/24 80.1.1.
• denied-routes — (Optional) Displays the configured IPv6 denied routes. Default Not configured Command Mode EXEC Usage Information None Example OS10# show BGP router Neighbor 80.1.1.2 Supported Releases 10.3.0E or later ip bgp ipv6 unicast summary identifier 80.1.1.1 local AS number 102 AS MsgRcvd MsgSent Up/Down State/Pfx 800 8 4 00:01:10 5 show ip bgp neighbors Displays information that BGP neighbors exchange.
• Foreign host — Displays the peering address of the neighbor and the TCP port number. Although the status codes for routes received from a BGP neighbor may not display in the show ip bgp neighbors ip-address received-routes output, they display correctly in the show ip bgp output. Example OS10# show ip bgp neighbors BGP neighbor is 80.1.1.2, remote AS 800, local AS 102 external link BGP version 4, remote router ID 12.12.0.
D 55::/64 172:16:1::2 55:0:0:1::/64 172:16:1::2 55:0:0:2::/64 172:16:1::2 D 55:0:0:3::/64 172:16:1::2 D 55:0:0:4::/64 172:16:1::2 D 55:0:0:5::/64 172:16:1::2 D 55:0:0:6::/64 172:16:1::2 55:0:0:7::/64 172:16:1::2 D 55:0:0:8::/64 172:16:1::2 D 55:0:0:9::/64 172:16:1::2 Total number of prefixes: 10 OS10# 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 i i i i i i i i i i Example deniedroutes OS10# show ip bgp ipv6 unicast neighbors 172:16:1::2 denied-routes BGP local router ID is 100.1.1.
Example • Administratively shut — Displays the peer group’s status if you do not enable the peer group. If you enable the peer group, this line does not display. • BGP version — Displays the BGP version supported. • Description — Displays the descriptive name configured for the BGP peer template. This field is displayed only when the description is configured. • For address family — Displays IPv4 unicast as the address family. • BGP neighbor — Displays the name of the BGP neighbor.
The suppressed status of aggregate routes may not display in the command output. Example OS10# show BGP router Neighbor 80.1.1.2 Supported Releases 10.2.0E or later ip bgp summary identifier 80.1.1.1 local AS number 102 AS MsgRcvd MsgSent Up/Down State/Pfx 800 24 23 00:09:15 5 show ip route Displays information about IPv4 BGP routing table entries.
soft-reconfiguration inbound Enables soft-reconfiguration for a neighbor. Syntax soft-reconfiguration inbound Parameters None Default Not configured Command Modes ROUTER-BGP-NEIGHBOR-AF Usage Information This command is not supported on a peer-group level. To enable soft-reconfiguration for peers in a peer-group, you must enable this command at a per-peer level. With soft-reconfiguration inbound, all updates received from this neighbor are stored unmodified, regardless of the inbound policy.
timers Adjusts BGP keepalive and holdtime timers. Syntax Parameters timers keepalive holdtime • keepalive—Enter the time interval, in seconds, between keepalive messages sent to the neighbor routers, from 1 to 65535. • holdtime—Enter the time interval, in seconds, between the last keepalive message and declaring a router dead, from 3 to 65535.
Usage Information The path with the highest weight value is preferred in the best-path selection process. The no version of this command resets the value to the default. Example OS10(conf-router-bgp-neighbor)# weight 4096 Supported Releases 10.3.0E or later Equal cost multi-path ECMP is a routing technique where next-hop packet forwarding to a single destination occurs over multiple best paths. When you enable ECMP, OS10 uses a hash algorithm to determine the next-hop.
MAC FIELDS : source-mac destination-mac ethertype vlan-id TCP-UDP FIELDS: l4-destination-port l4-source-port Resilient hashing To increase bandwidth and for load balancing, traffic distributes across the next hops of an ECMP group or member ports of a port channel. OS10 uses a hash algorithm to determine a hash key. The egress port in a port channel or the next hop in an ECMP group is selected based on the hash key modulo the number of ports in a port channel or next hops in an ECMP group, respectively.
Examples Normal traffic flow without resilient hashing Traffic flow with resilient hashing enabled When you enable resilient hashing for ECMP groups, the flow-map table is created with 64 paths (the OS10 default maximum number of ECMP paths) and traffic is equally distributed. In the following example, traffic 1 maps to next hop 'A'; traffic 2 maps to next hop 'C'; and traffic 3 maps to next hop 'B.
Member link is added However, when a new member link is added, resilient hashing completes minimal remapping for better load balancing, as shown: Important notes • Resilient hashing on port channels applies only for unicast traffic.
• For resilient hashing on ECMP groups, the ECMP path must be in multiples of 64. Before you enable resilient hashing, ensure that the maximum ECMP path is set to a multiple of 64. You can configure this value using the ip ecmp-group maximum-paths command. Maximum ECMP groups and paths The maximum number of ECMP groups supported on the switch depends on the maximum ECMP paths configured on the switch. To view the maximum number of ECMP groups and paths, use the show ip ecmp-group details command.
hash-algorithm Changes the hash algorithm that distributes traffic flows across ECMP paths and the link aggregation group (LAG). Syntax Parameters hash-algorithm {ecmp | lag | seed {seed-value}} {crc | crc16cc | crc32LSB | crc32MSB | xor | xor1 | xor2 | xor4 | xor8 | random} • ecmp—Enables the ECMP hash configuration. • lag—Enables the LAG hash configuration for Layer 2 (L2) only. • seed—Changes the hash algorithm seed value to get a better hash value.
Usage Information To save the new ECMP settings, use the write memory command, then reload the system for the new settings to take effect. The no version of this command returns the value to the default. Example OS10# configure terminal OS10(config)# ip ecmp-group maximum-paths 2 OS10(config)# exit OS10# write memory OS10# reload Supported Releases 10.4.3.0 or later link-bundle-utilization trigger-threshold Configures a threshold value to trigger traffic monitoring distribution on an ECMP link bundle.
Default Command Mode Usage Information • ethertype — Enables Ethernet type information in the hash calculation.
show hash-algorithm Displays hash-algorithm information. Syntax show hash-algorithm Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show hash-algorithm EcmpAlgo - crc LabAlgo - crc Supported Releases 10.3.0E or later show ip ecmp-group details Displays the number of ECMP groups and paths.
IPV6 Load Balancing Enabled IPV6 FIELDS : source-ipv6 dest-ipv6 vlan protocol L4-source-port L4-dest-port Mac Load Balancing Enabled MAC FIELDS : source-mac dest-mac vlan ethertype mac-in-mac header based hashing is disabled TcpUdp Load Balancing Enabled Supported Releases 10.3.0E or later IPv4 routing OS10 supports IPv4 addressing including variable-length subnetting mask (VLSM), Address Resolution Protocol (ARP), static routing, and routing protocols.
Wavelength is 64 SFP receive power reading is 0.
ethernet 1/1/5 has IP address on subnet 100.0.0.0/8, and if 10.1.1.0/24 recursively resolves to 100.1.1.1, the system installs the static route: • When the interface goes down, OS10 withdraws the route. • When the interface comes up, OS10 reinstalls the route. • When the recursive resolution is broken, OS10 withdraws the route. • When the recursive resolution is satisfied, OS10 reinstalls the route.
Parameters • vrf vrf-name — (Optional) Enter vrf then the name of the VRF to clear ARP entries corresponding to that VRF. • interface interface— (Optional) Specify an interface type: – ethernet — Physical interface. – port-channel — Port-channel identifier. – vlan — VLAN identifier. – loopback — Loopback interface identifier. – virtual-network vn-id — Virtual network ID. • ip ip-address — (Optional) Specify the IP address of the ARP entry to clear.
Parameters ip–address/mask — Enter the IP address. Defaults None Command Mode INTERFACE Usage Information The no version of this command removes the IP address set for the interface. Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip address 10.1.1.0/24 Supported Releases 10.3.0E or later ip address dhcp Enables DHCP client operations on the interface.
• request — Specify to enable or disable sending gratuitous ARP requests when duplicate address is detected. Default Not configured Command Mode CONFIG-INTERFACE Usage Information When a reply to a gratuitous ARP request is received, it indicates an IP address conflict in the network. The no version of this command disables the ARP cache updates for gratuitous ARP. Example OS10(conf-if-eth1/1/6)# ip arp gratuitous update OS10(conf-if-eth1/1/6)# ip arp gratuitous request Supported Releases 10.2.
– port-channel — Enter the port-channel ID number, from 1 to 128. • ip-address — (Optional) Enter the IP address for the ARP entry in A.B.C.D format. • mac-address — (Optional) Enter the MAC address in nn:nn:nn:nn:nn:nn format. • static — (Optional) Enter the keyword to display static ARP entries. • dynamic — (Optional) Enter the keyword to display dynamic ARP entries. • summary — (Optional) Enter the keyword to display a summary of all ARP entries.
• static — (Optional) Displays static route information. • ip-prefix/mask — (Optional) Displays routes for the destination prefix list. NOTE: This option works only for the exact prefix and the mask length. • summary — (Optional) Displays an IP route summary.
Enable or disable IPv6 By default: • IPv6 forwarding is enabled on physical Ethernet interfaces, VLANs, and port groups. IPv6 forwarding is disabled only when you enable IPv6 address autoconfiguration on an interface and set it in host mode using the ipv6 address autoconfig command. • IPv6 forwarding is permanently disabled on the management Ethernet interface so that it remains in Host mode and does not operate as a router regardless of the ipv6 address autoconfig setting.
IPv6 128-bit addresses are represented as a series of eight 16-bit hexadecimal fields separated by colons: x:x:x:x:x:x:x:x. 2001:0db8:0000:0000:0000:0000:1428:57a Leading zeros in each field are optional.
NOTE: Dell EMC Networking does not recommend configuring both a static IPv6 address and DHCPv6 on the same interface. You can also manually configure an IPv6 address by assigning: • A network prefix with the EUI-64 parameter using the ipv6 address ipv6-prefix eui64 command. A 64-bit interface ID automatically generates based on the MAC address. • A link-local address to use instead of the link-local address that automatically configures when you enable IPv6 using the ipv6 address link-local command.
The router redirect functionality in the NDP is similar to IPv4 router redirect messages. NDP uses ICMPv6 redirect messages (Type 137) to inform nodes that a better router exists on the link. Neighbor Discovery The IPv6 NDP determines if neighboring IPv6 devices are reachable and receives the IPv6 addresses of IPv6 devices on local links. Using the link-layer and global prefixes of neighbor addresses, OS10 performs stateless autoconfiguration of IPv6 addresses on interfaces.
• lifetime {valid-lifetime seconds | infinite} — (Optional) Sets AdvValidLifetime in seconds for the prefix in the radvd.conf file. The prefix is valid for on-link determination only for the specified lifetime. The default is 86400 seconds (1 day). The infinite setting allows the prefix to be valid for on-link determination with no time limit. • lifetime {preferred-lifetime seconds | infinite} — (Optional) Sets AdvPreferredLifetime in seconds for the prefix in the radvd.conf file.
Static IPv6 routing To define an explicit route between two IPv6 networking devices, configure a static route on an interface. Static routing is useful for smaller networks with only one path to an outside network, or to provide security for certain traffic types in a larger network. • Enter the static routing information including the IPv6 address and mask in x:x:x:x::x format in CONFIGURATION mode. The length is from 0 to 64.
View IPv6 information To view IPv6 configuration information, use the show ipv6 route command. To view IPv6 address information, use the show address ipv6 command.
– virtual-network vn-id — For a virtual network, enter virtual-network then the ID of the network. Defaults None. Command Mode EXEC Usage Information The no version of this command resets the value to the default. Example Supported Releases 10.4.1.0 or later or later clear ipv6 route Clears routes from the IPv6 routing table.
NOTE: Dell EMC Networking does not recommend configuring both a static IPv6 address and DHCPv6 on the same interface. Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 address 2111:dddd:0eee::22/64 Supported Releases 10.3.0E or later ipv6 address autoconfig Acquires global IPv6 addresses by using the network prefix obtained from RAs.
ipv6 enable Enables and disables IPv6 forwarding on an interface configured with an IPv6 address. Syntax ipv6 enable Parameters None Defaults None Command Mode INTERFACE Usage Information Use this command to disable and re-enable IPv6 forwarding on an interface for security purposes or to recover from a duplicate address discovery (DAD) failure. The no version of this command disables IPv6 forwarding.
Usage Information • An interface can have only one link-local address. By default, an IPv6 link-local address automatically generates with a MAC-based EUI-64 interface ID when a router boots up and IPv6 is enabled. Use this command to manually configure a link-local address to replace the autoconfigured address. For example, to configure a more user-friendly link-local address, replace fe80::eef4:bbff:fefb:fa30/64 with fe80::1/64.
• By default, DAD does not disable IPv6 if a duplicate link-local address is detected in the network. To disable IPv6 on an interface when a duplicate link-local address is detected, use the ipv6 nd dad disableipv6-on-failure command.
ipv6 nd max-ra-interval Sets the maximum time interval between sending RA messages. Syntax Parameters ipv6 nd max-ra-interval seconds • max-ra-interval seconds — Enter a time interval in seconds, from 4 to 1800. Defaults 600 seconds Command Mode INTERFACE Usage Information The no version of this command restores the default time interval used to send RA messages. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd max-ra-interval 300 Supported Releases 10.4.
ipv6 nd prefix Configures the IPv6 prefixes that are included in messages to neighboring IPv6 routers. Syntax ipv6 nd prefix {ipv6-prefix | default} [no-advertise] [no autoconfig] [no-rtraddress] [off-link] [lifetime {valid-lifetime seconds | infinite} {preferredlifetime seconds | infinite}] Parameters • ipv6-prefix — Enter an IPv6 prefix in x:x::y/mask format to include the prefix in RA mesages. Include prefixes that are not already in the subnets on the interface.
Advertise prefix for which there is no interface address OS10(conf-if-eth1/1/1)# ipv6 nd prefix 2001:0db8:3000::/64 no-autoconfig Supported Releases 10.4.0E(R1) or later ipv6 nd ra-lifetime Sets the lifetime of the default router in RA messages. Syntax Parameters ipv6 nd ra-lifetime seconds • ra-lifetime seconds — Enter a lifetime value in milliseconds, from 0 to 9000 milliseconds.
Defaults Not configured Command Mode INTERFACE Usage Information The no version of this command disables the configured retransmission timer. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd retrans-timer 1000 Supported Releases 10.4.0E(R1) or later ipv6 nd send-ra Enables sending ICMPv6 RA messages. Syntax ipv6 nd send-ra Parameters None Defaults RA messages are disabled.
recursive resolution is satisfied. After you create an IPv6 static route interface, if you do not assign an IP address to a peer interface, you must manually ping the peer to resolve the neighbor information. • Example The no version of this command deletes the IPv6 route configuration. OS10(config)# ipv6 route 2111:dddd:0eee::22/128 2001:db86:0fff::2 OS10(config)# ipv6 route 2111:dddd:0eee::22/128 interface null 0 Supported Releases 10.2.
Usage Information The no version of this command resets the value to the default. Example OS10# show ipv6 neighbors IPv6 Address Hardware Address State Interface VLAN ----------------------------------------------------------------1001:db8:a1::2 00:c5:05:02:12:91 REACH ethernet1/1/5 12 1001:db8:a1::f 00:f5:50:02:54:75 REACH port-channel5 12 200::2 00:c5:05:02:12:91 STALE ethernet1/1/10 400::f 00:f5:50:02:54:75 REACH port-channel20 Supported Releases 10.4.1.
-----------------------------------------------------------------C 2001:db86::/32 via 2001:db86:fff::1 ethernet1/1/1 0/0 00:03:24 Example (Summary) OS10# show ipv6 route summary Route Source Active Routes Ospf 0 Bgp 0 Connected 0 Static 0 Ospf Inter-area 0 NSSA External-1 0 NSSA External-2 0 Ospf External-1 0 Ospf External-2 0 Bgp Internal 0 Bgp External 0 Ospf Intra-area 0 Total 0 Supported Releases Non-Active Routes 0 0 0 0 0 0 0 0 0 0 0 0 0 10.2.
Autonomous system areas OSPF operates in a hierarchy. The largest entity within the hierarchy is the autonomous system (AS). The AS is a collection of networks under a common administration that share a common routing strategy. OSPF is an intra-AS, Interior Gateway Routing Protocol (IGRP) that receives routes from and sends routes to other AS. You can divide an AS into several areas, which are groups of contiguous networks and attached hosts administratively grouped.
Configure all routers within an assigned stub area as stubby and do not generate LSAs that do not apply. For example, a Type 5 LSA is intended for external areas and the stubby area routers may not generate external LSAs. A virtual link cannot traverse stubby areas. Networks and neighbors As a link-state protocol, OSPF sends routing information to other OSPF routers concerning the state of the links between them. The Up or Down state of those links is important.
can connect to many areas in an AS and is considered a member of each area it connects to—shown as Router H in the example. Autonomous system The autonomous system border router (ASBR) connects to more than one AS and exchanges information with the border router routers in other ASs. The ASBR connects to a non-IGP such as BGP or uses static routes—shown as Router N in the example.
Type 7—NSSAExternal LSA (OSPFv2), LSA (OSPFv3) Routers in an NSSA do not receive external LSAs from ABRs but send external routing information for redistribution. They use Type 7 LSAs to tell the ABRs about these external routes, which the ABR then translates to Type 5 external LSAs and floods as normal to the rest of the OSPF network. Type 8—Link LSA (OSPFv3) Type 8 LSA carries the IPv6 address information of the local links.
OSPF route limit OS10 supports up to 16,000 OSPF routes. Within this range, the only restriction is on intra-area routes that scale only up to 1000 routes. Other OSPF routes can scale up to 16 K. Shortest path first throttling Use shortest path first (SPF) throttling to delay SPF calculations during periods of network instability. In an OSPF network, a topology change event triggers an SPF calculation that is performed after a start time.
View OSPFv3 SPF throttling OS10(config-router-ospfv3-100)# timers spf 1345 2324 9234 OS10(config-router-ospfv3-100)# do show ipv6 ospf Routing Process ospfv3 100 with ID 129.240.244.107 SPF schedule delay 1345 msecs, Hold time between two SPFs 2324 msecs Min LSA origination 5000 msec, Min LSA arrival 1000 msec Min LSA hold time 0 msec, Max LSA wait time 0 msec Number of area in this router is 1, normal 1 stub 0 nssa Area (0.0.0.
View OSPFv2 configuration OS10# show running-configuration ospf ! interface ethernet1/1/1 ip ospf 100 area 0.0.0.0 ! router ospf 100 ... Enable OSPFv2 in a non-default VRF instance To enable OSPFv2 in a non-default VRF instance: 1 Create a non-default VRF instance in which you want to enable OSPFv2: ip vrf vrf-name 2 Enable OSPF and configure an OSPF instance in VRF CONFIGURATION mode.
Assign router identifier For managing and troubleshooting purposes, you can assign a router ID for the OSPFv2 process. Use the router’s IP address as the router ID. • Assign the router ID for the OSPFv2 process in ROUTER-OSPF mode router-id ip-address Assign router ID OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# router-id 10.10.1.5 View OSPFv2 status OS10# show ip ospf 10 Routing Process ospf 10 with ID 10.10.1.
SPF algorithm executed 1 times Area ranges are OS10# show running-configuration ospf ! router ospf 10 area 10.10.5.1 stub Passive interfaces A passive interface does not send or receive routing information. Configuring an interface as a passive interface suppresses both receiving and sending routing updates. Although the passive interface does not send or receive routing updates, the network on that interface is included in OSPF updates sent through other interfaces.
Configure fast convergence OS10(config)# router ospf 65535 OS10(conf-router-ospf-65535)# fast-converge 1 View fast convergence OS10(conf-router-ospf-65535)# do show ip ospf Routing Process ospf 65535 with ID 99.99.99.
7 Change the wait period between link state update packets sent out the interface in INTERFACE mode, from 1 to 3600. The default wait period is 1. The transmit delay must be the same on all routers in the OSPF network.
Configure default route OS10(config)# router ospf 10 OS10(config-router-ospf-10)# default-information originate always View default route configuration OS10(config-router-ospf-10)# show configuration ! router ospf 10 default-information originate always Summary address You can configure a summary address for an ASBR to advertise one external route as an aggregate, for all redistributed routes that are covered by specified address range. • Configure the summary address in ROUTER-OSPF mode.
Configure text authentication OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip ospf authentication-key sample View text authentication OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 10.10.10.2/24 no switchport no shutdown ip ospf 100 area 0.0.0.
View OSPF configuration OS10# show running-configuration ospf ! interface ethernet1/1/1 ip ospf 100 area 0.0.0.0 ! router ospf 100 log-adjacency-changes Debug OSPF Use the following procedures to debug OSPFv2 and OSPFv3. • To debug OSPFv2: debug ip ospfv2 • To debug OSPFv3: debug ip ospfv3 OSPFv2 commands area default-cost Sets the metric for the summary default route generated by the ABR and sends it to the stub area.
Default Not configured Command Mode ROUTER-OSPF Usage Information The no version of this command deletes an NSSA. Example OS10(conf-router-ospf-10)# area 10.10.1.5 nssa Supported Releases 10.2.0E or later area range Summarizes routes matching an address/mask at an area in ABRs. Syntax area area-id range ip-address [no-advertise] Parameters • area-id — Set the OSPF area ID as an IP address in A.B.C.D format or number, from 1 to 65535.
Parameters value — Enter the reference bandwidth value to calculate the OSPF interface cost in megabits per second, from 1 to 4294967. Default 100000 Command Mode ROUTER-OSPF Usage Information The value set by the ip ospf cost command in INTERFACE mode overrides the cost resulting from the auto-cost command. The no version of this command resets the value to the default. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# auto-cost reference-bandwidth 150 Supported Releases 10.2.
debug ip ospfv2 Enables Open Shortest Path First version 2 (OSPFv2) debugging and displays messages related to processing of OSPFv2. Syntax debug ip ospfv2 Parameters None Defaults None Command Mode EXEC Usage Information The no debug ip ospfv2 command stops displaying messages related to processing of OSPFv2 Example debug ip ospfv2 Supported Releases OS10 legacy command. default-information originate Generates and distributes a default external route information to the OSPF routing domain.
Parameters convergence-level — Enter a desired convergence level value, from 1 to 4. Default Not configured Command Mode ROUTER-OSPF Usage Information Convergence level 1 (optimal) meets most convergence requirements. NOTE: Only select higher convergence levels following consultation with Dell EMC Technical Support. The no version of this command disables the fast-convergence configuration. Example OS10(conf-router-ospf-10)# fast-converge 3 Supported Releases 10.2.
ip ospf authentication-key Configures a text authentication key to enable OSPF traffic on an interface. Syntax ip ospf authentication-key key Parameters key — Enter an eight-character string for the authentication key. Defaults Not configured Command Mode INTERFACE Usage Information To exchange OSPF information, all neighboring routers in the same network must use the same authentication key. The no version of this command deletes the authentication key.
ip ospf hello-interval Sets the time interval between the hello packets sent on the interface. Syntax ip ospf hello-interval seconds Parameters seconds — Enter the hello-interval value in seconds, from 1 to 65535. Default 10 seconds Command Mode INTERFACE Usage Information All routers in a network must have the same hello time interval between the hello packets. The no version of the this command resets the value to the default.
Example OS10(conf-if-vl-10)# ip ospf mtu-ignore Supported Releases 10.2.0E or later ip ospf network Sets the network type for the interface. Syntax ip ospf network {point-to-point | broadcast} Parameters • point-to-point — Sets the interface as part of a point-to-point network. • broadcast — Sets the interface as part of a broadcast network. Default Broadcast Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
Usage Information When two routers attached to a network attempt to become the DR, the one with the higher router priority takes precedence. The no version of this command resets the value to the default. Example OS10(conf-if-eth1/1/6)# ip ospf priority 4 Supported Releases 10.2.0E or later ip ospf retransmit-interval Sets the retransmission time between lost LSAs for adjacencies belonging to the interface.
Supported Releases 10.2.0E or later max-metric router-lsa Configures OSPF to advertise a maximum metric on a router so that it is not desired as an intermediate hop from other routers. Syntax max-metric router-lsa Parameters None Default Not configured Command Mode ROUTER-OSPF Usage Information Routers in the network do not prefer other routers as the next intermediate hop after they calculate the shortest path.
Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# redistribute bgp 4 route-map dell1 Example (Connected) OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# redistribute connected route-map dell2 Supported Releases 10.2.0E or later router-id Configures a fixed router ID for the OSPF process. Syntax router-id ip-address Parameters ip-address — Enter the IP address of the router as the router ID.
• vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to display OSPF configuration information corresponding to that VRF. Default Not configured Command Mode EXEC Usage Information None Example OS10# show ip ospf 10 Routing Process ospf 10 with ID 111.2.1.
Parameters • process-id — (Optional) View LSA information for a specific OSPF process ID. If you do not enter a process ID, the command applies to all the configured OSPF processes. • vrf vrf-name — (Optional) Enter the keyword vrf followed by the name of the VRF to display LSA information for the OSPF process corresponding to that VRF. Default Not configured Command Mode EXEC Usage Information Example • Link ID — Identifies the router ID. • ADV Router — Identifies the advertising router’s ID.
Usage Information Example • LS Age—Displays the LS age. • Options—Displays optional capabilities. • LS Type—Displays the LS type. • Link State ID—Identifies the router ID. • Advertising Router—Identifies the advertising router’s ID. • LS Seq Number—Identifies the LS sequence number. This identifies old or duplicate LSAs. • Checksum—Displays the Fletcher checksum of an LSA’s complete contents. • Length—Displays the LSA length in bytes.
Example • Length — Displays the LSA length in bytes. • Network Mask — Identifies the network mask implemented on the area. • TOS — Displays the ToS options. The only option available is zero. • Metric — Displays the LSA metric. OS10# show ip ospf 10 database external OSPF Router with ID (111.2.1.1) (Process ID 10) Type-5 AS External LS age: 1424 Options: (No TOS-capability, No DC, E) LS type: Type-5 AS External Link State ID: 110.1.1.0 Advertising Router: 111.2.1.
Example OS10# show ip ospf 10 database network OSPF Router with ID (111.2.1.1) (Process ID 10) Network (Area 0.0.0.0) LS age: 1356 Options: (No TOS-capability, No DC, E) LS type: Network Link State ID: 110.1.1.2 Advertising Router: 112.2.1.1 LS Seq Number: 0x80000008 Checksum: 0xd2b1 Length: 32 Network Mask: /24 Attached Router: 111.2.1.1 Attached Router: 112.2.1.1 Supported Releases 10.2.0E or later show ip ospf database nssa external Displays information about the NSSA-External Type 7 LSA.
Advertising Router: 1.1.1.1 LS Seq Number: 0x80000001 Checksum: 0x430C Length: 36 Network Mask: /0 Metric Type: 1 TOS: 0 Metric: 16777215 Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 70 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 0.0.0.0 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000001 Checksum: 0x2526 Length: 36 Network Mask: /0 Metric Type: 1 TOS: 0 Metric: 0 Forward Address: 0.0.0.
Forward Address: 0.0.0.0 External Route Tag: 0 Supported Releases 10.2.0E or later show ip ospf database opaque-area Displays information about the opaque-area Type 10 LSA. Syntax show ip ospf [process-id] [vrf vrf-name] database opaque-area Parameters • process-id — (Optional) Displays the opaque-area Type 10 information for an OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process.
Parameters process-id — (Optional) Displays opaque-as Type 11 LSA information for a specified OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information Example • LS Age — Displays the LS age. • Options — Displays the optional capabilities available on the router. • LS Type — Displays the LS type. • Link State ID — Identifies the router ID.
Example • Link State ID — Identifies the router ID. • Advertising Router — Identifies the advertising router’s ID. • LS Seq Number — Identifies the LS sequence number. This identifies old or duplicate LSAs. • Checksum — Displays the Fletcher checksum of an LSA’s complete contents. • Length — Displays the LSA length in bytes. • Opaque Type — Identifies the Opaque type field, the first 8 bits of the LS ID. • Opaque ID — Identifies the Opaque type-specific ID, the remaining 24 bits of the LS ID.
OSPF Router with ID (111.2.1.1) (Process ID 10) Router (Area 0.0.0.0) LS age: 1419 Options: (No TOS-capability, No DC, E) LS type: Router Link State ID: 111.2.1.1 Advertising Router: 111.2.1.1 LS Seq Number: 0x8000000d Checksum: 0x9bf2 Length: 60 AS Boundary Router Number of Links: 3 Link connected to: a Transit Network (Link ID) Designated Router address: 110.1.1.2 (Link Data) Router Interface address: 110.1.1.
Example • TOS—Displays the ToS options. The only option available is zero. • Metric—Displays the LSA metric. OS10# show ip ospf 10 database summary OSPF Router with ID (111.2.1.1) (Process ID 10) Summary Network (Area 0.0.0.0) LS age: 623 Options: (No TOS-capability, No DC) C: Summary Network Link State ID: 115.1.1.0 Advertising Router: 111.111.111.1 LS Seq Number: 0x800001e8 Checksum: 0x4a67 Length: 28 Network Mask: /24 TOS: 0 Metric: 0 Supported Releases 10.2.
Parameters • process-id — (Optional) Enter OSPFv2 process ID to view information specific to the ID. • vrf vrf-name — (Optional) Enter the keyword vrf followed by the name of the VRF to display the routes calculated by OSPF in the configured VRF. • IP-prefix — (Optional) Specify an IP address to view information specific to the IP address. Default None Command Mode EXEC Usage Information Displays the cost metric for each neighbor and interfaces.
Error packets (Receive bad-src mtu-mismatch resource-err lsa-bad-len netmask-mismatch options-mismatch self-orig version-mismatch Supported Releases statistics) 0 dupe-id 0 nbr-ignored 0 bad-lsa-len 0 lsa-bad-cksum 0 hello-tmr-mismatch 0 nbr-admin-down 0 wrong-length 0 area-mismatch 0 0 0 0 0 0 0 0 hello-err wrong-proto lsa-bad-type auth-fail dead-ivl-mismatch own-hello-drop checksum-error 0 0 0 0 0 0 0 10.2.0E or later show ip ospf topology Displays routers that directly connect to OSPF areas.
Example OS10(config)# router ospf 100 OS10(config-router-ospf-100)# summary-address 10.0.0.0/8 not-advertise Supported Releases 10.3.0E or later timers lsa arrival Configures the LSA acceptance intervals. Syntax timers lsa arrival arrival-time Parameters arrival-time — Set the interval between receiving the LSA in milliseconds, from 0 to 600,000.
Example OS10(config)# router ospf 100 OS10(config-router-ospf-100)# timers spf 1200 2300 3400 OS10(config-router-ospf-100)# do show ip ospf Routing Process ospf 100 with ID 12.1.1.
Enable OSPFv3 1 Enable OSPFv3 globally and configure an OSPFv3 instance in CONFIGURATION mode. router ospfv3 instance-number 2 Enter the interface information to configure the interface for OSPFv3 in INTERFACE mode. interface ethernet node/slot/port[:subport] 3 Enable the interface in INTERFACE mode. no shutdown 4 Disable the default switchport configuration and remove it from an interface or a LAG port in INTERFACE mode. no switchport 5 Enable the OSPFv3 on an interface in INTERFACE mode.
OS10(config)# interface ethernet 1/1/2 OS10(conf-if-eth1/1/2)# no shutdown OS10(conf-if-eth1/1/2)# no switchport OS10(conf-if-eth1/1/2)# ip vrf forwarding vrf-blue OS10(conf-if-eth1/1/1)# ipv6 ospfv3 300 area 0.0.0.0 NOTE: If you want to move an interface associated with one VRF instance to another default or non-default VRF instance, you must first remove the OSPF or Layer3 configurations that already exist on the interface.
Configure Stub Area OS10(config)# router ospfv3 10 OS10(conf-router-ospf-10)# area 10.10.5.1 stub no-summary View Stub Area Configuration OS10# show running-configuration ospfv3 ! interface ethernet1/1/3 ipv6 ospf 65 area 0.0.0.2 ! router ospfv3 65 area 0.0.0.2 stub no-summary OS10# show ipv6 ospf database OSPF Router with ID (199.205.134.103) (Process ID 65) Router Link States (Area 0.0.0.
Configure Passive Interfaces OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# ipv6 ospf passive View Passive Interfaces OS10# show running-configuraiton !!! !! interface ethernet1/1/1 ip address 10.10.10.1/24 no switchport no shutdown ipv6 ospf 100 area 0 ipv6 ospf passive !! ! Interface OSPFv3 Parameters Interface parameter values must be consistent across all interfaces to avoid routing errors.
Default route You can generate an external default route and distribute the default information to the OSPFv3 routing domain. • Generate the default route, using the default-information originate [always] command in ROUTER-OSPFv3 mode.
– null — Prevent an authentication policy configured for the area to be inherited on the interface. Only use this parameter if you configure IPsec area authentication. – ipsec spi number — Enter a unique security policy index (SPI) value, from 256 to 4294967295. – md5 — Enable message digest 5 (MD5) authentication. – sha1 — Enable secure hash algorithm 1 (SHA-1) authentication. – key — Enter the text string used in the authentication type.
no shutdown ipv6 address 1::1/64 Configure IPsec authentication for OSPFv3 area Prerequisite: Before you enable IPsec authentication for an OSPFv3 area, enable OSPFv3 globally on the router. • Enable IPsec authentication for OSPFv3 packets in an area in Router-OSPFv3 mode. area area-id authentication ipsec spi number {MD5 | SHA1} key – area area-id — Enter an area ID as a number or IPv6 prefix. – ipsec spi number — Enter a unique security policy index (SPI) value, from 256 to 4294967295.
OS10(config-router-ospfv3-100)# show configuration ! router ospfv3 100 area 0.0.0.1 encryption ipsec spi 401 esp des 1234567812345678 md5 12345678123456781234567812345678 Troubleshoot OSPFv3 You can troubleshoot OSPFv3 operations and check questions for typical issues that interrupt a process.
• key — Enter the text string used in the authentication type. Default OSPFv3 area authentication is not configured. Command Mode ROUTER-OSPFv3 Usage Information • Before you enable IPsec authentication for an OSPFv3 area, you must enable OSPFv3 globally on each router. • All OSPFv3 routers in the area must share the same authentication key to exchange information. Only a nonencrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits.
area stub Defines an area as the OSPF stub area. Syntax area area-id stub [no-summary] Parameters • area-id—Set the OSPFv3 area ID as an IP address in A.B.C.D format or number, from 1 to 65535. • no-summary—(Optional) Prevents an ABR from sending summary LAs into the stub area. Default Not configured Command Mode ROUTER-OSPFv3 Usage Information The no version of this command deletes a stub area. Example OS10(config)# router ospfv3 10 OS10(conf-router-ospfv3-10)# area 10.10.1.
Supported Releases 10.3.0E or later clear ipv6 ospf statistics Clears OSPFv3 traffic statistics. Syntax Parameters clear ipv6 ospf [instance-number] [vrf vrf-name] statistics • instance-number — (Optional) Enter an OSPFv3 instance number, from 1 to 65535. • vrf vrf-name — (Optional) Enter the keyword vrf followed by the name of the VRF to clear OSPFv3 statistics in that VRF.
ipv6 ospf area Attaches an interface to an OSPF area. Syntax ipv6 ospf process-id area area-id Parameters • process-id—Enter an OSPFv3 process ID for a specific OSPFv3 process, from 1 to 65535. • area-id—Enter the OSPFv3 area ID in dotted decimal A.B.C.D format or enter an area ID number, from 1 to 65535. Default Not configured Command Mode INTERFACE Usage Information The no version of this command removes an interface from an OSPFv3 area.
ipv6 ospf cost Changes the cost associated with the OSPFv3 traffic on an interface Syntax ipv6 ospf cost cost Parameters cost — Enter a value as the OSPFv3 cost for the interface, from 1 to 65335. Default Based on bandwidth reference Command Mode INTERFACE Usage Information If not configured, the interface cost is based on the auto-cost command. This command configures OSPFv3 over multiple vendors to ensure that all routers use the same cost value.
Command Mode Usage Information Example INTERFACE • Before you enable IPsec authentication on an OSPFv3 interface, you must enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area. • When you configure encryption on an interface, both IPsec encryption and authentication are enabled. You cannot configure encryption if you have already configured an interface for IPsec authentication using the ipv6 ospf authentication ipsec command.
Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 ospf network broadcast Supported Releases 10.3.0E or later ipv6 ospf passive Configures an interface as a passive interface and suppresses both receiving and sending routing updates to the passive interface. Syntax ipv6 ospf passive Parameters None Default Not configured Command Mode INTERFACE Usage Information You must configure the interface before setting the interface to passive mode.
Usage Information The no version of this command resets the value to the default. Example OS10(config)# router ospfv3 100 OS10(config-router-ospfv3-100)# log-adjacency-changes Supported Releases 10.3.0E or later maximum-paths Enables forwarding of packets over multiple paths. Syntax maximum—paths number Parameters number —Enter the number of paths for OSPFv3, from 1 to 128.
Parameters ip-address — Enter the IP address of the router as the router ID. Default Not configured Command Mode ROUTER-OSPFv3 Usage Information Configure an arbitrary value in the IP address format for each router. Each router ID must be unique. Use the fixed router ID for the active OSPFv3 router process. Changing the router ID brings down the existing OSPFv3 adjacency. The new router ID becomes effective immediatley. The no version of this command disables the router ID configuration.
OS10# show ipv6 ospf 200 Routing Process ospfv3 200 with ID 10.0.0.2 Min LSA origination 5000 msec, Min LSA arrival 1000 msec Min LSA hold time 0 msec, Max LSA wait time 0 msec Number of area in this router is 1, normal 1 stub 0 nssa Area (0.0.0.0) Number of interface in this area is 1 SPF algorithm executed 3 times Supported Releases 10.3.0E or later show ipv6 ospf database Displays all LSA information. You must enable OSPFv3 to generate output.
