Page 1 Dell Configuration Guide for the Z9000 System 9.7(0.0)
Page 2 Copyright © 2015 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell ™ and the Dell logo are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Page 3: Table Of Contents
Configure the Overload Bit for a Startup Scenario ................................46 Viewing Files ..............................47 Managing the File System .................. 48 Enabling Software Features on Devices Using a Command Option ..............................49 View Command History ............................49 Upgrading Dell Networking OS ............................49 Using HTTP for File Transfers...
Page 4 ........................49 Using Hashes to Validate Software Images 4 Management........................51 .............................. 51 Configuring Privilege Levels ..........................51 Creating a Custom Privilege Level ........................51 Removing a Command from EXEC Mode .................51 Moving a Command from EXEC Privilege Mode to EXEC Mode ....................51 Allowing Access to CONFIGURATION Mode Commands ........................52 Allowing Access to the Following Modes...
Page 5 Configuring an Authentication-Fail VLAN 6 Access Control Lists (ACLs)..................85 ............................85 IP Access Control Lists (ACLs) ................................86 CAM Usage ........................86 Implementing ACLs on Dell Networking OS ...............................88 IP Fragment Handling ............................88 IP Fragments ACL Examples ............................88 Layer 4 ACL Rules Examples ............................89...
Page 6 ........................108 Configure a Route Map for Route Tagging ................................108 Continue Clause ..............................109 Logging of ACL Processes .......................... 110 Guidelines for Configuring ACL Logging ..............................110 Configuring ACL Logging ........................111 Flow-Based Monitoring Support for ACLs ..........................111 Behavior of Flow-Based Monitoring ............................. 112 Enabling Flow-Based Monitoring 7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)..114 ................
Page 7 AS Path .................................. 156 Next Hop ................................156 Multiprotocol BGP ........................157 Implement BGP with Dell Networking OS ......................... 157 Additional Path (Add-Path) Support ....................157 Advertise IGP Cost as MED for Redistributed Routes ....................158 Ignore Router-ID for Some Best-Path Calculations .............................158...
Page 8 ......................192 Enabling BGP Neighbor Soft-Reconfiguration ..............................193 Route Map Continue ............................193 Enabling MBGP Configurations ..........................194 BGP Regular Expression Optimization ................................194 Debugging BGP ............................195 Storing Last and Bad PDUs ................................196 Capturing PDUs ................................197 PDU Counters ..............................197 Sample Configurations 10 Content Addressable Memory (CAM)................
Page 9 ................... 229 Configure the System for User Port Stacking (Option 230) ..............................230 Configure Secure DHCP ................................. 230 Option 82 ............................... 230 DHCP Snooping ......................233 Drop DHCP Packets on Snooped VLANs Only ............................234 Dynamic ARP Inspection ........................235 Configuring Dynamic ARP Inspection ..............................
Page 10 ..........................252 Viewing the FRRP Information ..............................253 Troubleshooting FRRP ...............................253 Configuration Checks ..........................253 Sample Configuration and Topology 16 GARP VLAN Registration Protocol (GVRP)............... 255 ............................255 Important Points to Remember ................................255 Configure GVRP .............................256 Related Configuration Tasks ..............................256 Enabling GVRP Globally ..........................257 Enabling GVRP on a Layer 2 Interface...
Page 11 .................. 275 Behavior of Various Applications for Switch-Destined Traffic ......................276 Interworking of EIS With Various Applications ........................276 Designating a Multicast Router Interface 18 Interfaces........................277 ............................277 Basic Interface Configuration ..........................277 Advanced Interface Configuration ................................277 Interface Types ............................ 278 View Basic Interface Information ............................
Page 12 ............................296 Define the Interface Range ........................296 Choosing an Interface-Range Macro ........................... 296 Monitoring and Maintaining Interfaces ............................297 Maintenance Using TDR ..........................298 Splitting QSFP Ports to SFP+ Ports ..................298 Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port ..........................
Page 13 ................................334 IPv6 Headers ..............................334 IPv6 Header Fields ............................336 Extension Header Fields ................................337 Addressing ........................338 Implementing IPv6 with Dell Networking OS ..................................339 ICMPv6 ..............................340 Path MTU Discovery ..............................340 IPv6 Neighbor Discovery ........................ 341 IPv6 Neighbor Discovery of MTU Packets .........................
Page 14 ..............................345 SNMP over IPv6 ............................346 Showing IPv6 Information ............................346 Showing an IPv6 Interface ............................... 347 Showing IPv6 Routes ....................348 Showing the Running-Configuration for an Interface ..............................348 Clearing IPv6 Routes ............................349 Configuring IPv6 RA Guard ......................350 Configuring IPv6 RA Guard on an Interface ............................
Page 15 ............................379 Shared LAG State Tracking ........................379 Configuring Shared LAG State Tracking ....................380 Important Points about Shared LAG State Tracking ..........................381 LACP Basic Configuration Example ............................381 Configure a LAG on ALPHA ................388 Setting Up a Threshold for Utilization of High-Gigabit Port Channels .....................
Page 16 ................................413 Enabling LLDP ............................. 413 Disabling and Undoing LLDP ..........................413 Enabling LLDP on Management Ports ....................414 Disabling and Undoing LLDP on Management Ports ................................414 Advertising TLVs ............................. 415 Viewing the LLDP Configuration ..................... 416 Viewing Information Advertised by Adjacent LLDP Agents ............................