Type-5 AS External Link States ADV Router Age Seq# Prefix -------------------------------------------------------------------------3.3.3.3 3116 0x80000126 400::/64 3.3.3.3 3116 0x80000124 34::/64 Supported Releases 10.3.0E or later show ipv6 ospf interface Displays the configured OSPFv3 interfaces. You must enable OSPFv3 to display the output.
• Interface ID—Displays the neighbor interface ID • Interface—Displays the interface type, node/slot/port or number information. Example OS10(conf-if-eth1/1/1)# show ipv6 ospf neighbor Neighbor ID Pri State Dead Time Interface ID Interface ------------------------------------------------------------------2.2.2.2 1 Full/DR 00:00:30 5 ethernet1/1/1 Supported Releases 10.3.0E or later show ipv6 ospf statistics Displays OSPFv3 traffic statistics.
timers spf (OSPFv3) Enables shortest path first (SPF) throttling to delay an SPF calculation when a topology change occurs. Syntax Parameters Default timers spf [start-time [hold-time [max-wait]]] • start-time — Sets the initial SPF delay in milliseconds, from 1 to 600000; default 1000. • hold-time — Sets the additional hold time between two SPF calculations in milliseconds, from 1 to 600000; default 10000.
VRRP subscribes to a track object which tracks the interface line protocol state. It uses the tracked object status to determine the priority of the VRRP router in a VRRP group. If a tracked state or interface goes down, VRRP updates the priority based on how you configure the new priority for the tracked state. When the tracked state comes up, VRRP restores the original priority for the virtual router group. Figure 4.
• port-channel — Port-channel identifier • VLAN — Virtual local area network (VLAN) identifer • Loopback — Loopback interface identifier • mgmt — Management interface 1 Configure object tracking in CONFIGURATION mode, from 1 to 500. track object-id 2 (Optional) Enter interface object tracking on the line-protocol state of an L2 interface in OBJECT TRACKING mode.
OS10 (conf-track-2)# do show track 2 IP Host 1.1.1.
View interface object tracking information OS10# show track interface TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------1 line-protocol ethernet1/1/1 DOWN 2017-02-03T08:41:25Z1 OS10# show track ip TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------2 ipv4-reachablity 1.1.1.
• mgmt — Enter the Management interface. Defaults Not configured Command Mode CONFIGURATION Usage Information None Example OS10(conf-track-100)# interface ethernet line-protocol Supported Releases 10.3.0E or later ip reachability Configures an object to track a specific next-hop host's reachability. Syntax ip host-ip-address reachability Parameters host-ip-address — Enter the IPv4 host address.
Command Mode CONFIGURATION Usage Information Set the interval to 0 to disable the refresh. Example OS10(conf-track-100)# reachability-refresh 600 Supported Releases 10.3.0E or later show track Displays tracked object information. Syntax Parameters show track [brief] [object-id] [interface] [ip | ipv6] • brief — (Optional) Displays brief tracked object information. • object-id — (Optional) Displays tracked object information for a specific object ID.
Policy-based routing PBR provides a mechanism to redirect IPv4 and IPv6 data packets based on the policies defined to override the switch’s forwarding decisions based on the routing table. Policy-based route-maps A route-map is an ordered set of rules that controls the redistribution of IP routes into a protocol domain. When you enable PBR on an interface, all IPv4 or IPv6 data packets process based on the policies that you define in the route-maps.
Apply match and set parameters to IPv4 route-map OS10(conf-route-map)# route-map map1 OS10(conf-route-map)# match ip address acl5 OS10(conf-route-map)# set ip next-hop 10.10.10.10 Apply match and set parameters to IPv6 route-map OS10(conf-route-map)# route-map map1 OS10(conf-route-map)# match ipv6 address acl8 OS10(conf-route-map)# set ipv6 next-hop 20::20 Assign route-map to interface You can assign a route-map to an interface for IPv4 or IPv6 policy-based routing to an interface.
Policy routing matches: 84 packets Policy-based routing per VRF Configure PBR per VRF instance for both IPv4 and IPv6 traffic flows. Policy-based routing (PBR) enables packets with certain match criteria, such as packets from specific source and destination addresses, to be re-directed to a different next-hop. You can also use PBR to re-direct packets arriving on a VRF instance to a next-hop that is reachable through a different VRF instance.
Match clauses: ip address (access-lists): acl1 Set clauses: ip vrf red next-hop 1.1.1.1 track-id 200 Sample configuration Consider a scenario where traffic from source IP address 1.1.1.1 ingresses through VLAN40 that is part of VRF RED. The egress interface for this traffic is also on the same VRF RED with IP address 4.4.4.4, as shown. Using the following PBR configuration, you can re-direct traffic ingresssing to VRF RED to a destination that is reachable through the nexthop IP address 2.2.2.
track track-id OS10(config)# track 200 2 Configure reachability of the next-hop address through the VRF instance. ip ip-address reachablility vrf vrf-name OS10(conf-track-200)# OS10(conf-track-200)# ip 1.1.1.1 reachability vrf red OS10(conf-track-200)#exit 3 Configure the route-map. route-map route-map-name OS10(config-route-map)# OS10(config-route-map)# match ip address acl1 4 Set the track ID configured in step 1 to the route-map.
seq 30 deny tcp 10.99.0.0/16 10.0.0.0/8 eq 21 seq 40 deny icmp 10.99.0.0/16 10.0.0.0/8 • Create a route-map to block specific traffic from PBR processing. route-map TEST-RM deny 5 match ip address TEST-ACL-DENY • Create a route-map to permit traffic for PBR processing. route-map TEST-RM permit 10 match ip address TEST-ACL set ip next-hop 10.0.40.235 • Apply the policy to the previously created interface.
clear route-map pbr-statistics Clears all PBR counters. Syntax clear route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example OS10# clear route-map map1 pbr-statistics Supported Releases 10.3.0E or later match address Matches the access-list to the route-map. Syntax match {ip | ipv6} address [name] Parameters name—Enter the name of an access-list.
route-map pbr-statistics Enables counters for PBR statistics. Syntax route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map. A maximum of 140 characters. Defaults Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# route-map map1 pbr-statistics Supported Releases 10.3.0E or later set next-hop Sets an IPv4 or IPv6 next-hop address for policy-based routing.
Parameters • address—Enter an IPv4 or IPv6 address. • vrf vrf-name — Enter the keyword then the name of the VRF to track the next-hop reachable through that VRF. • track-id—(Optional) Enter the track ID of the PBR object. Defaults Not configured Command Mode ROUTE-MAP Usage Information You must configure next-hop IP address tracking and PBR next-hop with the same VRF instance. For next-hop reachability in the same VRF instance, you must configure both PBR per VRF and object tracking.
Virtual Router Redundancy Protocol VRRP allows you to form virtual routers from groups of physical routers on your local area network (LAN). These virtual routing platforms — master and backup pairs — provide redundancy in case of hardware failure. VRRP also allows you to easily configure a virtual router as the default gateway to all your hosts and avoids the single point of failure of a physical router.
The example shows a typical network configuration using VRRP. Instead of configuring the hosts on network 10.10.10.0 with the IP address of either Router A or Router B as the default router, the default router of all hosts is set to the IP address of the virtual router. When any host on the LAN segment requests Internet access, it sends packets to the IP address of the virtual router.
Verify VRRP OS10(conf-eth1/1/5-vrid-254)# do show running-configuration ... ! interface ethernet 1/1/5 ip address 10.10.10.1/24 ! vrrp-group 254 no shutdown ... Group version Configure a VRRP version for the system. Define either VRRPv2 — vrrp version 2 or VRRPv3 — vrrp version 3. • Configure the VRRP version for IPv4 in INTERFACE mode. vrrp version Configure VRRP version 3 OS10(config)# vrrp version 3 1 Set the switch with the lowest priority to vrrp version 2.
NOTE: OS10 does not support configuring the virtual IP address to be the same as the primary or secondary IP address of the interface. Priority 255 is not supported. Configure virtual IP address Configure the virtual IP address — the primary IP address and the virtual IP addresses must be on the same subnet. 1 Configure a VRRP group in INTERFACE mode, from 1 to 255. vrrp-group vrrp-id 2 Configure virtual IP addresses for this VRRP ID in INTERFACE-VRRP mode. A maximum of 10 IP addresses.
Authentication : no-authentication Virtual IP address : 10.1.1.1 master-transitions : 1 advertise-rcvd : 0 advertise-interval-errors : 0 ip-ttl-errors : 0 priority-zero-pkts-rcvd : 0 priority-zero-pkts-sent : 0 invalid-type-pkts-rcvd : 0 address-list-errors : 0 pkt-length-errors : 0 Configure virtual IP address in a VRF You can configure a VRRP group in a non-default VRF instance and assign a virtual address to this group.
Set group priority The router that has the highest primary IP address of the interface becomes the master. The default priority for a virtual router is 100. If the master router fails, VRRP begins the election process to choose a new master router based on the next-highest priority. The virtual router priority is automatically set to 255, if any of the configured virtual IP addresses matches the interface IP address.
Verify VRRP authentication configuration OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# vrrp-group 1 OS10(conf-eth1/1/1-vrid-1)# authentication simple-text dell Disable preempt Prevent the Backup router with the higher priority from becoming the master router by disabling the preemption process. The preempt command is enabled by default. The command forces the system to change the master router if another router with a higher priority comes online.
interval to a value higher than the default value of one second. If you change the time interval between VRRP advertisements on one router, change it on all participating routers. If you configure VRRP version 2, you must configure the timer values in multiple of whole seconds. For example, a timer value of 3 seconds or 300 centisecs is valid and equivalent. A time value of 50 centisecs is invalid because it not a multiple of 1 second.
• vlan — VLAN interface, from 1 to 4093 For a virtual group, track the status of a configured object using the track command and the object number. You can also configure a tracked object for a VRRP group with this command before you create the tracked object. No changes in the VRRP group’s priority occur until the tracked object is determined to be down.
! support-assist ! track 10 interface ethernet1/1/7 line-protocol To associate a track object with a VRRP group, use the track command inside VRRP GROUP CONFIGURATION mode. VRRP commands advertise-interval Sets the time interval between VRRP advertisements. Syntax advertise-interval [seconds | centisecs centisecs] Parameters • seconds — Set the advertise interval in seconds, from 1 to 255. • centisecs centisecs — (Optional) Enter a value in multiples of 25, from 25 to 4075.
preempt Permits or preempts a backup router with a higher priority value to become the master router. Syntax preempt Parameters None Default Enabled Command Mode INTERFACE-VRRP Usage Information VRRP uses preempt to determine what happens after a VRRP backup router becomes the master. With preempt enabled by default, VRRP switches to a backup if that backup router comes online with a priority higher than the new master router. If you disable preempt, VRRP switches only if the master fails.
Command Mode EXEC Usage Information Displays all active VRRP groups. If no VRRP groups are active, the system displays No Active VRRP group. Example (Brief) OS10 # show vrrp brief Interface Group Priority Preemption State Master-addr Virtual addr(s) --------------------------------------------------------------------ethernet1/1/1 1 200 true master-state 10.1.1.1 10.1.1.
Parameters • ethernet node/slot/port[:subport] — (Optional) Enter the keyword and the interface information to track. • line-protocol — (Optional) Tracks the interface line-protocol operational status. Default Disabled Command Mode EXEC Usage Information Assign an object tracking unique ID number before tracking the interface. Use the line-protocol parameter to track for interface operational status information. The no version of this command resets the value to the default.
Example OS10(config)# vrrp delay reload 5 Supported Releases 10.4.0E(R1) or later vrrp-group Assigns a VRRP group identification number to an IPv4 interface or VLAN Syntax vrrp-group vrrp-id Parameters vrrp-id — Enter a VRRP group identification number, from 1 to 255. Default Not configured Command Mode INTERFACE-VRRP Usage Information The VRRP group only becomes active and sends VRRP packets when you configure a virtual IP address.
Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the VRRP version for the IPv4 group. Example OS10(config)# vrrp version 2 Supported Releases 10.2.
12 Multicast Multicast is a technique that allows networking devices to send data to a group of interested receivers in a single transmission. For instance, this technique is widely used for streaming videos. Multicast allows you to more efficiently use network resources, specifically for bandwidth-consuming services such as audio and video transmission.
Unknown multicast flood control The unknown multicast flood control feature enables the system to forward unknown multicast packets only to a multicast router (mrouter). When you enable multicast snooping, OS10 forwards multicast frames, whose destination is already learned, to their intended recipients. When the system receives multicast frames whose destination is not known, it floods the frames for all ports on the specific VLAN. All hosts that receive these multicast frames must process them.
Enable multicast flood control Multicast flood control is enabled on OS10 by default. If it is disabled, use the following procedure to enable multicast flood control: 1 Configure IGMP snooping. To know how to configure IGMP snooping, see the IGMP snooping section. 2 Configure MLD snooping. To know how to configure MLD snooping, see the MLD Snooping section. 3 Enable the multicast flood control feature.
Usage Information Multicast snooping flood control, IGMP snooping, and MLD snooping are enabled by default. For multicast flood restrict to be effective on a VLAN, IGMP snooping and MLD snooping must be enabled at both global and VLAN levels. To disable multicast snooping flood control, use the no multicast snooping flood-restrict command. Example OS10(config)# multicast snooping flood-restrict Supported Releases 10.4.3.
• OS10 uses version 3 as the default IGMP version. Version 3 is backwards compatible with versions 1 and 2. Important notes • • OS10 systems cannot serve as an IGMP host or an IGMP version 1 querier. OS10 automatically enables IGMP on interfaces where you enable PIM sparse mode. Supported IGMP versions IGMP has three versions. Version 3 obsoletes and is backwards-compatible with version 2; version 2 obsoletes version 1. OS10 supports the following IGMP versions: • • Router—IGMP versions 2 and 3.
The querier advertises the maximum response time in the query. Lowering this value decreases leave latency but increases response burstiness because all host membership reports are sent before the maximum response time expires. Inversely, increasing this value decreases burstiness, but increases leave latency.
IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP is enabled on interface version is 3 query interval is 60 seconds querier timeout is 130 seconds last member query response interval is 1000 ms max response time is 10 seconds immediate-leave is disabled on this interface joins count: 0 querying router is 3.1.1.1 Vlan121 is up, line protocol is up Internet address is 121.1.1.
• • In a network, the snooping switch is connected to a multicast Router that sends IGMP queries. On a Layer 2 network that does not have a multicast router, you can configure the snooping switch to act as querier. Use the ip igmp snooping querier command in VLAN INTERFACE mode to send the queries. OS10 learns the multicast router interface dynamically based on the interface on which IGMP membership query is received.
IGMP version is 3 IGMP snooping is enabled on interface IGMP snooping query interval is 60 seconds IGMP snooping querier timeout is 130 seconds IGMP snooping last member query response interval is 1000 ms IGMP Snooping max response time is 10 seconds IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is disabled on this interface Multicast flood-restrict is enabled on this interface show ip igmp snooping mrouter Interface Router Ports Vlan 100 ethernet 1/1/32 IGMP commands clear i
ip igmp last-member-query-interval Changes the last member query interval, which is the maximum response time included in the group-specific queries sent in response to leave group messages. This last-member-query-interval is the interval between group-specific query messages. Syntax ip igmp last-member-query-interval milliseconds Parameters milliseconds—Enter the amount of time in milliseconds to configure the time interval between group-specific query messages. The range is from 100 to 65535.
Example OS10# configure terminal OS10# interface vlan14 OS10(conf-if-vl-14)# ip igmp query-max-resp-time 20 Supported Releases 10.4.3.0 or later ip igmp snooping enable Enables IGMP snooping globally. Syntax ip igmp snooping enable Parameters None Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command disables IGMP snooping. Example OS10(config)# ip igmp snooping enable Supported Releases 10.4.
Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp snooping fast-leave Supported Releases 10.4.1.0 or later ip igmp snooping last-member-query-interval Configures the time interval between group-specific IGMP query messages. Syntax ip igmp snooping last-member-query-interval query-interval-time Parameters query-interval-time—Enter the query time interval in milliseconds, from 100 to 65535.
Supported Releases 10.4.0E(R1) or later ip igmp snooping query-interval Configures time interval for sending IGMP general queries. Syntax ip igmp snooping query-interval query-interval-time Parameters query-interval-time—Enter the interval time in seconds, from 2 to 18000. Default 60 seconds Command Mode VLAN INTERFACE Usage Information The no version of this command resets the query interval to the default value.
show ip igmp groups Displays the IGMP groups. Syntax Parameters show ip igmp [vrf vrf-name] groups [group-address [detail] | detail | interface-name [group-address [detail]]] • vrf vrf-name—Enter the keyword vrf, then the name of the VRF. • group-address—Enter the group address in dotted decimal format to view specific group information. • interface-name—Enter the interface name.
Parameters • vrf vrf-name—Enter the keyword vrf, then the name of the VRF. • interface name—Enter the keyword interface, then the interface name. Default None Command Mode EXEC Usage Information None Example OS10# show ip igmp interface Vlan103 is up, line protocol is up Internet address is 2.1.1.
Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.3 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.4 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.5 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.6 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.
port-channel51 ethernet1/1/51:1 ethernet1/1/52:1 Include Include Include 1d:20:26:07 1d:20:26:05 1d:20:26:08 00:01:41 00:01:46 00:01:46 Uptime 1d:20:26:07 Expires 00:01:41 OS10# show ip igmp snooping groups vlan 3041 detail Interface vlan3041 Group 232.11.0.0 Source List 101.41.0.21 Member Port Mode Uptime port-channel51 Include 1d:20:26:07 ethernet1/1/51:1 Include 1d:20:26:05 ethernet1/1/52:1 Include 1d:20:26:08 Expires 00:01:41 00:01:46 00:01:46 Interface vlan3041 Group 232.11.0.1 Source List 101.
Usage Information The multicast flood control feature is not available on the S4248FB-ON and S4248FBL-ON devices.
IGMP snooping querier timeout is 130 seconds IGMP snooping last member query response interval is 1000 ms IGMP Snooping max response time is 10 seconds IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is enabled on this interface Multicast snooping flood-restrict is enabled on this interface Supported Releases 10.4.0E(R1) or laterUpdated the command to display the multicast flood restrict status on 10.4.3.
MLD snooping MLD snooping enables switches to use the information in MLD packets and generate a forwarding table that associates ports with multicast groups. When switches receive multicast frames, they forward them to their intended receivers. OS10 supports MLD snooping on VLAN interfaces. Effective with OS10 release 10.4.3.0, MLD snooping is enabled by default. Configure MLD snooping • Enable MLD snooping globally with the ipv6 mld snooping enable command in the CONFIGURATION mode.
Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::2 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::3 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::4 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::5 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff02::2 vlan3532 Exclude 00:01:47 ff0
Command Mode VLAN INTERFACE Usage Information When you enable MLD snooping globally, the configuration is applied to all the VLAN interfaces. You can disable the MLD snooping on specified VLAN interfaces. The no version of this command disables the MLD snooping on the specified VLAN interface. Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no ipv6 mld snooping Supported Releases 10.4.1.0 or later ipv6 mld snooping enable Enables MLD snooping globally.
Default 1000 milliseconds Command Mode VLAN INTERFACE Usage Information The no version of this command resets the last member query interval time to the default value. Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ipv6 mld snooping last-member-query-interval 2500 Supported Releases 10.4.1.0 or later ipv6 mld snooping mrouter Configures the specified VLAN member port as a multicast router interface.
Usage Information The no version of this command resets the query interval to the default value. Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ipv6 mld snooping query-interval 120 Supported Releases 10.4.1.0 or later ipv6 mld query-max-resp-time Configures the maximum time for responding to a query advertised in MLD queries. Syntax ipv6 mld snooping query-max-resp-time query-response-time Parameters query-response-time—Enter the query response time in seconds, ranging from 1 to 25.
Usage Information None Example OS10# show ipv6 mld snooping groups Total Number of Groups: 280 MLD Connected Group Membership Group Address Interface Mode Expires ff02::2 vlan3531 Exclude 00:01:38 ff0e:225:1:: vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::1 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::2 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 f
show ipv6 mld snooping groups detail Displays the MLD source information along with detailed member port information. Syntax Parameters show ipv6 mld snooping groups [vlan vlan-id] [group ipv6-address] detail • vlan-id—(Optional) Enter the VLAN ID, ranging from 1 to 4093. • ipv6-address—(Optional) Enter the IPv6 address of the multicast group.
Member Port port-channel31 ethernet1/1/51:1 ethernet1/1/52:1 --more-- Mode Include Include Include Uptime 2d:11:50:17 2d:11:50:36 2d:11:50:36 Expires 00:01:29 00:01:25 00:01:38 Example (with VLAN OS10# show ipv6 mld snooping groups vlan 3041 ff3e:232:b:: detail Interface vlan3041 and multicast IP Group ff3e:232:b:: address) Source List 2001:101:29::1b Member Port Mode Uptime Expires port-channel31 Include 2d:11:50:53 00:02:01 ethernet1/1/51:1 Include 2d:11:51:11 00:02:01 ethernet1/1/52:1 Include 2d:11:5
show ipv6 mld snooping mrouter Displays the details of multicast router ports. Syntax show ipv6 mld snooping mrouter [vlan vlan-id] Parameters vlan-id—(Optional) Enter the VLAN ID, ranging from 1 to 4093. Default Not configured Command Mode EXEC Usage Information None Example OS10# show ipv6 mld snooping mrouter vlan 11 Interface Router Ports Vlan 11 ethernet 1/1/32 Supported Releases 10.4.1.
Terminology Definition Outgoing interface (OIF) The OIF is the interface through which a multicast packet is sent out towards the receiver. Incoming interface (IIF) The IIF is the interface through which a multicast packet is received towards the source or the RP. Reverse path forwarding (RPF) The RPF is the path the router uses to reach the RP or the multicast source.
Advantages of PIM-SSM Advantages of PIM-SSM include the following: • PIM-SSM forwards multicast traffic from a single source to a subnet. Other versions of PIM requires the receiver to subscribe to a group. The receiver receives traffic not just from the source that it is interested in, but from all the sources that send to that group. PIM-SSM requires the receiver to specify the sources in which they are interested in to avoid receiving unnecessary traffic.
To configure a static RP: OS10# configure terminal OS10(config)# ip pim rp-address 171.1.1.1 group-address 225.1.1.3/32 Override bootstrap router updates A bootstrap router (BSR) is a router in a PIM domain that helps to automatically discover the Rendezvous Point (RP) for a given multicast group in a multicast network. PIM routers use the BSR to obtain the RP IP address. You can also statically configure an IP address for the RP.
The RP election process is: 1 The C-BSRs announce their candidacy throughout the domain in BSMs. Each BSM contains a BSR priority. The C-BSR with the highest priority becomes the BSR. 2 Each C-RP unicasts periodic candidate RP advertisements to the BSR. Each message contains an RP priority value and the multicast group ranges for which the router is a C-RP. 3 The BSR determines the most efficient and stable group-to-RP mapping, which is called the RP-set formation.
This system is a candidate BSR Candidate BSR address: 11.1.1.8, priority: 255, hash mask length: 31 2 (Optional) Configure the BSR timer. OS10(config)# ip pim bsr-candidate-timers ethernet 1/1/9 advt-interval 40 To view the BSR timer value: OS10# show ip pim bsr-router This system is the Bootstrap Router (v2) BSR address: 10.1.1.8 BSR Priority: 255, Hash mask length: 31 Next bootstrap message in 00:00:39 This system is a candidate BSR Candidate BSR address: 11.1.1.
Next bootstrap message in 00:00:00 This system is a candidate BSR Candidate BSR address: 10.1.1.8, priority: 255, hash mask length: 31 Next Cand_RP_advertisement in 00:00:09 RP: 10.1.2.8(loopback10) To view RP-mapping details: OS10# show ip pim rp mapping Group(s) : 225.1.1.0/24 RP : 10.1.2.8, v2 Info source: 10.1.1.8, via bootstrap, priority 23 expires: 00:01:04 Configure designated router priority Multiple PIM-SM routers can connect to a single local area network (LAN) segment.
Supported Releases 10.4.3.0 or later ip multicast-routing Enables IP multicast forwarding. Syntax ip multicast-routing [vrf vrf-name] Parameters vrf vrf-name—Enter the keyword vrf, then the name of the VRF. Default None Command Mode CONFIGURATION Usage Information After you enable IP multicast, enable IGMP and PIM on an interface. To do this, use the ip pim sparse-mode command in INTERFACE mode. The no form of the command disables IP multicast forwarding.
Example OS10# configure terminal OS10(config)# ip pim vrf red bsr-candidate loopback 10 hash-mask-len 31 priority 11 Supported Releases 10.5.0.0 or later ip pim bsr-candidate-timers Configures the time interval between candidate BSR advertisements.
Example OS10# configure terminal OS10(config)# ip pim vrf red bsr-timeout 140 Supported Releases 10.5.0.0 or later ip pim dr-priority Changes the designated router (DR) priority for the interface. Syntax ip pim dr-priority priority-value Parameters priority-value—Enter a number from 0 to 4294967295. Default 1 Command Mode INTERFACE CONFIGURATION Usage Information The router with the highest value assigned to an interface becomes the DR.
Parameters • vrf vrf-name—Enter the keyword vrf, then the name of the VRF. • rp-address address—Enter the keyword address, then the RP address in dotted-decimal format (A.B.C.D). • group-address group-address mask—Enter the keyword group-address, then the groupaddress mask in dotted-decimal format (/xx) to assign the group address to the RP. • [override]—Overrides BSR updates with static RP for groups with the same prefix length.
Usage Information Specify the interface to obtain the candidate RP address. The access-list acl-name adds a range of group addresses that this candidate RP can serve. If you do not specify an access list, the C-RP advertises itself to the entire multicast range, 224.0.0.0./4. If you specify an access list, the C-RP advertises only the group range that the access list permits. The no form of the command removes the router from being a C-RP. You must specify the parameters with the no form of this command.
ip pim sparse-mode Enables PIM sparse mode and IGMP on the interface. Syntax ip pim sparse-mode Parameters None Default Disabled Command Mode INTERFACE CONFIGURATION Usage Information Before you enable PIM sparse mode, ensure that: • Multicast is enabled globally using the ip multicast-routing command. • The interface is enabled. Use the no shutdown command to enable the interface. • The interface is in Layer 3 mode. PIM-SM is enabled only on a Layer 3 interface.
Parameters • vrf vrf-name—Enter the keyword vrf, then the name of the VRF. • access-list-name—Enter the name of the access list. Default 232.0.0.0/8 Command Mode CONFIGURATION Usage Information When ACL rules change, the ACL and PIM modules apply the new rules automatically. When you remove the SSM ACL, PIM-SSM is supported only for the default SSM range. Example OS10# configure terminal OS10(config)# ip pim ssm-range ssm Supported Releases 10.4.3.
• Version/Mode—PIM version number and mode; v2 for PIM version 2 and S for PIM sparse mode • Nbr Count—Active neighbor count on the PIM-enabled interface • Query interval—Query interval for router query messages on that interface • DR priority—Designated router priority value configured on that interface • DR—IP address of the DR for that interface Example OS10# show ip pim interface Address Interface Ver/Mode Nbr Count Query Intvl DR Prio DR ------------------------------------------------------
show ip pim neighbor Displays PIM neighbors. Syntax show ip pim [vrf vrf-name] neighbor Parameters vrf vrf-name—Enter the keyword vrf, then the name of the VRF.
225.1.1.8 225.1.1.9 225.1.1.10 225.1.1.11 225.1.1.12 225.1.1.13 171.1.1.1 171.1.1.1 171.1.1.1 171.1.1.1 171.1.1.1 171.1.1.1 OS10# show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 230.1.1.1/32 RP:14.1.1.1, v2 Info source: 42.1.1.1, via bootstrap, priority 255 expires: 00:01:53 Group(s): 231.1.1.1/32 RP: 9.1.1.1, v2 Info source: 42.1.1.1, via bootstrap, priority 254 expires: 00:01:54 Supported Releases 10.4.3.
50/50 (*,G) entries in PIM-TIB/MFC 100/100 (S,G) entries in PIM-TIB/MFC 100/0 (S,G,Rpt) entries in PIM-TIB/MFC Interface summary: 4 active PIM interfaces 1 active PIM neighbor 1 RPs 2 sources Message summary: 150/50 Joins/Prunes sent/received 0/0 Candidate-RP advertisements sent/received 6/4 BSR messages sent/received 0 Null Register messages received 0/50 Register-stop messages sent/received Data path event summary: 100 no-cache messages received 50 last-hop switchover messages received 0/0 pim-assert mess
Example OS10# show ip pim tib PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 225.1.1.1), uptime 13:08:24, expires 00:00:12, RP 171.1.1.1, flags: SCJ Incoming interface: vlan105, RPF neighbor 3.1.1.1 Outgoing interface list: vlan121 Forward/Sparse 13:07:53/Never (101.1.1.10, 225.1.1.
• Enable PIM-SM on all the required Layer 3 interfaces of the nodes using the ip pim sparse-mode command • Configure an RP address on every multicast enable node using the ip pim rp-address command • Configure an IP address for each interface of the nodes in the PIM-SM topology • Enable a routing protocol (OSPF) for route updates Sample configuration in FHR node: FHR# configure terminal FHR(config)# FHR(config)# ip multicast-routing FHR(config)# interface ethernet 1/1/31 FHR(conf-if-eth1/1/31)# no s
The show ip pim neighbor command displays the PIM neighbor of FHR and the interface to reach the neighbor. FHR# show ip pim neighbor Neighbor Address Interface Uptime/Expires Ver DR Priority/Mode --------------------------------------------------------------------------------------------2.2.2.1 ethernet1/1/17 00:04:31/00:01:43 v2 1 / S 3.3.3.1 ethernet1/1/31 00:05:45/00:01:31 v2 1 / S FHR# The show ip pim rp mapping command displays the multicast groups to RP mapping and information about how RP is learned.
LHR(conf-if-eth1/1/17)# ip pim sparse-mode LHR(conf-if-eth1/1/17)# ip ospf 1 area 0 LHR(conf-if-eth1/1/17)# exit LHR(config)# LHR(config)# interface ethernet 1/1/29 LHR(conf-if-eth1/1/29)# no switchport LHR(conf-if-eth1/1/29)# ip address 2.2.2.1/24 LHR(conf-if-eth1/1/29)# ip pim sparse-mode LHR(conf-if-eth1/1/29)# ip ospf 1 area 0 LHR(conf-if-eth1/1/29)# exit LHR(config)# LHR(config)# ip pim rp-address 192.168.1.25 group-address 224.0.0.
ethernet1/1/17 Forward/Sparse 00:00:19/00:03:10 The show ip pim mcache command output displays multicast route entries. FHR# show ip pim mcache PIM Multicast Routing Cache Table (22.1.1.10,224.1.1.
Outgoing interface list : vlan2001 (22.1.1.10,224.1.1.1) Incoming interface : ethernet1/1/17 Outgoing interface list : vlan2001 PIM-SSM sample configuration This section describes how to enable PIM-SSM using the topology show in the following illustration.
R1# configure terminal R1(config)# interface Lo0 R1(conf-if-lo-0)# ip vrf forwarding red R1(conf-if-lo-0)# ip address 2.2.2.
R2(conf-if-vl-2001)# end R2# configure terminal R2(config)# interface port-channel 11 R2(conf-if-po-11)# no switchport R2(conf-if-po-11)# interface port-channel 11 R2(conf-if-po-11)# ip vrf forwarding red R2(conf-if-po-11)# ip address 193.1.1.2/24 R2(conf-if-po-11)# ip pim sparse-mode R2(conf-if-po-11)# no shutdown R2(conf-if-po-11)# end R2# configure terminal R2(config)# interface Lo0 R2(conf-if-lo-0)# ip vrf forwarding red R2(conf-if-lo-0)# ip address 4.4.4.
Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (201.1.1.1, 224.1.1.1), uptime 00:19:42, expires 00:00:47, flags: T Incoming interface: ethernet1/1/7, RPF neighbor 0.0.0.0 Outgoing interface list: port-channel11 Forward/Sparse 00:00:37/00:02:52 The show ip pim vrf red mcache command output displays multicast route entries. R1# show ip pim vrf red mcache PIM Multicast Routing Cache Table (201.1.1.1, 224.1.1.
Multicast VRF sample configuration This section describes how to configure IPv4 multicast in a non-default VRF instance using the topology shown in the following illustration. Perform the following configuration on each of the nodes, R1, R2, R3, and R4.
R1(conf-if-po-11)# end R1# configure terminal R1(config)# interface ethernet 1/1/6 R1(conf-if-eth1/1/6)# no ip vrf forwarding R1(conf-if-eth1/1/6)# no switchport R1(conf-if-eth1/1/6)# channel-group 11 R1(conf-if-eth1/1/6)# end R1# configure terminal R1(config)# interface ethernet 1/1/7 R1(conf-if-eth1/1/7)# no switchport R1(conf-if-eth1/1/7)# interface ethernet 1/1/7 R1(conf-if-eth1/1/7)# ip vrf forwarding red R1(conf-if-eth1/1/7)# ip address 201.1.1.
R1# configure terminal R1(config)# ip pim vrf red rp-address 182.190.168.224 group-address 224.0.0.
Sample configuration on R3: R3# configure terminal R3(config)# ip vrf red R3(conf-vrf)# end R3# configure terminal R3(config)# interface vlan 1001 R3(conf-if-vl-1001)# ip vrf forwarding red R3(conf-if-vl-1001)# end R3# configure terminal R3(config)# interface ethernet 1/1/12 R3(conf-if-eth1/1/12)# no ip vrf forwarding R3(conf-if-eth1/1/12)# switchport mode trunk R3(conf-if-eth1/1/12)# switchport trunk allowed vlan 1001 R3(conf-if-eth1/1/12)# end R3# configure terminal R3(config)# interface port-channel 12 R
R3(config)# router ospf 100 vrf red R3(config-router-ospf-100)# interface Lo1 R3(conf-if-lo-1)# ip ospf 100 area 0 R3(conf-if-lo-1)# end R3# configure terminal R3(config)# ip multicast-routing vrf red R3(config)# end R3# configure terminal R3(config)# interface Lo1 R3(conf-if-lo-1)# ip vrf forwarding red R3(conf-if-lo-1)# ip address 182.190.168.224/32 R3(conf-if-lo-1)# ip pim sparse-mode R3(conf-if-lo-1)# no shutdown R3(conf-if-lo-1)# end R3# configure terminal R3(config)# ip pim vrf red rp-address 182.190.
R4(conf-if-vl-2001)# no shutdown R4(conf-if-vl-2001)# end R4# configure terminal R4(config)# interface port-channel 11 R4(conf-if-po-11)# no switchport R4(conf-if-po-11)# interface port-channel 11 R4(conf-if-po-11)# ip vrf forwarding red R4(conf-if-po-11)# ip address 193.1.1.
191.1.1.2 193.1.1.2 ethernet1/1/9 port-channel11 02:13:21/00:01:25 v2 02:15:29/00:01:22 v2 1/ DR S 1/ DR S R1# show ip pim vrf red tib PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (201.1.1.1, 224.1.1.1), uptime 00:00:33, expires 00:02:56, flags: FT Incoming interface: ethernet1/1/7, RPF neighbor 0.0.0.
RPF route/mask: 0.0.0.0/0.0.0.0 RPF type: Unicast R3# show ip pim vrf red rp mapping Group(s) : 224.0.0.0/4, Static RP : 182.190.168.224, v2 R3# show ip pim vrf red rp Group RP --------------------------------224.1.1.1 182.190.168.224 R3# show ip pim vrf red rp Group RP --------------------------------224.1.1.1 182.190.168.
RPF information for 182.190.168.224 RPF interface: port-channel12 RPF neighbor: 194.1.1.1 RPF route/mask: 182.190.168.224/255.255.255.255 RPF type: Unicast R4# show ip pim vrf red tib PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 224.1.1.1), uptime 00:05:44, expires 00:00:15, RP 182.190.168.
VLT multicast routing OS10 supports multicast routing in a VLT domain for IPv4 networks. This feature provides resiliency to multicast-routed traffic when a VLT peer node or the VLTi link goes down. Multicast routing table synchronization Multicast routing protocols do not exchange multicast routes between peer VLT nodes. Each VLT node runs the PIM protocol independent of the peer VLT node. Hence, the PIM states do not synchronize between the nodes.
Deployment considerations Dell EMC recommends the following: • In a VLT-enabled PIM router, multicast routing is not supported when there are multiple PIM spanned paths to reach the source or RP. Configure only one PIM spanned path to reach any PIM router in the aggregation or spine. • If a source is connected to a nonspanned interface of the VLT peer nodes and the RP is reachable on a spanned interface from both the VLT nodes, the receiver might receive duplicate traffic.
Sample configuration on core: core# configure terminal core(config)# ip multicast-routing core(config)# ip pim rp-address 103.0.0.3 group-address 224.0.0.0/4 core(config)# router ospf 100 core(config-router-ospf-100)# exit core(config)# interface ethernet 1/1/32:1 core(conf-if-eth1/1/32:1)# no shutdown core(conf-if-eth1/1/32:1)# no switchport core(conf-if-eth1/1/32:1)# ip address 16.0.0.
Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 225.1.1.1), uptime 00:09:54, expires 00:00:00, RP 103.0.0.3, flags: S Incoming interface: Null, RPF neighbor 0.0.0.0 Outgoing interface list: vlan12 Forward/Sparse 00:09:54/00:02:35 (16.0.0.10, 225.1.1.
AG1(conf-if-vlan-12)# exit AG1(config)# interface vlan 13 AG1(conf-if-vlan-13)# no shutdown AG1(conf-if-vlan-13)# ip address 13.0.0.1/24 AG1(conf-if-vlan-13)# ip pim sparse-mode AG1(conf-if-vlan-13)# ip pim dr-priority 10 AG1(conf-if-vlan-13)# ip ospf 100 area 0.0.0.0 AG1(conf-if-vlan-13)# ip ospf cost 4000 AG1(conf-if-vlan-13)# exit AG1(config)# interface loopback 101 AG1(conf-if-lo-101)# no shutdown AG1(conf-if-lo-101)# ip address 101.0.0.
(*, 225.1.1.1), uptime 00:02:05, expires 00:00:54, RP 103.0.0.3, flags: SCJ Incoming interface: vlan12, RPF neighbor 12.0.0.3 Outgoing interface list: vlan11 Forward/Sparse 00:02:05/Never The show ip pim mcache command output displays multicast route entries. AG1# show ip pim mcache PIM Multicast Routing Cache Table (*, 225.1.1.1) Incoming interface : vlan12 Outgoing interface list : vlan11 AG1-VLT-NODE-1# show ip pim mcache vlt PIM Multicast Routing Cache Table Flags: S - Synced (*, 225.1.1.
(*, 225.1.1.1) Incoming interface : vlan12 Outgoing interface list : vlan11 (16.0.0.10, 225.1.1.1) Incoming interface : vlan12 Outgoing interface list : vlan11 Sample configuration on AG2: AG2# configure terminal AG2(config)# ip multicast-routing AG2 (config)# ip pim rp-address 103.0.0.3 group-address 224.0.0.0/4 AG2(config)# router ospf 100 AG2(config-router-ospf-100)# exit AG2(config)# vlt-domain 255 AG2(conf-vlt-255)# backup destination 10.16.132.
AG2(config)# interface port-channel11 AG2(conf-if-po-11)# no shutdown AG2(conf-if-po-11)# switchport mode trunk AG2(conf-if-po-11)# switchport access vlan 1 AG2(conf-if-po-11)# switchport trunk allowed vlan 11 AG2(conf-if-po-11)# vlt-port-channel 11 AG2(conf-if-po-11)# exit AG2(config)# interface port-channel12 AG2(conf-if-po-12)# no shutdown AG2(conf-if-po-12)# switchport mode trunk AG2(conf-if-po-12)# switchport access vlan 1 AG2(conf-if-po-12)# switchport trunk allowed vlan 12 AG2(conf-if-po-12)# vlt-por
PIM Multicast Routing Cache Table Flags: S - Synced (*, 225.1.1.
TOR(config)# interface ethernet 1/1/32:1 TOR(conf-if-eth1/1/32:1)# no shutdown TOR(conf-if-eth1/1/32:1)# switchport mode trunk TOR(conf-if-eth1/1/32:1)# switchport access vlan 1 TOR(conf-if-eth1/1/32:1)# switchport trunk allowed vlan 11 TOR(conf-if-eth1/1/32:1)# flowcontrol receive off TOR(conf-if-eth1/1/32:1)# exit IGMP snooping information on TOR The following command displays IGMP snooping groups membership details: ToR# show ip igmp snooping groups Total Number of Groups: 1 IGMP Connected Group Membersh
• CR1, CR2, AG1, AG2, AG3, and AG4 are multicast routers. • CR1 and CR2 are the BSR and RP nodes. • TR1 and TR2 are IGMP-enabled L2 nodes. • OSPFv2 is the unicast routing protocol. CR1 switch 1 Configure RSTP.
2 Configure the VLT domain. CR1(config)# interface ethernet 1/1/27:2 CR1(conf-if-eth1/1/27:2)# no switchport CR1(config)#vlt-domain 128 CR1(conf-vlt-128)# backup destination 10.222.208.160 CR1(conf-vlt-128)# discovery-interface ethernet1/1/27:2 CR1(conf-vlt-128)# peer-routing CR1(conf-vlt-128)# primary-priority 1 CR1(conf-vlt-128)# vlt-mac 9a:00:00:aa:aa:aa 3 Configure a port channel interface towards AG1 and AG2.
CR1(conf-if-vl-1001)# ip ospf 1 area 0.0.0.0 CR1(conf-if-vl-1001)# ip pim sparse-mode CR1(conf-if-vl-1001)# ip igmp snooping mrouter interface port-channel11 13 • VLAN 1101 towards AG3 CR1(config)# interface vlan 1101 CR1(conf-if-vl-1101)# ip address 10.1.3.5/24 CR1(conf-if-vl-1101)# ip ospf 1 area 0.0.0.
4 Configure a port channel interface towards AG3. CR2(config)# interface port-channel 22 CR2(config)# interface ethernet 1/1/25:1 CR2(conf-if-eth1/1/25:1)# channel-group 22 mode active 5 Configure a port channel interface towards AG4. CR2(config)# interface port-channel 32 CR2(config)# interface ethernet 1/1/17:1 CR2(conf-if-eth1/1/17:1)# channel-group 32 mode active 6 Configure a Loopback interface and enable PIM-SM. CR2(config)# interface loopback 1 CR2(conf-if-lo-1)# ip address 10.1.100.
13 Configure the interfaces as VLAN trunk ports and specify the allowed VLANs.
6 Configure a Loopback interface and enable PIM-SM. AG1(config)# interface loopback 1 AG1(conf-if-lo-1)# ip address 10.1.100.1/32 AG1(conf-if-lo-1)# ip pim sparse-mode 7 Enable multicast routing on the default VRF. AG1(config)# ip multicast-routing 8 Configure OSPF for unicast routing. AG1(config)# router ospf 1 AG1(config-router-ospf-1)# log-adjacency-changes AG1(config-router-ospf-1)# redistribute connected AG1(config-router-ospf-1)# router-id 10.1.100.
AG2(conf-vlt-1)# primary-priority 65535 AG2(conf-vlt-1)# vlt-mac de:11:de:11:de:11 3 Configure a port channel interface towards CR1 and CR2.
10 Configure the interfaces as VLAN trunk ports and specify the allowed VLANs.
8 Configure OSPF for unicast routing. AG3(config)# router ospf 1 AG3(config-router-ospf-1)# log-adjacency-changes AG3(config-router-ospf-1)# redistribute connected AG3(config-router-ospf-1)# router-id 10.1.100.3 9 Configure the IP address, OSPF process, and PIM-SM on the VLANs. • VLAN 1101 towards CR1 AG3(config)# interface vlan 1101 AG3(conf-if-vl-1101)# ip address 10.1.3.3/24 AG3(conf-if-vl-1101)# ip ospf 1 area 0.0.0.
AG4(config)#vlt-domain 1 AG4(conf-vlt-255)# backup destination 10.222.208.219 AG4(conf-vlt-255)# discovery-interface ethernet1/1/25:1 AG4(conf-vlt-255)# peer-routing AG4(conf-vlt-255)# primary-priority 65535 AG4(conf-vlt-255)# vlt-mac f0:ce:10:f0:ce:10 3 Configure a port channel interface towards CR1. AG4(config)# interface port-channel 31 AG4(config)# interface ethernet 1/1/1:1 AG4(conf-if-eth1/1/1:1)# channel-group 31 mode active 4 Configure a port channel interface towards CR2.
AG4(conf-if-vl-2001)# ip pim sparse-mode AG4(conf-if-vl-2001)# ip igmp snooping mrouter interface port-channel1 10 Configure the interfaces as VLAN trunk ports and specify the allowed VLANs.
2 Configure a port channel interface towards AG3. TR2(config)# interface port-channel 51 TR2(config)# interface ethernet 1/1/1 TR2(conf-if-eth1/1/1)# channel-group 51 mode active 3 Configure a port channel interface towards AG4. TR2(config)# interface ethernet 1/1/25:1 TR2(conf-if-eth1/1/25:1)# channel-group 51 mode active 4 Configure VLAN 2001 towards AG1 and AG2. TR2(config)# interface vlan 2001 5 Configure the interfaces as VLAN trunk ports and specify the allowed VLANs.
0 passive PIM interfaces 6 active PIM neighbor TIB Summary: 20/12 (*,G) entries in PIM-TIB/MFC 40/40 (S,G) entries in PIM-TIB/MFC 36/0 (S,G,Rpt) entries in PIM-TIB/MFC 2 RP 3 sources 0 Register states Message Summary: 189/770 Joins/Prunes sent/received 0/56 Candidate-RP advertisements sent/received 420/112 BSR messages sent/received 267 Null Register messages received 357/0 Register-stop messages sent/received Data path event summary: 0 last-hop switchover messages received 28/28 pim-assert messages sent/re
Outgoing interface list : vlan1001 The show ip pim mcache vlt command displays the multicast route entries synchronized between the VLT peers. CR1# show ip pim mcache vlt | no-more PIM Multicast Routing Cache Table Flags: S - Synced (192.168.1.201, 225.1.0.0),flags: S Incoming interface : vlan1001 Outgoing interface list : vlan100 (S) (192.168.1.202, 225.1.0.0),flags: S Incoming interface : vlan1001 Outgoing interface list : vlan100 (S) (172.16.1.201, 225.1.0.
CR2 The show ip pim interface command displays the PIM-enabled interfaces on the node. CR2# show ip pim interface Address Interface Ver/Mode Nbr Count Query Intvl DR Prio DR -----------------------------------------------------------------------------------10.1.1.6 vlan100 v2/S 1 30 4294967295 10.1.1.6 10.110.1.5 vlan1151 v2/S 1 30 1 10.110.1.5 10.192.168.5 vlan1251 v2/S 1 30 1 10.192.168.5 10.1.2.6 vlan1001 v2/S 3 30 1 10.1.2.
The show ip pim tib command displays the PIM tree information base (TIB). CR2# show ip pim tib PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 225.1.0.0), uptime 01:43:37, expires 00:00:00, RP 10.1.100.6, flags: SC Incoming interface: Null, RPF neighbor 0.0.0.
(192.168.1.202, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan1 (172.16.1.201, 225.1.0.0) Incoming interface : vlan1 Outgoing interface list : vlan1001 The show ip pim bsr-router command displays information about the BSR. CR2# show ip pim bsr-router PIMv2 Bootstrap information BSR address: 10.1.100.5 BSR Priority: 199, Hash mask length: 31 Expires: 00:00:17 This system is a candidate BSR Candidate BSR address: 10.1.100.
------------10.1.2.2 10.1.2.5 10.1.2.6 10.112.1.2 10.112.1.3 10.112.1.4 192.168.1.3 192.168.1.2 192.168.1.
vlan2004 vlan2005 Forward/Sparse Forward/Sparse 01:39:44/Never 01:39:43/Never (192.168.1.201, 225.1.0.0), uptime 01:25:53, expires 00:01:14, flags: CFT Incoming interface: vlan2001, RPF neighbor 0.0.0.0 Outgoing interface list: vlan2002 Forward/Sparse 01:25:53/Never vlan2003 Forward/Sparse 01:25:53/Never vlan2004 Forward/Sparse 01:25:53/Never vlan2005 Forward/Sparse 01:25:53/Never (192.168.1.202, 225.1.0.0), uptime 01:25:53, expires 00:01:14, flags: CFT Incoming interface: vlan2001, RPF neighbor 0.0.0.
The show ip pim mcache vlt command displays the multicast route entries synchronized between the VLT peers. AG1# show ip pim mcache vlt | no-more PIM Multicast Routing Cache Table Flags: S - Synced (*, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan2002 vlan2003 vlan2004 vlan2005 (192.168.1.201, 225.1.0.0) Incoming interface : vlan2001 Outgoing interface list : vlan1001 (S) vlan2002 vlan2003 vlan2004 vlan2005 (192.168.1.202, 225.1.0.
The show ip igmp snooping groups command displays the IGMP database. AG1# show ip igmp snooping groups Total Number of Groups: 1600 AG1# show ip igmp snooping groups vlan 2001 225.1.0.0 detail Interface vlan2001 Group 225.1.0.
0 Null Register messages received 0/0 Register-stop messages sent/received Data path event summary: 0 last-hop switchover messages received 22/162 pim-assert messages sent/received 0/0 register messages sent/received VLT Multicast summary: 20(*,G) synced entries in MFC 20(S,G) synced entries in MFC 0(S,G,Rpt) synced entries in MFC The show ip pim tib command displays the PIM tree information base (TIB).
Incoming interface : vlan2001 Outgoing interface list : vlan1001 vlan2002 vlan2003 vlan2004 vlan2005 (172.16.1.201, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan2002 vlan2003 vlan2004 vlan2005 The show ip pim mcache vlt command displays the multicast route entries synchronized between the VLT peers. AG2# show ip pim mcache vlt | no-more PIM Multicast Routing Cache Table Flags: S - Synced (*, 225.1.0.
--------------------------------225.1.0.0 10.1.100.6 AG2# show ip pim rp mapping Group(s) : 225.0.0.0/8 RP : 10.1.100.5, v2 Info source: 10.1.100.5, via bootstrap, priority 100 expires: 00:01:03 Group(s) : 225.0.0.0/8 RP : 10.1.100.6, v2 Info source: 10.1.100.5, via bootstrap, priority 100 expires: 00:00:44 The show ip igmp snooping groups command displays the IGMP database. AG2# show ip igmp snooping groups Total Number of Groups: 1600 AG2# show ip igmp snooping groups vlan 2001 225.1.0.
TIB Summary: 20/0 (*,G) entries in PIM-TIB/MFC 40/40 (S,G) entries in PIM-TIB/MFC 0/0 (S,G,Rpt) entries in PIM-TIB/MFC 2 RP 2 sources 0 Register states Message Summary: 40/20 Joins/Prunes sent/received 0/0 Candidate-RP advertisements sent/received 680/1899 BSR messages sent/received 0 Null Register messages received 0/0 Register-stop messages sent/received Data path event summary: 0 last-hop switchover messages received 22/164 pim-assert messages sent/received 0/0 register messages sent/received VLT Multica
The show ip pim bsr-router command displays information about the BSR. AG3# show ip pim bsr-router PIMv2 Bootstrap information BSR address: 10.1.100.5 BSR Priority: 199, Hash mask length: 31 Expires: 00:00:30 The show ip pim rp mapping command displays information about all multicast group-to-RP mappings. AG3# show ip pim rp Group RP -------------------------------225.1.0.0 10.1.100.6 AG3# show ip pim rp mapping Group(s) : 225.0.0.0/8 RP : 10.1.100.5, v2 Info source: 10.1.100.
The show ip pim summary command displays the PIM summary.
Outgoing interface list: (172.16.1.201, 225.1.0.0), uptime 01:27:01, expires 00:00:31, flags: CT Incoming interface: vlan1251, RPF neighbor 10.192.168.5 Outgoing interface list: vlan2001 Forward/Sparse 01:27:01/Never The show ip pim mcache command displays the multicast route entries. AG4# show ip pim mcache PIM Multicast Routing Cache Table (*, 225.1.0.0) Incoming interface : vlan1251 Outgoing interface list : vlan2001 (192.168.1.201, 225.1.0.0) Incoming interface : vlan2001 Outgoing interface list : (192.
port-channel1000 port-channel51 ethernet1/1/32:2 IGMPv2-Compat Exclude IGMPv2-Compat 01:54:04 01:52:49 01:53:42 00:01:27 00:01:21 00:01:27 TR1 The show ip igmp snooping groups command displays the IGMP database. TR1# show ip igmp snooping groups Total Number of Groups: 1600 TR1# show ip igmp snooping groups vlan 2001 225.1.0.0 detail Interface vlan2001 Group 225.1.0.
Supported Releases 10.5.0.0 or later show vlt mismatch Displays configuration mismatch between VLT peers. Syntax show vlt {domain-id | all} mismatch Parameters domain-id—Enter a VLT domain ID, from 1 to 255. Default None Command Mode EXEC Usage Information The show vlt mismatch command displays multicast configuration mismatches.
13 VXLAN A virtual extensible LAN (VXLAN) extends Layer 2 (L2) server connectivity over an underlying Layer 3 (L3) transport network in a virtualized data center. A virtualized data center consists of virtual machines (VMs) in a multi-tenant environment. OS10 supports VXLAN as described in RFC 7348. VXLAN provides a L2 overlay mechanism on an existing L3 network by encapsulating the L2 frames in L3 packets.
Virtual extensible LAN (VXLAN) A type of network virtualization overlay that encapsulates a tenant payload into IP UDP packets for transport across the IP underlay network. VXLAN network identifier (VNI) A 24-bit ID number that identifies a tenant segment and transmits in a VXLAN-encapsulated packet. VXLAN tunnel endpoint (VTEP) A switch with connected end hosts that are assigned to virtual networks. The virtual networks map to VXLAN segments.
VXLAN is a type of encapsulation used as an NVO solution. VXLAN encapsulates a tenant payload into IP UDP packets for transport across the IP underlay network. In OS10, each virtual network is assigned a 24-bit number that is called a VXLAN network identifier (VNI) that the VXLAN-encapsulated packet carries. The VNI uniquely identifies the tenant segment on all VTEPs. OS10 sets up ASIC tables to: • Enables creation of a L2 bridge flooding domain across a L3 network.
Configure a VXLAN virtual network To create a VXLAN, assign a VXLAN segment ID (VNI) to a virtual network ID (VNID) and configure a remote VTEP. A unique 2-byte VNID identifies a virtual network. You cannot assign the same VXLAN VNI to more than one virtual network. Manually configure VXLAN tunnel endpoints in a static VXLAN or use BGP EVPN to automatically discover the VXLAN tunnel endpoints. 1 Create a virtual-network bridge domain in CONFIGURATION mode. Valid VNID numbers are from 1 to 65535.
a Configure interfaces as trunk members in Interface mode. interface ethernet node/slot/port[:subport] switchport mode trunk exit b Assign a trunk member interface as a Port,VLAN ID pair to the virtual network in VIRTUAL-NETWORK mode. All traffic sent and received for the virtual network on the interface carries the VLAN tag. Multiple tenants connected to different switch interfaces can have the same vlan-tag VLAN ID.
Enable overlay routing between virtual networks The previous sections described how a VTEP switches traffic between hosts within the same L2 tenant segment, the virtual network, and transports traffic over an IP underlay fabric. This section describes how a VTEP enables hosts in different L2 segments belonging to the same tenant VRF communicate with each other. NOTE: On the S4248-ON switch, IPv6 overlay routing between virtual networks is not supported with static VXLAN.
Configuration notes for virtual-network routing: • VXLAN overlay routing includes routing tenant traffic on the ingress VTEP and bridging the traffic on the egress VTEP. The ingress VTEP learns ARP entries and associates all destination IP addresses of tenant VMs with the corresponding VM MAC addresses in the overlay. On the ingress VTEP, configure a virtual network for each destination IP subnet even if there are no locally attached hosts for an IP subnet.
Virtual network VNID 12 VNID 13 VTEP Virtual-network IP address Anycast gateway IP address VTEP 2 10.10.1.202 10.10.1.254 VTEP 3 10.10.1.203 10.10.1.254 VTEP 1 10.20.1.201 10.20.1.254 VTEP 2 10.20.1.202 10.20.1.254 VTEP 3 10.20.1.203 10.20.1.254 VTEP 1 10.30.1.201 10.30.1.254 VTEP 2 10.30.1.202 10.30.1.254 VTEP 3 10.30.1.203 10.30.1.
Configure the same VLTi VLAN ID on both VLT peers. You cannot use the ID of an existing VLAN on a VLT peer or the reserved untagged VLAN ID. You can use the VLTi VLAN ID to assign tagged or untagged access interfaces to a virtual network. virtual-network vn-id vlti-vlan vlan-id • Although a VXLAN virtual network has no access port members that connect to downstream servers, you must configure a switchscoped VLAN or VLTi VLAN.
OS10 Switch Overlay nexthop entries Underlay nexthop entries Overlay L3 RIF entries Underlay L3 RIF entries scaled-overlay-routing 40960 8192 8192 10240 S52xx-ON series: default-overlay-routing — — — — 8192 57344 2048 14336 0 65536 0 16384 32768 32768 8192 8192 53248 12288 12288 4096 — 20480 — — — 110592 4096 28672 disable-overlay-routing balanced-overlay-routing scaled-overlay-routing S4248-ON: default-overlay-routing NOTE: The S4248-ON switch supports only one defaul
that acts as a DHCP relay must have its virtual-network IP address installed using a route leaking mechanism as a route to the underlay and advertised to all underlay routers, including the spine switches. Similarly, the DHCP server in the underlay VRF must be reachable from the client tenant VRF in the overlay. Configure a static route for the DHCP server subnet in the underlay default VRF, and leak the static route to the client tenant VRF in the overlay.
View the VXLAN virtual-network statistics OS10# show virtual-network counters Virtual-Network Input (Packets/Bytes) 1000 857/8570 2000 457/3570 Output (Packets/Bytes) 257/23709 277/13709 OS10# show virtual-network counters interface 1/1/3 vlan 100 Virtual-Network Input (Packets/Bytes) Output (Packets/Bytes) 1000 857/8570 257/23709 2000 457/3570 277/13709 NOTE: Using flex counters, OS10 may display additional packets in the Output field number, but the additional packets do not transmit.
O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ------------------------------------------------------------------------C 100.1.0.0/16 via 100.1.1.4 virtual-network60000 0/0 00:36:24 C 100.33.0.0/16 via 100.33.1.4 virtual-network60032 0/0 00:36:23 C 100.65.0.
Command Description interface ethernet node/slot/port:subport: Displays only MAC addresses learned on the specified interface. interface port-channel number: Displays only MAC addresses learned on the specified port channel. show mac address-table extended [address macaddress | interface {ethernet node/slot/ port:subport | port-channel number} | static | dynamic] Displays MAC addresses learned on all VLANs and VXLANs (default).
Command Description show mac address-table count extended [interface ethernet node/slot/port:subport | port-channel number]} Displays the number of MAC addresses learned on all VLANs and VXLAN virtual networks. interface ethernet node/slot/port:subport: Displays the number of MAC addresses learned from VLANs and VXLANs on the specified interface. port-channel number: Displays the number of MAC addresses learned from VLANs and VXLANs on the specified port channel. Clear VXLAN MAC addresses Table 31.
disableoverlayrouting Default • S4100-ON series: 24576 entries • S5200-ON series switches: 53248 entries Allocate 0 next-hop entries for overlay routing and all next-hop entries for underlay routing. S4048T-ON and S6010-ON switches reserve 8192 ARP table entries. S4100-ON series switches reserve 4096 ARP table entries. S5200-ON series switches reserve 8192 ARP table entries.
ip virtual-router address Configures an anycast gateway IP address for a VXLAN virtual network. Syntax Parameters ip virtual-router address ip-address address ipaddress Enter the IP address of the anycast L3 gateway. Default Not configured Command mode INTERFACE-VIRTUAL-NETWORK Usage information Configure the same anycast gateway IP address on all VTEPs in a VXLAN virtual network.
Parameters ethernet node/ slot/ port[:subport] Assign the specified interface to a virtual network. port-channel number Assign the specified port channel to a virtual network. untagged Assign untagged traffic on an interface or port channel to a virtual network. vlan-tag vlanid Assign tagged traffic on the specified VLAN to a virtual network.
Usage information After you configure the remote VTEP, the VXLAN virtual network is enabled to start sending server traffic. You can configure multiple remote VTEPs. All broadcast, multicast, and unknown unicast (BUM) traffic received on an access interface is replicated on remote VTEPs. The no version of this command removes the configured value. Example OS10(config-vn-vxlan-vni)# remote-vtep 20.20.20.1 OS10(config-vn-vxlan-vni-remote-vtep)# exit OS10(config-vn-vxlan-vni)# remote-vtep 30.20.20.
Usage information Use this command to display the virtual-network IP address used for routing traffic in a virtual network. Traffic counters also display. Example show interface virtual-network 102 Virtual-network 102 is up, line protocol is up Address is 14:18:77:25:6f:84, Current address is 14:18:77:25:6f:84 Interface index is 66 Internet address is 12.12.12.
show nve remote-vtep counters Displays VXLAN packet statistics for a remote VTEP. Syntax Parameters show nve remote-vtep [ip-address] counters • ip-address — Enter IP address of a remote VTEP. Default Not configured Command mode EXEC Usage information Use this command to display input and output statistics for VXLAN traffic on a remote VTEP. A VTEP is identified by its IP address. Use the clear nve remote-vtep [ip-address] counters command to clear VXLAN packet statistics.
Parameters vn-id Enter a virtual-network ID, from 1 to 65535. Default Not configured Command mode EXEC Usage information Use this command to display the VNID, port members, source interface, and remote tunnel endpoints of a VXLAN virtual network.
slot/ port[:subport] interface port-channel number Enter a port-channel number, from 1 to 128. vlan vlan-id (Optional) Enter a VLAN ID, from 1 to 4093. Default Not configured Command mode EXEC Usage information Use this command to monitor the packet throughput on a port interface that is a member of a VXLAN virtual network. Assign a VLAN member interface to only one virtual network.
show virtual-network vlan Displays the VXLAN virtual networks where a VLAN is assigned. Syntax show virtual-network vlan vlan-id Parameters vlan vlan-id Enter a VLAN ID, from 1 to 4093. Default Not configured Command mode EXEC Usage information Use this command to verify the VXLAN virtual networks where a VLAN is assigned, including the port members connected to downstream servers.
Parameters loopback number Enter the Loopback interface used as the source interface of a VXLAN virtual tunnel, from 0 to 16383. Default Not configured Command mode NVE-INSTANCE Usage information The IP address of the Loopback interface serves as the source IP address in encapsulated packets transmitted from the switch as an NVE VTEP. • The Loopback interface must have an IP address configured. The Loopback IP address must be reachable from the remote VTEP.
Usage information The untagged VLAN ID is used internally for all untagged member interfaces that belong to virtual networks. You cannot use the reserved untagged VLAN ID for a simple VLAN bridge or for tagged traffic on member interfaces of virtual networks. The no version of this command removes the configured value. Example OS10(config)# virtual-network untagged-vlan 10 Supported releases 10.4.2.0 or later vxlan-vni Assigns a VXLAN ID to a virtual network.
clear mac address-table dynamic virtual-network Clears MAC addresses learned on all or a specified VXLAN virtual network. Syntax Parameters clear mac address-table dynamic virtual-network [interface {ethernet node/slot/ port:subport | port-channel number} | local | vn-id [address mac-address | local]] interface ethernet node/ slot/ port[:subport] Clear all MAC addresses learned on the specified interface. interface port-channel number Clear all MAC addresses learned on the specified port channel.
interface port-channel number Display the number of MAC addresses learned on all VLANs and VXLANs on the specified port channel. Default Not configured Command mode EXEC Usage information Use this command to display the number of MAC address entries learned on all VLANs and VXLAN virtual networks. Example OS10# show mac address-table count extended MAC Entries for all vlans : Dynamic Address Count : 10 Static Address (User-defined) Count : 2 Total MAC Addresses in Use: 12 Supported releases 10.4.
show mac address-table count virtual-network Displays the number of MAC addresses learned on virtual networks. Syntax Parameters show mac address-table count virtual-network [dynamic | local | remote | static | interface {ethernet node/slot/port:subport | port-channel number} | vn-id] dynamic Display the number of local dynamically-learned MAC addresses. local Display the number of local MAC addresses. remote Display the number of MAC addresses learned from remote VTEPs.
interface port-channel number Display only MAC addresses learned on the specified port channel. static Display only static MAC addresses. dynamic Display only dynamic MAC addresses. Default Not configured Command mode EXEC Usage information By default, MAC learning from a remote VTEP is enabled. Use this command to verify the MAC addresses learned both on VXLAN virtual networks and VLANs on the switch.
OS10# show mac address-table nve vxlan-vni 9999 Virtual-Network VNI MAC Address Type Remote-VTEP --------------------------------------------------------------10000 9999 00:00:00:00:00:77 dynamic VxLAN(32.1.1.1) Supported releases 10.4.2.0 or later show mac address-table virtual-network Displays the MAC addresses learned on all or a specified virtual network.
Example: VXLAN with static VTEP This example uses a typical Clos leaf-spine topology with static VXLAN tunnel endpoints (VTEPs) in VLT dual-homing domains. The individual switch configuration shows how to set up an end-to-end VXLAN. The underlay IP network routes advertise using OSPF. • On VTEPs 1 and 2, access ports are assigned to the virtual network using a switch-scoped VLAN configuration. • On VTEPs 3 and 4, access ports are assigned to the virtual network using a port-scoped VLAN configuration.
VTEP 1 Leaf Switch 1. Configure the underlay OSPF protocol Do not configure the same IP address for the router ID and the source loopback interface in Step 2. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 172.16.0.1 OS10(config-router-ospf-1)# exit 2. Configure a Loopback interface OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# ip ospf 1 area 0.0.0.0 OS10(conf-if-lo-0)# exit 3.
OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 mode active no switchport exit 7.
Configure UFD with uplink VLT ports and downlink network ports OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit 9.
OS10(config-vn-vxlan-vni)# remote-vtep OS10(config-vn-vxlan-vni-remote-vtep)# OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# remote-vtep OS10(config-vn-vxlan-vni-remote-vtep)# OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 192.168.2.1 exit 192.168.2.1 exit 5.
Configure a dedicated L3 underlay path to reach the VLT Peer in case of network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.2/30 OS10(config-if-vl-4000)# ip ospf 1 area 0.0.0.
OS10(config-if-vn-20000)# OS10(config-if-vn-20000)# OS10(config-if-vn-20000)# OS10(config-if-vn-20000)# ip address 10.2.0.232/16 ip virtual-router address 10.2.0.100 no shutdown exit VTEP 3 Leaf Switch 1. Configure the underlay OSPF protocol Do not configure the same IP address for the router ID and the source loopback interface in Step 2. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 172.18.0.1 OS10(config-router-ospf-1)# exit 2.
OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 mode active no switchport exit 7.
Configure VLTi member links OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# ethernet1/1/3 no shutdown no switchport exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure a VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
2. Configure a Loopback interface OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.2.1/32 OS10(conf-if-lo-0)# ip ospf 1 area 0.0.0.0 OS10(conf-if-lo-0)# exit 3. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 4.
8. Configure upstream network-facing ports OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 172.19.1.0/31 ip ospf 1 area 0.0.0.
Configure UFD with uplink VLT ports and downlink network ports OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit 10.
OS10(conf-if-eth1/1/4)# ip ospf 1 area 0.0.0.0 OS10(conf-if-eth1/1/4)# exit 2. Configure the underlay OSPF protocol OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 172.200.0.1 OS10(config-router-ospf-1)# exit Spine Switch 2 1. Configure downstream ports on underlay links to leaf switches OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport ip address 172.16.
Benefits of a BGP EVPN-based VXLAN • Eliminates the flood-and-learn method of VTEP discovery by enabling control-plane learning of end-host L2 and L3 reachability information. • Minimizes network flooding of unknown unicast and broadcast traffic through EVPN-based MAC and IP route advertisements on local VTEPs. • Provides support for host mobility.
Figure 7. BGP EVPN topology Leaf nodes Leaf nodes are typically top-of-rack (ToR) switches in a data center network. They act as the VXLAN tunnel endpoints and perform VXLAN encapsulation and decapsulation. Leaf nodes also participate in the MP-BGP EVPN to support control plane and data plane functions. Control plane functions include: • • • Initiate and maintain route adjacencies using any routing protocol in the underlay network. Advertise locally learned routes to all MP-BGP EVPN peers.
Control plane functions include: • Initiate BGP peering with all neighbor leaf nodes. • Advertise BGP routes to all BGP peers. • Initiate and maintain routing adjacencies with all leaf and spine nodes in the underlay network. Data plane functions include: • Perform only underlay route processing based on the outer header in VXLAN encapsulated packets. • Does not perform VXLAN encapsulation or decapsulation.
– Type: 1 – D-ID: 0 – Service-ID: VNI • For a 4-byte ASN, OS10 can auto-configure RTs for both 2-byte and 4-byte ASNs. The RT type is set to 0202 (Type 2 in RFC 4364). The RT value is encoded in the format: 4-octet-ASN: 2-octet-number, where the 2-octet-number field contains the EVI ID. In auto-EVI mode, the EVI ID is the same as the virtual network ID (VNID). Therefore, in 4-byte ASN deployment, OS10 supports RT autoconfiguration if the VNID-to-VNI mapping is the same on all VTEPs.
i Return to ROUTER-BGP mode. exit For each BGP peer session in the overlay network: a Configure the BGP peer using its Loopback IP address on the VTEP in ROUTER-BGP mode. neighbor loopback-ip-address b Assign the BGP neighbor Loopback address to the autonomous system in ROUTER-BGP-NEIGHBOR mode. The neighbor Loopback IP address is the source interface on the remote VTEP.
2 • Enable auto-EVI creation for overlay virtual networks in EVPN mode. Auto-EVI creation is supported only if BGP EVPN is used with 2-byte AS numbers and if at least one BGP instance is enabled with the EVPN address family. No further manual configuration is allowed in auto-EVI mode. auto-evi Manual EVI configuration mode 1 Enable the EVPN control plane in CONFIGURATION mode. evpn 2 Manually create an EVPN instance in EVPN mode. The range is from 1 to 65535.
304 keepalives, 0 route refresh requests Sent 307 messages 4 opens, 0 notifications, 2 updates 301 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast: MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) 4_OCTET_AS(65) MP_L2VPN_EVPN Capabilities advertised to neighbor for IPv4 Unicast: MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) 4_OCTET_AS(
associated with EVIs belonging to the same tenant on a VTEP. IETF draft draft-ietf-bess-evpn-inter-subnet-forwarding-05 describes EVPN inter-subnet forwarding, Integrated Routing and Bridging (IRB), and how to use EVPN with IP routing between L2 tenant domains.
kept operationally down at bootup to allow the dataplane to set up and forward traffic, resulting in minimal traffic loss as the VLT peer node boots up and joins the VLT domain. For a sample BGP EVPN VLT configuration, see Example: VXLAN with BGP EVPN. Figure 8.
activate (l2vpn evpn) Enables the exchange of L2 VPN EVPN address family information with a BGP neighbor or peer group. Syntax activate Parameters None Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information Use this command to exchange L2 VPN EVPN address information for VXLAN host-based routing with a BGP neighbor. The IPv4 unicast address family is enabled by default. Use the no version of this command to disable an address family with a neighbor.
Example (IPv4) OS10(config-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# allowas-in 5 Example (IPv6) OS10(conf-router-template)# address-family ipv6 unicast OS10(conf-router-bgp-template-af)# allowas-in 5 Supported Releases 10.3.0E or later sender-side-loop-detection Enables the sender-side loop detection process for a BGP neighbor.
Network Next Hop Weight Path *>r Route distinguisher: 110.111.170.102:65447 [3]:[0]:[32]:[110.111.170.102]/152 110.111.170.102 32768 ? *> Route distinguisher: 110.111.170.107:64536 [3]:[0]:[32]:[110.111.170.107]/152 110.111.170.107 0 100 101 ? OS10# show BGP router Neighbor 3.3.3.3 4.4.4.4 5.5.5.5 6.6.6.6 Metric LocPrf 0 100 0 100 ip bgp l2vpn evpn summary identifier 2.2.2.
auto-evi Creates an EVPN instance automatically, including Route Distinguisher (RD) and Route Target (RT) values. Syntax auto-evi Parameters None Default Not configured Command mode EVPN Usage information In deployments running BGP with 2-byte or 4-byte autonomous systems, auto-EVI automatically creates EVPN instances when you create a virtual network on a VTEP in the overlay network.
evpn Enables the EVPN control plane for VXLAN. Syntax evpn Parameters None Default Not configured Command mode CONFIGURATION Usage information Enabling EVPN triggers BGP to advertise EVPN capability with AFI=25 and SAFI=70 to all BGP peers in an autonomous system. The no version of this command disables EVPN on the switch. Example OS10(config)# evpn OS10(config-evpn)# Supported releases 10.4.2.0 or later rd Configures the Route Distinguisher (RD) value EVPN routes use. Syntax rd {A.B.C.
• The 4-octet ASN or number is 1 to 4294967295. auto Configure the RT import and export values to automatically generate. asn4 (Optional) Advertises a 4-byte AS number in RT values. Default Not configured Command mode EVPN-EVI Usage information A RT determines how EVPN routes distribute among EVPN instances. Configure each RT with an import and export value. When the EVPN routes advertise, the RT export value configured for export attaches to each route.
show evpn mac Displays BGP EVPN routes for host MAC addresses. Syntax show evpn mac {count | mac-address nn.nn.nn.nn | evi id [mac-address nn.nn.nn.nn | count | next-hop ip-address count]} Parameters • count — Displays the total number of local and remote host MAC addresses in EVPN instances. • mac-address nn.nn.nn.nn — Displays the BGP EVPN routes for a specific 48-bit host MAC address. • evi id — Displays the host MAC addresses and next hops in a specified EVPN instance, from 1 to 65535.
• next-hop ip-address — Enter the IP address of a next-hop switch. Default Not configured Command mode EXEC Usage information Use this command to view the MAC-IP address binding for host communication in VXLAN tenant segments.
Supported releases 10.4.3.0 or later show evpn vrf Displays the VRF instances used to forward EVPN routes in VXLAN overlay networks. Syntax show evpn vrf [vrf-name] Parameters vrf-name — (Optional) Enter the name of a non-default tenant VRF instance. Default Not configured Command mode EXEC Usage information Use this command to verify the tenant VRF instances used in EVPN instances to exchange BGP EVPN routes in VXLANs.
Default Not configured Command mode EVPN-EVI Usage information Use this command in EVPN-EVI mode to configure an EVPN instance with RD and RT values to an overlay VXLAN virtual network. Example OS10(config)# evpn OS10(config-evpn)# evi 10 OS10(config-evpn-evi)# vni 10000 Supported releases 10.4.2.0 or later Example: VXLAN with BGP EVPN The following VXLAN with BGP EVPN example uses a Clos leaf-spine topology with VXLAN tunnel endpoints (VTEPs).