Page 17 Adding and Removing Interfaces ........................454 Creating Multiple Spanning Tree Instances ...........................455 Influencing MSTP Root Selection ....................... 456 Interoperate with Non-Dell Networking OS Bridges ......................... 456 Changing the Region Name or Revision ............................457 Modifying Global Parameters ..........................458 Modifying the Interface Parameters ..............................459...
Page 18 OSPFv3 Authentication Using IPsec ............................521 Troubleshooting OSPFv3 32 Policy-based Routing (PBR)..................523 ..................................523 Overview ..................524 Implementing Policy-based Routing with Dell Networking OS ......................525 Configuration Task List for Policy-based Routing ............................527 PBR Exceptions (Permit) ..............................529 Sample Configuration ....530 Create the Redirect-List GOLDAssign Redirect-List GOLD to Interface 2/11View Redirect-List GOLD 33 PIM Sparse-Mode (PIM-SM)..................534...
Page 19 Configuring the Encapsulated Remote Port Mirroring ................... 555 Changes to Default BehaviorConfiguration steps for ERPM ......................557 ERPM Behavior on a typical Dell Networking OS ................557 Decapsulation of ERPM packets at the Destination IP/ Analyzer 36 Private VLANs (PVLAN)................... 559 ..............................559...
Page 20 ............................563 Creating an Isolated VLAN ..........................564 Private VLAN Configuration Example ........................565 Inspecting the Private VLAN Configuration 37 Per-VLAN Spanning Tree Plus (PVST+)..............568 ................................. 568 Protocol Overview ............................569 Implementation Information ........................569 Configure Per-VLAN Spanning Tree Plus .............................569 Related Configuration Tasks ................................
Page 21 ..................602 Applying DSCP and VLAN Match Criteria on a Service Queue 39 Routing Information Protocol (RIP)................603 ................................. 603 Protocol Overview ..................................603 RIPv1 ..................................603 RIPv2 ............................603 Implementation Information .............................. 604 Configuration Information .............................604 Configuration Task List ............................610 RIP Configuration Example 40 Remote Monitoring (RMON)..................
Page 22 .......................... 666 Enable VLAN-Stacking for a VLAN .................. 667 Configuring the Protocol Type Value for the Outer VLAN Tag ..................667 Configuring Dell Networking OS Options for Trunk Ports ............................668 Debugging VLAN Stacking ....................... 668 VLAN Stacking in Multi-Vendor Networks ........................
Page 23 ............................. 676 Layer 2 Protocol Tunneling ............................678 Implementation Information ......................... 678 Enabling Layer 2 Protocol Tunneling ....................678 Specifying a Destination MAC Address for BPDUs ............................678 Setting Rate-Limit BPDUs ........................679 Debugging Layer 2 Protocol Tunneling ............................679 Provider Backbone Bridging 45 sFlow........................680 ..................................
Page 24 ..................700 Copying the Startup-Config Files to the Server via TFTP .......................700 Copy a Binary File to the Startup-Configuration ....................... 700 Additional MIB Objects to View Copy Statistics ..........................701 Obtaining a Value for MIB Objects ..................702 MIB Support to Display the Available Memory Size on Flash .........................
Page 25 ....................726 Configuring a Source IP Address for NTP Packets ..........................727 Configuring NTP Authentication ..........................729 Dell Networking OS Time and Date ............................729 Configuration Task List ..................730 Setting the Time and Date for the Switch Software Clock ............................... 730 Setting the Timezone ............................730...
Page 26 ................................747 VLT Terminology ............................747 Configure Virtual Link Trunking ..........................747 Important Points to Remember ..............................749 Configuration Notes ..........................751 Primary and Secondary VLT Peers ................................752 RSTP and VLT ............................752 VLT Bandwidth Monitoring ............................752 VLT and IGMP Snooping ..................................
Page 27 ..........................792 Enabling the VLT Proxy Gateway ......................792 LLDP Organizational TLV for Proxy Gateway ....................793 Sample Configurations for LLDP VLT Proxy Gateway ....................793 Sample Configurations for Static VLT Proxy Gateway ......................... 794 Sample Scenario for VLT Proxy Gateway ........................795 Configuring an LLDP VLT Proxy Gateway 55 Virtual Router Redundancy Protocol (VRRP)............
Page 28 ..............................837 Enabling TCP Dumps 57 Standards Compliance....................838 ................................838 IEEE Compliance ..............................839 RFC and I-D Compliance ............................839 General Internet Protocols .............................839 General IPv4 Protocols .............................840 General IPv6 Protocols ..........................841 Border Gateway Protocol (BGP) ..........................841 Open Shortest Path First (OSPF) ....................
Page 29: About This Guide
About this Guide This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. The Z9000 platform is available with Dell Networking OS version 8.3.11.1 and beyond. Though this guide contains information on protocols, it is not intended to be a complete reference. This guide is a reference for configuring protocols on Dell Networking systems.
Page 30: Configuration Fundamentals
In Dell Networking OS, after you enable a command, it is entered into the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration, copy the running configuration to another location.