Figure 9. VXLAN BGP EVPN use case VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.
2. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# no switchport mtu 1650 ip address 172.16.2.0/31 exit 7. Configure eBGP OS10(config)# router bgp 100 OS10(config-router-bgp-100)# router-id 172.16.0.1 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.16.1.
OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 11. Configure EVPN Configure the EVPN instance, RD, and RT using auto-EVI mode: OS10(config)# evpn OS10(config-evpn)# auto-evi OS10(config-evpn)# exit 12. Configure VLT Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
13. Configure IP switching in the overlay network Create a tenant VRF OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network 10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.
5.
9. Configure a Loopback interface for BGP EVPN peering different from VLT peer IP address OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.17.0.1/32 OS10(conf-if-lo-1)# exit 10. Configure BGP EVPN peering OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.201.0.
Configure VLTi member links OOS10(config)# interface ethernet1/1/3 OS10(conf-if-eth1/1/3)# no shutdown OS10(conf-if-eth1/1/3)# no switchport OS10(conf-if-eth1/1/3)# exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure the VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
VTEP 3 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.2.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3.
7. Configure upstream network-facing ports OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 172.18.1.0/31 exit OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/2 no shutdown no switchport mtu 1650 ip address 172.18.2.0/31 exit 8.
OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# ebgp-multihop 4 OS10(config-router-neighbor)# send-community extended OS10(config-router-neighbor)# update-source loopback1 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bg
OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure the VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
OS10(conf-if-lo-0)# ip address 192.168.2.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3.
OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/2 no shutdown no switchport mtu 1650 ip address 172.19.2.0/31 exit 8. Configure eBGP OS10(config)# router bgp 100 OS10(config-router-bgp-100)# router-id 172.19.0.1 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgp-af)# redistribute connected OS10(configure-router-bgp-af)# exit 9.
OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 12.
Configure the VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
OS10(conf-if-eth1/1/2)# OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# exit ethernet1/1/3 no shutdown no switchport ip address 172.18.1.1/31 exit ethernet1/1/4 no shutdown no switchport ip address 172.19.1.1/31 exit 2. Configure eBGP OS10(config)# router bgp 101 OS10(config-router-bgp-101)# router-id 172.201.0.
OS10(conf-router-neighbor)# update-source loopback1 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-101)# neighbor 172.17.0.
OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# no shutdown no switchport ip address 172.18.2.1/31 exit ethernet1/1/4 no shutdown no switchport ip address 172.19.2.1/31 exit 2. Configure eBGP OS10(config)# router bgp 101 OS10(config-router-bgp-101)# router-id 172.202.0.
OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-101)# neighbor 172.17.0.
VxLAN Virtual Network Identifier: 20000 Source Interface: loopback0(192.168.1.1) Remote-VTEPs (flood-list): 192.168.2.1(CP) LEAF1# 2. Verify EVPN configurations and EVPN parameters LEAF1# show evpn evi EVI : 10000, State : up Bridge-Domain : Route-Distinguisher : Route-Targets : Inclusive Multicast : IRB : EVI : 20000, State : up Bridge-Domain : Route-Distinguisher : Route-Targets : Inclusive Multicast : IRB : LEAF1# Virtual-Network 10000, VNI 10000 1:192.168.1.1:10000(auto) 0:100:268445456(auto) both 192.
64 bytes from 10.2.0.20: icmp_seq=3 ttl=63 time=0.687 ms 64 bytes from 10.2.0.20: icmp_seq=4 ttl=63 time=0.640 ms 64 bytes from 10.2.0.20: icmp_seq=5 ttl=63 time=0.644 ms --- 10.2.0.20 ping statistics --5 packets transmitted, 5 received, 0% packet loss, time 4089ms rtt min/avg/max/mdev = 0.640/0.669/0.707/0.041 ms root@HOST-A:~# NOTE: Follow Steps 1 to 6 to check ping connectivity between combinations of other hosts, and between hosts through different virtual-network IP addresses.
Figure 10. VXLAN BGP EVPN use case VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.
2. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# no switchport mtu 1650 ip address 172.16.2.0/31 exit 7. Configure eBGP OS10(config)# router bgp 99 OS10(config-router-bgp-99)# OS10(config-router-bgp-99)# OS10(config-router-bgp-af)# OS10(config-router-bgp-af)# router-id 172.16.0.1 address-family ipv4 unicast redistribute connected exit 8. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-99)# neighbor 172.16.1.
Configure the EVPN instance with RD and RT values in manual mode: OS10(config)# evpn OS10(config-evpn)# evi 10000 OS10(config-evpn-evi-10000)# vni 10000 OS10(config-evpn-evi-10000)# rd 192.168.1.1:10000 OS10(config-evpn-evi-10000)# route-target 99:10000 both OS10(config-evpn-evi-10000)# route-target 100:10000 import OS10(config-evpn-evi-10000)#exit OS10(config-evpn)# evi 20000 OS10(config-evpn-evi-20000)# vni 20000 OS10(config-evpn-evi-20000)# rd 192.168.1.
Configure iBGP IPv4 peering between VLT peers OS10(config)# router bgp 99 OS10(config-router-bgp-99)# neighbor 172.16.250.1 OS10(config-router-neighbor)# remote-as 99 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# exit 13.
Use a switch-scoped VLAN-to-VNI mapping: OS10(config)# interface OS10(config-if-vl-100)# OS10(config-if-vl-100)# OS10(config-if-vl-100)# OS10(config)# interface OS10(config-if-vl-200)# OS10(config-if-vl-200)# OS10(config-if-vl-200)# vlan100 virtual-network 10000 no shutdown exit vlan200 virtual-network 20000 no shutdown exit 5.
OS10(config-router-bgp-99)# neighbor 172.17.2.1 OS10(config-router-neighbor)# remote-as 102 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# exit 9. Configure a Loopback interface for BGP EVPN peering different from VLT peer IP address OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.17.0.1/32 OS10(conf-if-lo-1)# exit 10.
Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.232/16 ip virtual-router address 10.1.0.
OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 mode active no switchport exit 6. Add the access ports to virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# member-interface port-channel 10 vlan-tag 100 OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# member-interface port-channel 20 untagged OS10(config-vn-20000)# exit 7.
OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# neighbor 172.202.0.
OS10(config)# interface port-channel20 OS10(conf-if-po-20)# vlt-port-channel 20 OS10(conf-if-po-20)# exit Configure VLTi member links OOS10(config)# interface ethernet1/1/3 OS10(conf-if-eth1/1/3)# no shutdown OS10(conf-if-eth1/1/3)# no switchport OS10(conf-if-eth1/1/3)# exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure the VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.
OS10(conf-if-vn-20000)# no shutdown OS10(conf-if-vn-20000)# exit VTEP 4 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.2.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3.
OS10(config-vn-20000)# member-interface port-channel 20 untagged OS10(config-vn)# exit 7. Configure upstream network-facing ports OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 172.19.1.
OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 12.
OS10(conf-if-eth1/1/4)# no switchport OS10(conf-if-eth1/1/4)# exit Configure the VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# no shutdown no switchport ip address 172.17.1.1/31 exit ethernet1/1/3 no shutdown no switchport ip address 172.18.1.
OS10(conf-router-bgp-101)# neighbor 172.17.0.
2. Configure eBGP OS10(config)# router bgp 102 OS10(config-router-bgp-102)# router-id 172.202.0.1 OS10(config-router-bgp-102)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute connected OS10(configure-router-bgpv4-af)# exit 3. Configure eBGP IPv4 peer sessions on the P2P links OS10(conf-router-bgp-102)# neighbor 172.16.2.0 OS10(conf-router-neighbor)# remote-as 99 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-102)# neighbor 172.17.2.
OS10(conf-router-neighbor)# remote-as 100 OS10(conf-router-neighbor)# send-community extended OS10(conf-router-neighbor)# update-source loopback1 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-102)# neighbor 172.19.0.
3. Verify BGP EVPN neighborship between leaf and spine nodes LEAF1# show ip bgp l2vpn evpn summary BGP router identifier 172.16.0.1 local AS number 99 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 172.201.0.1 101 1132 1116 13:29:00 27 172.202.0.1 102 1131 1118 13:29:02 28 LEAF1# 4. Check connectivity between host A and host B root@HOST-A:~# ping 10.2.0.10 -c 5 PING 10.2.0.10 (10.2.0.10) 56(84) bytes of 64 bytes from 10.2.0.10: icmp_seq=1 ttl=63 64 bytes from 10.2.0.10: icmp_seq=2 ttl=63 64 bytes from 10.2.
centralized Layer 3 gateway either directly or through an IP underlay fabric. Any Routing traffic that is ingressing in a Layer 2 VTEP will be switched to the Layer 3 centralized gateway and all routing decisions are taken in this centralized gateway and the traffic is sent to the destination Layer 2 VTEP. The following VXLAN example also uses a Clos leaf-spine topology.In this example, the VTEP 1 and VTEP 2 VLT pair are L2 gateway and VTEP 3 and VTEP 4 VLT pair are a centralized L3 gateway.
Figure 11. Centralized Layer3 Gateway Routing VTEP 1 Leaf Switch NOTE: The virtual network interfaces with IP addresses, anycast IP addresses, and anycast gateway MAC addresses need not be configured in the VTEP 1 and VTEP 2, which are Layer 2 VTEPs. 1.
Configure an anycast gateway MAC address OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.1.0.
In other platforms, routing can happen only between virtual networks and the egress virtual network can be connected to a vlan in an external router which connects to the external network. Example Description In the below example, VLT domain 1 is a VLT VTEP and VLT domain 2 is the Border Leaf VLT VTEP pair. The virtual networks present in the DC are configured in all the VTEPs with its own IP addresses and anycast IP addresses.
Figure 12. Border Leaf Gateway NOTE: The leaf and spine configurations that are mentioned in the BGP EVPN — Multi-AS use case hold good for configuring this Border leaf gateway topology also. However, the following configurations mentioned in this section are additional configurations to be done in the VTEPs in the leaf network.
VTEP 1 Leaf Switch 1. Configure VXLAN virtual network. OS10(config)# virtual-network 500 OS10(config-vn-500)# vxlan-vni 500 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit 2. Configure routing on the virtual networks. OS10(config)# interface virtual-network 500 OS10(conf-if-vn-10000)# ip vrf forwarding tenant1 OS10(conf-if-vn-10000)# ip address 10.5.0.231/16 3. Configure static route for out-bound traffic pointing towards the anycast MAC address of VN500. OS10(config)#ip route 0.0.0.0/0 10.5.0.
4. Configure externally connected VLAN. OS10(conf)#interface vlan 200 OS10(conf-if-vlan)#ip address 10.10.0.1/16 OS10(conf-if-vlan)#no shutdown OS10(conf-if-vlan)#exit OS10(conf)#interface ethernet 1/1/7 switchport mode trunk switchport trunk allowed vlan 200 5. Configure static route for out-bound traffic pointing towards VLAN200. OS10(config)#ip route 0.0.0.0/0 10.10.0.3 VTEP 4 Leaf Switch 1. Configure VXLAN virtual network.
The NSX controller communicates with an OS10 VTEP using the OVSDB management protocol over a Secure Sockets Layer (SSL) connection. Establishing the communication between the controller and VTEP involves generating the SSL certificate at a VTEP and copying the certificate to the NSX controller. After SSL authentication, a secure connection over SSL is established between the controller and the VTEP. The VTEP then receives and processes the configuration data from the controller.
2 Configure NSX controller reachability. 3 Assign local access interfaces to be managed by the controller. The VLAN IDs of member access interfaces created using the OS10 CLI must be different from the VLAN IDs of port-scoped VLANs created by the NSX controller for virtual networks. 4 (Optional) Enable BFD in the NSX and the VTEP. OS10 complies with RFC5880 for Bidirectional Forwarding Detection.
When the interface is assigned, you cannot: • remove the interface from Switchport Trunk mode • add the interface as a member of any VLAN • remove the interface from the controller configuration if the interface has active port-scoped VLAN (Port,VLAN) pairs configured by the controller To assign an interface to be managed by the OVSDB controller: 1 Configure an interface from CONFIGURATION mode. OS10(config)# interface ethernet 1/1/1 2 Configure L2 trunking in INTERFACE mode.
Since VTEP relies on service nodes to replicate BUM traffic, we need a mechanism to monitor the connectivity between the VTEP and the service nodes. BFD can be used monitors the connectivity between the VTEP and service nodes, and detects failures. The NSX controller provides parameters, such as the minimum TX and RX interval, and the multiplier, to initiate the BFD session between the VTEP and the service nodes. To establish a BFD session, enable the BFD on both the controller and the VTEP.
• Show output with details about the replicators available for the VNID. OS10# show nve replicators vnid 10009 Codes: * - Active Replicator BFD Status:Enabled Replicators State ----------------------2.2.2.3 Up 2.2.2.2* Up *— indicates the replicator to which the VTEP sends the BUM traffic for the specific VNID. Configure and control VXLAN from VMware vCenter You can configure and control VXLAN from the VMware vCenter GUI.
If successfully establishing connectivity between the VTEP and the NSX controller, the console displays the current connection status between the controller and the management IP address of the VTEP. 3 Create a logical switch. You can create a logical network that acts as the forwarding domain for virtualized and nonvirtualized server workloads on the physical and virtual infrastructure. The following steps configure the logical switch for NSX controller management.
4 Create a logical switch port that provides a logical connection point for a VM interface (VIF) and a L2 gateway connection to an external network. 5 (Optional) Enable or disable BFD globally. The following steps enable or disable BFD configuration in the controller. a Click Service Definitions from the left navigation pane. b Click the Hardware Devices tab. c Click the Edit button in the BFD Configuration.
After you configure a VMware NSX controller on a server VM, connect to the controller from the VXLAN gateway switch. For more information about the NSX controller configuration in the VTEP, see Configure a connection to an OVSDB controller. For more information about NSX controller configuration, see the NSX User Guide from VMware. Example: VXLAN with a controller configuration This example shows a simple NSX controller and an hardware OS10 VTEP deployed in VXLAN environment.
To configure an NSX controller-provisioned VXLAN: • Configure the controller and the interfaces to be managed by the controller, in the OS10 VTEPs • Configure the NSX controller in VMware vCenter. For more information about configuring the NSX controller using the GUI, see the Configure and control VXLAN from the VMware vCenter. You must configure an OS10 VTEP with the controller configuration so that the VTEP can communicate with the NSX controller.
4 Specify the NSX controller reachability information. OS10(config-nve)# controller ovsdb OS10(config-nve-ovsdb)# ip 10.16.140.182 port 6640 ssl OS10(config-nve-ovsdb)# max-backoff 10000 OS10(config-nve-ovsdb)# exit 5 Assign interfaces to be managed by the controller. OS10(config)# interface ethernet 1/1/54:3 OS10(config-if-eth1/1/54:3)# switchport mode trunk OS10(config-if-eth1/1/54:3)# no switchport access vlan OS10(config-if-eth1/1/54:3)# nve-controller 6 (Optional) Enable BFD.
Verify the controller configuration VTEP 1 To view controller-based information on the VTEP 1, use the show nve controller command. OS10# show nve controller Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP 10.16.140.182 10.16.140.183 10.16.140.181 Port 6640 6640 6640 : : : : 10.16.140.11/16 200.0.0.1 10000 10.16.140.
VTEP 2 OS10# show nve controller Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP 10.16.140.182 10.16.140.183 10.16.140.181 Port 6640 6640 6640 : : : : 10.16.140.13/16 202.0.0.1 10000 10.16.140.
controller ovsdb Changes the mode to CONFIGURATION-NVE-OVSDB from where you can configure the controller parameters. Syntax controller ovsdb Parameters None Default None Command mode CONFIGURATION-NVE Usage information The controller configuration initiates the OVSDB service on the OS10 switch. The no version of this command stops the OVSDB service. The no version command fails if any ports are configured as controller-managed ports or IP address configuration.
max-backoff Configures a time interval, in milliseconds (ms). This is the duration the switch waits between the connection attempts to the controller. Syntax max-backoff interval Parameters interval—Enter the amount of time, in ms. This is the duration the switch waits between the connection attempts to the controller, from 1000 to 180000 ms.
Default None Command mode EXEC Usage information This command is available only for the sysadmin and secadmin roles. This command generates the SSL certificate and restarts the OVSDB server to start using the newly generated certificate. Example OS10# nve controller ssl-key-generate Supported releases 10.4.3.0 or later show nve controller Displays information about the controller and the controller-managed interfaces.
YTE7MDkGA1UEAwwyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDE4IFNl cCAyMyAwMzo0NzoyMCkwHhcNMTgwOTI0MTYzMDUyWhcNMjgwOTIxMTYzMDUyWjCB iTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRUwEwYDVQQKDAxPcGVuIHZTd2l0 Y2gxHzAdBgNVBAsMFk9wZW4gdlN3aXRjaCBjZXJ0aWZpZXIxNTAzBgNVBAMMLGRl bGwgaWQ6MGVlZmUwYWMtNGJjOC00MmVmLTkzOTEtN2RlMmMwY2JmMTJjMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMlD4c4fWwy+5t6VScjizlkFsNzE BOK5PJyI3B6ReRK/J14Fdxio1YmzG0YObjxiwjpUYEsqPL3Nvh0f10KMqwqJVBdf 6sXWHUVw+9A7cIfRh0aRI+HIYyUC4YD48GlnVnaCqhxYaA0tcMzJm4r2k
show ovsdb-tables mac-local-ucast Displays information about local MAC address entries including each MAC address, IP address, local switch name, and VNID. Syntax show ovsdb-tables mac-local-ucast Parameters None Default None Command mode EXEC Usage information This command is available only for netadmin, sysadmin, and secadmin roles.
Usage information This command is available only for netadmin, sysadmin, and secadmin roles. Example OS10# show ovsdb-tables manager Count : 3 Manager table _uuid inactivity_probe is_connected max_backoff other_config status target ------------------------------------ ---- ------------ ---------------------- ------------------------------478ec8ca-9c5a-4d29-9069-633af6c48002 [] false 1000 {} {state=BACKOFF} "ssl: 10.16.140.
14 UFT modes A switch in a Layer 2 (L2) network may require a larger MAC address table size, while a switch in a Layer 3 (L3) network may require a larger routing table size. Unified forwarding table (UFT) offers the flexibility to configure internal L2/L3 forwarding table sizes. OS10 supports several UFT modes for the forwarding tables. By default, OS10 selects a UFT mode that provides a reasonable size for all tables.
Table 36. UFT Modes — Table Size for Z9100-ON UFT Mode L2 MAC Table Size L3 Host Table Size L3 Routes Table Size Scaled-l2–switch 139264 8192 16384 Scaled-l3–hosts 8192 139264 16384 Scaled-l3–routes 8192 8192 131072 Default 73728 73728 16384 Table 37.
Configure UFT modes Available UFT modes include L2 MAC table, L3 host table, or L3 route table sizes. Save the configuration and reload the switch for the configuration changes to take effect. • Select a mode to initialize the maximum table size in CONFIGURATION mode. hardware forwarding-table mode [scaled-l2 | scaled-l3-routes | scaled-l3-hosts] • Disable UFT mode in CONFIGURATION mode.
Configuration after reload: OS10# show hardware l3 Current Settings IPv6 Extended Prefix Entries: 2048 Next-boot Settings 2048 The no version of the command removes the IPv6 extended prefix route configuration. Save and Reload the switch to remove the configuration. OS10(config)# no hardware l3 ipv6-extended-prefix % Warning: Un-configuring IPv6 Extended Prefix will be applied only after a save and reload.
% Warning: IPv6 Extended Prefix Installation will be applied only after a save and reload. OS10(config)# do write memory OS10(config)# reload Supported Releases 10.4.1.0 or later show hardware forwarding-table mode Displays the current hardware forwarding table mode, and the mode after the next boot.
Parameters None Defaults None Command Mode EXEC Usage Information None Example OS10# show hardware l3 Current Settings IPv6 Extended Prefix Entries: 2048 Supported Releases Next-boot Settings 2048 10.4.1.
15 Security Authentication, authorization, and accounting (AAA) services secure networks against unauthorized access. In addition to local authentication, OS10 supports remote authentication dial-in user service (RADIUS) and terminal access controller access control system (TACACS+) client/server authentication systems. For RADIUS and TACACS+, an OS10 switch acts as a client and sends authentication requests to a server that contains all user authentication and network service access information.
aaa authentication login default local aaa authentication login console local User re-authentication To prevent users from accessing resources and performing tasks that they are not authorized to perform, OS10 allows you to require users to re-authenticate by logging in again when an authentication method or server changes, such as: • Adding or removing a RADIUS server using the radius-server host command • Adding or removing an authentication method using the aaa authentication login {console | default
%Error: Password fail: it does not contain enough DIFFERENT characters OS10(config)# enable password 0 4newhire4 priv-lvl 5 %Error: Password it does not contain enough DIFFERENT characters.
username test1 password $6$rounds=656000$50vutEWA9w3ImvF.$2pSDnaINYTKCQ6WAlJqeabiFQNRvUgui3. 6vR2e.L/D7DBwnV0QtY.KtOBTZAIDDT5.AFWxQHVgs2/V3jC3yG1 role sysadmin priv-lvl 15 OS10(config)# show running-configuration radius-server radius-server host 10.2.2.2 key 9 3c0e479bd43bb5baf4ebb16e1317a845f01f832e25a03836c70bd26b9754d6a0 OS10(config)# show running-configuration tacacs-server tacacs-server host 10.1.1.
Bootloader protection To prevent unauthorised users with malicious intent from accessing your switch, protect the bootloader using a GRUB password. OS10 allows you to enable, disable, and view bootloader protection. This feature is available only for the sysadmin and secadmin roles. WARNING: When you enable bootloader protection, keep a copy of a configured user name and password. You cannot access the switch without configured credentials. • Enable bootloader protection in EXEC mode.
$6$5DdOHYg5$JCE1vMSmkQOrbh31U74PIPv7lyOgRmba1IxhkYibppMXs1KM4Y.gbTPcxyMP/PHUkMc5rdk/ ZLv9Sfv3ALtB61 Disable linuxadmin user To disable or lock the linuxadmin user, use the system-user linuxadmin disable command in CONFIGURATION mode. OS10(config)# system-user linuxadmin disable To re-enable or unlock the linuxadmin user, use the no system-user linuxadmin disable command in CONFIGURATION mode.
• If OS10 uses a RADIUS server VRF instance, a RADIUS server source interface is not supported and cannot be configured. (Optional) By default, the switch uses the default VRF instance to communicate with RADIUS servers. You can optionally configure a non-default or the management VRF instance for RADIUS authentication in CONFIGURATION mode. radius-server vrf management radius-server vrf vrf-name Configure RADIUS server OS10(config)# OS10(config)# OS10(config)# OS10(config)# radius-server host 1.2.4.
connects with the configured RADIUS servers one at a time, until a RADIUS server responds with an accept or reject response. The switch tries to connect with a server for the configured number of retransmit retries and timeout period. A security profile determines the X.509v3 certificate on the switch to use for TLS authentication with a RADIUS server. To configure a security profile for an OS10 application, see Security profiles.
Configure TACACS+ server for non-default VRFs OS10(config)# ip vrf blue OS10(conf-vrf)# exit OS10(config)# tacacs-server vrf blue View TACACS+ server configuration OS10# show running-configuration ... tacacs-server host 1.2.4.5 key 9 3a95c26b2a5b96a6b80036839f296babe03560f4b0b7220d6454b3e71bdfc59b ip tacacs source-interface loopback 2 ... Delete TACACS+ server OS10# no tacacs-server host 1.2.4.
• Challenge response authentication is disabled by default. To enable, use the ip ssh server challenge-responseauthentication command. • Host-based authentication is disabled by default. To enable, use the ip ssh server hostbased-authentication command. • Password authentication is enabled by default. To disable, use the no ip ssh server password-authentication command. • Public key authentication is enabled by default. To disable, use the no ip ssh server pubkey-authentication command.
2 Enter VTY mode using the line vty command in CONFIGURATION mode. OS10(config)# line vty OS10(config-line-vty)# 3 Apply the access lists to the VTY line with the {ip | ipv6} access-class access-list-name command in LINE-VTY mode.
Enable user lockout By default, a maximum of three consecutive failed password attempts is supported on the switch. You can set a limit to the maximum number of allowed password retries with a specified lockout period for the user ID. This feature is available only for the sysadmin and secadmin roles. • Configure user lockout settings in CONFIGURATION mode.
Enable login statistics To monitor system security, allow users to view their own login statistics when they sign in to the system. A large number of login failures or an unusual login location may indicate a system hacker. Enable the display of login information after a user successfully logs in; for example: OS10 login: admin Password: Last login: Thu Nov 2 16:02:44 UTC 2017 on ttyS1 Linux OS10 3.16.43 #2 SMP Debian 3.16.43-2+deb8u5 x86_64 ...
• netoperator role: Level 1 NOTE: The role of a local user in the system and the remote user who logs in must be the same at both ends. Configure privilege levels To restrict CLI access, create the required privilege levels for user roles, assign commands to each level, and assign privilege levels to users. 1 Create privilege levels in CONFIGURATION mode. privilege mode priv-lvl privilege-level command-string • mode — Enter the privilege mode used to access CLI modes: – exec — Accesses EXEC mode.
The following example displays the privilege levels of all users who are logged into OS10: OS10# show users Index ----1 2 Line -----pts/0 pts/1 User ----admin netad Role Application Idle Login-Time Location Privilege --------------- ---- -------------------------sysadmin bash >24h 2018-09-08 T06:51:37Z 10.14.1.91 [ssh] 15 netadmin bash >24h 2018-09-08 T06:54:33Z 10.14.1.
• Establishment of secure traffic flows, such as SSH, and violations on secure flows • Certificate issues, including user access and changes made to certificate installation using crypto commands • Adding and deleting users Audit log entries are saved locally and sent to configured Syslog servers. To set up a Syslog server, see System logging. Enable audit log • Enable configuration and security event recording in the audit log on Syslog servers in CONFIGURATION mode.
aaa accounting Enables AAA accounting. Syntax aaa accounting commands all {console | default} {start-stop | stop-only | none} [logging] [group tacacs+] Parameters Default • commands all — Record all user-entered commands. RADIUS accounting does not support this option. • console — Record all user authentication and logins or all user-entered commands in OS10 sessions on console connections.
Usage Information The no version of this command removes all configured authentication methods and defaults to using local authentication.
Supported Releases 10.4.3.0 or later boot protect enable username password Allows you to enable bootloader protection. Syntax boot protect enable username username password password Parameters • username — Enter the username to provide access to bootloader protection. • password — Enter a password for the specified username. Default Disabled Command Mode EXEC Usage Information You can enable bootloader protection by executing this command.
Default The SSH server uses default public key lengths for client authentication: • RSA key: 2048 bits • ECDSA key : 256 bits • Ed25519 key: 256 bits Command Mode EXEC Usage Information If necessary, you can regenerate the public keys used by the SSH server with a customized bit size. You cannot change the default size of the Ed25519 key. The crypto ssh-key generate command is available only to the sysadmin and secadmin roles.
unless a password is configured for a highest intermediate level. If you configure a password for an intermediate level, enter that password when prompted. To access privilege level 15, you must configure the enable password command. If you do not configure a password for privilege level 15, you cannot enter level 15. For privilege levels 0 to 14, the enable password command is optional. Privilege levels inherit all permitted commands from all lower levels.
Parameters access-list-name — Enter the access list name. Default Not configured Command Mode LINE VTY CONFIGURATION Usage Information The no version of this command removes the filter. Example OS10(config)# line vty OS10(config-line-vty)# ip access-class deny10 Supported Releases 10.4.0E(R1) or later ip radius source-interface Specifies the interface whose IP address is used as the source IP address for user authentication with a RADIUS server.
Command Mode CONFIGURATION Usage Information By default, no source interface is configured. OS10 selects the source IP address as the IP address of the interface from which a packet is sent to the TACACS+ server. The no version of this command removes the configured source interface. Example OS10(config)# ip tacacs source-interface ethernet 1/1/10 Supported Releases 10.4.1.0 or later ipv6 access-class Filters connections in a virtual terminal line using an IPv6 access list.
Default Command Mode • 3des-cbc • aes128-cbc • aes192-cbc • aes256-cbc • aes128-ctr • aes192-ctr • aes256-ctr • aes128-gcm@openssh.com • aes256-gcm@openssh.com • blowfish-cbc • cast128-cbc • chacha20-poly1305@opens • aes128-ctr • aes192-ctr • aes256-ctr • aes128-gcm@openssh.com • aes256-gcm@openssh.com • chacha20-poly1305@opens • CONFIGURATION Usage Information The no version of this command removes the configuration.
ip ssh server hostbased-authentication Enables host-based authentication in an SSH server. Syntax ip ssh server hostbased-authentication Parameters None Default Disabled Command Mode • CONFIGURATION Usage Information The no version of this command disables the host-based authentication. Example OS10(config)# ip ssh server hostbased-authentication Supported Releases 10.3.0E or later ip ssh server kex Configures the key exchange algorithms used in the SSH server.
Supported Releases 10.3.0E or later ip ssh server mac Configures the hash message authentication code (HMAC) algorithms used in the SSH server. Syntax ip ssh server mac hmac-algorithm Parameters hmac-algorithm — Enter the supported HMAC algorithms separated by a blank space. The SSH server supports these HMAC algorithms: Default Command Mode • hmac-md5 • hmac-md5-96 • hmac-ripemd160 • hmac-sha1 • hmac-sha1-96 • hmac-sha2-256 • hmac-sha2-512 • umac-64@openssh.com • umac-128@openssh.
ip ssh server password-authentication Enables password authentication in the SSH server. Syntax ip ssh server password-authentication Parameters None Default Enabled Command Mode • CONFIGURATION Usage Information The no version of this command disables the password authentication. Example OS10(config)# ip ssh server password-authentication Supported Releases 10.3.0E or later ip ssh server port Configures the SSH server listening port.
ip ssh server vrf Configures an SSH server for the management or non-default VRF instance. Syntax Parameters Default Command Mode ip ssh server vrf {management | vrf vrf-name} • management — Configures the management VRF instance to reach the SSH server. • vrf vrf-name — Enter the VRF instance used to reach the SSH server. Not configured • CONFIGURATION Usage Information The SSH server uses the management VRF.
Example OS10(conf)# logging audit enable Supported Releases 10.4.3.0 or later login concurrent-session limit Configures the maximum number of concurrent login sessions allowed for a user ID. Syntax login concurrent-session limit number Parameters limit number — Enter the limit of concurrent login sessions, from 1 to 12.
Parameters • min-length number — (Optional) Sets the minimum number of required alphanumeric characters, from 6 to 32; default 9. • character-restriction: – upper number — (Optional) Sets the minimum number of uppercase characters required, from 0 to 31; default 0. – lower number — (Optional) Sets the minimum number of lowercase characters required, from 0 to 31; default 0. – numeric number — (Optional) Sets the minimum number of numeric characters required, from 0 to 31; default 0.
Usage Information • To remove the configured max-retry or lockout-period settings, use the no passwordattributes {max-retry | lockout-period} command. • When a user is locked out due to exceeding the maximum number of failed login attempts, other users can still access the switch. Example OS10(config)# password-attributes max-retry 5 lockout-period 30 Supported Releases 10.4.1.0 or later privilege Creates a privilege level and associates commands with it.
radius-server host Configures a RADIUS server and the key used to authenticate the switch on the server. Syntax Parameters Default Command Mode radius-server host {hostname | ip-address} key {0 authentication-key | 9 authentication-key | authentication-key} [auth-port port-number] • hostname — Enter the host name of the RADIUS server. • ip-address — Enter the IPv4 (A.B.C.D) or IPv6 (x:x:x:x::x) address of the RADIUS server. • key 0 authentication-key — Enter an authentication key in plain text.
• Default authentication-key — Enter the radsec shared key in plain text. It is not necessary to enter 0 before the key. TCP port 2083 on a RADIUS server for RADIUS over TLS communication Command Mode Usage Information • CONFIGURATION For RADIUS over TLS authentication, configure the radsec shared key on the server and OS10 switch. The show running-configuration output displays both the unencrypted and encrypted key in encrypted format.
Usage Information Use this command to globally configure the timeout value used on RADIUS servers. The no version of this command resets the value to the default. Example OS10(config)# radius-server timeout 360 Supported Releases 10.2.0E or later radius-server vrf Configures the RADIUS server for the management or non-default VRF instance.
service simple-password Disables the strong password check configured with username password role and password-attributes commands. Syntax service simple-password Parameters None Default Not configured Command Mode CONFIGURATION Usage Information Use the service simple-password command to turn off the strong password checks so that you can configure passwords with no restrictions. To revert to the configured stronger password settings, use the no service simple-password command.
• ed25519 — Displays the Ed25519 key. Default Not configured Command Mode EXEC Usage Information After you regenerate an SSH server key with a customized bit size, disable and re-enable the SSH server to use the new public keys. To verify the changes, use the show crypto command. If a remote SSH client uses strict host-key checking, copy a newly generated host key to the list of known hosts on the client device.
show logging audit Displays audit log entries. Syntax show logging audit [reverse] [number] Parameters • reverse — Display entries starting with the most recent events. • number — Display the specified number of audit log entries users, from 1 to 65535. Default Display 24 entries starting with the oldest events. Command Mode EXEC Usage Information Only the sysadmin and secadmin roles can display the audit log. Enter reverse to display entries starting with the most recent events.
Command Mode EXEC Usage Information Only the sysadmin and secadmin roles can access this command. The show output displays login information for system users, including the number of successful and failed logins, role changes, and the last time a user logged in.
Defaults Not configured Command Mode EXEC Example OS10# show running-configuration privilege privilege exec priv-lvl 3 configure privilege configure priv-lvl 4 "interface ethernet" enable password sha-512 $6$Yij02Phe2n6whp7b$ladskj0HowijIlkajg981 priv-lvl 12 Supported Releases 10.4.3.0 or later show users Displays information for all users logged into OS10.
system-user linuxadmin password Configures a password for the linuxadmin user. Syntax system-user linuxadmin password {clear-text-password | hashed-password} Parameters None Defaults Not configured Command Mode • CONFIGURATION Usage Information Use the system-user linuxadmin passwordcommand to set a clear-text or hashed-password for the linuxadmin user.
Supported Releases 10.4.0E(R2) or later tacacs-server timeout Configures the global timeout used for authentication attempts on TACACS+ servers. Syntax tacacs-server timeout seconds Parameters seconds — Enter the timeout period used to wait for an authentication response from a TACACS+ server, from 1 to 1000 seconds. Default 5 seconds Command Mode • CONFIGURATION Usage Information The no version of this command resets the TACACS+ server timeout to the default.
username password role Creates an authentication entry based on a user name and password, and assigns a role to the user. Syntax Parameters username username password password role role [priv-lvl privilege-level] • username username—Enter a text string. A maximum of 32 alphanumeric characters; one character minimum. • password password—Enter a text string. A maximum of 32 alphanumeric characters; nine characters minimum. Password prefixes $1$, $5$, and$6$ are not supported in clear-text passwords.
username sshkey Enables SSH password-less login using the public key for a remote client. The remote client is not prompted to enter a password. Syntax username username sshkey {sshkey-string | "ssh-rsa publickey-string"} Parameters Default • username — Enter the user name of the remote client. This value is the user name configured with the username password role command. • sshkey-string — Enter the text string used as the public key by a remote client device to log on to the OS10 switch.
username sshkey filename Enables SSH password-less login for remote clients using multiple public keys. A remote client is not prompted to enter a password. Syntax Parameters Default Command Mode Usage Information username username sshkey filename filepath • username — Enter an OS10 user name who logs in on a remote client. This value is the user name configured using the username password role command.
– sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell. A system administrator can create user IDs and user roles. – secadmin — Full access to configuration commands that set security policy and system access, such as password strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic keys, login statistics, and log information.
X.509v3 concepts Certificate Certificate authority (CA) A document that associates a network device with its public key. When exchanged between participating devices, certificates are used to validate device identity and the public key associated with the device. A PKI uses the following certificate types: • CA certificate: The certificate of a CA that is used to sign host certificates. A CA certificate may be issued by other CAs or be self-signed.
3 Generate private keys and create CSRs on OS10 switches using the crypto cert generate request command. A switch uploads a CSR to an intermediate CA. To store the private key in a local hidden location, Dell EMC Networking recommends using the key-file private parameter with the command. 4 Download and install a CA certificate on a host using the crypto ca-cert install command.
Version: 3 (0x2) Serial Number: 95:48:23:17:76:9d:05:e1 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = California, L = Santa Clara, O = Dell EMC, OU = Networking, CN = Dell_rootCA1 Validity Not Before: Jul 25 18:21:50 2018 GMT Not After : Jul 20 18:21:50 2038 GMT Subject: C = US, ST = California, L = Santa Clara, O = Dell EMC, OU = Networking, CN = Dell_rootCA1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:cd:9d:ca:10:6b:b1:54:81:10:92:42:
70:18:7e:76:66:ca:13:1c:e3:9c:4d:aa:d3:67:96:be:d9:49: 5c:69:10:75:26:53:f7:50:39:06:15:d1:3a:87:47:f6:92:a2: d4:91:35:29:b7:4b:ea:56:4c:13:5e:32:7f:c7:3f:4c:46:67: 54:8d:67:60:38:98:75:da:24:f2:64:b9:24:a1:e3:5b:42:66: 4c:c7:cb:ee:c3:ca:bd:87:1b:7a:fc:35:53:2d:74:68:db:a7: 47:db:03:a3:30:52:af:67:7f:54:a4:de:60:ca:ae:94:43:f8: 98:85:fc:18:9b:b1:db:81:44:57:0b:be:6a:56:9d:2f:7d:75: c2:22:a4:7c:d7:ee:f8:de:10:11:26:60:35:1c:4c:87:2e:a2: fb:1f:5f:30:6c:11:c1:fa:f2:5b:46:02:0a:18:2f:02:a4:99: f2:43:29:cf:e6:5b
Display a list of the CRLs installed on the switch in EXEC mode. show crypto crl [crl-filename] To delete a manually installed CRL that was configured with the crypto crl install command, use the crypto crl delete [crl-filename] command. To enable CRL checking on the switch, see Security profiles. Example: Configure CDP OS10# crypto cdp add cert1_cdp http://crl.chambersign.org/chambersignroot.
Generate a certificate signing request and private key • Create a private key and a CSR in EXEC mode. Store the CSR file in the home directory or flash: so that you can later copy it to a CA server. Specify a keypath to store the device.key file in a secure persistent location, such as the home directory, or use the private option to store the key file in a private hidden location in the internal file system that is not visible to users.
– cert-file cert-filepath specifies a source location for a downloaded certificate; for example, home://s4048-001cert.pem or usb://s4048-001-cert.pem. – key-file {key-path | private} specifies the local path to retrieve the downloaded or locally generated private key. Enter private to install the key from a local hidden location and rename the key file with the certificate name. – password passphrase specifies the password used to decrypt the private key if it was generated using a password.
| Installed FIPS certificates | -------------------------------------- OS10# show crypto cert Dell_host1_CA1.
A self-signed certificate is not signed by a CA. The switch presents itself as a trusted device in its certificate. Connecting clients may prompt their users to trust the certificate — for example, when a web browser warns that a site is unsafe — or to reject the certificate, depending on the configuration. A self-signed certificate does not provide protection against man-in-the-middle attacks.
If the certificate installation is successful, the file name of the self-signed certificate and its common name are displayed. Use the file name to configure the certificate in a security profile using the crypto security-profile command. Example: Generate and install self-signed certificate and key OS10# crypto cert generate self-signed cert-file home://DellHost.pem key-file home:// DellHost.key email admin@dell.com length 1024 altname DNS:dell.domain.com validity 365 Processing certificate ...
Security profiles To use independent sets of security credentials for different OS10 applications, you can configure multiple security profiles and assign them to OS10 applications. A security profile consists of a certificate and private key pair. For example, you can maintain different security profiles for RADIUS over TLS authentication and SmartFabric services. Using different security profiles allows you to upgrade one application without interrupting the operation of the other one.
crypto security-profile radius-prof certificate dv-fedgov-s6010-1 OS10# show running-configuration radius-server radius-server host radius-server-2.test.com tls security-profile radius-prof key 9 2b9799adc767c0efe8987a694969b1384c541414ba18a44cd9b25fc00ff180e9 Cluster security When you enable VLT or a fabric automation application, switches that participate in the cluster use secure channels to communicate with each other.
This will replace the already installed host certificate. Do you want to proceed ? [yes/no(default)]:yes Processing certificate ... Host certificate installed successfully. 3. Configure an X.509v3 security profile.
cluster security-profile Creates a security profile for a cluster application. Syntax cluster security-profile profile-name Parameters profile-name — Enter the name of the security profile; a maximum of 32 characters. Default Not configured Command mode CONFIGURATION Usage information When you enable VLT or a fabric automation application, switches that participate in the cluster use secure channels to communicate with each other. OS10 installs a default X.
Parameters • ca-cert-filepath — Enter the local path where the downloaded CA certificate is stored; for example, home://CAcert.pem or usb://CA-cert.pem. • filename — (Optional) Enter the filename that the CA certificate is stored under in the OS10 trust store directory. Enter the filename in the filename.crt format.
Usage Information Before you delete a CDP, use the show crypto cdp command to display a list of all CDPs installed on the switch. Example OS10# crypto cdpl delete Comsign Supported Releases 10.5.0.0 or later crypto cert delete Deletes an installed host certificate and the private key created with it. Syntax crypto cert delete filename [fips] Parameters • filename — Enter the file name of the host certificate as displayed in the show crypto cert command.
• key-file {key-path | private} — Enter the local path where the downloaded or locally generated private key is stored. If the key was downloaded to a remote server, enter the server path using a secure method, such as HTTPS, SCP, or SFTP. Enter private to store the key in a local hidden location. • country 2-letter-code — (OPTIONAL) Enter the two-letter code that identifies the country. • state state — Enter the name of the state. • locality city — Enter the name of the city.
Processing certificate ... Successfully created CSR file /home/admin/cert1.pem and key OS10# crypto cert generate self-signed cert-file home://cert2.pem key-file home:e OS10-VM email admin@dell.com length 1024 altname.dell.com validity 365 Processing certificate ... Successfully created certificate file /home/admin/cert2.pem and key Supported releases 10.4.3.0 or later crypto cert install Installs a host certificate and private key on the switch. A host certificate may be trusted from a CA or self-signed.
Supported releases 10.4.3.0 or later crypto crl delete Deletes a Certificate Revocation List file in the trust store on the switch. Syntax Parameters crypto crl delete crl-filename • crl-filename — Enter a CRL filename with the .pem extension as displayed under Manually installed CRLs in show crypto crl output. Default Not configured Command Mode EXEC Usage Information The crypto crl delete command deletes only manually installed CRLs.
crypto fips enable Enables FIPS mode. Syntax crypto fips enable Parameters None Default Not configured Command mode EXEC Usage information You can use OS10 in FIPS 140-2 compliant mode. In this mode, applications restrict their use of cryptographic algorithms to those supported by the NIST FIPS 140-2 standard and certification process. When you enable FIPS mode: • The SSH service restarts. Existing SSH sessions are not affected. Only new SSH sessions operate in the enabled FIPS mode.
Default Not configured Command mode SEC-PROFILE Usage information Use the peer-name-check command to enable an OS10 application to verify that the certificate used to connect to the switch matches the name of the peer device, such as a remote server name. The no version of the command disables peer name checking in the security profile.
Example OS10# show crypto ca-certs -------------------------------------| Locally installed certificates | -------------------------------------Dell_interCA1.crt Dell_rootCA1.crt OS10# show crypto ca-certs Dell_interCA1.
Usage Information Use the show crypto cdp command to verify the CDPs installed on the switch and display the URL to reach a CDP. OS10 uses the URL to access the CDP and download new CRLs. In the show output: • Manually installed CDPs are installed using the crypto cdp add command. • Automatically installed CDPs are automatically configured when you install a CA certificate with a specified CDP. Add or delete CDPs using the crypto cdp install and crypto cdp delete commands.
Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e7:81:4b:4a:12:8d:ce:88:e6:73:3f:da:19:03: c6:56:01:19:b2:02:61:3f:5b:1e:33:28:a1:ed:e3: 85:bc:56:fb:18:d5:16:2e:a0:e7:3a:f9:34:b4:df: 37:97:93:a9:b9:94:b2:9f:69:af:fa:31:77:68:06: 89:7b:6d:fc:91:14:4a:c8:7b:23:93:f5:44:5a:0a: 3f:ce:9b:af:a6:9b:49:29:fd:fd:cb:34:40:c4:02: 30:95:37:28:50:d8:81:fb:1f:83:88:d9:1f:a3:0e: 49:a1:b3:df:90:15:d4:98:2b:b2:38:98:6e:04:aa: bd:92:1b:98:48:4d:08:49:69:41:4e:6a:ee:63:d8: 2a:9f:e6:15:e2:1d:c3:89:f5:f0:
-------------------------------------OS10# show crypto crl COMODO_Certification_Authority.0.crl.
OS10# crypto cert install crt-file usb://s4048-001-crt.pem key-file usb://s4048-001-crt.key This will replace the already installed host certificate. Do you want to proceed ? [yes/no(default)]:yes Processing certificate ... Host certificate installed successfully. 3. Configure an X.509v3 security profile. OS10# show crypto cert -------------------------------------| Installed non-FIPS certificates -------------------------------------s4048-001-csr.
16 OpenFlow Switches implement the control plane and data plane in the same hardware. Software-defined network (SDN) decouples the software (control plane) from the hardware (data plane). A centralized SDN controller handles the control plane traffic and hardware configuration for data plane flows. The SDN controller is the "brain" of an SDN.
NOTE: Do not use the no openflow or no mode openflow-only command. OS10# delete startup-configuration OS10# reload OpenFlow logical switch instance In OpenFlow-only mode, you can configure only one logical switch instance. After you enable OpenFlow mode, create a logical switch instance. The logical switch instance is disabled by default. When the logical switch instance is enabled, the OpenFlow application starts the connection with the configured controller.
Port types Support (Required) ANY Supported (Optional) LOCAL Not supported (Optional) NORMAL Not supported (Optional) FLOOD Not supported Flow table An OpenFlow flow table consists of flow entries. Each flow table entry contains the following fields: Table 42.
Action set An action set associates with each packet. Table 44. Supported action sets Action set Support copy TTL inwards Not supported pop Not supported push-MPLS Not supported push-VLAN Not supported copy TTL outwards Not supported decrement TTL Not supported set Supported (selective fields) qos Not supported group Not supported output Supported Action types An action type associates with each packet. Table 45.
Counters Counters are used for statistical purposes. Table 46.
Required/Optional Counter Bits Support Optional Packet count 64 Not supported Optional Byte count 64 Not supported Required Duration (seconds) 32 Not supported Optional Duration (nanoseconds) 32 Not supported Optional Packet count 64 Not supported Optional Byte count 64 Not supported Optional Flow count 32 Not supported Optional Input packet count 64 Not supported Optional Input byte count 64 Not supported Required Duration (seconds) 32 Not supported Optional Dur
Table 48. Supported asynchronous types Asynchronous types Supported/Not supported Packet-in Supported Flow-removed Supported Port-status Supported Error Supported Symmetric Table 49. Supported symmetric types Symmetric types Supported/Not supported Hello Supported Echo Supported Experimenter Not supported Connection setup TCP Table 50.
Flow table modification messages Supported/Not supported OFPFC_MODIFY_STRICT=2 Supported OFPFC_DELETE=3 Supported OFCPC_DELETE_STRICT=4 Supported Message types Table 52.
Message Type Meters and rate limiters configuration messages Message Support OFPT_SET_ASYNC=28 Not supported OFPT_METER_MOD=29 Not supported Flow match fields Table 53.
Flow match fields Supported/Not supported OFPXMT_OFB_ARP_OP = 21 Not supported OFPXMT_OFB_ARP_SPA = 22 Not supported OFPXMT_OFB_ARP_TPA = 23 Not supported OFPXMT_OFB_ARP_SHA = 24 Not supported OFPXMT_OFB_ARP_THA = 25 Not supported OFPXMT_OFB_IPV6_SRC = 26 Not supported OFPXMT_OFB_IPV6_DST = 27 Not supported OFPXMT_OFB_IPV6_FLABEL = 28 Not supported OFPXMT_OFB_ICMPV6_TYPE = 29 Not supported OFPXMT_OFB_ICMPV6_CODE = 30 Not supported OFPXMT_OFB_IPV6_ND_TARGET = 31 Not supported OFPXMT_O
Action structures Supported/Not supported OFPAT_PUSH_VLAN = 17 Not supported OFPAT_POP_VLAN = 18 Not supported OFPAT_PUSH_MPLS = 19 Not supported OFPAT_POP_MPLS = 20 Not supported OFPAT_SET_QUEUE = 21 Not supported OFPAT_GROUP = 22 Not supported OFPAT_SET_NW_TTL = 23 Not supported OFPAT_DEC_NW_TTL = 24 Not supported OFPAT_SET_FIELD = 25 Supported OFPAT_PUSH_PBB = 26 Not supported OFPAT_POP_PBB = 27 Not supported Capabilities supported by the data path Table 55.
Message type description Individual flow statistics Request/Reply Body • The reply body is struct ofp_desc • The request body is struct ofp_flow_stats_request The reply body is an array of struct ofp_flow_stats • Aggregate flow statistics • • Flow table statistics Port statistics • • The request body is empty The reply body is an array of struct ofp_table_stats • The request body is struct ofp_port_stats_request The reply body is an array of struct ofp_port_stats • Queue statistics for a port
Message type description Request/Reply Body • Table features • • Port description • • Message Support The reply body is struct ofp_meter_features OFPMP_TABLE_FEATURES = The request body is empty or 12 contains an array of struct ofp_table_features that includes the controller's desired view of the switch.
Property type Supported/Not supported OFPTFPT_APPLY_ACTIONS_MISS = 7 Not supported OFPTFPT_MATCH = 8 Supported OFPTFPT_WILDCARDS = 10 Supported OFPTFPT_WRITE_SETFIELD = 12 Supported OFPTFPT_WRITE_SETFIELD_MISS = 13 Not supported OFPTFPT_APPLY_SETFIELD = 14 Supported OFPTFPT_APPLY_SETFIELD_MISS = 15 Not supported Group configuration Table 59.
Flow-removed reasons Table 62. Supported reasons Flow-removed reasons Supported/Not supported OFPRR_IDLE_TIMEOUT = 0 Supported OFPRR_HARD_TIMEOUT = 1 Supported OFPRR_DELETE = 2 Supported OFPRR_GROUP_DELETE = 3 Not supported Error types from switch to controller Table 63.
Error types Supported/Not supported OFPBRC_BAD_TYPE = 1 Supported OFPBRC_BAD_MULTIPART = 2 Not supported OFPBRC_BAD_EXPERIMENTER = 3 Not supported OFPBRC_BAD_EXP_TYPE = 4 Not supported OFPBRC_EPERM = 5 Not supported OFPBRC_BAD_LEN = 6 Supported OFPBRC_BUFFER_EMPTY = 7 Not supported OFPBRC_BUFFER_UNKNOWN = 8 Not supported OFPBRC_BAD_TABLE_ID = 9 Supported OFPBRC_IS_SLAVE = 10 Not supported OFPBRC_BAD_PORT = 11 Supported OFPBRC_BAD_PACKET = 12 Not supported OFPBRC_MULTIPART_BUFFER_OV
Error types Supported/Not supported OFPBAC_BAD_SET_TYPE = 13 Not supported OFPBAC_BAD_SET_LEN = 14 Not supported OFPBAC_BAD_SET_ARGUMENT = 15 Supported Bad instruction code OFPBIC_UNKNOWN_INST = 0 Not supported OFPBIC_UNSUP_INST = 1 Not supported OFPBIC_BAD_TABLE_ID = 2 Not supported OFPBIC_UNSUP_METADATA = 3 Not supported OFPBIC_UNSUP_METADATA_MASK = 4 Not supported OFPBIC_BAD_EXPERIMENTER = 5 Not supported OFPBIC_BAD_EXP_TYPE = 6 Not supported OFPBIC_BAD_LEN = 7 Not supported OFPBI
Error types Supported/Not supported OFPFMFC_UNKNOWN = 0 Supported OFPFMFC_TABLE_FULL = 1 Supported OFPFMFC_BAD_TABLE_ID = 2 Supported OFPFMFC_OVERLAP = 3 Supported OFPFMFC_EPERM = 4 Not supported OFPFMFC_BAD_TIMEOUT = 5 Not supported OFPFMFC_BAD_COMMAND = 6 Supported OFPFMFC_BAD_FLAGS = 7 Not supported Group modification failed code OFPGMFC_GROUP_EXISTS = 0 Not supported OFPGMFC_INVALID_GROUP = 1 Not supported OFPGMFC_WEIGHT_UNSUPPORTED = 2 Not supported OFPGMFC_OUT_OF_GROUPS = 3 No
Error types Supported/Not supported OFPPMFC_BAD_CONFIG = 2 Not supported OFPPMFC_BAD_ADVERTISE = 3 Not supported OFPPMFC_EPERM = 4 Not supported Table modification failed code OFPTMFC_BAD_TABLE = 0 Supported OFPTMFC_BAD_CONFIG = 1 Not supported OFPTMFC_EPERM = 2 Not supported Queue operation failed code OFPQOFC_BAD_PORT = 0 Supported OFPQOFC_BAD_QUEUE = 1 Not supported OFPQOFC_EPERM = 2 Not supported Switch configuration failed code OFPSCFC_BAD_FLAGS = 0 Not supported OFPSCFC_BAD_LEN =
OpenFlow use cases OS10 OpenFlow protocol support allows the flexibility of using vendor-neutral applications and to use applications that you create. For example, the OS10 OpenFlow implementation supports L2 applications similar to the ones found in the following websites: • https://github.com/osrg/ryu/tree/master/ryu/app (only L2 applications are supported) • https://github.com/osrg/ryu/tree/master/ryu/app NOTE: OS10 supports applications based on OpenFlow versions 1.0 and 1.3.
OS10 (conf-if-ma-1/1/1)# no shutdown OS10 (conf-if-ma-1/1/1)# exit 2 b 4 Configure the logical switch instance, of-switch-1. OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# switch of-switch-1 Option 2; for in-band management: 1 Configure one of the front-panel ports as the management port.
In the following commands, the destination path and the destination file name on the OS10 switch, for example, config://../ openflow/cacert.pem, remain the same in your deployment. Ensure that you enter the destination path and destination file names as specified in the following example: OS10# copy scp://username:password@server-ip/full-path-to-the-certificates/controllercert.pem config://../openflow/cacert.pem OS10# copy scp://username:password@server-ip/full-path-to-the-certificates/switch-cert.
corresponding to the switch certificate) Example The following example configures an OpenFlow controller with IP address 10.11.63.56 on port 6633 for the logical switch instance, of-switch-1: OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# switch of-switch-1 OS10 (config-openflow-switch)# controller ipv4 10.11.63.
in-band-mgmt Configures the front-panel ports as the management interface that the SDN controller connects to. Syntax in-band-mgmt interface ethernet node/slot/port[:subport] Parameters node/slot/port[:subport]—Enter the physical port information. Default None Command Mode OPENFLOW CONFIGURATION Usage Information Use this command to convert any one of the front-panel ports as the management interface. This port is not part of the OpenFlow logical switch instance.
mode openflow-only Enables OpenFlow-only mode on the switch. Syntax mode openflow-only Parameters None Default None Command Mode OPENFLOW CONFIGURATION Usage Information Use this command to enable OpenFlow-only mode. This command reloads the switch and boots to OpenFlow-only mode. This command deletes all L2 and L3 configurations. However, the system management and AAA configurations are retained. The no form of this command prompts you to reload the switch.
probe-interval Configures the echo request interval, in seconds, for the controller configured with the logical switch instance. Syntax probe-interval interval Parameters interval—Enter the amount of time, in seconds, between the keepalive messages, also known as echo requests, from 1 to 65,535.
OS10 OS10 OS10 OS10 Supported Releases (config-openflow-switch)# shutdown (config-openflow-switch)# protocol-version 1.3 (config-openflow-switch)# no shutdown (config-openflow-switch)# 10.4.1.0 or later rate-limit packet_in Configures the maximum packet rate for the controller connection, and the maximum packets permitted in a burst sent to the controller in a second.
Default None Command Mode EXEC Usage Information None Example OS10# show openflow Manufacturer : DELL Hardware Description : Software Description : Dell Networking OS10-Premium, Dell Networking Application Software Version: 10.4.
IP DSCP: 4 IP ECN: 1 IP Proto: 1 Src Ip: 10.0.0.1/255.255.255.255 Dst Ip: 20.0.0.1/255.255.255.255 ICMPv4 Type: 1 ICMPv4 Code: 10 L4 Src Port: * L4 Dst Port: * Apply-Actions: Output= ethernet1/1/2, ethernet1/1/3:1 Write-Actions: Drop Supported Releases 10.4.1.0 or later show openflow ports Displays the OpenFlow ports for a specific logical switch instance.
COPPER ethernet1/1/12 COPPER ethernet1/1/13 NONE ethernet1/1/14 NONE ethernet1/1/15 NONE ethernet1/1/16 NONE ethernet1/1/17 NONE ethernet1/1/18 NONE ethernet1/1/19 NONE ethernet1/1/20 NONE ethernet1/1/21 NONE ethernet1/1/22 NONE ethernet1/1/23 NONE ethernet1/1/24 NONE ethernet1/1/25 COPPER ethernet1/1/26 COPPER ethernet1/1/27 NONE ethernet1/1/28 NONE ethernet1/1/29 NONE ethernet1/1/30 NONE ethernet1/1/31 NONE ethernet1/1/32 NONE Supported Releases 45 PORT_UP(CLI) LINK_UP 40GB FD YES 49 PORT_UP(CLI)
Data plane: secure Max backoff (sec): 8 Probe Interval (sec): 5 DPID: 90:b1:1c:f4:a5:23 Switch Name : of-switch-1 Number of buffers: 0 Number of tables: 1 Table ID: 0 Table name: Ingress ACL TCAM table Max entries: 1000 Active entries: 0 Lookup count: 0 Matched count: 0 Controllers: 10.16.208.150:6633, Protocol: none, packet-in Rate limit (packet per second): 0 packet-in Burst limit: 0 Supported Releases 10.4.1.
switch Creates a logical switch instance or modifies an existing logical switch instance. Syntax switch logical-switch-name Parameters logical-switch-name—Enter the name of the logical switch instance that you want to create or modify, a maximum of 15 characters. OS10 supports only one instance of the logical switch. Default None Command Mode OPENFLOW CONFIGURATION Usage Information You must configure a controller for the logical switch instance. The logical switch instance is disabled by default.
Mode Available CLI commands end eula-consent exec-timeout exit feature help host-description hostname interface ip • ip access-list • ip route • ip ssh • ip telnet ipv6 • ip access-list line logging login management no ntp openflow password-attributes policy-map radius-server rest scale-profile support-assist system tacacs-server trust username userrole EXEC All commands The following debug commands are not available: • debug iscsi • debug radius OpenFlow 1033
Mode Available CLI commands • debug tacacs+ LAG INTERFACE CONFIGURATION LAG is not supported. LOOPBACK INTERFACE CONFIGURATION Loopback interface is not supported. INTERFACE CONFIGURATION description end exit ip mtu negotiation ntp show shutdown VLAN INTERFACE CONFIGURATION 1034 OpenFlow VLAN is not supported.
17 Access Control Lists OS10 uses two types of access policies — hardware-based ACLs and software-based route-maps. Use an ACL to filter traffic and drop or forward matching packets. To redistribute routes that match configured criteria, use a route-map. ACLs ACLs are a filter containing criterion to match; for example, examine internet protocol (IP), transmission control protocol (TCP), or user datagram protocol (UDP) packets, and an action to take such as forwarding or dropping packets at the NPU.
Ingress and egress hot-lock ACLs allow you to append or delete new rules into an existing ACL without disrupting traffic flow. Existing entries in the content-addressable memory (CAM) shuffle to accommodate the new entries. Hot-lock ACLs are enabled by default and support ACLs on all platforms. NOTE: Hot-lock ACLs support ingress ACLs only. MAC ACLs MAC ACLs filter traffic on the header of a packet.
NOTE: Apply control-plane ACLs on ingress traffic only. Control-plane ACL qualifiers This section lists the supported control-plane ACL rule qualifiers. NOTE: OS10 supports only the qualifiers listed below. Ensure that you use only these qualifiers in ACL rules.
If the ACL filters based on L4 information, the non-initial packets within the fragmented packet flow will not match the L4 information, even if the original packet would have matched the filter. Because of this filtering, packets are not processed by the ACL. The examples show denying second and subsequent fragments, and permitting all packets on an interface. These ACLs deny all second and subsequent fragments with destination IP 10.1.1.
OS10(conf-ipv4-acl)# permit tcp host 10.1.1.1 any fragment OS10(conf-ipv4-acl)# deny ip any any fragment To log all packets denied and to override the implicit deny rule and the implicit permit rule for TCP/ UDP fragments, use a similar configuration.
While deleting ACL rules, the following conditions apply: • Enter the exact no form of the CLI command. Each ACL rule is an independent entity. For example, the rule, deny ip any any is different from deny ip any any count. For example, if you configured the following rules: deny ip 1.1.1.1/24 2.2.2.2/24 deny ip any any Using the no deny ip any any command deletes only the deny ip any any rule. To delete the deny ip 1.1.1.1/24 2.2.2.2/24 rule, you must explicitly use the no deny ip 1.1.1.1/24 2.2.2.
1 Enter the interface information in CONFIGURATION mode. interface ethernet node/slot/port 2 Configure an IP address for the interface, placing it in L3 mode in INTERFACE mode. ip address ip-address 3 Apply an IP ACL filter to traffic entering or exiting an interface in INTERFACE mode. ip access-group access-list-name {in | out} Configure IP ACL OS10(config)# interface ethernet 1/1/28 OS10(conf-if-eth1/1/28)# ip address 10.1.2.
OS10(config)# ip access-list acl1 OS10(conf-ipv4-acl)# permit ip host 10.1.1.1 host 100.1.1.1 count Egress ACL filters Egress ACL filters affect the traffic leaving the network. Configuring egress ACL filters onto physical interfaces protects the system infrastructure from a malicious and intentional attack by explicitly allowing only authorized traffic. These system-wide ACL filters eliminate the need to apply ACL filters onto each interface. You can use an egress ACL filter to restrict egress traffic.
• Clear IPv6 access-list counters in EXEC mode. clear ipv6 access-list counters access-list-name • Clear MAC access-list counters in EXEC mode. clear mac access-list counters access-list-name IP prefix-lists IP prefix-lists control the routing policy. An IP prefix-list is a series of sequential filters that contain a matching criterion and an permit or deny action to process routes.
Configure match metric OS10(config)# route-map hello OS10(conf-route-map)# match metric 20 View route-map OS10(conf-route-map)# do show route-map route-map hello, permit, sequence 10 Match clauses: metric 20 Change match OS10(conf-route-map)# match metric 30 View updated route-map OS10(conf-route-map)# do show route-map route-map hello, permit, sequence 10 Match clauses: metric 30 To filter the routes for redistribution, combine route-maps and IP prefix lists.
Match routes Configure match criterion for a route-map. There is no limit to the number of match commands per route map, but keep the number of match filters in a route-map low. The set commands do not require a corresponding match command. • Match routes with a specific metric value in ROUTE-MAP mode, from 0 to 4294967295. match metric metric-value • Match routes with a specific tag in ROUTE-MAP mode, from 0 to 4294967295.
If you configure the continue command at the end of a module, the next module processes even after a match is found. The example shows a continue clause at the end of a route-map module — if a match is found in the route-map test module 10, module 30 processes.
seq seq seq seq 5 permit icmp any any capture session 10 permit ip 102.1.1.0/24 any capture 15 deny udp any any capture session 2 20 deny tcp any any capture session 3 1 count (0 packets) session 1 count bytes (0 bytes) count bytes (0 bytes) count bytes (0 bytes) Enable flow-based monitoring Flow-based monitoring conserves bandwidth by mirroring only specified traffic, rather than all traffic on an interface. It is available for L2 and L3 ingress and egress traffic.
The service pool displays the amount of used and free space for each of the features. The number of ACL rules configured for a feature is displayed in the configured rules column. The number of used rows depends on the number of ports the configured rules are applied on.
------Pool ID App(s) Used rows Free rows Max rows -----------------------------------------------------------------------------------------------------0 USER_IPV4_EGRESS 2 254 256 1 USER_L2_ACL_EGRESS 2 254 256 2 USER_IPV6_EGRESS 2 254 256 3 USER_IPV6_EGRESS 2 254 256 -----------------------------------------------------------------------------------------------------Service Pools -----------------------------------------------------------------------------------------------------App Allocated pools App gro
By default, the interval is set to 5 minutes and logs are created every 5 minutes. During this interval, the system continues to examine the packets against the configured ACL rule and permits or denies traffic, but logging is halted temporarily. This value is configurable and the range is from 1 to 10 minutes. For example, if you have configured a threshold value of 20 and an interval of 10 minutes, after an initial packet match, the 20th packet that matches the ACL entry is logged.
clear ipv6 access-list counters Clears IPv6 access-list counters for a specific access-list. Syntax clear ipv6 access-list counters [access-list-name] Parameters access-list-name — (Optional) Enter the name of the IPv6 access-list to clear counters. A maximum of 140 characters. Default Not configured Command Mode EXEC Usage Information If you do not enter an access-list name, all IPv6 access-list counters clear.
• ip — (Optional) Enter the IP address to deny. • tcp — (Optional) Enter the TCP address to deny. • udp — (Optional) Enter the UDP address to deny. • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits to match to the dotted decimal address. • any — (Optional) Enter the keyword any to specify any source or destination IP address. • host ip-address — (Optional) Enter the keyword and the IP address to use a host address only.
• log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# deny ipv6 any any capture session 1 Supported Releases 10.2.
• any — (Optional) Enter the keyword any to specify any source or destination IP address. • host ip-address — (Optional) Enter the IP address to use a host address only. • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments.
deny ip Configures a filter to drop all or specific packets from an IPv4 address. Syntax Parameters deny ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture |count [byte] | dscp value | fragment] • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.B.C.D/x — Enter the number of bits to match to the dotted decimal address.
Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# deny ipv6 any any capture session 1 Supported Releases 10.2.0E or later deny tcp Configures a filter that drops Transmission Control Protocol (TCP) packets meeting the filter criteria. Syntax deny tcp [A.B.C.D | A.B.C.
Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny tcp any any capture session 1 Supported Releases 10.2.0E or later deny tcp (IPv6) Configures a filter that drops TCP IPv6 packets meeting the filter criteria.
Parameters • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.B.C.D/x — Enter the number of bits to match to the dotted decimal address. • any — (Optional) Enter the keyword any to specify any source or destination IP address. • host ip-address — (Optional) Enter the IPv4 address to use a host address only. • ack — (Optional) Set the bit as acknowledgement. • fin — (Optional) Set the bit as finish—no more data from sender. • psh — (Optional) Set the bit as push.
• ack — (Optional) Set the bit as acknowledgement. • fin — (Optional) Set the bit as finish—no more data from sender. • psh — (Optional) Set the bit as push. • rst — (Optional) Set the bit as reset. • syn — (Optional) Set the bit as synchronize. • urg — (Optional) Set the bit set as urgent. • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes.
ip access-group Configures an IPv4 access group. Syntax ip access-group access-list-name {in | out} Parameters • access-list-name — Enter the name of an IPv4 access list. A maximum of 140 characters. • in — Apply the ACL to incoming traffic. • out — Apply the ACL to outgoing traffic. Default Not configured Command Mode INTERFACE CONTROL-PLANE Usage Information Use this command in the CONTROL-PLANE mode to apply a control-plane ACL. Control-plane ACLs are only applied on the ingress traffic.
Parameters • name — Enter an access list name. • deny | permit — Reject or accept a matching route. • regexp-string — Enter a regular expression string to match an AS-path route attribute. Defaults Not configured Command Mode CONFIGURATION Usage Information You can specify an access-list filter on inbound and outbound BGP routes. The ACL filter consists of regular expressions. If a regular expression matches an AS path attribute in a BGP route, the route is rejected or accepted.
ip community–list standard permit Creates a standard community list for BGP to permit access. Syntax ip community-list standard name permit {aa:nn | no-advertise | local-as | noexport | internet} Parameters • name — Enter the name of the standard community list used to identify one more deny groups of communities.
ip extcommunity-list standard permit Creates an extended community list for BGP to permit access. Syntax Parameters ip extcommunity-list standard name permit {4byteas-generic | rt | soo} • name — Enter the name of the community list used to identify one or more permit groups of extended communities. • rt — Enter the route target. • soo — Enter the route origin or site-of-origin.
• le — Enter to indicate the network address is less than or equal to the range specified. • prefix-len — Enter the prefix length. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix-list. Example OS10(config)# ip prefix-list denyprefix deny 10.10.10.2/16 le 30 Supported Release 10.3.0E or later ip prefix-list permit Creates a prefix-list to permit route filtering from a specified network address.
Usage Information The no version of this command removes the specified prefix list. Example OS10(config)# ip prefix-list seqprefix seq 65535 deny 10.10.10.1/16 ge 10 Supported Release 10.3.0E or later ip prefix-list seq permit Configures a filter to permit route filtering from a specified prefix list. Syntax Parameters ipv6 prefix-list [name] seq num permit A::B/x [ge | le} prefix-len • name — Enter the name of the prefix list. • num — Enter the sequence list number. • A.B.C.
Example (Controlplane ACL) OS10# configure terminal OS10(config)# control-plane OS10(config-control-plane)# ipv6 access-group aaa-cp-acl in Supported Releases 10.2.0E or later; 10.4.1 or later (control-plane ACL) ipv6 access-list Creates an IP access list to filter based on an IPv6 address. Syntax ipv6 access-list access-list-name Parameters access-list-name — Enter the name of an IPv6 access list. A maximum of 140 characters.
• description — Enter the description for the named prefix-list. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list. Example OS10(config)# ipv6 prefix-list TEST description TEST_LIST Supported Release 10.3.0E or later ipv6 prefix-list permit Creates a prefix-list to permit route filtering from a specified IPv6 network address.
Example OS10(config)# ipv6 prefix-list TEST seq 65535 deny AB20::1/128 ge 10 Supported Release 10.3.0E or later ipv6 prefix-list seq permit Configures a filter to permit route filtering from a specified prefix-list. Syntax ipv6 prefix-list [name] seq num permit A::B/x [ge | le} prefix-len Parameters • name — (Optional) Enter the name of the IPv6 prefix-list. • num — Enter the sequence number of the specified IPv6 prefix list. • A::B/x — Enter the IPv6 address and mask in /prefix format (/x).
Example (Controlplane ACL) OS10# configure terminal OS10(config)# control-plane OS10(config-control-plane)# mac access-group maclist in Supported Releases 10.2.0E or later; 10.4.1 or later (control-plane ACL) mac access-list Creates a MAC access list to filter based on a MAC address. Syntax mac access-list access-list-name Parameters access-list-name — Enter the name of a MAC access list. A maximum of 140 characters.
Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# permit udp any any capture session 1 Supported Releases 10.2.0E or later permit (IPv6) Configures a filter to allow packets with a specific IPv6 address.
permit (MAC) Configures a filter to allow packets with a specific MAC address. Syntax Parameters permit {nn:nn:nn:nn:nn:nn [00:00:00:00:00:00] | any} {nn:nn:nn:nn:nn:nn [00:00:00:00:00:00] | any} [protocol-number | capture | count [byte] | cos | vlan] • nn:nn:nn:nn:nn:nn — Enter the MAC address. • 00:00:00:00:00:00 — (Optional) Enter which bits in the MAC address must match. If you do not enter a mask, a mask of 00:00:00:00:00:00 applies.
• log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# permit icmp any any capture session 1 Supported Releases 10.2.
• A.B.C.D/x — Enter the number of bits to match to the dotted decimal address. • any — (Optional) Enter the keyword any to specify any source or destination IP address. • host ip-address — (Optional) Enter the IPv4 address to use a host address only. • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes.
permit tcp Configures a filter to permit TCP packets meeting the filter criteria. Syntax permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address.
permit tcp (IPv6) Configures a filter to permit TCP packets meeting the filter criteria. Syntax Parameters permit tcp [A::B | A::B/x | any | host ipv6-address [eq | lt | gt | neq | range]] [A::B | A:B/x | any | host ipv6-address [eq | lt | gt | neq | range]] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits that must match the IPv6 address.
• psh — (Optional) Set the bit as push. • rst — (Optional) Set the bit as reset. • syn — (Optional) Set the bit as synchronize. • urg — (Optional) Set the bit set as urgent. • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes filter processes. • dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments.
• syn — (Optional) Set the bit as synchronize. • urg — (Optional) Set the bit set as urgent. • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments. • log — (Optional) Enables ACL logging.
Parameters • sequence-number — Enter the sequence number to identify the ACL for editing and sequencing number, from 1 to 16777214. • protocol-number — (Optional) Enter the protocol number, from 0 to 255. • icmp — (Optional) Enter the ICMP address to deny. • ip — (Optional) Enter the IPv4 address to deny. • tcp — (Optional) Enter the TCP address to deny. • udp — (Optional) Enter the UDP address to deny. • A.B.C.D — (Optional) Enter the IPv4 address in dotted decimal format. • A.B.C.
• any — (Optional) Enter the keyword any to specify any source or destination IP address. • host ipv6-address — (Optional) Enter to use an IPv6 host address only. • capture — (Optional) Enter to capture packets the filter processes. • count — (Optional) Enter to count packets the filter processes. • byte — (Optional) Enter to count bytes the filter processes. • dscp value — (Optional) Enter to deny a packet based on the DSCP values, from 0 to 63.
Example OS10(config)# mac access-list macacl OS10(conf-mac-acl)# seq 10 deny 00:00:00:00:11:11 00:00:11:11:11:11 any cos 7 OS10(conf-mac-acl)# seq 20 deny 00:00:00:00:11:11 00:00:11:11:11:11 any vlan 2 Supported Releases 10.2.0E or later seq deny icmp Assigns a filter to deny ICMP messages while creating the filter. Syntax seq sequence-number deny icmp [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.
• A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits that must match the IPv6 address. • any — (Optional) Enter the keyword any to specify any source or destination IP address. • host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes.
Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ip access-list egress OS10(config-ipv4-acl)# seq 10 deny ip any any capture session 1 log Supported Releases 10.2.0E or later seq deny ipv6 Assigns a filter to deny IPv6 addresses while creating the filter.
seq deny tcp Assigns a filter to deny TCP packets while creating the filter. Syntax Parameters seq sequence-number deny tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.
seq deny tcp (IPv6) Assigns a filter to deny TCP packets while creating the filter. Syntax seq sequence-number deny tcp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
seq deny udp Assigns a filter to deny UDP packets while creating the filter. Syntax Parameters seq sequence-number deny udp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.
seq deny udp (IPv6) Assigns a filter to deny UDP packets while creating the filter. Syntax seq sequence-number deny udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
seq permit Assigns a sequence number to permit packets while creating the filter. Syntax Parameters seq sequence-number permit [protocol-number A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • protocol-number — (Optional) Enter the protocol number, from 0 to 255. • A.B.C.