Page 31 Beneath CONFIGURATION mode are submodes that apply to interfaces, protocols, and features. The following example shows the submode command structure. Two sub-CONFIGURATION modes are important when configuring the chassis for the first time: • INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface. An interface can be physical (Management interface, 1 Gigabit Ethernet, or 10 Gigabit Ethernet, or synchronous optical network technologies [SONET]) or logical (Loopback, Null, port channel, or virtual local area network [VLAN]).
Page 32: Navigating Cli Modes
GRUB Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level.
Page 33 REDIRECT Dell(conf-redirect-list)# ip redirect-list ROUTE-MAP Dell(config-route-map)# route-map ROUTER BGP Dell(conf-router_bgp)# router bgp BGP ADDRESS-FAMILY Dell(conf-router_bgp_af)# (for address-family {ipv4 multicast | ipv6 unicast} IPv4) (ROUTER BGP Mode) Dell(conf-routerZ_bgpv6_af)# (for IPv6) ROUTER ISIS Dell(conf-router_isis)# router isis ISIS ADDRESS-FAMILY Dell(conf-router_isis-...
Page 34: The Do Command
You can enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, and so on.) without having to return to EXEC mode by preceding the EXEC mode command with the do command. The following example shows the output of the do command. Dell(conf)#do show system brief Stack MAC : 00:01:e8:00:66:64 Reload-Type...
Page 35: Undoing Commands
IP address configured on an interface, use the no ip address ip-address command. NOTE: Use the help or ? command as described in Obtaining Help. Example of Viewing Disabled Commands Dell(conf)#interface tengigabitethernet 4/17 Dell(conf-if-te-4/17)#ip address 192.168.10.1/24 Dell(conf-if-te-4/17)#show config interface TenGigabitEthernet 4/17 ip address 192.168.10.1/24...
Page 36: Entering And Editing Commands
Enter ? after a partial keyword lists all of the keywords that begin with the specified letters. Dell(conf)#cl? class-map clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands.
Page 37: Command History
Dell(conf)#do show system brief | grep 0 not present NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks.
Page 38: Multiple Users In Configuration Mode
% Warning: User "<username>" on line vty0 "10.11.130.2" is in configuration mode If either of these messages appears, Dell Networking recommends coordinating with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes.
Page 39: Getting Started
When you power up the chassis, the system performs a power-on self test (POST) during which the line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking Operating System (OS). Boot messages scroll up the terminal window during this process.
Page 40: Accessing The Cli Interface And Running Scripts Using Ssh
• 8 data bits • 1 stop bit • No flow control Pin Assignments You can connect to the console using a RJ-45 to RJ-45 rollover cable and a RJ-45 to DB-9 female DTE adapter to a terminal server (for example, a PC). The pin assignments between the console and a DTE terminal server are as follows: Table 2.
Page 41: Default Configuration
Default Configuration A version of Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured when you power up for the first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
Page 42: Configure The Management Port Ip Address
* 0 is for inputting the password in clear text. * 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Getting Started...
Page 43: Configuring The Enable Password
To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location. • To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination syntax for a local file location. Table 3. Forming a...
Page 44: Mounting An Nfs File System
27952672 bytes successfully copied Example of Importing a File to the Local System core1#$//copy ftp://myusername:mypassword@10.10.10.10//Dell/ Dell-EF-8.2.1.0.bin flash:// Destination file name [Dell-EF-8.2.1.0.bin.bin]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands.
Page 45: Save The Running-Configuration
225 bytes successfully copied Dell# Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running- configuration to the startup-configuration. The commands in this section follow the same format as those commands in the Copy Files to and from the System section but use the filenames startup-configuration and running-configuration.
Page 46: Configure The Overload Bit For A Startup Scenario
For information about setting the router overload bit for a specific period of time after a switch reload is implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell Networking OS Command Line Reference Guide. Viewing Files You can only view file information and content on local file systems.
Page 47: Managing The File System
Dell# Managing the File System The Dell Networking system can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default but can be configured to store files elsewhere.
Page 48: Enabling Software Features On Devices Using A Command Option
NOTE: The MXL and Z9000 platforms currently do not support VRF. These platforms support only the management and default VRFs, which are available by default. As a result, the feature vrf command is not available for these platforms. To display the state of Dell Networking OS features: Getting Started...
Page 49: View Command History
The validation calculates a hash value of the downloaded image file on system’s flash drive, and, optionally, compares it to a Dell Networking published hash for that file.
Page 50 To validate a software image: Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file is displayed next to the software image file on the iSupport page.
Page 51: Management
Management This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1.
Page 52: Allowing Access To The Following Modes
CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level {command ||...|| command} Example of EXEC Privilege Commands Dell(conf)#do show run priv privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence...
Page 53: Applying A Privilege Level To A Username
GigabitEthernet interface IEEE 802.3z tengigabitethernet TenGigabit Ethernet interface vlan VLAN keyword Dell(conf)# interface group vlan 1 - 2 , tengigabitethernet 1/1 Dell(conf-if-group-vl-1-2,te-1/1)# no shutdown Dell(conf-if-group-vl-1-2,te-1/1)# end Applying a Privilege Level to a Username To set the user privilege level, use the following command.