• any — (Optional) Enter the keyword any to specify any source or destination IP address. • host ipv6-address — (Optional) Enter the IPv6 address to be used as the host address. • capture — (Optional) Enter to capture packets the filter processes. • count — (Optional) Enter to count packets the filter processes. • byte — (Optional) Enter to count bytes the filter processes. • dscp value — (Optional) Enter the DSCP value to permit a packet, from 0 to 63.
Example OS10(config)# mac access-list macacl OS10(conf-mac-acl)# seq 10 permit 00:00:00:00:11:11 00:00:11:11:11:11 any cos 7 OS10(conf-mac-acl)# seq 20 permit 00:00:00:00:11:11 00:00:11:11:11:11 any vlan 2 Supported Releases 10.2.0E or later seq permit icmp Assigns a sequence number to allow ICMP messages while creating the filter Syntax Parameters seq sequence-number permit icmp [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.
Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits that must match the IPv6 address. • any — (Optional) Enter the keyword any to specify any source or destination IP address. • host ipv6-address — (Optional) Enter the IPv6 address to use a host address only.
Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 5 permit ip any any capture session 1 log Supported Releases 10.2.
seq permit tcp Assigns a sequence number to allow TCP packets while creating the filter. Syntax seq sequence-number permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.
seq permit tcp (IPv6) Assigns a sequence number to allow TCP IPv6 packets while creating the filter. Syntax Parameters seq sequence-number permit tcp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
seq permit udp Assigns a sequence number to allow UDP packets while creating the filter. Syntax seq sequence-number permit udp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.
seq permit udp (IPv6) Assigns a sequence number to allow UDP IPv6 packets while creating a filter. Syntax Parameters seq sequence-number permit udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
show access-group Displays IP, MAC, or IPv6 access-group information. Syntax show {ip | mac | ipv6} access-group name Parameters • ip — View IP access group information. • mac — View MAC access group information. • ipv6 — View IPv6 access group information. • access-group name — Enter the name of the access group.
• access-lists in | out — Enter either access lists in or access lists out. • access-list—name — Enter the name of the access-list.
ethernet 1/1/1 seq 5 permit ipv6 11::/32 any count (0 packets) Example (IP In Control-plane ACL) OS10# show ip access-lists in Ingress IP access-list aaa-cp-acl Active on interfaces : control-plane data seq 10 permit ip any any control-plane mgmt seq 10 permit ip any any Example (IPv6 In Control-plane ACL) OS10# show ipv6 access-lists in Ingress IPV6 access-list aaa-cp-acl Active on interfaces : control-plane data seq 10 permit ipv6 any any control-plane mgmt seq 10 permit ipv6 any any Example (MAC In C
7 USER_IPV6_ACL 4 508 512 8 USER_IPV6_ACL 4 508 512 9 USER_L2_ACL 4 508 512 10 USER_L2_ACL 4 508 512 11 FREE 0 512 512 ---------------------------------------------------------------------------------------Service Pools ---------------------------------------------------------------------------------------App Allocated pools App group Configured rules Used rows Free r ---------------------------------------------------------------------------------------USER_L2_ACL Shared:2 G9 1 2 254 256 USER_IPV4_ACL Shar
Ingress ACL utilization - Pipe 3 Hardware Pools --------------------------------------------------------------------Pool ID App(s) Used rows Free rows Max rows --------------------------------------------------------------------0 SYSTEM_FLOW 98 414 512 1 SYSTEM_FLOW 98 414 512 2 SYSTEM_FLOW 98 414 512 3 USER_IPV4_ACL 0 512 512 4 USER_IPV4_ACL 0 512 512 5 FREE 0 512 512 6 USER_IPV6_ACL 0 512 512 7 USER_IPV6_ACL 0 512 512 8 USER_IPV6_ACL 0 512 512 9 USER_L2_ACL 0 512 512 10 USER_L2_ACL 0 512 512 11 FREE 0 512
App Allocated pools App group Configured rules Used rows Free r ---------------------------------------------------------------------------------------USER_L2_ACL Shared:1 G3 1 2 1022 1024 USER_IPV4_ACL Shared:1 G2 2 3 1021 1024 USER_IPV6_ACL Shared:2 G4 1 2 510 512 PBR_V6 Shared:2 G10 1 1 511 512 SYSTEM_FLOW Shared:2 G0 49 49 975 1024 ISCSI_SNOOPING Shared:1 G8 12 12 500 512 FCOE Shared:2 G6 55 55 457 512 ---------------------------------------------------------------------------------------Egress ACL util
show ip community-list Displays the configured IP community lists in alphabetic order. Syntax show ip community-list [name] Parameters name — (Optional) Enter the name of the standard IP community list. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example OS10# show ip community-list Standard Community List hello deny local-AS permit no-export deny 1:1 Supported Releases 10.3.
Usage Information None Example OS10# show ip prefix-list ip prefix-list hello: seq 10 deny 1.2.3.4/24 seq 20 permit 3.4.4.5/32 Example (IPv6) OS10# show ipv6 prefix-list ipv6 prefix-list hello: seq 10 permit 1::1/64 seq 20 deny 2::2/64 Supported Releases 10.3.0E or later show logging access-list Displays the ACL logging threshold and interval configuration.
match as-path Configures a filter to match routes that have a certain AS path in their BGP paths. Syntax match as-path as-path-name Parameters as-path-name — Enter the name of an established AS-PATH ACL. A maximum of 140 characters. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match AS path filter. Example OS10(config)# route-map bgp OS10(conf-route-map)# match as-path pathtest1 Supported Releases 10.3.
Example OS10(config)# route-map bgp OS10(conf-route-map)# match extcommunity extcommlist1 exact-match Supported Releases 10.3.0E or later match interface Configures a filter to match routes whose next-hop is the configured interface. Syntax match interface interface Parameters interface — Interface type: • ethernet node/slot/port[:subport] — Enter the Ethernet interface information as the next-hop interface.
match ip next-hop Configures a filter to match based on the next-hop IP addresses specified in IP prefix lists. Syntax match ip next-hop prefix-list prefix-list Parameters prefix-list — Enter the name of the configured prefix list. A maximum of 140 characters. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(config)# route-map bgp OS10(conf-route-map)# match ip next-hop Supported Releases prefix-list test100 10.3.
Supported Releases 10.3.0E or later match metric Configures a filter to match on a specific value. Syntax match metric metric-value Parameters metric-value — Enter a value to match the route metric against, from 0 to 4294967295. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(conf-route-map)# match metric 429132 Supported Releases 10.2.
• local — Match only on routes generated locally. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(config)# route-map bgp OS10(conf-route-map)# match route-type external type-1 Supported Releases 10.3.0E or later match tag Configures a filter to redistribute only routes that match a specific tag value.
set comm-list add Add communities in the specified list to the COMMUNITY attribute in a matching inbound or outbound BGP route. Syntax set comm-list {community-list-name} add Parameters community-list-name — Enter the name of an established community list. A maximum of 140 characters.
• community-number — Enter the community number in aa:nn format, where aa is the AS number, 2 bytes, and nn is a value specific to that AS. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a BGP COMMUNITY attribute assignment. Example OS10(config)# route-map bgp OS10(conf-route-map)# set community none Supported Releases 10.3.
set extcommunity Sets the extended community attributes in a route map for BGP updates. Syntax Parameters set extcommunity rt {asn2:nn | asn4:nnnn | ip-addr:nn} • asn2:nn — Enter an AS number in 2-byte format; for example, 1–65535:1–4294967295. • asn4:nnnn — Enter an AS number in 4-byte format; for example, 1–4294967295:1–65535 or 1–65535.1– 65535:1–65535. • ip-addr:nn — Enter an AS number in dotted format, from 1 to 65535.
Default Not configured Command Mode ROUTE-MAP Usage Information To establish an absolute metric, do not enter a plus or minus sign before the metric value. To establish a relative metric, enter a plus or minus sign immediately preceding the metric value. The value is added to or subtracted from the metric of any routes matching the route map. You cannot use both an absolute metric and a relative metric within the same route map sequence. Setting either metric overrides any previously configured value.
set next-hop Sets an IPv4 or IPv6 address as the next-hop. Syntax set {ip | ipv6} next-hop ip-address Parameters ip-address — Enter the IPv4 or IPv6 address for the next-hop. Default Not configured Command Mode ROUTE-MAP Usage Information If you apply a route-map with the set next-hop command in ROUTER-BGP mode, it takes precedence over the next-hop-self command used in ROUTER-NEIGHBOR mode.
Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the set clause from a route map. Example OS10(conf-route-map)# set tag 23 Supported Releases 10.2.0E or later set weight Set the BGP weight for the routing table. Syntax set weight weight Parameters weight — Enter a number as the weight the route uses to meet the route map specification, from 0 to 65535. Default Default router-originated is 32768 — all other routes are 0.
18 Quality of service Quality of service (QoS) reserves network resources for highly critical application traffic with precedence over less critical application traffic. QoS prioritizes different types of traffic and ensures quality of service. You can control the following traffic flow parameters: Delay, Bandwidth, Jitter, and Drop. Different QoS features control the traffic flow parameters, as the traffic traverses a network device from ingress to egress interfaces.
Configure quality of service Network traffic processes based on classification and policies that apply to the traffic. Configuring QoS is a three-step process: 1 2 Create class-maps to classify the traffic flows. The following are the different types of class-maps: • qos (default)—Classifies ingress data traffic. • queuing —Classifies egress queues. • control-plane—Classifies control-plane traffic. • network-qos—Classifies traffic-class IDs for ingress buffer configurations.
– Modifying packet fields such as CoS and DSCP. – Marking traffic class IDs. 3 Apply the policy-maps to the port interface, system for all interfaces, or control-plane traffic as follows: • Apply control-plane polices in Control-Plane mode. • Apply QoS and network-QoS policies in the input direction on physical interfaces or in System-Qos mode. • Apply queuing policies in the output direction on physical interfaces or in System-Qos mode. • Apply a application type policy-map in System-Qos mode.
CoS Traffic class ID Color 5 5 G 6 6 G 7 7 G NOTE: You cannot modify the default CoS trust map. User–defined 802.1p CoS trust map You can override the default mapping by creating a dot1p trust map. All the unspecified dot1p entries map to the default traffic class ID 0. Configure user–defined 802.1p CoS trust map 1 Create a dot1p trust map.
Table 67. Default DSCP trust map DSCP values Traffic class ID Color 0-3 0 G 4-7 0 Y 8-11 1 G 12-15 1 Y 16-19 2 G 20-23 2 Y 24-27 3 G 28-31 3 Y 32-35 4 G 36-39 4 Y 40-43 5 G 44-47 5 Y 48-51 6 G 52-55 6 Y 56-59 7 G 60-62 7 Y 63 7 R NOTE: You cannot modify the default DSCP trust map. User–defined DCSP trust map You can override the default mapping by creating a user-defined DSCP trust map.
------------------------------3 0-15 5 16-30 4 Apply the map on a specific interface or on system-qos global level. • Interface level OS10(conf-if-eth1/1/1)# trust-map dscp example-dscp-trustmap-name • System-qos level OS10(config-sys-qos)# trust-map dscp example-dscp-trustmap-name Apply DSCP trust map You must apply the trust map at the interface or system-qos level.
5 Apply the qos-type policy-map globally or to an interface. In this example, the policy-map is applied to an interface. OS10# configure terminal OS10(config)# interface ethernet 1/1/14 OS10(conf-if-eth1/1/14)# service-policy input type qos example-pmap-cos If the traffic that arrives at the interface matches the 802.1p criteria that you have configured, it is assigned to TC 3 or qos group 3.
Starting from release 10.4.2, the default rate limits have changed from 12 CPU queues and the protocols mapped to each CPU queue are changed. NOTE: When you upgrade from a previous release to release 10.4.2 and you have CoPP policy with rate limits configured in the previous release, the CoPP policies are automatically remapped based on the new CoPP protocol mappings to queues. For example: • You have a CoPP policy configured for queue 5 in release 10.4.
Queue Protocol 5 ARP Request, ICMPV6-RS-NS, ISCSI snooping, ISCSI-COS 6 ICMPv6-RA-NA, SSH, TELNET, TACACS, NTP, FTP 7 RSTP,PVST, MSTP,LACP 8 Dot1X,LLDP, FCOE-FPORT 9 BGPv4, OSPFv6 10 DHCPv6, DHCPv4, VRRP 11 OSPF Hello, OpenFlow The following table lists the CoPP protocol mappings to queues, and default rate limits and buffer sizes on the S4148FE-ON platform. The number of control-plane queues is dependent on the hardware platform. Table 69.
Queue Protocols Minimum rate limit Maximum rate (in pps) limit (in pps) Minimum guaranteed buffer (in bytes) Static shared limit (in bytes) 16 IPv4 DHCP, IPv6 DHCP 500 500 1664 48880 17 VRRP 600 1000 1664 48880 18 BFD 700 700 1664 48880 19 Remote CPS 700 1000 1664 48880 20 MCAST data 300 300 1664 20800 21 ACL logging 100 100 1664 20800 22 MCAST known data 300 300 1664 20800 For information about the current protocol to queue mapping and the rate-limit configure
OS10(config-pmap-c)# set qos-group 2 OS10(config-pmap-c)# police cir 100 pir 100 View policy-map OS10(config)# do show policy-map Service-policy (control-plane) input: example-copp-policy-map-name Class-map (control-plane): example-copp-class-map-name set qos-group 2 police cir 100 bc 100 pir 100 be 100 Assign service-policy Rate controlling the traffic towards CPU requires configuring the control-plane type policy. To enable CoPP, apply the defined policy-map to CONTROL-PLANE mode.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 500 500 500 500 500 600 600 400 500 600 600 600 500 600 700 700 300 100 300 1000 1000 1000 1000 500 600 1000 400 500 1000 1000 1000 500 1000 700 1000 300 100 300 IPV6_ICMP IPV4_ICMP ICMPV6_RS ICMPV6_NS ICMPV6_RA ICMPV6_NA ARP_REQ SERVICEABILITY ARP_RESP SSH TELNET TACACS NTP FTP FCOE LACP RSTP PVST MSTP DOT1X LLDP IPV6_OSPF IPV4_OSPF OSPF_HELLO BGP IPV6_DHCP IPV4_DHCP VRRP BFD OPEN_FLOW REMOTE CPS MCAST DATA ACL LOGGING MCAST KNOWN DATA View CoPP statis
Traffic class ID Queue ID 2 2 3 3 4 4 5 5 6 6 7 7 User–defined QoS map You can override the default mapping by creating a QoS map. Configure user–defined QoS map 1 Create a QoS map. OS10(config)# qos-map traffic-class tc-q-map 2 Define the set of traffic class values mapped to a queue. OS10(config-qos-map)# queue 3 qos-group 0-3 3 Verify the map entries.
Peak rate is the maximum rate for traffic arriving or leaving an interface under normal traffic conditions. Peak burst size indicates the maximum size of unused peak bandwidth that is aggregated. This aggregated bandwidth enables brief durations of burst traffic that exceeds the peak rate. Interface rate policing limits the rate of traffic that is received on an interface. Configure Interface rate policing 1 Create a QoS type empty class-map to match all the traffic.
1 Create a QoS type class-map to match the traffic flow. OS10(config)# class-map type qos example-cmap-dscp-3-ect OS10(config-cmap-qos)# match ip dscp 3 2 Create a QoS type policy-map to color the traffic flow. OS10(config)# policy-map type qos example-pmap-ect-color OS10(config-pmap-qos)# class example-cmap-dscp-3-ect OS10(config-pmap-c-qos)# set qos-group 3 OS10(config-pmap-c-qos)# set color yellow Modify packet fields You can modify the value of CoS or DSCP fields.
2 Apply the match criteria for the queue in CLASS-MAP mode. match queue queue-number 3 Return to CONFIGURATION mode. exit 4 Create a queuing type policy-map and configure a policy-map name in CONFIGURATION mode. policy-map type queuing example-que-pmap-name 5 Configure a queuing class in POLICY-MAP mode. class example-que-cmap-name 6 Assign a bandwidth percent, from 1 to 100 to nonpriority queues in POLICY-MAP-CLASS-MAP mode.
1 Apply the policy-map to the interface in INTERFACE mode or all interfaces in SYSTEM-QOS mode. system qos OR interface ethernet node/slot/port[:subport] 2 Enter the output service-policy in SYSTEM-QOS mode or INTERFACE mode.
If you have configured WDRR and shaping on a particular queue, the queue can become congested. You should configure the QoS rate adjust value considering the overhead field size to avoid traffic drops on uncongested queues. If you have multiple streams within a queue, you must find the overhead size for the different streams and the QoS rate adjust value should be the highest overhead size from among the various streams within that queue.
Configure ingress buffer In default ingress buffers, all traffic classes map to the default priority group. The buffers are reserved per default priority group ID 7. All buffers are part of the default pool and all ports share buffers from the default pool. The reserved buffer size is 9360 bytes for the speed of 10G, 25G, 40G, 50G, and 100G. The supported speed varies for different platforms. Table 71.
1 Create a network-qos type class-map to match the traffic classes. For LLFC, match all the traffic classes from 0 to 7. For PFC, match the required traffic class. OS10(config)# class-map type network-qos example-cmap-in-buffer OS10 (config-cmap-nqos)# match qos-group 0-7 2 Create network-qos type policy-map to define the actions for traffic classes, such as a buffer configuration and threshold.
Configure Deep Buffer mode You must disable all the network QoS configurations; for example, PFC and LLFC, before configuring the Deep Buffer mode. Deep Buffer mode is disabled by default. 1 Enable Deep Buffer mode in CONFIGURATION mode. OS10# configure terminal OS10(config)# hardware deep-buffer-mode NOTE: To disable Deep Buffer mode, use the no form of the command. Disabling Deep Buffer mode takes effect only after saving it in the startup configuration and reloading the switch.
Congestion avoidance Congestion avoidance anticipates and takes necessary actions to avoid congestion. The following mechanisms avoid congestion: • • • • Tail drop—Packets are buffered at traffic queues. When the buffers are exhausted or reach the configured threshold, excess packets drop. By default, OS10 uses tail drop for congestion avoidance. Random early detection (RED)—In tail drop, different flows are not considered in buffer utilization.
6 Create a QoS class-map. OS10(config)# class-map type queuing example-cmap-wred-1 OS10(config-cmap-queuing)# match queue 2 7 Enter QOS POLICY-MAP mode and create a queuing policy type. OS10(config)#policy-map type queuing example-pmap-wred-1 OS10(config-pmap-queuing)# class example-cmap-wred-1 8 Assign a WRED profile to the specified queue. OS10(config-pmap-c-que)#random-detect example-wred-prof-1 9 Exit CLASS MAP and POLICY MAP modes.
Configure RoCE on the switch The following example describes the steps to configure RoCE on the switch. This configuration example uses priority 3 for RoCE. 1 Enter CONFIGURATION mode. OS10# configure terminal OS10 (config)# 2 Enable the Data Center Bridging Exchange protocol (DCBX). OS10 (config)# dcbx enable 3 Create a VLAN. In this example, VLAN 55 switchs the RoCE traffic. You can configure any value from 1 to 4093.
f Enable ETS on the interface. OS10 (conf-if-eth1/1/1)# ets mode on g Apply the qos-map for ETS configurations on the interface. OS10 (conf-if-eth1/1/1)# qos-map traffic-class 2Q h Enable PFC on the interface. OS10 (conf-if-eth1/1/1)# priority-flow-control mode on RoCE for VXLAN over VLT OS10 supports RoCE for VXLAN in a VLT setup. Configuring RoCE with VXLAN is similar to configuring RoCE without VXLAN.
The following examples show each device in this network and their respective configuration: SW1 configuration VXLAN configuration — SW1 OS10# configure terminal OS10(config)# interface vlan 3000 OS10(conf-if-vl-3000)# exit OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# exit OS10(config)# interface loopback 1 OS10(conf-if-lo-1)# ip address 1.1.1.1/32 OS10(conf-if-lo-1)# exit OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 8.8.8.
OS10(conf-if-eth1/1/1)# exit OS10(config)# interface ethernet 1/1/2 OS10(conf-if-eth1/1/2)# switchport mode trunk OS10(conf-if-eth1/1/2)# switchport trunk allowed vlan 3000 OS10(conf-if-eth1/1/2)# exit OS10(config)# configure terminal OS10(config)# nve OS10(conf-nve)# source-interface loopback 1 OS10(conf-nve)# exit OS10(config)# virtual-network 5 OS10(conf-vn-5)# vxlan-vni 1000 OS10(conf-vn-vxlan-vni)# remote-vtep 2.2.2.
OS10(config)# interface range ethernet OS10(conf-range-eth1/1/1,1/1/2,1/1/3)# OS10(conf-range-eth1/1/1,1/1/2,1/1/3)# OS10(conf-range-eth1/1/1,1/1/2,1/1/3)# OS10(conf-range-eth1/1/1,1/1/2,1/1/3)# 1/1/1,1/1/2,1/1/3 flowcontrol transmit on flowcontrol receive on service-policy input type network-qos llfc end WRED and ECN configuration — SW1 OS10# configure terminal OS10(config)# wred w1 OS10(config-wred)# random-detect ecn OS10(config-wred)# random-detect color green minimum-threshold 100 maximum-threshold 5
OS10(conf-if-vl-3000)# ip address 5.5.5.2/24 OS10(conf-if-vl-3000)# exit OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# exit OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 2.2.2.2/11 OS10(conf-if-lo-1)# exit OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 9.9.9.
OS10(conf-range-eth1/1/1,1/1/20,1/1/31,1/1/32)# service-policy input type network-qos p5 OS10(conf-range-eth1/1/1,1/1/20,1/1/31,1/1/32)# trust-map dot1p t1 OS10(conf-range-eth1/1/1,1/1/20,1/1/31,1/1/32)# end LLFC configuration — VLT peer 1 Instead of PFC, you can configure LLFC as follows: OS10# configure terminal OS10(config)# class-map type network-qos llfc OS10(config-cmap-nqos)# match qos-group 0-7 OS10(config-cmap-nqos)# exit OS10(config)# policy-map type network-qos llfc OS10(config-pmap-network-qos)#
OS10(conf-vlt-1)# discovery-interface ethernet 1/1/11 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/12 OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ee:ff OS10(conf-vlt-1)# end OS10# OS10# configure terminal OS10(config)# interface port-channel 2 OS10(conf-if-po-2)# vlt-port-channel 20 OS10(conf-if-po-2)# no shutdown OS10(conf-if-po-2)# exit VXLAN configuration — VLT peer 2 OS10(config)# configure terminal OS10(config)# interface vlan 3000 OS10(conf-if-vl-3000)# ip address 5.5.5.
OS10# configure terminal OS10(config)# class-map type network-qos c5 OS10(config-cmap-nqos)# match qos-group 5 OS10(config-cmap-nqos)# exit OS10(config)# policy-map type network-qos p5 OS10(config-pmap-network-qos)# class c5 OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 5 OS10(config-pmap-c-nqos)# end OS10# configure terminal OS10(config)# interface range ethernet 1/1/1,1/1/20,1/1/11,1/1/12 OS10(conf-range-eth1/1/1,1/1/20,1/1/11,1/1/12)# flowcontrol receive off OS10(conf-range-eth1/1/1,1
Enable DCBx — VLT peer 2 OS10# configure terminal OS10(config)# dcbx enable Configuration on ToR device System configuration — ToR device NOS# configure terminal NOS(config)# interface vlan 200 NOS(conf-if-vl-200)# no shutdown NOS(conf-if-vl-200)# exit NOS(config)# interface port-channel 2 NOS(conf-if-po-2)# no shutdown NOS(conf-if-po-2)# exit NOS(config)# interface range ethernet 1/1/1,1/1/2 NOS(conf-range-eth1/1/1,1/1/2)# channel-group 2 mode active NOS(conf-range-eth1/1/1,1/1/2)# end NOS# NOS# configure
Instead of PFC, you can configure LLFC as follows: NOS# configure terminal NOS(config)# class-map type network-qos llfc NOS(config-cmap-nqos)# match qos-group 0-7 NOS(config-cmap-nqos)# exit NOS(config)# policy-map type network-qos llfc NOS(config-pmap-network-qos)# class llfc NOS(config-pmap-c-nqos)# pause buffer-size 100 pause-threshold 50 resume-threshold 10 NOS(config-pmap-c-nqos)# end NOS# configure terminal NOS(config)# interface range ethernet 1/1/1,1/1/2,1/1/3 NOS(conf-range-eth1/1/1,1/1/2,1/1/3)# f
You can obtain a snapshot of the buffer statistics for the different buffer objects, such as a snapshot of all ingress priority-groups associated to a port, all egress unicast queues bound to a port, and so on. You can enable BST at the global level. OS10 tracks buffer utilization and provides the maximum peak statistics value over a period of time and the current value of the monitored BST counter.
Eth 1/1/3 1 2, 3 0, 2 up Eth 1/1/4 1 2, 3 0, 2 up Eth 1/1/5 2 2, 3 1, 3 up Eth 1/1/6 2 2, 3 1, 3 up Eth 1/1/7 2 2, 3 1, 3 up Eth 1/1/8 2 2, 3 1, 3 up Eth 1/1/9 1 2, 3 0, 2 up Eth 1/1/10 1 2, 3 0, 2 up Eth 1/1/11 1 2, 3 0, 2 up Eth 1/1/12 1 2, 3 0, 2 up Eth 1/1/13 2 2, 3 1, 3 down Eth 1/1/14 2 2, 3 1, 3 down Eth 1/1/15 2 2, 3 1, 3 down Eth 1/1/16 2 2, 3 1, 3 down Eth 1/1/17 3 0, 1 1, 3 down Eth 1/1/18 3 0, 1 1, 3 down Eth 1/1/19
--------------------------------------------------------------------------Interface Port Pipe Ingress MMU Egress MMU Oper Status --------------------------------------------------------------------------Eth 1/1/1 1 2, 3 0, 2 up Z9264F-ON output example: OS10# show qos port-map details --------------------------------------------------------------------------Interface Port Pipe Ingress MMU Egress MMU Oper Status --------------------------------------------------------------------------Eth 1/1/1:1 0
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 1/1/35:1 1/1/35:2 1/1/35:3 1/1/35:4 1/1/37:1 1/1/37:2 1/1/37:3 1/1/37:4 1/1/39:1 1/1/39:2 1/1/39:3 1/1/39:4 1/1/41:1 1/1/41:2 1/1/41:3 1/1/41:4 1/1/43 1/1/44 1/1/45 1/1/46 1/1/47 1/1/48 1/1/49 1/1/50 1/1/51:1 1/1/51:2 1/1/51:3 1/1/51:4 1/1/53 1/1/54 1/1/55 1/1/56 1/1/57:1 1/1/57:2 1/1/57:3 1/1/57:4 1/1/59 1/1/60 1/1/61 1/1/62 1/1/63
bandwidth Assigns a percentage of weight to the queue. Syntax bandwidth percent value Parameters percent value — Enter the percentage assignment of bandwidth to the queue, from 1 to 100. Default Not configured Command Mode POLICY-MAP CLASS-MAP Usage Information If you configure this command, you cannot use the priority command for the class. Example OS10(config-pmap-c-que)# bandwidth percent 70 Supported Releases 10.2.
POLICY-MAP-APPLICATION Usage Information If you define a class-map under a policy-map, the qos, queuing, or control-plane type is the same as the policy-map. You must create this map in advance. The only exception to this rule is when the policy-map type is trust, where the class type must be qos. Example OS10(conf-pmap-qos)# class c1 Supported Releases 10.2.0E or later class-map Creates a QoS class-map that filters traffic to match packets to the corresponding policy created for your network.
Example OS10# clear qos statistics Supported Releases 10.2.0E or later clear qos statistics type Clears all queue counters, including PFC, for control-plane, qos, and queueing. Syntax Parameters clear qos statistics type {{qos | queuing | control-plane | buffer-statisticstracking} [interface ethernet node/slot/port[:subport]]} • qos—Clears qos type statistics. • queuing—Clears queueing type statistics. • control-plane—Clears control-plane type statistics.
Example (class-map) OS10(config)# class-map type control-plane c1 OS10(config-cmap-control-plane)# Example (policymap) OS10(config)# policy-map type control-plane p1 OS10(config-pmap-control-plane)# Supported Releases 10.2.0E or later control-plane-buffer-size Configures the buffer size for the CPU pool. Syntax control-plane-buffer-size size-of-buffer-pool Parameters size-of-buffer-pool—Enter the buffer size in KB, from 620 KB to 900 KB.
hardware deep-buffer-mode Configures Deep Buffer mode. Syntax hardware deep-buffer-mode Parameters None Defaults Disabled Command Modes CONFIGURATION Usage Information Deep Buffer mode configuration takes effect only after you save it in the startup configuration and reboot the switch. The no version of this command disables Deep Buffer mode. Example OS10(config)# hardware deep-buffer-mode Supported Releases 10.4.3.0 or later match Configures match criteria for the QoS policy.
Default Not configured Command Mode CLASS-MAP Usage Information In a match-any class, you can enter multiple match criteria. In a match-all class, if the match case is access-group, no other match criteria is allowed. If you attach the access-list to class-map type control—plane or qos, the access-list (IPv4, IPv6) ignores the permit and deny keywords. Example OS10(conf-cmap-qos)# match ip access-group name ag1 OS10(config-cmap-qos)# match ipv6 access-group name ACLv6 Supported Releases 10.2.
does not support ip-any. Select either ip or IPv6 for the match-all criteria. If you select ip-any, you cannot select ip or ipv6 for the same filter type. Example OS10(conf-cmap-qos)# match ip-any dscp 17-20 Supported Releases 10.2.0E or later match precedence Configures IP precedence values as a match criteria. Syntax Parameters match [not] {ip | ipv6 | ip-any} precedence precedence-list • not — Enter to cancel a previously applied match precedence rule.
match vlan Configures a match criteria based on the VLAN ID number. Syntax match vlan vlan-id Parameters vlan-id — Enter a VLAN ID number, from 1 to 4093. Default Not configured Command Mode CLASS-MAP Usage Information You cannot enter two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement. Example OS10(conf-cmap-qos)# match vlan 100 Supported Releases 10.2.
Usage Information Only use this command under the network-qos policy type. Buffer-size, pause-thresholds, and resumethresholds vary based on platform. Add the policy-map with pause to system-qos to service an input to enable pause on all ports, based on a per-port link-level Flow-Control or Priority Flow-Control enable mode. The xoff and xon threshold settings for link-level flow-control are applied on ports where all traffic classes must be mapped to a single PG.
pfc-max-buffer-size Configures the maximum buffer size for priority flow-control enabled flows. Syntax pfc-max-buffer-size max-buffer-size Parameters max-buffer-size — Enter the maximum buffer size in KB. Default None Command Mode SYSTEM-QOS Usage Information This command configures the maximum size of the lossless buffer pool. The no version of this command removes the maximum buffer size limit. Example OS10(config-sys-qos)# pfc-max-buffer-size 2000 Supported Releases 10.4.
towards the sender. The packets sent by the sender after the PFC frames generate are absorbed into the Headroom buffer. The no version of this command returns the value to the default. Example OS10(conf-sys-qos)# pfc-shared-headroom-buffer-size 2000 Supported Releases 10.4.0E(R1) or later police Configures traffic policing on incoming traffic.
Command Mode CONFIGURATION Usage Information The no version of this command deletes a policy-map. Example OS10(config)# policy-map p1 Example (Queuing) OS10(config)# policy-map type queuing p1 Supported Releases 10.2.0E or later priority Sets the scheduler as a strict priority. Syntax priority Parameters None Default WDRR — when priority is mentioned, it moves to SP with default level 1. Command Mode POLICY-MAP-CLASS-MAP Usage Information If you use this command, bandwidth is not allowed.
Parameters • qos-group tc-list — Enter the traffic single value class ID, from 0 to 7. • dot1p values — (Optional) Enter either single, comma-delimited, or a hyphenated range of dot1p values, from 0 to 7. Default 0 Command Mode TRUST-MAP Usage Information If the trust map does not define dot1p values to any traffic class, those flows map to the default traffic class 0. If some of the dot1p values are already mapped to an existing traffic class, you see an error.
Example OS10(config)# qos-rate-adjust 10 Supported Releases 10.4.3.0 or later queue-limit Configures static or dynamic shared buffer thresholds. Syntax queue-limit {queue-len value | thresh-mode [dynamic threshold-alpha-value | static threshold-value]} Parameters • queue-len value — Enter the guaranteed size for the queue, from 0 to 8911.
queue bandwidth Configures a bandwidth for a given queue on interface. Syntax Parameters queue queue-number bandwidth bandwidth-percentage • queue-number — Enter the queue number. • bandwidth-percentage — Enter the percentage of bandwidth. Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information The no version of this command removes the bandwidth from the queue. Example None Supported Releases 10.4.0E(R1) or later queue qos-group Configures a dot1p traffic class to a queue.
Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# random-detect test_wred Supported Releases 10.4.0E(R1) or later random-detect (queue) Assigns a WRED profile to the specified queue. Syntax random-detect wred-profile-name Parameters wred-profile-name — Enter the name of an existing WRED profile. Default Not configured Command Mode PMAP-C-QUE Usage Information The no version of this command removes the WRED profile from the queue.
random-detect ecn Enables explicit congestion notification (ECN) for the WRED profile. Syntax random-detect ecn Parameters None Default Not configured Command Mode WRED CONFIGURATION Usage Information The no version of this command disables ECN. Example OS10(config)# wred test_wred OS10(config-wred)# random-detect ecn Supported Releases 10.4.0E(R1) or later random-detect ecn Enables ECN for the system globally.
Example OS10(config)# system qos OS10(config-sys-qos)# random-detect pool 0 test_wred Supported Releases 10.4.0E(R1) or later random-detect weight Configures the exponential weight value used to calculate the average queue depth for the WRED profile. Syntax random-detect weight weight-value Parameters weight-value — Enter a value for the weight, from 1 to 15.
set cos Sets a cost of service (CoS) value to mark L2 802.1p (dot1p) packets. Syntax set cos cos-value Parameters cos-value — Enter a CoS value, from 0 to 7. Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information You cannot enter two set statements with the same action-type. If you enter two set statements with the same action-type, the second statement overwrites the first. When class-map type is qos, the qos-group corresponds to data queues 0 to 7.
Command Mode POLICY-MAP-CLASS-MAP Usage Information This command supports only the qos or control-plane ingress policy type. When the class-map type is control-plane, the qos-group corresponds to CPU queues 0 to 11. When the class-map type is qos, the qosgroup corresponds to data queues 0 to 7. Example OS10(conf-pmap-c-qos)# set qos-group 7 Supported Releases 10.2.0E or later shape Shapes the outgoing traffic rate.
Default Not configured Command Mode EXEC Usage Information This command displays all class-maps of qos, queuing, network-qos, or control-plane type. The class-map-name parameter displays all details of a configured class-map name. Example OS10# show class-map type qos c1 Class-map (qos): c1 (match-all) Match(not): ip-any dscp 10 Supported Releases 10.2.0E or later show control-plane buffers Displays the pool type, reserved buffer size, and the maximum threshold value for each of the CPU queues.
48880 18 48880 19 48880 20 20800 21 20800 22 Supported Releases lossy 1664 static lossy 1664 static lossy 1664 static lossy 1664 static lossy 1664 static 20800 10.4.2 and later show control-plane buffer-stats Displays the control plane buffer statistics for each of the CPU queues. Syntax show control-plane buffer-stats Parameters None Default A predefined default profile exists.
Parameters None Default Not configured Command Mode EXEC Usage Information Monitors statistics for the control-plane and to troubleshoot CoPP.
12 13 14 15 16 17 18 19 20 21 22 OS10# Supported Releases 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 10.2.0E or later show hardware deep-buffer-mode Displays the status of DeepB buffer mode in the current and next boot of the switch.
show interface priority-flow-control Displays the priority flow-control, operational status, CoS bitmap, and statistics per port. Syntax show interface ethernet node/slot/port[:subport] priority-flow-control [details] Parameters details — (Optional) Displays all priority flow control information for an interface.
show policy-map Displays information on all existing policy-maps. Syntax show policy-map type {control-plane | qos | queuing | network-qos}] [policymap-name] Parameters • type — Enter the policy-map type — qos, queuing, or control-plane. • qos — Displays all policy-maps of qos type. • queuing — Displays all policy-maps configured of queuing type. • network-qos — Displays all policy-maps configured of network-qos type. • control-plane — Displays all policy-maps of control-plane type.
show qos egress bufffers interface Displays egress buffer configurations. Syntax Parameters show qos egress buffers interface [interface node/slot/port[:subport]] • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
show qos egress buffer-stats interface Displays the buffers statistics for the egress interface. Syntax show qos egress buffer-stats interface [interface node/slot/port[:subport]] Parameters • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
show qos ingress buffers interface Displays interface buffer configurations. Syntax Parameters show qos ingress buffers interface [interface node/slot/port[:subport]] • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
Command Mode EXEC Usage Information When BST is enabled, if you make any configuration changes that affect the priority group or priority mapping configuration, such as removal of class map, addition of class map to policy map (nqos), and so on, be sure to clear the buffer statistics using the clear qos statistics type buffer-statistics-tracking command to view the actual peak buffer utilization for the current configuration.
Usage Information On the Z9100–ON and Z9264F–ON platforms, interfaces are shared across port pipes and port pipes are shared across Memory Management Units (MMUs). As interfaces span port pipes, Dell EMC Networking recommends using interfaces from same port pipes for both ingress and egress for optimal performance. To find the port to port-pipe and MMU mapping, use the show qos port-map details command.