Page 54: Applying A Privilege Level To A Terminal Line
NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: •...
Page 55 May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security...
Page 56: Configuring Logging Format
Example of the clear logging auditlog Command Dell# clear logging auditlog Configuring Logging Format To display syslog messages in a RFC 3164 or RFC 5424 format, use the logging version [0 | 1} command in CONFIGURATION mode.
Page 57: Setting Up A Secure Connection To A Syslog Server
-R 5140:10.156.166.48:5141 admin@10.16.131.141 -nNf Configure logging to a local host. locahost is “127.0.0.1” or “::1”. If you do not, the system displays an error when you attempt to enable role-based only AAA authorization. Dell(conf)# logging localhost tcp port Dell(conf)#logging 127.0.0.1 tcp 5140 Management...
Page 58: Log Messages In The Internal Buffer
Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer. For example, %BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enabled Configuration Task List for System Log Management There are two configuration tasks for system log management: •...
Page 59: Changing System Logging Settings
Specify the size of the logging buffer. CONFIGURATION mode logging buffered size NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. •...
Page 60: Configuring A Unix Logging Facility Level
Console logging: level Debugging Monitor logging: level Debugging Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes) Trap logging: level Informational %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM. %RPM-2-MSG:CP1 %POLLMGR-2-MMC_STATE: External flash disk missing in 'slot0:' %CHMGR-5-CARDDETECTED: Line card 0 present %CHMGR-5-CARDDETECTED: Line card 2 present %CHMGR-5-CARDDETECTED: Line card 4 present...
Page 61: Synchronizing Log Messages
Dell# Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
Page 62: Enabling Timestamp On Syslog Messages
File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces.
Page 63: Configuring Ftp Server Parameters
0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. • Specify the directory for users using FTP to reach the system.
Page 64: Terminal Lines
Dell Networking OS Behavior: Prior to Dell Networking OS version 7.4.2.0, in order to deny access on a VTY line, apply an ACL and accounting, authentication, and authorization (AAA) to the line. Then users are denied access only after they enter a username and password.
Page 65: Setting Time Out Of Exec Privilege Mode
Dell(config-line-vty)# Setting Time Out of EXEC Privilege Mode EXEC time-out is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set time out, use the following commands.
Page 66: Using Telnet To Get To Another Network Device
EXEC Privilege telnet [ip-address] If you do not enter an IP address, Dell Networking OS enters a Telnet dialog that prompts you for one. Enter an IPv4 address in dotted decimal format (A.B.C.D). Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported.
Page 67: Viewing The Configuration Lock Status
EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode. Example of Locking CONFIGURATION Mode for Single-User Access Dell(conf)#configuration mode exclusive auto BATMAN(conf)#exit 3d23h35m: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Dell#config ! Locks configuration mode exclusively.
Page 68: Recovering From A Forgotten Enable Password On The Z9000
The Z9000 boots up with the factory default configuration. The default Dell Networking OS system prompt displays when the system boot up is complete. NOTE: Do not press any keys during the boot-up process. Copy the startup-config into the running-config.
Page 69: Recovering From A Failed Start On The Z9000 System
Recovering from a Failed Start on the Z9000 System A system that does not start correctly might be attempting to boot from a corrupted Dell Networking OS image or from a mis- specified location. In this case, you can restart the system and interrupt the boot process to point the system to another boot location. Use the set command, as described in the following steps.
Page 70: Important Points To Remember
• After the restore is complete, the units power cycle immediately. The following example illustrates the restore factory-defaults command to restore the factory default settings. Dell#restore factory-defaults stack-unit 0 nvram *********************************************************************** Warning - Restoring factory defaults will delete the existing persistent settings (stacking, fanout, etc.)
Page 71 Press c to get into the grub mode. You immediately enter the grub mode, which is indicated by the grub> prompt. Assign the new location of the FTOS image to be used when the system reloads. To boot from flash partition A: grub>...
Page 72: 802.1X
802.1X employs extensible authentication protocol (EAP) to transfer a device’s credentials to an authentication server (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server.
Page 73: The Port-Authentication Process
The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network. It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator.
Page 74: Eap Over Radius
If the identity information provided by the supplicant is valid, the authentication server sends an Access-Accept frame in which network privileges are specified. The authenticator changes the port state to authorized and forwards an EAP Success frame. If the identity information is invalid, the server sends an Access-Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame.
Page 75: Configuring 802.1X
Configuring a Guest VLAN • Configuring an Authentication-Fail VLAN Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. •...
Page 76: Enabling 802.1X
Enabling 802.1X Enable 802.1X globally. Figure 6. 802.1X Enabled Enable 802.1X globally. CONFIGURATION mode dot1x authentication Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication Examples of Verifying that 802.1X is Enabled Globally and on an Interface Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command...
Page 77: Configuring Request Identity Re-Transmissions
In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication [output omitted] interface TenGigabitEthernet 2/1 no ip address dot1x authentication no shutdown Dell# To view 802.1X configuration information for an interface, use the show dot1x interface command.
Page 78: Configuring A Quiet Period After A Failed Authentication
• Configure a maximum number of times the authenticator re-transmits a Request Identity frame. INTERFACE mode dot1x max-eap-req number The range is from 1 to 10. The default is 2. The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame after 90 seconds and re-transmits a maximum of 10 times.