Eth 1/1/27 3 0, 1 1, 3 down Eth 1/1/28 3 0, 1 1, 3 down Eth 1/1/29 0 0, 1 0, 2 down Eth 1/1/30 0 0, 1 0, 2 down Eth 1/1/31 0 0, 1 0, 2 down Eth 1/1/32 0 0, 1 0, 2 down Eth 1/1/33 1 2, 3 0, 2 up Eth 1/1/34 2 2, 3 1, 3 up View information for a single interface: OS10# show qos port-map details interface ethernet 1/1/1 --------------------------------------------------------------------------Interface Port Pipe Ingress MMU Egress MMU Oper Status --------------------
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 1/1/21:2 1/1/21:3 1/1/21:4 1/1/23 1/1/24 1/1/25:1 1/1/25:2 1/1/25:3 1/1/25:4 1/1/27:1 1/1/27:2 1/1/27:3 1/1/27:4 1/1/29:1 1/1/29:2 1/1/29:3 1/1/29:4 1/1/31 1/1/32 1/1/33 1/1/34 1/1/35:1 1/1/35:2 1/1/35:3 1/1/35:4 1/1/37:1 1/1/37:2 1/1/37:3 1/1/37:4 1/
View information for a single interface: OS10# show qos port-map details interface ethernet 1/1/1 --------------------------------------------------------------------------Interface Port Pipe Ingress MMU Egress MMU Oper Status --------------------------------------------------------------------------Eth 1/1/1:1 0 0, 1 0, 2 up View information for a single interface: OS10# show qos port-map details interface ethernet 1/1/1 --------------------------------------------------------------------------Interface Po
show qos system Displays the QoS configuration applied to the system. Syntax show qos system Parameters None Default Not configured Command Mode EXEC Usage Information View and verify system-level service-policy configuration information. Example OS10# show qos system ETS Mode : off ECN Mode : off shows whether the ECN is enabled globally or not Service-policy (Input) (qos) : policy1 Service-policy (Output)(queuing) : policy2 Supported Releases 10.4.1.
Total shared lossy buffers Total used shared lossy buffers MMU 1 Total lossy buffers Total shared lossy buffers Total used shared lossy buffers MMU 2 Total lossy buffers Total shared lossy buffers Total used shared lossy buffers MMU 3 Total lossy buffers Total shared lossy buffers Total used shared lossy buffers - 10012 - 0 - 10597 - 10012 - 0 - 10597 - 9993 - 0 - 10597 - 9993 - 0 OS10# show qos system egress buffer All values are in kb Total buffers - 12187 Total lossless buffers - 0 Total shared lossles
Parameters • dot1p — Enter to view the dot1p trust map. • dscp — Enter to view the DSCP trust map. • tc-queue—Enter to view the traffic class to queue map. • trust-map — Enter the name of the trust map.
1 0 2 2 3 3 4 4 5 5 6 6 7 7 Default Dscp Priority to Traffic-Class Map Traffic-Class DSCP Priority ------------------------------0 0-7 1 8-15 2 16-23 3 24-31 4 32-39 5 40-47 6 48-55 7 56-63 Default Traffic-Class to Queue Map Traffic-Class Queue number ------------------------------0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 OS10# Example (dscp) OS10# show qos trust-map dscp new-dscp-map new-dscp-map qos-group Dscp Id ------------------0 0-7 1 8-15 2 16-23 3 24-31 4 32-39 5 40-47 6 48-55 7 56-63 Supported Releases 10
KB KB % | KB KB % | KB KB % | | | --------------------|----------------------|---------------------|--------|----| Example (S4200) — When ECN is enabled globally.
system qos Enters SYSTEM-QOS mode to configure system-level service policies. Syntax system qos Parameters None Default Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# system qos OS10(config-sys-qos)# Supported Releases 10.2.0E or later trust-map Configures trust map on an interface or on a system QoS. Syntax trust—map {dot1p | dscp} {default | trust-map-name} Parameters • dot1p — Apply dot1p trust map. • dscp — Apply dscp trust map.
trust dot1p-map Creates a user-defined trust map for dot1p flows. Syntax trust dot1p-map map-name Parameters map-name — Enter the name of the dot1p trust map. A maximum of 32 characters. Default Not configured Command Mode CONFIGURATION Usage Information If you enable trust, traffic obeys the dot1p map. default-dot1p-trust is a reserved trust-map name. The no version of this command returns the value to the default.
OS10(config-qos-map)# queue 3 qos-group 7 OS10(config-qos-map)# Supported Releases 10.3.0E or later trust-map Applies a dot1p or DSCP traffic class to a queue trust map. Syntax trust {dot1p | dscp} {default | trust-map-name} Parameters • dot1p— Applies a dot1p trust map. • dscp—Applies a dscp trust map. • default— Applies a default trust map.
19 Virtual Link Trunking Virtual Link Trunking (VLT) is a Layer 2 aggregation protocol used between an end device such as a server and two or more connected network devices. VLT helps to aggregate ports terminating on multiple switches. OS10 currently supports VLT port channel terminations on two different switches. VLT: • Provides node-level redundancy by using the same port channel terminating on multiple upstream nodes.
VLT physical ports 802.1p, 802.1q, LLDP, flow control, port monitoring, and jumbo frames are supported on VLT physical ports. System management protocols All system management protocols are supported on VLT ports—SNMP, AAA, ACL, DNS, FTP, SSH, system log, NTP, RADIUS, SCP, and LLDP. L3 VLAN connectivity Enable L3 VLAN connectivity, VLANs assigned with an IP address, on VLT peers by configuring a VLAN interface for the same VLAN on both devices.
• If the primary peer fails, the secondary peer takes the primary role. If the primary peer (with the lower priority) later comes back online, it is assigned the secondary role (there is no preemption). • In a VLT domain, the peer network devices must run the same OS10 software version. NOTE: A temporary exception is allowed during the upgrade process. See the Dell EMC SmartFabric OS 10.5.0.x Release Notes for more information. • Configure the same VLT domain ID on peer devices.
The following shows a scenario where VLT Peer A is being reloaded or going down: Until LACP convergence happens, the server continues to forward traffic to VLT Peer A resulting in traffic loss for a longer time interval.
With graceful LACP, VLT Peer A sends graceful LACP PDUs out to all VLT member ports, as shown: These PDUs notify the server to direct the traffic to VLT Peer B hence minimizing traffic loss.
Configure VLT Verify that both VLT peer devices are running the same operating system version. For VRRP operation, configure VRRP groups and L3 routing on each VLT peer. Configure the following settings on each VLT peer device separately: 1 To prevent loops in a VLT domain, Dell EMC Networking recommends enabling STP globally using the spanning-tree mode command. Enabling STP prevents accidental loops that faulty wiring causes.
Configure a Spanning Tree Protocol Dell EMC Networking recommends configuring one of the supported spanning tree protocols (MSTP, RSTP, or RPVST+) on both VLT peers. Use a spanning tree protocol for initial loop prevention during the VLT startup phase and for orphan ports. Configure the spanning tree protocol in the network before you configure VLT on peer switches. NOTE: RPVST+ is enabled by default. RPVST+ configuration Configure RPVST+ on both the VLT peers.
View RPVST+ information on VLTi OS10# show spanning-tree virtual-interface VFP(VirtualFabricPort) of vlan 100 is Designated Blocking Edge port: No (default) Link type: point-to-point (auto) Boundary: No, Bpdu-filter: Disable, Bpdu-Guard: Disable, Shutdown-on-Bpdu-Guard-violation: No Root-Guard: Disable, Loop-Guard: Disable Bpdus (MRecords) Sent: 7, Received: 9 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID --------------------------------------------------------------------------------
NOTE: To view all other ports, use the show spanning-tree active command. View STP virtual interface detail OS10# show spanning-tree virtual-interface detail Port 1 (VFP(VirtualFabricPort)) of RSTP 1 is designated Forwarding Port path cost 1, Port priority 0, Port Identifier 0.1 Designated root priority: 32768, address: 00:78:76:14:60:62 Designated bridge priority: 32768, address: 00:78:76:14:60:62 Designated port ID: 0.
The following example shows MSTP information on VLTi: NOTE: To view all the other ports, use the show spanning-tree active or show spanning-tree msti command.
Peer 1 OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# Peer 2 OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# Configure the VLTi Before you configure the VLTi on peer interfaces, remove each interface from L2 mode with the no switchport command. For more information, see the VLT interconnect section. 1 Enter the VLT domain ID to enter from CONFIGURATION mode. vlt-domain domain-id 2 Configure one or a hyphen-separated range of VLT peer interfaces to become a member of the VLTi in INTERFACE mode.
NOTE: Dell EMC Networking recommends configuring the VLT MAC address manually on both the VLT peer switches. Use the same MAC address on both peers. Configure the delay restore timer When the secondary VLT node boots, it waits for a pre-configured amount of time (delay restore) to restore the VLT port status. This delay enables VLT peers to complete the control data information exchange.
Support for new streams during VLTi failure If the VLTi fails, MAC addresses that are learned after the failure are not synchronized with VLT peers. Thus, the VLTi failure leads to continuous flooding of traffic instead of unicast. If the VLTi links fail, MAC and ARP synchronization does not happen. As a result, the system floods L2 packets and drops L3 packets.
When the VLT backup link is enabled, the secondary VLT Peer 2 identifies the node liveliness through the backup link. If the primary is up, the secondary peer brings down VLT port channels. Now the traffic from Host 1 reaches VLT Peer 1 and then reaches the destination, that is Host 2.
Role of VLT backup link in the prevention of loops during VLTi failure When the VLTi is down, STP may fail to detect any loops in the system, which creates a data loop in an L2 network. In the following figure, STP is running in all three switches: In the steady state, VLT Peer 1 is elected as the root bridge. When the VLTi is down, both the VLT nodes become primary. In this state, VLT Peer 2 sends STP BPDU to TOR assuming that TOR sends BPDU to VLT Peer 1.
When the VLT backup link is enabled, the secondary VLT peer identifies the node liveliness of primary through the backup link. If the primary VLT peer is up, the secondary VLT peer brings down the VLT port channels.
Configure a VLT port channel A VLT port channel, also known as a virtual link trunk, links an attached device and VLT peer switches. OS10 supports a maximum of 128 VLT port channels per node. 1 Enter the port channel ID number on the VLT peer in INTERFACE mode, from 1 to 128. interface port-channel id-number 2 Assign the same ID to a VLT port channel on each VLT peer. The peers are seen as a single switch to downstream devices. vlt-port-channel vlt-port-channel-id 3 Repeat the steps on the VLT peer.
Configure VRRP active-active mode — peer 1 OS10(conf-if-vl-10)# vrrp mode active-active NOTE: VRRP active-active is the default mode. Configure VRRP active-active mode — peer 2 OS10(conf-if-vl-10)# vrrp mode active-active Migrate VMs across data centers with eVLT OS10 switches support movement of virtual machines (VMs) across data centers using VRRP Active-Active mode. Configure symmetric VRRP with the same VRRP group ID and virtual IP in VLANs stretched or spanned across data centers.
• • • • • • • A VLT port channel is present between A1 and B1 as well as A2 and B2. A1 and B1 connect to core routers, C1 and D1 with VLT routing enabled. A2 and B2 connect to core routers, C2 and D2, with VLT routing enabled. The data centers are connected through a direct link or eVLT. The core routers C1 and D1 in the local VLT domain connect to the core routers C2 and D2 in the remote VLT domain using VLT links.
D1(conf-if-po-10)# switchport mode trunk D1(conf-if-po-10)# switchport trunk allowed vlan 100 D1(conf-if-po-10)# exit • Add members to port channel 10: D1(config)# interface ethernet 1/1/3 D1(conf-if-eth1/1/3)# channel-group 10 D1(conf-if-eth1/1/3)# exit D1(config)# interface ethernet 1/1/4 D1(conf-if-eth1/1/4)# channel-group 10 D1(conf-if-eth1/1/4)# exit • Configure OSPF on L3 side of core router: D1(config)# router ospf 100 D1(config-router-ospf-100)# redistribute connected D1(conf-router-ospf-100)# ex
• Add members to port channel 20: C2(config)# interface ethernet 1/1/5 C2(conf-if-eth1/1/5)# channel-group 20 C2(conf-if-eth1/1/5)# exit C2(config)# interface ethernet 1/1/6 C2(conf-if-eth1/1/6)# channel-group 20 C2(conf-if-eth1/1/6)# exit Sample configuration of D2: • Configure VRRP on L2 links between core routers: D2(config)# interface vlan 100 D2(conf-if-vl-100)# ip address 10.10.100.4/24 D2(conf-if-vl-100)# vrrp-group 10 D2(conf-vlan100-vrid-10)# virtual-address 10.10.100.
• View detailed information about VLT ports in EXEC mode. show vlt domain-id vlt-port-detail • View the current configuration of all VLT domains in EXEC mode. show running-configuration vlt VLT commands backup destination Configures the VLT backup link for heartbeat timers. Syntax backup destination {ip-address | ipv6 ipv6–address} [vrf management] [interval interval-time] Parameters • ip-address — Enter the IPv4 address of the backup link.
Supported Releases 10.3.0E or later discovery-interface Configures the interface to discover and connect to a VLT peer in the VLT interconnect (VLTi) link between peers. Syntax discovery-interface {ethernet node/slot/port[:subport]} Parameters ethernet — Enter the Ethernet interface information for the port on a VLT peer. You can also enter a range of interfaces separated by hyphens and commas.
Usage Information When the timer expires, the system checks to see if the VLT peer is available. If the VLT peer is not available, the system disables peer-routing on the peer. If you do not configure the timer, the system does not disable peerrouting even when the peer is unavailable. Example OS10(conf-vlt-1)# peer-routing-timeout 120 Supported Releases 10.3.0E or later primary-priority Configures the priority when selecting the primary and secondary VLT peers during the election.
Example OS10# show running-configuration vlt ! vlt domain 1 peer-routing discovery-interface ethernet1/1/17 ! interface port-channel1 vlt-port-channel 1 ! interface port-channel2 vlt-port-channel 2 ! interface port-channel3 vlt-port-channel 3 Supported Releases 10.2.0E or later show spanning-tree virtual-interface Displays STP, RPVST+, and MSTP information specific to the VLTi. Syntax show spanning-tree virtual-interface [detail] Parameters detail—(Optional) Displays detailed output.
Designated root priority: 4097, address: 90:b1:1c:f4:a6:02 Designated bridge priority: 4097, address: 90:b1:1c:f4:a6:02 Designated port ID: 0.1, designated path cost: 0 Number of transitions to forwarding state: 1 Edge port: No (default) Link Type: Point-to-Point BPDU Sent: 202, Received: 42 Port 1 (VFP(VirtualFabricPort)) of vlan100 is designated Forwarding Port path cost 1, Port priority 0, Port Identifier 0.
Parameter domain-id — Enter a VLT domain ID, from 1 to 255. Default Not configured Command Mode EXEC Usage Information In the following example, the status of the VLT node should be up. If you see the role for this VLT node listed as primary, the role on the peer node should be listed as secondary.
Default Not configured Command Mode EXEC Usage Information Use this command to check for a mismatch of MAC address table entries between VLT peers. Use this command only when you observe network convergence issues. To verify VLT configuration mismatch issues on peer switches, use the show vlt domain-name mismatch command. Use this command if there are traffic convergence issues. Example OS10# show vlt-mac-inconsistency Checking Vlan 228 .. Found 7 inconsistencies ..
VLAN mismatch: No mismatch VLT VLAN mismatch: No mismatch Example (mismatch) OS10# show vlt 1 mismatch Peer-routing mismatch: VLT Unit ID Peer-routing ----------------------------------* 1 Enabled 2 Disabled VLAN mismatch: No mismatch VLT VLAN mismatch: VLT ID : 1 VLT Unit ID Mismatch VLAN List ---------------------------------* 1 1 2 2 VLT ID : 2 VLT Unit ID Mismatch VLAN List ----------------------------------* 1 1 2 2 Example (mismatch peer routing) OS10# show vlt 1 mismatch peer-routing Peer-routing mi
---------------------------------------------------------------------------1 101 * 2 100 Example (mismatch of VN mode) OS10# show vlt all mismatch virtual-network Virtual Network: 102 VLT Unit ID Configured Virtual Network Mode ---------------------------------------------------------------------------1 PV * 2 Attached Example (mismatch of port and VLAN list) OS10# show vlt all mismatch virtual-network Virtual Network: 102 VLT Unit ID Mismatch (VLT Port,Vlan) List ----------------------------------------
Example (Anycast IP addresses not configured on one of the virtual networks on both peers) show vlt 1 mismatch virtual-network Interface virtual-network Anycast-IP mismatch: Virtual-network: 10 VLT Unit ID Anycast-IP ------------------------------------1 10.16.128.25 * 2 ABSENT Virtual-network: 20 VLT Unit ID Anycast-IP ------------------------------------1 ABSENT * 2 10.16.128.
Command Mode EXEC Usage Information The * in the mismatch output indicates a local mismatch. Example OS10# show vlt 1 role VLT Unit ID Role -----------------------* 1 primary 2 secondary Supported Releases 10.2.0E or later show vlt vlt-port-detail Displays detailed status information about the VLT ports. Syntax show vlt id vlt-port-detail Parameters id — Enter a VLT domain ID, from 1 to 255.
Supported Releases 10.2.0E or later vlt-port-channel Configures the ID used to map interfaces on VLT peers into a single VLT port-channel. Syntax vlt-port-channel vlt-port-channel-id Parameters vlt-port-channel-id — Enter a VLT port-channel ID, from 1 to 128. Default Not configured Command Mode PORT-CHANNEL INTERFACE Usage Information Assign the same VLT port-channel ID to interfaces on VLT peers to create a VLT port-channel.
Default Enabled Command Mode VLAN INTERFACE Usage Information This command is applicable only for VLAN interfaces. In a non-VLT network, the backup VRRP gateway forwards L3 traffic. If you want to use VRRP groups on VLANs without VLT topology, disable the Active-Active functionality, to ensure that only the active VRRP gateway forwards L3 traffic. The no version of this command disables the configuration. Example OS10(conf-if-vl-10)# vrrp mode active-active Supported Releases 10.2.
20 Uplink Failure Detection Uplink failure detection (UFD) indicates the loss of upstream connectivity to servers connected to the switch. A switch provides upstream connectivity for devices, such as servers. If the switch loses upstream connectivity, the downstream devices also lose connectivity. However, the downstream devices do not generally receive an indication that the upstream connectivity was lost because connectivity to the switch is still operational. To solve this issue, use UFD.
Configure uplink failure detection Consider the following before configuring an uplink-state group: • You can assign a physical port or a port channel to an uplink-state group. • You can assign an interface to only one uplink-state group at a time. • You can designate the uplink-state group as either an upstream or downstream interface, but not both. • You can configure multiple uplink-state groups and operate them concurrently.
• If you do not assign upstream interfaces to an uplink-state group, the downstream interfaces are not disabled. Configuration: 1 Create an uplink-state group in CONFIGURATION mode. uplink-state-group group-id 2 Configure the upstream and downstream interfaces in UPLINK-STATE-GROUP mode. upstream {interface-type | interface-range[ track-vlt-status ] | VLTi} downstream {interface-type | interface-range} 3 (Optional) Disable uplink-state group tracking in UPLINK-STATE-GROUP mode.
Upstream Interfaces : eth1/1/35(Up) *po10(V:Up, ^P:Dwn) VLTi(NA) Downstream Interfaces : eth1/1/2(Up) *po20(V: Up,P: Up) OS10#show uplink-state-group 2 detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled (NA): Not Available *: VLT port-channel, V: VLT status, P: Peer Operational status ^: Tracking status Uplink State Group : 1 Name: iscsi_group, Status: Enabled, Up Upstream Interfaces : eth1/1/36(Up) *po30(^V:Up, P:Dwn) VLTi(Up) Downstream Interfaces : eth1/1/4(Up) *po20(V: Up,P: Up) O
Event VLT action on primary node VLT action on secondary node UFD action Reboot of VLT secondary peer No action After reboot, runs the delay restore timer. Both the upstream and downstream VLT portchannel remains disabled until the timer expires. UFD error-disables the downstream VLT port-channel as the upstream VLT portchannel is operationally down. After the timer expires, UFD receives operationally up of upstream VLT port-channel and sends clear errordisable of downstream VLT port-channel to IFM.
In the following example, the upstream member is part of VLT port-channel and the downstream member is an orphan port. The uplinkstate group includes the VLT port-channel, VLT node, and the downstream port. The configuration is symmetric on both the VLT nodes. In the following example, the downstream member is part of VLT port-channel and the upstream member is an orphan port. The uplinkstate group includes the VLT port-channel, VLT node, and the upstream port.
OS10 does not support adding a VLTi link member to the uplink-state group. You can add the VLTi link as upstream member to an uplinkstate group using the upstream VLTi command. If the VLTi link is not available in the system, OS10 allows adding the VLTi link as an upstream member. In this case, UFD starts tracking the operational status of the VLTi link when the link is available. Until the VLTi link is available, the show uplink-state-group details command displays the status of the link as NA.
clear ufd-disable Overrides the uplink-state group configuration and brings up the downstream interfaces. Syntax clear ufd-disable {interface interface-type | uplink-state-group group-id} Parameters • interface-type — Enter the interface type. • group-id — Enter the uplink state group ID, from 1 to 32. Default None Command Mode EXEC Usage Information This command manually brings up a disabled downstream interface that is in an UFD-disabled error state.
Command Mode UPLINK-STATE-GROUP Usage Information You cannot assign an interface that is already a member of an uplink-state group to another group. The no version of this command removes the interface from the uplink-state group. Example OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# downstream ethernet 1/1/1 Supported Releases 10.4.0E(R3) or later downstream auto-recover Enables auto-recovery of the disabled downstream interfaces.
Parameters None Default Disabled Command Mode UPLINK-STATE-GROUP Usage Information The no version of this command disables tracking of an uplink-state group. Example OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# enable Supported Releases 10.4.0E(R3) or later name Configures a descriptive name for the uplink-state group. Syntax name string Parameters string — Enter a description for the uplink-state group. A maximum of 32 characters.
show uplink-state-group Displays the configured uplink-state status. Syntax Parameters show uplink-state-group [group-id] [detail] • group-id — Enter the uplink group ID. The status of the specified group ID displays. • detail — Displays detailed information on the status of the uplink-state groups.
Available *: VLT port-channel, V: VLT status, P: Peer Operational status ^: Tracking status Uplink State Group : 1 Name: iscsi_group, Status: Enabled, Up Upstream Interfaces : eth1/1/36(Up) *po30(^V:Up, P:Dwn) VLTi(Up) Downstream Interfaces : eth1/1/4(Up) *po20(V: Up,P: Up) Supported Releases 10.4.0E(R3) or later uplink-state-group Creates an uplink-state group and enables upstream link tracking.
Supported Releases 10.4.
21 Converged data center services OS10 supports converged data center services, including IEEE 802.1 data center bridging (DCB) extensions to classic Ethernet. DCB provides I/O consolidation in a data center network. Each network device carries multiple traffic classes while ensuring lossless delivery of storage traffic with best-effort for local area network (LAN) traffic and latency-sensitive scheduling of service traffic. • 802.1Qbb — Priority flow control • 802.
PFC configuration notes • PFC is supported for 802.1p, dot1p priority traffic, from 0 to 7. FCoE traffic traditionally uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. • Configure PFC for ingress traffic by using network-qos class and policy maps, see Quality of Service. PFC-enabled traffic queues are treated as lossless queues. Configure the same network-qos policy map on all PFC-enabled ports.
1 Configure a trust map of dot1p traffic classes in CONFIGURATION mode. A trust map does not modify ingress dot1p values in output flows. Assign a qos-group to trusted dot1p values in TRUST mode using 1-to-1 mappings. Dot1p priorities are 0 to 7. For a PFC traffic class, map only one dot1p value to a qos-group number; for Broadcom-based NPU platforms, the qos-group number and the dot1p value must be the same. A qos-group number is used only internally to classify ingress traffic classes.
Configuration steps: 1 Create PFC dot1p traffic classes. 2 Configure ingress buffers for PFC traffic. 3 Apply a service policy and enable PFC. 4 (Optional) Configure the PFC shared buffer for lossless traffic. Create PFC dot1p traffic classes 1 Create a network-qos class map to classify PFC traffic classes in CONFIGURATION mode, from 1 to 7. Specify the traffic classes using the match qos-group command.
PFC is enabled on traffic classes with dot1p 3 and 4 traffic. The two traffic classes require different ingress queue processing. In the network-qos pp1 policy map, class cc1 uses customized PFC buffer size and pause frame settings; class cc2 uses the default settings.
1 2 3 4 5 6 7 - - - - - - - - - - - - - - - - - - - 9360 static 12779520 - View PFC system buffer configuration OS10# show qos system ingress buffer All values are in kb Total buffers Total lossless buffers Maximum lossless buffers Total shared lossless buffers Total used shared lossless buffers Total lossy buffers Total shared lossy buffers Total used shared lossy buffers - 12187 0 5512 0 11567 11192 0 OS10# show qos system egress buffer All values are in kb Total buffers - 12187
pause Configures the ingress buffer and pause frame settings used for PFC traffic classes. Syntax pause [buffer-size kilobytes pause-threshold kilobytes resume-threshold kilobytes] Parameters Defaults • buffer-size kilobytes — Enter the reserved (guaranteed) ingress-buffer size in kilobytes for PFC dot1p traffic, from 0 to 7787. • pause-threshold kilobytes — Enter the threshold used to send pause frames in kilobytes to a transmitting device, from 0 to 7787.
Default Not configured Command Mode POLICY-CLASS NETWORK-QOS Usage Information When you enter PFC-enabled dot1p priorities with pfc-cos, the dot1p values must be the same as the match qos-group (traffic class) numbers in the network-qos class map used to define the PFC traffic class, see Configure PFC Example. A qos-group number is used only internally to classify ingress traffic classes.
and LLFC at the same time on an interface. The no version of this command disables PFC on an interface. When you disable PFC, remove the PFC network-qos policy-class map applied to the interface. Example OS10(conf-if-eth1/1/1)# priority-flow-control mode on Supported Releases 10.3.0E or later queue-limit Sets the static and dynamic thresholds used to limit the shared-buffer size of PFC traffic-class queues.
Cos Rx Tx ----------------------0 0 0 1 0 0 2 0 0 3 0 587236 4 0 0 5 0 0 6 0 0 7 0 0 Supported Releases 10.3.0E or later Enhanced transmission selection ETS provides customized bandwidth allocation to 802.1p classes of traffic. Assign different amounts of bandwidth to Ethernet, FCoE, or iSCSI traffic classes that require different bandwidth, latency, and best-effort treatment during network congestion. ETS divides traffic into different priority groups using their 802.1p priority value.
• OS10 control traffic is sent to control queues, which have a strict priority that is higher than data traffic queues. ETS-allocated bandwidth is not supported on a strict priority queue. A strict priority queue receives bandwidth only from DCBX type, length, values (TLVs). • The CEE/IEEE2.5 versions of ETS TLVs are supported. ETS configurations are received in a TLV from a peer.
Or interface {ethernet node/slot/port[:subport] | range ethernet node/slot/port[:subport]-node/ slot/port[:subport]} trust-map dot1p dot1p-map-name trust-map dscp dscp-map-name qos-map traffic-class queue-map-name 7 Apply the qos trust policy to ingress traffic in SYSTEM-QOS or INTERFACE mode. service-policy input type qos trust-policy—map-name 8 Apply the queuing policy to egress traffic in SYSTEM-QOS or INTERFACE mode.
ets mode : Disabled Dot1p-tc-mapping : dot1p_map1 Dscp-tc-mapping : dscp_map1 tc-queue-mapping : tc-q-map1 View QoS maps: traffic-class to queue mapping OS10# show qos maps Traffic-Class to Queue Map: tc-q-map1 queue 0 qos-group 0 queue 1 qos-group 1 Traffic-Class to Queue Map: dot1p_map1 qos-group 0 dot1p 0-3 qos-group 1 dot1p 4-7 DSCP Priority to Traffic-Class Map : dscp_map1 qos-group 0 dscp 0-31 qos-group 1 dscp 32-63 ETS commands ets mode on Enables ETS on an interface.
DCBX configuration notes • • • • To exchange link-level configurations in a converged network, DCBX is a prerequisite for using DCB features, such as PFC and ETS. DCBX is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices must be DCBX-enabled so that DCBX is enabled end-to-end. DCBX uses LLDP to advertise and automatically negotiate the administrative state and PFC/ETS configuration with directly connected DCB peers.
2 • auto — Automatically selects the DCBX version based on the peer response, the default. • cee — Sets the DCBX version to CEE. • ieee — Sets the DCBX version to IEEE 802.1Qaz. (Optional) A DCBX-enabled port advertises all TLVs by default. If PFC or ETS TLVs are disabled, enter the command in INTERFACE mode to re-enable PFC or ETS TLV advertisements. dcbx tlv-select {ets-conf | ets-reco | pfc} • ets-conf — Enables ETS configuration TLVs. • ets-reco — Enables ETS recommendation TLVs.
View DCBX PFC TLV status OS10# show lldp dcbx interface ethernet 1/1/15 pfc detail Interface ethernet1/1/15 Admin mode is on Admin is enabled, Priority list is 4,5,6,7 Remote is enabled, Priority list is 4,5,6,7 Remote Willing Status is disabled Local is enabled, Priority list is 4,5,6,7 Oper status is init PFC DCBX Oper status is Up State Machine Type is Feature PFC TLV Tx Status is enabled Application Priority TLV Parameters : -------------------------------------ISCSI TLV Tx Status is enabled Local ISCSI
PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Oper status is init ETS DCBX Oper status is Up State Machine Type is Feature Conf TLV Tx Status is enabled Reco TLV Tx Status is disabled 220 Input Conf TLV Pkts, 396 Output Conf TLV Pkts, 0 Error Conf TLV Pkts DCBX commands dcbx enable Enables DCBX globally on all port interfaces.
Default DCBX advertises PFC, ETS Recommendation, and ETS Configuration TLVs. Command Mode INTERFACE Usage Information A DCBX-enabled port advertises all TLVs to DCBX peers by default. If PFC or ETS TLVs are disabled, enter the command to re-enable PFC or ETS TLV advertisements. You can enable multiple TLV options, such as ets-conf, ets-reco, and pfc with the same command. Example OS10(conf-if-eth1/1/2)# dcbx tlv-select ets-conf pfc Supported Releases 10.3.
show lldp dcbx interface Displays the DCBX configuration and PFC or ETS TLV status on an interface. Syntax show lldp dcbx interface ethernet node/slot/port[:subport] [ets detail | pfc detail] Parameters • interface ethernet node/slot/port[:subport] — Enter interface information. • ets detail — Display the ETS TLV status and operation with DCBX peers. • pfc detail — Display the PFC TLV status and operation with DCBX peers.
PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Remote Parameters : ------------------Remote is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -------------
5 Input TLV pkts, 2 Output TLV pkts, 0 Error pkts 5 Input Appln Priority TLV pkts, 2 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts Supported Releases 10.3.0E or later Internet small computer system interface iSCSI is a TCP/IP-based protocol that establishes and manages connections between servers and storage devices in a data center network. After you enable iSCSI, iSCSI optimization automatically detects Dell EMC EqualLogic storage arrays directly attached to switch ports.
In an iSCSI session, a switch connects CNA servers (iSCSI initiators) to a storage array (iSCSI targets) in a SAN or TCP/IP network. iSCSI optimization running on the switch uses dot1p priority-queue assignments to ensure that iSCSI traffic receives priority treatment. iSCSI configuration notes • Enable iSCSI optimization so the switch auto-detects and auto-configures Dell EMC EqualLogic storage arrays directly connected to an interface.
1 Configure an interface or interface range to detect a connected storage device. interface ethernet node/slot/port:[subport] 2 Enable the interface to support a storage device that is directly connected to the port and not automatically detected by iSCSI. Use this command for storage devices that do not support LLDP. The switch auto-detects and auto-configures Dell EMC EqualLogic storage arrays directly connected to an interface when you enable iSCSI optimization.
OS10(config)# OS10(config)# OS10(config)# OS10(config)# iscsi iscsi iscsi iscsi session-monitoring enable aging time 15 priority-bits 0x20 enable View iSCSI optimization OS10# show iscsi iSCSI Auto configuration is Enabled iSCSI session monitoring is Enabled iSCSI COS qos-group 4 remark dot1p 4 Session aging time 15 Maximum number of connections is 100 Port IP Address -----------------------3260 860 3261 10.1.1.
• If the iSCSI login request is received on a non-VLT interface, followed by a response from a VLT interface, the connection is associated with the VLT LAG interface and the information about the session synchronizes with the VLT peer. • When a VLT interconnect comes up, information about iSCSI sessions learnt on the VLT LAG exchanges between the VLT-peers. iSCSI commands iscsi aging Sets the aging time for monitored iSCSI sessions.
iscsi priority-bits Resets the priority bitmap advertised in iSCSI application TLVs. Syntax iscsi priority-bits {priority-bitmap} Parameter priority-bitmap — Enter a bitmap value for the dot1p priority advertised for iSCSI traffic in iSCSI application TLVs (0x1 to 0xff). Default 0x10 (dot1p 4) Command Mode CONFIGURATION Usage Information iSCSI traffic uses dot1p priority 4 in frame headers by default. Use this command to reconfigure the dot1p-priority bits advertised in iSCSI application TLVs.
Usage Information To configure the aging timeout in iSCSI monitoring sessions use the iscsi aging time command. To configure the TCP ports that listen for connected storage devices in iSCSI monitoring sessions use the iscsi target port command. The no version of this command disables iSCSI session monitoring. Example OS10(config)# iscsi session-monitoring enable Supported Releases 10.3.0E or later iscsi target port Configures the TCP ports used to monitor iSCSI sessions with target storage devices.
show iscsi Displays currently configured iSCSI settings. Syntax show iscsi Parameters None Command Mode EXEC Usage Information This command output displays global iSCSI configuration settings. To view target and initiator information use the show iscsi session command.
IP Address TCP Port IP Address TCP Port ID ---------------------------------------------------------10.10.10.210 54835 10.10.10.40 3260 1 Supported Releases 10.3.0E or later show iscsi storage-devices Displays information about the storage arrays directly attached to OS10 ports. Syntax show iscsi storage-devices Parameters None Command Mode EXEC Usage Information The command output displays the storage device connected to each switch port and whether iSCSI automatically detects it.
PFC is enabled on traffic classes with dot1p 4, 5, 6, and 7 traffic. All the traffic classes use the default PFC pause settings for shared buffer size and pause frames in ingress queue processing in the network-qos policy map. The trust-map dot1p default honors (trusts) all dot1p ingress traffic.
OS10(config-cmap-queuing)# match queue 0 OS10(config-cmap-queuing)# exit OS10(config)# class-map type queuing cmap2 OS10(config-cmap-queuing)# match queue 1 OS10(config-cmap-queuing)# exit OS10(config)# policy-map type queuing pmap1 OS10(config-pmap-queuing)# class cmap1 OS10(config-pmap-c-que)# bandwidth percent 30 OS10(config-pmap-c-que)# exit OS10(config-pmap-queuing)# class cmap2 OS10(config-pmap-c-que)# bandwidth percent 70 OS10(config-pmap-c-que)# end OS10(config)# system qos OS10(config-sys-qos)# tru
Local DCBX TLVs Transmitted: ERPfI 4 Input PFC TLV pkts, 3 Output PFC TLV pkts, 0 Error PFC pkts 2 Input ETS Conf TLV Pkts, 27 Output ETS Conf TLV Pkts, 0 Error ETS Conf TLV Pkts 2 Input ETS Reco TLV pkts, 27 Output ETS Reco TLV pkts, 0 Error ETS Reco TLV Pkts Total Total Total Total DCBX DCBX DCBX DCBX Frames transmitted 0 Frames received 0 Frame errors 0 Frames unrecognized 0 8.
6 7 0% 0% SP SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3, 30% ETS 1 4,5,6,7 70% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Oper status is init ETS DCBX Oper status is Up State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 2 Input Conf TLV Pkts, 27 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 2 Input Reco TLV Pkts, 27
Local is enabled, Priority list is 4,5,6,7 Oper status is init PFC DCBX Oper status is Up State Machine Type is Symmetric PFC TLV Tx Status is enabled Application Priority TLV Parameters : -------------------------------------ISCSI TLV Tx Status is enabled Local ISCSI PriorityMap is 0x40 Remote ISCSI PriorityMap is 0x10 4 Input TLV pkts, 3 Output TLV pkts, 0 Error pkts 4 Input Appln Priority TLV pkts, 3 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts 12.
Total Total Total Total 0 DCBX DCBX DCBX DCBX Frames transmitted 3 Frames received 3 Frame errors 0 Frames unrecognized OS10(conf-if-eth1/1/53)# dcbx version cee OS10(conf-if-eth1/1/53)# show configuration ! interface ethernet1/1/53 switchport access vlan 1 no shutdown dcbx version ieee service-policy input type network-qos test trust-map dot1p default service-policy output type queuing pmap1 ets mode on qos-map traffic-class tmap2 trust-map dot1p tmap1 priority-flow-control mode on OS10(conf-if-eth1/1/5
22 sFlow sFlow is a standard-based sampling technology embedded within switches and routers that monitors network traffic. It provides traffic monitoring for high-speed networks with many switches and routers.
Enable or disable sFlow on a specific interface • Enable sFlow in CONFIGURATION mode. sflow enable • Disable sFlow in CONFIGURATION mode.
sflow enable ! Collector configuration Configure the IPv4 or IPv6 address for the sFlow collector. When you configure the collector, enter a valid and reachable IPv4 or IPv6 address. You can configure a maximum of two sFlow collectors. If you specify two collectors, samples are sent to both. The agent IP address must be the same for both the collectors.
0 UDP packets dropped 0 sFlow samples collected Polling-interval configuration The polling interval for an interface is the number of seconds between successive samples of counters sent to the collector. You can configure the duration for polled interface statistics. Unless there is a specific deployment need to configure a lower polling interval value, configure the polling interval to the maximum value. • Change the default counter polling interval in CONFIGURATION mode, from 10 to 300.