Page 79: Forcibly Authorizing Or Unauthorizing A Port
Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Te-1/1)#dot1x port-control force-authorized Dell(conf-if-Te-1/1)#show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status:...
Page 80: Configuring Timeouts
Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-1/1)#dot1x reauthentication interval 7200 Dell(conf-if-Te-1/1)#dot1x reauth-max 10 Dell(conf-if-Te-1/1)#do show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status:...
Page 81: Configuring Dynamic Vlan Assignment With Port Authentication
Tunnel-Private-Group-ID The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.
Page 82: Guest And Authentication-Fail Vlans
Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data.
Page 83: Configuring A Guest Vlan
Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown Dell(conf-if-Te-2/1)# 802.1X...
Page 84 Example of Viewing Configured Authentication View your configuration using the show config command from INTERFACE mode, as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode. 802.1x information on Te 2/1: ----------------------------- Dot1x Status: Enable...
Page 85: Access Control Lists (Acls)
When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created. The sequence numbers are listed in the display output of the show config and show ip accounting access-list commands.
Page 86: Cam Usage
Implementing ACLs on Dell Networking OS You can assign one IP ACL per interface with Dell Networking OS. If you do not assign an IP ACL to an interface, it is not used by the software in any other capacity.
Page 87 In cases such as these, where class-maps with overlapping ACL rules are applied to different queues, use the order keyword to specify the order in which you want to apply ACL rules. The order can range from 0 to 254. Dell Networking OS writes to the CAM ACL rules with lower-order numbers (order numbers closer to 0) before rules with higher-order numbers so that packets are matched as you intended.
Page 88: Ip Fragment Handling
For IP ACL, Dell Networking OS always applies implicit deny. You do not have to configure it. • For IP ACL, Dell Networking OS applies implicit permit for second and subsequent fragment just prior to the implicit deny. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments.
Page 89: Configure A Standard Ip Acl
To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
Page 90: Configuring A Standard Ip Acl Filter
To delete a filter, use the no seq sequence-number command in IP ACCESS LIST mode. If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured.
Page 91: Configure An Extended Ip Acl
To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. The following examples shows how to view a standard ACL filter sequence for an interface. Dell#show ip accounting access example interface gig 4/12 Extended IP access list example...
Page 92: Configuring Filters Without A Sequence Number
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five.
Page 93: Configure Layer 2 And Layer 3 Acls
If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When Dell Networking OS switches the packets, first the L3 ACL filters them, then the L2 ACL filters them.
Page 94: Applying An Ip Acl
To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show running-config command in EXEC mode. Example of Viewing ACLs Applied to an Interface Dell(conf-if)#show conf interface TenGigabitEthernet 1/1 ip address 10.2.1.100 255.255.255.0...
Page 95: Configure Ingress Acls
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te1/1)#ip access-group abcd in Dell(conf-if-te1/1)#show config tengigabitethernet 1/1 no ip address...
Page 96: Configure Egress Acls
To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface TenGigabitEthernet 1/1 Dell(conf-if-te-1/1)#ip access-group abcd out Dell(conf-if-te-1/1)#show config TenGigabitEthernet 1/1 no ip address...
Page 97: Ip Prefix Lists
(permit or deny) to process routes. The filters are processed in sequence so that if a route prefix does not match the criterion in the first filter, the second filter (if configured) is applied. When the route prefix matches a filter, Dell Networking OS drops or forwards the packet based on the filter’s designated action.
Page 98: Configuration Task List For Prefix Lists
Configuring a prefix list • Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following commands.
Page 99 If you are creating a standard prefix list with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The Dell Networking OS assigns filters in multiples of five.
Page 100 10 permit 0.0.0.0/0 le 32 (hit count: 0) The following example shows the show ip prefix-list summary command. Dell> Dell>show ip prefix summary Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10...
Page 101: Acl Resequencing
Example of Viewing Configured Prefix Lists (ROUTER OSPF mode) To view the configuration, use the show config command in ROUTER OSPF mode, or the show running-config ospf command in EXEC mode. Dell(conf-router_ospf)#show config router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1...
Page 102: Resequencing An Acl Or Prefix List
10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1...
Page 103: Route Maps
Implementation Information The Dell Networking OS implementation of route maps allows route maps with the no match or no set commands. When there is no match command, all traffic matches the route map and the set command applies.
Page 104 You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. Dell Networking OS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, such as redistribute, traffic passes through all instances of that route map until a match is found.
Page 105: Configuring Match Routes
In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement. If there is a match anywhere, the route is permitted.
Page 106 CONFIG-ROUTE-MAP mode match community community-list-name [exact] • Match routes whose next hop is a specific interface. CONFIG-ROUTE-MAP mode match interface interface The parameters are: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. –...
Page 107: Configuring Set Conditions
To create route map instances, use these commands. There is no limit to the number of match commands per route map, but the convention is to keep the number of match filters in a route map low. Set commands do not require a corresponding match command.
Page 108: Configure A Route Map For Route Redistribution
Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins.
Page 109: Logging Of Acl Processes
ACL rule, a set of specific ACL rules translate to a set of FP entries. You can enable logging separately for each of these FP entries, which relate to each of the ACL entries configured in an ACL. Dell Networking OS saves a table that maps each ACL entry that matches the ACL name on the received packet, sequence number of the rule, and the interface index in the database.
Page 110: Guidelines For Configuring Acl Logging
specific interval because the threshold has exceeded, the count of packets that exceeded the logging threshold value during that interval is recorded when the subsequent log record (in the next interval) is generated for that ACL entry. Guidelines for Configuring ACL Logging This functionality is supported on the Z9000 platform.
Page 111: Flow-Based Monitoring Support For Acls
ACLs, IPv6 ACLs, and standard and extended MAC ACLs. Configure ACL logging only on ACLs that are applied to ingress interfaces; you cannot enable logging for ACLs that are associated with egress interfaces. CONFIG-STD-NACL mode seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [log [interval minutes]] Flow-Based Monitoring Support for ACLs Flow-based monitoring is supported on the Z9000 platform.
Page 112: Enabling Flow-Based Monitoring
Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define access-list rules that include the keyword monitor. Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor. CONFIGURATION mode ip access-list...
Page 113 Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#flow-based enable Dell(conf)#ip access-list ext testflow Dell(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor Dell(config-ext-nacl)#seq 10 permit ip 102.1.1.0/24 any count bytes monitor Dell(config-ext-nacl)#seq 15 deny udp any any count bytes Dell(config-ext-nacl)#seq 20 deny tcp any any count bytes...
Page 114: Access Control List (Acl) Vlan Groups And Content Addressable Memory (Cam)
CAM space when Layer 3 ACLs are applied to a set of VLANs and when Layer 2 or Layer 3 ACLs are applied on a set of ports. In releases of Dell Networking OS that do not support the CAM optimization functionality, when an ACL is applied on a VLAN, the ACL rules are configured with the rule-specific parameters and the VLAN as additional attributes in the ACL region.
Page 115: Guidelines For Configuring Acl Vlan Groups
• The egress ACL is applied or removed from the group and the group contains VLAN members. VLAN members are added or deleted from a VLAN, which itself is a group member. • A line card returns to the active state after going down, and this line card contains a VLAN that is a member of an ACL group. •...
Page 116: Configuring Acl Vlan Groups And Configuring Fp Blocks For Vlan Parameters
{VLAN-range} Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name. CONFIGURATION (conf-acl-vl-grp) mode show acl-vlan-group {group name | detail} Dell#show acl-vlan-group detail Group Name : TestGroupSeventeenTwenty Egress IP Acl : SpecialAccessOnlyExpertsAllowed...
Page 117: Configuring Fp Blocks For Vlan Parameters
Allocate the number of FP blocks for ACL VLAN optimization feature. CONFIGURATION mode cam-acl-vlan vlanaclopt <0-2> View the number of flow processor (FP) blocks that is allocated for the different VLAN services. EXEC Privilege mode Dell#show cam-usage switch Linecard|Portpipe| CAM Partition | Total CAM Used CAM |Available CAM...
Page 118: Allocating Fp Blocks For Vlan Processes
262127 | IN-L3-SysFlow 2878 2834 --More-- The following sample output displays the CAM space utilization when Layer 2 and Layer 3 ACLs are configured: Dell#show cam-usage acl Linecard|Portpipe| CAM Partition | Total CAM Used CAM |Available CAM ========|========|=================|=============|=============|============ | IN-L2 ACL...
Page 119 are present, of which two are for fixed groups and the other two are for dynamic groups. Out of the total of two dynamic groups, you can allocate zero, one, or two FP blocks to iSCSI Counters, OpenFlow and ACL Optimization. You can configure only two of these features at a time.
Page 120: Bidirectional Forwarding Detection (Bfd)
BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, BFD agents maintain sessions that reside on the line card, which frees resources on the route processor module (RPM).
Page 121: Bfd Packet Format
The poll and final bits are used during the handshake and in Demand mode (refer to Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear.
Page 122: Bfd Sessions
NOTE: Dell Networking OS does not currently support the echo function. Authentication Type, An optional method for authenticating control packets. Authentication NOTE: Dell Networking OS does not currently support the BFD authentication function. Length, Authentication Data Two important parameters are calculated using the values contained in the control packet.
Page 123: Bfd Three-Way Handshake
Administratively The local system does not participate in a particular session. Down Down The remote system is not sending control packets or at least not within the detection time for a particular session. Init The local system is communicating. Both systems are exchanging control packets. The session is declared down if: •...
Page 124 Figure 9. BFD Three-Way Handshake State Changes Bidirectional Forwarding Detection (BFD)
Page 125: Session State Changes
BFD is not supported on multi-hop and virtual links. • Protocol Liveness is supported for routing protocols only. • Dell Networking OS supports only OSPF, OSPFv3, IS-IS, BGP, and VRRP protocols as BFD clients. Configure BFD This section contains the following procedures. •...
Page 126: Configure Bfd For Physical Ports
• Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol. Without BFD, if the remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet.
Page 127 Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 11. Establishing a BFD Session on Physical Ports Enter interface mode.
Page 128 2.2.2.2 on interface Te 4/24 (diag: 0) Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role (active). Dell Networking recommends maintaining the default values. To view session parameters, use the show bfd neighbors detail command.