Configure sFlow sampling rate OS10(config)# sflow sample-rate 4096 View sFlow packet header size OS10# show sflow sFlow services are enabled Management Interface sFlow services are disabled Global default sampling rate: 4096 Global default counter polling interval: 20 Global default extended maximum header size: 128 bytes Global extended information enabled: none 1 collector(s) configured Collector IP addr:10.16.151.245 Agent IP addr:10.16.132.
interface vlan1 no shutdown ! interface vlan10 no shutdown ip address 10.1.1.1/24 View sFlow details OS10# show sflow sFlow services are enabled Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 30 Global default extended maximum header size: 128 bytes Global extended information enabled: none 2 collector(s) configured Collector IP addr:5.1.1.1 Agent IP addr:10.1.1.
sflow collector Configures an sFlow collector IP address where sFlow datagrams are forwarded. You can configure a maximum of two collectors. Syntax Parameters sflow collector {ipv4-address | ipv6-address} agent-addr {ipv4-address | ipv6address} [collector-port-number] [max-datagram-size datagram-size-number] [vrf vrf-name] • ipv4-address | ipv6-address — Enter an IPv4 or IPv6 address in A.B.C.D/A::B format. • agent-addr ipv4-address | ipv6-address — Enter the sFlow agent IP address.
Example (interface range) OS10(config)# sflow enable OS10(config)# interface range ethernet 1/1/1-1/1/10 OS10(conf-range-eth1/1/1-1/1/10)# sflow enable Example (portchannel) OS10(config)# sflow enable OS10(config)# interface range port-channel 1-10 OS10(conf-range-po-1-10)# sflow enable Supported Releases 10.3.0E or later sflow max-header-size Sets the maximum header size of a packet. Syntax sflow max-header-size header-size Parameter header-size — Enter the header size in bytes, from 64 to 256.
Parameter value — Enter the packet sample rate, from 4096 to 65535. The default is 32768. Default 32768 Command Mode CONFIGURATION Usage Information Sampling rate is the number of packets skipped before the sample is taken. For example, if the sampling rate is 4096, one sample generates for every 4096 packets observed. The no version of the command resets the sampling rate to the default value. Example OS10(conf)# sflow sample-rate 4096 Supported Releases 10.3.
Command Mode EXEC Usage Information OS10 does not support statistics for UDP packets dropped and samples received from the hardware. Example OS10# show sflow sFlow services are enabled Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 30 Global default extended maximum header size: 128 bytes Global extended information enabled: none 1 collector(s) configured Collector IP addr:10.16.151.245 Agent IP addr:10.16.132.
23 Telemetry Network health relies on performance monitoring and data collection for analysis and troubleshooting. Network data is often collected with SNMP and CLI commands using the pull mode. In pull mode, a management device sends a get request and pulls data from a client. As the number of objects in the network and the metrics grow, traditional methods limit network scaling and efficiency. Using multiple management systems further limits network scaling.
Table 77. BGP YANG Container Minimum sampling interval (milliseconds) bgp/bgp-oper/bgpPeerCount 15000 bgp/bgp-oper/bgpPrfxCntrsEntry 15000 BGP peers Table 78. BGP peers YANG Container Minimum sampling interval (milliseconds) infra-bgp/peer-state/peer-status 0 Buffer statistics Table 79.
Interface statistics Table 82. Interface statistics YANG Container Minimum sampling interval (milliseconds) if/interfaces-state/interface/statistics 15000 dell-base-if-cmn/if/interfaces-state/interface 15000 Port-channel (lag) member ports Table 83. Port-channel (lag) member ports YANG Container Minimum sampling interval (milliseconds) dell-base-if-cmn/if/interfaces 0 System statistics Table 84.
A sensor group defines the data that is collected and streamed to a destination. Use any of the pre-configured sensor groups to monitor system resources. To display the sensor paths for each group, use the show telemetry sensor-group command. Table 85.
• management 1/1/1 — Enter the management interface. • port-channel channel-id — Enter a port-channel ID, from 1 to 28. • vlan vlan-id — Enter a VLAN ID, from 1 to 4093. 5 Configure the gpb encoding format in which data is streamed in SUBSCRIPTION-PROFILE mode. OS10(conf-telemetry-sp-subscription)# encoding format 6 Configure the gRPC transport protocol used to stream data to a destination in SUBSCRIPTION-PROFILE mode.
bgp-peer buffer device environment interface lag system 0 15000 300000 300000 180000 0 300000 Encoding : gpb Transport : grpc TLS : disabled Source Interface : ethernet1/1/1 Active : true Reason : Connection summary: One or more active connections The connection 10.11.56.204:40001 is in connected state View destination group OS10# show telemetry destination-group Telemetry Status : enabled -- Telemetry Destination Groups -Group : dest1 Destination : 10.11.56.
-- Telemetry Subscription Profile -Name : subscription-1 Destination Groups(s) : dest1 Sensor-group Sample-interval ----------------------------------bgp 300000 bgp-peer 0 buffer 15000 device 300000 environment 300000 interface 180000 lag 0 system 300000 Encoding : gpb Transport : grpc TLS : disabled Source Interface : ethernet1/1/1 Active : true Reason : Connection summary: One or more active connections The connection 10.11.56.
Usage information When an error condition occurs, use the debug telemetry command to store telemetry data in a debug file. The telemetry debug file is stored at /var/log/grpc_server.log. Example OS10# debug telemetry Supported releases 10.4.3.0 or later destination Configures a destination management device that receives streaming telemetry. Syntax destination {ip-address | domain-name} port-number Parameters • ip-address — Enter the IPv4 or IPv6 address of the destination device.
destination-group (telemetry) Configures a destination group for streaming telemetry. Syntax destination-group group-name Parameters group-name — Enter the name of the destination group. A maximum of 32 characters maximum. Default Not configured Command mode TELEMETRY Usage information A destination group defines the destination servers to which streaming telemetry data is sent. The no version of this command removes the configured group.
gnmi-security-profile Set the security profile for the gNMI agent. Syntax gnmi-security-profile profile-name Parameters • profile-name — Enter the name of the security profile to be associated with the gNMI agent. Default Not configured Command mode CONFIGURATION Mode Usage information Before establishing a connection to the gNMI agent, set a valid application-specific security profile for the gNMI agent.
sensor-group (telemetry) Configures a sensor group for streaming telemetry. NOTE: This command is not supported in release 10.4.3.0. Syntax sensor-group group-name Parameters group-name — Enter the name of the sensor group. A maximum of 32 characters. You can enter the name of a pre-configured sensor-group profile. Valid values are: bgp, bgp-peer, buffer, device, environment, interface, lag, and system.
show telemetry Displays the configured destination-group, sensor-group, and subscription profiles for streaming telemetry. Syntax show telemetry [destination-group [group-name] | sensor-group [group-name] | subscription-profile [profile-name]] Parameters • destination-group — Display only destination groups or a specified group. • sensor-group — Display only sensor groups or a specified group. • subscription-profile — Display only subscription profiles or a specified profile.
Group : system Sensor Path : system-status/current-status OS10# show telemetry subscription-profile Telemetry Status : enabled -- Telemetry Subscription Profile -Name : subscription-1 Destination Groups(s) : dest1 Sensor-group Sample-interval ----------------------------------bgp 300000 bgp-peer 0 buffer 15000 device 300000 environment 300000 interface 180000 lag 0 system 300000 Encoding : gpb Transport : grpc TLS : disabled Source Interface : ethernet1/1/1 Active : true Reason : Connection summary: One o
• ethernet node/slot/port[:subport] — Enter a physical Ethernet interface. • loopback number — Enter a Loopback interface, from 0 to 16383. • management 1/1/1 — Enter the management interface. • port-channel channel-id — Enter a port-channel ID, from 1 to 28. • vlan vlan-id — Enter a VLAN ID, from 1 to 4093.
telemetry Enters Telemetry configuration mode to configure streaming telemetry. Syntax telemetry Parameters None Default Telemetry is disabled on the switch. Command mode CONFIGURATION Usage information Enable and disable streaming telemetry in Telemetry mode. Example OS10(config)# telemetry OS10(conf-telemetry)# Supported releases 10.4.3.0 or later transport Configures the transport protocol used to stream telemetry data to a remote management device.
OS10(conf-telemetry-sp-subscription-1)# OS10(conf-telemetry-sp-subscription-1)# OS10(conf-telemetry-sp-subscription-1)# OS10(conf-telemetry-sp-subscription-1)# OS10(conf-telemetry-sp-subscription-1)# OS10(conf-telemetry-sp-subscription-1)# OS10(conf-telemetry-sp-subscription-1)# OS10(conf-telemetry-sp-subscription-1)# OS10(conf-telemetry-sp-subscription-1)# sensor-group environment 300000 sensor-group interface 180000 sensor-group lag 0 sensor-group system 300000 destination-group dest1 encoding gpb transp
Source Interface : ethernet1/1/1 Active : true Reason : Connection summary: One or more active connections The connection 10.11.56.
24 RESTCONF API RESTCONF is a representational state transfer (REST)-like protocol that uses HTTPS connections. Use the OS10 RESTCONF API to set up the configuration parameters on OS10 switches using JavaScript Object Notation (JSON)-structured messages. Use any programming language to create and send JSON messages. The examples in this chapter use curl. The OS10 RESTCONF implementation complies with RFC 8040. You can use the RESTCONF API to configure and monitor an OS10 switch.
3 (Optional) Limit the ciphers that the switch uses in a RESTCONF HTTPS session to encrypt and decrypt data in CONFIGURATION mode. By default, all cipher suites installed on OS10 are supported. Separate multiple entries with a blank space. Valid cipher-suite values are: • dhe-rsa-with-aes-128-gcm-SHA256 • dhe-rsa-with-aes-256-gcm-SHA384 • ecdhe-rsa-with-aes-128-gcm-SHA256 • ecdhe-rsa-with-aes-256-gcm-SHA384 rest https cipher-suite 4 Enable RESTCONF API in CONFIGURATION mode.
• ecdhe-rsa-with-aes-256-gcm-SHA384 Default All cipher suites installed with OS10 are supported. Command Mode CONFIGURATION Usage Information • Use the rest https cipher-suite command to restrict the ciphers that a RESTCONF HTTPS session uses. • The no version of the command removes the cipher list and restores the default value. Example OS10(config)# rest https cipher-suite dhe-rsa-with-aes-128-gcm-SHA256 dhe-rsa-with-aes-256-gcm-SHA384 ecdhe-rsa-with-aes-256-gcm-SHA384 Supported Releases 10.
RESTCONF API tasks Using the RESTCONF API, you can provision OS10 switches using HTTPS requests. The examples in this section show how to access the OS10 RESTCONF API using curl commands. curl is a Linux shell command that generates HTTPS requests and is executed on an external server. curl Commands curl command options include: • -X specifies the HTTPS request type; for example, POST , PATCH, or GET. • -u specifies the user name and password to use for server authentication.
Locate the XML parameters values for the same JSON data arguments. For example, to configure VLAN 20 on an OS10 switch, enter the RESTCONF endpoint and JSON contents in the curl command. Note how the JSON type and name parameters are displayed in the XML structure of the interface vlan command.
System Configure system hostname RESTCONF endpoint /restconf/data/dell-system:system/hostname JSON content { } Parameters Example • "hostname":"MyHost" hostname string —Enter the hostname of the system. The default is OS10. curl -X PATCH -k -u admin:admin -H "Content-Type: application/json" https://10.11.86.
} Parameters Example 1310 • } "address": { "primary-addr":"6.6.6.6/24" } primary-addr ip-address/prefix-length — Enter the loopback IP address in dotted-decimal A.B.C.D/x format. curl -X POST -k -u admin:admin "https://10.11.86.113/restconf/data/interfaces/ interface/loopback1" -H "accept: application/json" -H "Content-Type: application/json" -d '{"dell-ip:ipv4":{"address": {"primary-addr":"6.6.6.
25 Troubleshoot OS10 Critical workloads and applications require constant availability. Dell EMC Networking offers tools to help you monitor and troubleshoot problems before they happen.
Unit Type Part Number Rev Piece Part ID Svc Tag Exprs Svc Code -----------------------------------------------------------------------------------------------* 1 S4148F-ON 09H9MN X01 TW-09H9MN-28298-713-0026 9531XC2 198 985 006 10 1 S4148F-ON-PWR-1-AC 06FKHH A00 CN-06FKHH-28298-6B5-03NY 1 S4148F-ON-FANTRAY-1 0N7MH8 X01 TW-0N7MH8-28298-713-0101 1 S4148F-ON-FANTRAY-2 0N7MH8 X01 TW-0N7MH8-28298-713-0102 1 S4148F-ON-FANTRAY-3 0N7MH8 X01 TW-0N7MH8-28298-713-0103 1 S4148F-ON-FANTRAY-4 0N7MH8 X01 TW-0N7MH8-28298-7
KiB Mem: 3998588 KiB Swap: 399856 PID USER PR 9 root 20 819 snmp 20 30452 admin 20 1 root 20 2 root 20 3 root 20 5 root 0 7 root 20 8 root 20 10 root 20 11 root 20 12 root 20 13 root rt 14 root rt 15 root rt 16 root rt 17 root 20 19 root 0 20 root 0 21 root 20 22 root 0 23 root 20 24 root 0 25 root 25 --more-- total, 2089416 used, 1909172 free, 143772 buffers total, 0 used, 399856 free. 483276 cached Mem NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 0 0 0 0 S 6.1 0.0 5:22.41 rcuos/1 0 52736 6696 4132 S 6.1 0.
Packet analysis Use the Linux tcpdump command to analyze network packets. Use filters to limit packet collection and output. You must be logged into the Linux shell to use this command. For more information, seeLog into OS10 Device. Use the Linux tcpdump command without parameters to view packets that flow through all interfaces. To write captured packets to a file, use the -w parameter. To read the captured file output offline, you can use open source software packages such as wireshark.
07:00.1 USB controller: Pericom Semiconductor PI7C9X442SL USB OHCI Controller (rev 01) 07:00.2 USB controller: Pericom Semiconductor PI7C9X442SL USB EHCI Controller (rev 01) 08:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection Test network connectivity Use the ping and traceroute commands to test network connectivity. When you ping an IP address, you send packets to a destination and wait for a response. If there is no response, the destination is not active.
----------------------------------------------Hops Hostname Probe1 Probe2 Probe3 1 100::1 000.000 ms 000.000 ms 000.000 ms OS10# traceroute 3ffe:501:ffff:100:201:e8ff:fe00:4c8b Type Ctrl-C to abort. ----------------------------------------------Tracing the route to 3ffe:501:ffff:100:201:e8ff:fe00:4c8b, 64 hops max, 60 byte packets ----------------------------------------------Hops Hostname Probe1 Probe2 Probe3 1 3ffe:501:ffff:100:201:e8ff:fe00:4c8b 000.000 ms 000.000 ms 000.
Product Base : ECS Gen3 Product Serial Number : APM001123 Product Part Number : 900-590-0 View tech-support details OS10# show tech-support --------------------show inventory-----------------------------Product : S6000-ON Description : S6000-ON 32x40GbE QSFP+ Interface Module Software version : 10.4.
Product Serial Number : Product Part Number : Unit Type Part Number Rev Piece Part ID Svc Tag Exprs Svc Code -----------------------------------------------------------------------------------------------* 1 S4148F-ON 09H9MN X01 TW-09H9MN-28298-713-0026 9531XC2 198 985 006 10 1 S4148F-ON-PWR-1-AC 06FKHH A00 CN-06FKHH-28298-6B5-03NY 1 S4148F-ON-FANTRAY-1 0N7MH8 X01 TW-0N7MH8-28298-713-0101 1 S4148F-ON-FANTRAY-2 0N7MH8 X01 TW-0N7MH8-28298-713-0102 1 S4148F-ON-FANTRAY-3 0N7MH8 X01 TW-0N7MH8-28298-713-0103 1 S4
location-led interface Changes the location LED of the interface. Syntax Parameters location-led interface ethernet {chassis/slot/port[:subport]} {on | off} • chassis/slot/port[:subport] — Enter the ethernet interface number. • on | off — Set the interface LED to be on or off. Default Not configured Command Mode EXEC Usage Information Use this command to change the location LED for the specified interface.
=================================== Type Boot Type Active Standby Next-Boot ----------------------------------------------------------------------------------Node-id 1 Flash Boot [B] 10.5.0.0 [A] 10.5.0.0 [B] active Example (Detail) OS10# show boot detail Current system image information detail: ========================================== Type: Node-id 1 Boot Type: Flash Boot Active Partition: B Active SW Version: 10.5.0.0 Active SW Build Version: 10.5.0.270 Active Kernel Version: Linux 4.9.
01:00.0 Ethernet controller: Broadcom Corporation Device b340 (rev 01) 01:00.1 Ethernet controller: Broadcom Corporation Device b340 (rev 01) Supported Releases 10.2.0E or later show environment Displays information about environmental system components, such as temperature, fan, and voltage.
show inventory Displays system inventory information. Syntax show inventory Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show inventory Product Description Software version Product Base Product Serial Number Product Part Number : S4148F-ON : S4148F-ON 48x10GbE, 2x40GbE QSFP+, 4x100GbE QSFP28 Interface Mod : 10.5.0.
5 root 7 root 8 root 10 root 11 root 12 root 13 root 14 root 15 root 16 root 17 root 19 root 20 root 21 root 22 root 23 root 24 root 25 root --more-- 0 20 20 20 20 20 rt rt rt rt 20 0 0 20 0 20 0 25 -20 0 0 0 0 0 0 0 0 0 0 -20 -20 0 -20 0 -20 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 S R S S S S S S S S S S S S S S S S 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.
Physical Ports BIOS System CPLD Master CPLD Slave CPLD : 48x10GbE, 2x40GbE, 4x100GbE : 3.33.0.0-3 : 0.4 : 0.10 : 0.
FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 13195 up Supported Releases 2 up NORMAL 1 13151 up 3 up NORMAL 1 13239 up 4 up NORMAL 1 13239 up 10.2.0E or later traceroute Displays the routes that packets take to travel to an IP address. Syntax Parameters traceroute [vrf {management | vrf-name}] host [-46dFITnreAUDV] [-f first_ttl] [-g gate,...
– packet_len — (Optional) Enter the total size of the probing packet. The default is 60 bytes for IPv4 and 80 for IPv6. Default Not configured Command Mode EXEC Usage Information None Example OS10# traceroute www.dell.com traceroute to www.dell.com (23.73.112.54), 30 hops max, 60 byte packets 1 10.11.97.254 (10.11.97.254) 4.298 ms 4.417 ms 4.398 ms 2 10.11.3.254 (10.11.3.254) 2.121 ms 2.326 ms 2.550 ms 3 10.11.27.254 (10.11.27.254) 2.233 ms 2.207 ms 2.391 ms 4 Host65.hbms.com (63.80.56.65) 3.
| initrd (hd0,gpt7)/boot/os10.initrd | +-------------------------------------------------------------------------------------------+ 6 Press Ctrl + x to reboot your system. If Ctrl + x does not cause the system to reboot, press Alt + 0. The system boots to a root shell without a password. 7 At the root prompt, enter usermod -s /bin/bash linuxadmin to enable the linuxadmin user.
-* Dell EMC Network Operating System (OS10) *-* *-* Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved. *-* *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*This product is protected by U.S. and international copyright and intellectual property laws. Dell EMC and the Dell EMC logo are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Restore factory defaults To restore your system factory defaults, reboot the system to ONIE: Uninstall OS mode. CAUTION: Restoring factory defaults erases any installed operating system and requires a long time to erase storage. If it is not possible to restore your factory defaults with the installed OS, reboot the system from the Grub menu and select ONIE: Rescue. ONIE Rescue bypasses the installed operating system and boots the system into ONIE until you reboot the system.
SupportAssist periodically collects information about configuration, inventory, logs, and so on, from the network devices. It sends this information securely to a centralized Dell EMC SupportAssist infrastructure server, referred to as the SupportAssist server in this section. The Dell EMC SupportAssist infrastructure service specifies a structured format to collect the data. If there is a failure, SupportAssist automatically creates a support case.
4 (Required) Specify the SupportAssist server URL or IP address in SUPPORT-ASSIST mode, and specify your Dell Digital Locker (DDL) credentials to access the SupportAssist server. This account must have entitlements to the OS10 switch in DDL. You can enter default to specify the SupportAssist server URL (https://esrs3.emc.com).
1 (Required) Enter the contact name in SUPPORT-ASSIST mode. OS10(config)# support-assist OS10(conf-support-assist)# contact-company name ExampleCompanyName OS10(conf-support-assist-ExampleCompanyName)# contact-person first firstname last lastname 2 (Required) Enter the email addresses in SUPPORT-ASSIST mode. OS10(conf-support-assist-ExampleCompanyName)# email-address primary email-address [alternate alternate-email-address] You can optionally configure an alternate email address.
View status View the SupportAssist configuration status, details, and EULA information using the following show commands: 1 View the SupportAssist activity in EXEC mode. show support-assist status 2 View the EULA license agreement in EXEC mode.
Terms ("Agreement"). This Agreement is a legally binding agreement between the entity that has obtained the Software ("You" or "Customer") and Provider (which may be a Dell Inc. Affiliate or an authorized reseller ("Reseller"), as explained below). If you are acting on behalf of a U.S. Federal Government agency, please stop installing the Software and contact your sales account representative. . . .
Country name Country code Bolivia, Plurinational State of BOL Bonaire, Sint Eustatius and Saba BES Bosnia and Herzegovina BIH Botswana BWA Bouvet Island BVT Brazil BRA British Indian Ocean Territory IOT Brunei Darussalam BRN Bulgaria BGR Burkina Faso BFA Burundi BDI Cambodia KHM Cameroon CMR Canada CAN Cabo Verde CPV Cayman Islands CYM Central African Republic CAF Chad TCD Chile CHL China CHN Christmas Island CXR Cocos (Keeling) Islands CCK Colombia COL Comoro
Country name Country code Ecuador ECU Egypt EGY El Salvador SLV Equatorial Guinea GNQ Eritrea ERI Estonia EST Ethiopia ETH Falkland Islands (Malvinas) FLK Faroe Islands FRO Fiji FJI Finland FIN France FRA French Guiana GUF French Polynesia PYF French Southern Territories ATF Gabon GAB Gambia GMB Georgia GEO Germany DEU Ghana GHA Gibraltar GIB Greece GRC Greenland GRL Grenada GRD Guadeloupe GLP Guam GUM Guatemala GTM Guernsey GGY Guinea GIN Guinea-B
Country name Country code India IND Indonesia IDN Iran, Islamic Republic of IRN Iraq IRQ Ireland IRL Isle of Man IMN Israel ISR Italy ITA Jamaica JAM Japan JPN Jersey JEY Jordan JOR Kazakhstan KAZ Kenya KEN Kiribati KIR Korea, Democratic People's Republic of PRK Korea, Republic of KOR Kuwait KWT Kyrgyzstan KGZ Lao People's Democratic Republic LAO Latvia LVA Lebanon LBN Lesotho LSO Liberia LBR Libya LBY Liechtenstein LIE Lithuania LTU Luxembourg LUX M
Country name Country code Mauritania MRT Mauritius MUS Mayotte MYT Mexico MEX Micronesia, Federated States of FSM Moldova, Republic of MDA Monaco MCO Mongolia MNG Montenegro MNE Montserrat MSR Morocco MAR Mozambique MOZ Myanmar MMR Namibia NAM Nauru NRU Nepal NPL Netherlands NLD New Caledonia NCL New Zealand NZL Nicaragua NIC Niger NER Nigeria NGA Niue NIU Norfolk Island NFK Northern Mariana Islands MNP Norway NOR Oman OMN Pakistan PAK Palau PLW Pa
Country name Country code Puerto Rico PRI Qatar QAT Réunion REU Romania ROU Russian Federation RUS Rwanda RWA Saint Barthélemy BLM Saint Helena, Ascension and Tristan da Cunha SHN Saint Kitts and Nevis KNA Saint Lucia LCA Saint Martin (French part) MAF Saint Pierre and Miquelon SPM Saint Vincent and the Grenadines VCT Samoa WSM San Marino SMR Sao Tome and Principe STP Saudi Arabia SAU Senegal SEN Serbia SRB Seychelles SYC Sierra Leone SLE Singapore SGP Sint Ma
Country name Country code Syrian Arab Republic SYR Taiwan, Province of China TWN Tajikistan TJK Tanzania, United Republic of TZA Thailand THA Timor-Leste TLS Togo TGO Tokelau TKL Tonga TON Trinidad and Tobago TTO Tunisia TUN Turkey TUR Turkmenistan TKM Turks and Caicos Islands TCA Tuvalu TUV Uganda UGA Ukraine UKR United Arab Emirates ARE United Kingdom GBR United States USA United States Minor Outlying Islands UMI Uruguay URY Uzbekistan UZB Vanuatu VUT Vene
eula-consent Accepts or rejects the SupportAssist end-user license agreement (EULA). Syntax Parameters Default Command Mode eula—consent {support-assist} {accept | reject} • support-assist — Enter to accept or reject the EULA for the service. • accept — Enter to accept the EULA-consent. • reject — Enter to reject EULA-consent. Not configured • CONFIGURATION Usage Information If you reject the end-user license agreement, you cannot access the SupportAssist Configuration submode.
Default Not applicable Command Mode • CONFIGURATION Usage Information None Example OS10(config)# support-assist OS10(conf-support-assist)# Supported Releases 10.2.0E or later support-assist-activity Schedules a time for data collection and transfer activity or performs on-demand data collection and managed file transfer.
Examples OS10# support-assist-activity full-transfer start-now OS10# support-assist-activity full-transfer schedule hourly min 59 OS10# support-assist-activity full-transfer schedule daily hour 23 min 59 OS10# support-assist-activity full-transfer schedule weekly day-of-week 1 hour 23 min 59 OS10# support-assist-activity full-transfer schedule monthly day 30 hour 23 min 59 OS10# support-assist-activity full-transfer schedule yearly month 12 day 31 hour 23 min 59 Supported Releases 10.2.
server url Configures the URL and port of the SupportAssist server and specifies the username and password that is required for SupportAssist server authorization. Syntax server url {default | server-url-string} username username password password Parameters Default • default—Enter default to connect to the SupportAssist server (https://esrs3.emc.com). • server-url-string—Enter the domain name or IP address of the SupportAssist server.
Supported Releases 10.2.0E or later show running-configuration support-assist Displays the SupportAssist configuration currently running on the device. Syntax show running-configuration support-assist Parameters None Default Not configured Command Mode • EXEC Usage Information None Example OS10# show running-configuration support-assist ! support-assist server url https://esrs3stg.emc.
Software and contact your sales account representative. . . . <
Last Last Last Last Supported Releases KeepAlive Failed at : 2019-06-13 18:00:03 MFT Status : Success MFT Successful at : 2019-06-13 16:15:19 MFT Failed at : Never 10.2.0E or later source-interface Configures the source interface to establish outgoing connectivity to the SupportAssist server. Syntax source-interface interface Parameters interface: Default Command Mode • ethernet node/slot/port[:subport]—Enter a physical Ethernet interface. • loopback number—Enter a Loopback interface, 0–16383.
Command Mode • SUPPORT-ASSIST contact company sub-mode Usage Information Enter ? to view a list of supported country names and codes. You can also find this information at the following location: Country names and codes. The no version of this command removes the configuration. Example OS10(conf-support-assist-ExampleCompanyName)# address city SanJose state California country USA zipcode 95123 Supported Releases 10.2.0E or later contact-person Configures the contact name for an individual.
territory Configures the place where the company is located. Syntax territory territory-name Parameters territory-name—Enter the territory where the company is located. Default Not configured Command Mode • CONF-SUPPORT-ASSIST Usage Information The no version of this command removes the configuration. Example OS10(conf-support-assist)# contact-company name ExampleCompanyName OS10(conf-support-assist-ExampleCompanyName)# territory West Supported Releases 10.2.
Example OS10(conf-support-assist-ExampleCompanyName-FirstnameLastname)# phone primary 000-123-4567 Supported Releases 10.2.0E or later preferred-method Configures a preferred method to contact an individual. Syntax preferred-method {email | phone | no-contact} Parameters Default • email—Enter to select email as the preferred contact method. • phone—Enter to select phone as the preferred contact method.
Support bundle generation start event Apr 19 bundle Apr 19 bundle 16:57:55: execution 16:57:55: execution %Node.1-Unit.1:PRI:OS10 %log-notice:SUPPORT_BUNDLE_STARTED: generate supporthas started successfully:All Plugin options disabled %Node.1-Unit.1:PRI:OS10 %log-notice:SUPPORT_BUNDLE_STARTED: generate supporthas started successfully:All Plugin options enabled sosreport generation start event May 11 22:9:43: collection task May 11 22:9:43: collection task %Node.1-Unit.
System events and alarms An event notifies you of a change or situation in the system that you might be interested in. An alarm indicates that the system has entered an abnormal state and may require immediate action. Events are classified into: • Stateless events—One-time notifications about the system condition, for example, ACL updates, firewall policy update, and so on. • Stateful events—Events that are raised when the abnormal situation arises, and cleared when the situation returns to normal.
Severity profiles OS10 allows you to change the severity of events using severity profiles. A severity profile is a .xml file that defines the effective severity of events or disables the notification of events. OS10 comes with a default severity profile. You cannot modify or delete the default profile. However, OS10 allows you to define custom severity profiles. • Default severity profile—All events are defined in the default profile.
NOTE: When you modify the xml file, you must select one of the following severities: • CRITICAL • MAJOR • MINOR • WARNING • INFORMATIONAL If you want OS10 to generate the event, set the Enable flag to true. To turn off event notification, set the Enable flag to false. If you enter invalid values, the event severity-profile command fails. 4 Copy the custom profile to the OS10 switch. OS10# copy scp://username:password@a.b.c.d/dir-path/mySevProf.xml severity-profile:// mySevProf_1.
• Enter the minimum severity level for logging to the console in CONFIGURATION mode. logging console severity • Enter the minimum severity level for logging to the system log file in CONFIGURATION mode. logging log-file severity • Enter the minimum severity level for logging to terminal lines in CONFIGURATION mode. logging monitor severity • Enter which server to use for syslog messages with the hostname or IP address in CONFIGURATION mode.
• 2 filename specifies an optional filename that the certificate is stored under in the OS10 trust-store directory. Enter the filename in the filename.crt format. Obtain an X.509v3 host certificate from the CA server as described in Request and install host certificates: a Create a private key and generate a certificate signing request for the switch. b Copy the CSR file to the CA server for signing. c Copy the CA-signed certificate to the home directory on the switch.
Processing certificate ... Installed Root CA certificate CommonName = Certificate Authority CA IssuerName = Certificate Authority CA OS10# show crypto ca-certs -------------------------------------| Locally installed certificates | -------------------------------------cacert.crt OS10# crypto cert generate request cert-file home://clientreq.pem key-file home://clientkey.pem cname "Top of Rack 6" altname "IP:10.0.0.6 DNS:tor6.dell.com" email admin@dell.
Jun 1 05:02:09 %Node.1-Unit.1:PRI:OS10 %log-notice:EQM_PSU_DETECTED: Power Supp ly Unit present:PSU 1#003 Jun 1 05:02:09 %Node.1-Unit.1:PRI:OS10 %log-notice:EQM_PSU_DETECTED: Power Supp ly Unit present:PSU 2#003 Jun 1 05:02:09 %Node.1-Unit.1:PRI:OS10 %log-notice:EQM_FAN_TRAY_DETECTED: Fan t ray present:Fan tray 1#003 Jun 1 05:02:09 %Node.1-Unit.1:PRI:OS10 %log-notice:EQM_FAN_TRAY_DETECTED: Fan t ray present:Fan tray 2#003 Jun 1 05:02:09 %Node.1-Unit.
1 4 NPU temp sensor 40 --------------------------------------------------------- Link-bundle monitoring Monitoring link aggregation group (LAG) bundles allows the traffic distribution amounts in a link to look for unfair distribution at any given time. A threshold of 60% is an acceptable amount of traffic on a member link. Links are monitored in 15-second intervals for three consecutive instances. Any deviation within that time sends syslog and an alarm event generates.
event severity-profile Configures a severity profile to change the severity of events, or turn off event notifications. Syntax event severity-profile {default | profile-name} Parameters profile-name—Name of the custom severity profile, a maximum of 64 characters. The file extension, .xml is optional. Default Default.xml Command Mode EXEC Usage Information Configures a severity profile to change the characteristics of events.
Parameters None Default None Command Mode EXEC Usage Information None Example show alarms acknowledged Sq No Severity Name Timestamp Source ------------------------------------------------------------------- -------------100071 warning EQM_FAN_FAULT_MINOR Tue Jul 23 13:53:47 2019 /psu/1/fan/1 100072 critical EQM_FAN_FAULT_MAJOR Tue Jul 23 13:53:47 2019 /psu/1 Supported Releases 10.2.0E or later show alarms details Displays details about active alarms.
Description: psu 2 is not working correctly Raise-time: Mon Jul 29 06:12:30 2019 Ack-time: Mon Jul 29 06:16:35 2019 New: true Acknowledged: true ------------------------------------------Supported Releases 10.2.0E or later show alarms sequence Displays information corresponding to the active alarm based on the sequence number that you specify. Syntax show alarms sequence sequence-number Parameters • sequence-number — Enter the sequence number corresponding to the active alarm.
Example (Warning) OS10# show alarms severity warning Active-alarm details - 1 ------------------------------------------Sequence Number: 5 Severity: warning Type: 1081364 Source: Node.1-Unit.
Total-count: 2 Critical-count: 0 Major-count: 1 Minor-count: 1 Warning-count: 0 ------------------------------------------Supported Releases 10.2.0E or later show event history Displays the history of all events with the latest at the top of the output. Syntax show event history [summary] [reverse] [severity severity-name] [details] [sequence sequence-number] Parameters • summary—Displays a summary of the event history.
Sequence Number: 2 Severity: informational Name: IFM_ASTATE_UP Description: Dummy Event Timestamp: Fri May 03 18:13:07 2019 Source: State: stateless ------------------------------------------Example (details) OS10# show event history details Event History Details - 2 ------------------------------------------Sequence Number: 2 Severity: informational Name: IFM_ASTATE_UP Description: Dummy Event Timestamp: Fri May 03 18:13:07 2019 Source: State: stateless ------------------------------------------Event Hist
Currently Active : default Active after restart : mySevProf.xml Supported Releases 10.5.0.0 or later Logging commands clear logging Clears messages in the logging buffer. Syntax clear logging log-file Parameters None Default Not configured Command Mode • EXEC Usage Information None Example OS10# clear logging log-file Proceed to clear the log file [confirm yes/no(default)]: Supported Releases 10.2.
Example OS10(config)# logging console disable Example (Enable) OS10(config)# logging console enable Example (Severity) OS10(config)# logging console severity log-warning Supported Releases 10.2.0E or later logging enable Enables system logging. Syntax logging enable Parameters None Default Enabled Command Mode • CONFIGURATION Usage Information The no version of this command disables all logging. Example OS10(config)# logging enable Supported Releases 10.2.
Example OS10(config)# logging log-file disable Example (Enable) OS10(config)# logging log-file enable Example (Severity) OS10(config)# logging log-file severity log-notice Supported Releases 10.2.0E or later logging monitor Set the minimum severity level for logging to the terminal lines. Syntax logging monitor severity severity-level Parameters severity-level — Set the minimum logging severity level: Default • log-emerg — Set the system as unusable.
Usage information Use the logging security-profile command to specify the configured crypto security profile to use to send system messages to a remote server over TLS. TLS requires an X.509v3 certificate-key pair to be installed on the switch. Example OS10(config)# logging security-profile prof1 Supported releases 10.5.0.0 or later logging server Configures a remote syslog server.
show logging Displays system logging messages by log file, process-names, or summary. Syntax show logging {log-file [process-name | line-numbers] | process-names} Parameters Default • process-name — (Optional) Enter the process-name to use as a filter in syslog messages. • line-numbers — (Optional) Enter the number of lines to include in the logging messages, from 1 to 65535. None Command Mode • EXEC Usage Information The output from this command is the /var/log/eventlog file.
Usage Information The output from this command is the /var/log/syslog file. Example OS10# show trace May 23 17:10:03 OS10 base_nas: [NETLINK:NHEVENT]:ds_api_linux_neigh.c:nl_to_nei gh_info:109, Operation:Add-NH family:IPv4(2) flags:0x0 state:Failed(32) if-idx: 4 May 23 17:10:03 OS10 base_nas: [NETLINK:NHEVENT]:ds_api_linux_neigh.c:nl_to_nei gh_info:120, NextHop IP:192.168.10.
Linux OS10 3.16.7-ckt20 #1 SMP Debian 3.16.7-ckt20-1+deb8u4 (2017-05-01) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
Where can I find additional installation information for my specific device? See the Setup Guide shipped with your device or the platform-specific Installation Guide on the Dell EMC Support page at dell.com/ support.
Layer 2 How do I view the VLAN running configuration? Use the show vlan command to view all configured VLANs. Layer 3 How do I view IPv6 interface information? Use the show ipv6 route summary command. How do I view summary information for all IP routes? Use the show running-configuration command. How do I view summary information for the OSPF database? Use the show ip ospf database command. How do I view configuration of OSPF neighbors connected to the local router? Use the show ip ospf neighbor command.
How do I setup filters to automatically assign sequencer numbers for specific addresses? Use the seq deny or seq permit commands for specific packet filtering. How do I view access-list and access-group information? Use the show {ip | mac | ipv6} access-group and show {ip | mac | ipv6} access-list commands.
Use the show logging command to view messages by log file or process name.
26 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.