Page 129: Configure Bfd For Static Routes
• Disable BFD on an interface. INTERFACE mode no bfd enable • Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor 2.2.2.2 on interface Te 4/24 (diag: 0) If the remote system state changes due to the local state administration being down, this message displays: R2>01:32:53: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for...
Page 130: Configure Bfd For Ospf
ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command. R1(conf)#ip route 2.2.3.0/24 2.2.2.2 R1(conf)#ip route bfd R1(conf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI...
Page 131 Related Configuration Tasks • Changing OSPF Session Parameters • Disabling BFD for OSPF Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface.
Page 132: Configure Bfd For Ospfv3
Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS - OSPF...
Page 133 Configuring BFD for OSPFv3 is a two-step process: Enable BFD globally. Establish sessions with OSPFv3 neighbors. Related Configuration Tasks • Changing OSPFv3 Session Parameters • Disabling BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all OSPFv3 neighbors at once or with all neighbors out of a specific interface. Sessions are only established when the OSPFv3 adjacency is in the Full state.
Page 134: Configure Bfd For Is-Is
no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for IS-IS When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager on the RPM. BFD sessions are then established with all neighboring interfaces participating in IS-IS.
Page 135 • Establish sessions with all IS-IS neighbors. ROUTER-ISIS mode bfd all-neighbors • Establish sessions with IS-IS neighbors on a single interface. INTERFACE mode isis bfd all-neighbors Example of Verifying Sessions with IS-IS Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows that IS-IS BFD sessions are enabled.
Page 136: Configure Bfd For Bgp
no bfd all-neighbors • Disable BFD sessions with IS-IS neighbors on a single interface. INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence.
Page 137 • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command). • By establishing a BFD session with a specified BGP neighbor (the neighbor {ip-address | peer-group-name} bfd command) BFD packets originating from a router are assigned to the highest priority egress queue to minimize transmission delays. Incoming BFD control packets received from the BGP neighbor are assigned to the highest priority queue within the control plane policing (COPP) framework to avoid BFD packets drops due to queue congestion.
Page 138 Disabling BFD for BGP You can disable BFD for BGP. To disable a BFD for BGP session with a specified neighbor, use the first command. To remove the disabled state of a BFD for BGP session with a specified neighbor, use the second command. The BGP link with the neighbor returns to normal operation and uses the BFD session parameters globally configured with the bfd all-neighbors command or configured for the peer group to which the neighbor belongs.
Page 139 • Displays routing information exchanged with BGP neighbors, including BFD for BGP sessions. EXEC Privilege mode show ip bgp neighbors [ip-address] Examples of the BFD show Commands The following example shows verifying a BGP configuration. R2# show running-config bgp router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1...
Page 140 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/2 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3...
Page 141 The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx...
Page 142: Configure Bfd For Vrrp
BGP state ESTABLISHED, in this state for 00:05:33 Neighbor is using BGP neighbor mode BFD configuration Peer active in peer-group outbound optimization R2# show ip bgp neighbors 2.2.2.4 BGP neighbor is 2.2.2.4, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 Neighbor is using BGP peer-group mode BFD configuration...
Page 143 Examples of Viewing VRRP Sessions with Neighbors or State Information To view the established sessions, use the show bfd neighbors command. The bold line shows that VRRP BFD sessions are enabled. Dell(conf-if-te-4/25)#vrrp bfd all-neighbors Dell(conf-if-te-4/25)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI...
Page 144 1000 1000 To view session state information, use the show vrrp command. The bold line shows the VRRP BFD session. Dell(conf-if-te-4/25)#do show vrrp ------------------ TenGigabitEthernet 4/1, VRID: 1, Net: 2.2.5.1 State: Backup, Priority: 1, Master: 2.2.5.2 Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec...
Page 145: Configuring Protocol Liveness
Disabling BFD for VRRP If you disable any or all VRRP sessions, the sessions are torn down. A final Admin Down control packet is sent to all neighbors and sessions on the remote system change to the Down state. To disable all VRRP sessions on an interface, sessions for a particular VRRP group, or for a particular VRRP session on an interface, use the following commands.
Page 146 Version:1, Diag code:0, State:Init, Poll bit:0, Final bit:0, Demand bit:0 myDiscrim:6, yourDiscrim:4, minTx:1000000, minRx:1000000, multiplier:3, minEchoRx:0 00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Up for neighbor 2.2.2.2 on interface Te 4/24 (diag: 0) The following example shows hexadecimal output from the debug bfd packet command. RX packet dump: 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00...
Page 147: Border Gateway Protocol Ipv4 (Bgpv4)
Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS).
Page 148 Figure 17. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easily detected and discarded.
Page 149: Sessions And Peers
Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor.
Page 150: Route Reflectors
State Description Idle BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. Connect In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful.
Page 151: Bgp Attributes
Figure 19. BGP Router Rules Router B receives an advertisement from Router A through eBGP. Because the route is learned through eBGP, Router B advertises it to all its iBGP peers: Routers C and D. Router C receives the advertisement but does not advertise it to any peer because its only other peer is Router D, an iBGP peer, and Router D has already learned it through iBGP from Router B.
Page 152 In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Page 153: Weight
In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Page 154: Multi-Exit Discriminators (Meds)
Figure 21. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria.
Page 155: Origin
BGP. In Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold). The lower case letter (i) indicates an origin code of IGP (shown in bold).
Page 156: Next Hop
NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address...
Page 157: Implement Bgp With Dell Networking Os
For some peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. Dell Networking OS supports configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost.
Page 158: Ignore Router-Id For Some Best-Path Calculations
ASPLAIN representation is supported. ASPLAIN is the method Dell Networking OS has used for all previous Dell Networking OS versions. ASPLAIN remains the default method with Dell Networking OS. With the ASPLAIN notation, a 32-bit binary AS number is translated into a decimal value.
Page 159 Dynamic AS Number Notation Application Dell Networking OS applies the ASN notation type change dynamically to the running-config statements. When you apply or change an asnotation, the type selected is reflected immediately in the running-configuration and the show commands (refer to the following two examples).
Page 160: As Number Migration
Dell(conf-router_bgp)#do show ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress.
Page 161: Bgp4 Management Information Base (Mib)
Router B. BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances Dell Networking OS BGP management information base (MIB) support with many new simple network management protocol (SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell website.
Page 162: Configuration Information
BGP neighbor. By default, BGP is disabled. By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always- compare-med command is not enabled). NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled. To enable a neighbor or peer group, enter the neighbor {ip-address | peer-group-name} no shutdown command.
Page 163: Enabling Bgp
Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer.
Page 164 CONFIG-ROUTER-BGP mode bgp four-octet-as-support NOTE: Use it only if you support 4-Byte AS numbers or if you support AS4 number representation. If you are supporting 4-Byte ASNs, enable this command. Disable 4-Byte support and return to the default 2-Byte format by using the no bgp four-octet-as-support command.
Page 165 Active For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID.
Page 166: Configuring As4 Number Representations
Description ASPLAIN the method Dell Networking OS used for all previous Dell Networking OS versions. It remains the default method with Dell Networking OS. With the ASPLAIN notation, a 32–bit binary AS number is translated into a decimal value. ASDOT+ representation splits the full binary 4-byte AS number into two words of 16 bits separated by a decimal point (.): <high-order 16 bit value>.<low-order 16 bit value>.
Page 167 • Enable ASPLAIN AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asplain NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot •...
Page 168: Configuring Peer Groups
Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy.
Page 169 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes...
Page 170: Configuring Bgp Fast Fall-Over
To verify that you enabled fast fall-over on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fall-over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors Border Gateway Protocol IPv4 (BGPv4)
Page 171 Local host: 200.200.200.200, Local port: 65519 Foreign host: 100.100.100.100, Foreign port: 179 Dell# To verify that fast fall-over is enabled on a peer-group, use the show ip bgp peer-group command (shown in bold). Dell#sh ip bgp peer-group Peer-group test fall-over enabled BGP version 4...
Page 172: Configuring Passive Peering
When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor. To work around this, change the BGP configuration or change the order of the peer group configuration.
Page 173: Allowing An As Number To Appear In Its Own As Path
Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number. The second two lines in bold show the local AS number (6500) maintained during migration. To disable this feature, use the no neighbor local-as command in CONFIGURATION ROUTER BGP mode. R2(conf-router_bgp)#show conf router bgp 65123 bgp router-id 192.168.10.2...
Page 174: Enabling Graceful Restart
Speeds convergence by advertising a special update packet known as an end-of-RIB marker. This marker indicates the peer has been updated with all routes in the local RIB. If you configure your system to do so, Dell Networking OS can perform the following actions during a hot failover: •...
Page 175: Enabling Neighbor Graceful Restart
This option provides support for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 176 If you assign an non-existent or empty AS-PATH ACL, the software allows all routes. Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode. Dell#show ip bgp paths Total 30655 Paths Address...
Page 177: Regular Expressions As Filters
For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in Dell Networking OS. Regular...
Page 178: Redistributing Routes
Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in Dell(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 filter-list 1 in neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#ex...
Page 179: Enabling Additional Paths
One attribute you can manipulate is the COMMUNITY attribute. This attribute is an optional attribute that is defined for a group of destinations. In Dell Networking OS, you can assign a COMMUNITY attribute to BGP routers by using an IP community list. After you create an IP community list, you can apply routing decisions to all routers meeting the criteria in the IP community list.
Page 180: Configuring An Ip Extended Community List
To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
Page 181: Filtering Routes With Community Lists
In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, Dell Networking OS does not send the COMMUNITY attribute. Border Gateway Protocol IPv4 (BGPv4)
Page 182 To view BGP routes matching a certain community number or a pre-defined BGP community, use the show ip bgp community command in EXEC Privilege mode. Dell>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal...
Page 183: Changing Med Attributes
--More-- Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands. •...
Page 184: Changing The Next_Hop Attribute
A more flexible method for manipulating the LOCAL_PREF attribute value is to use a route map. Enter the ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] Change LOCAL_PREF value for routes meeting the criteria of this route map. CONFIG-ROUTE-MAP mode set local-preference value Return to CONFIGURATION mode.
Page 185: Enabling Multipath
NOTE: With Dell Networking OS, you can create inbound and outbound policies. Each of the commands used for filtering has in and out parameters that you must apply. In Dell Networking OS, the order of preference varies depending on whether the attributes are applied for inbound updates or outbound updates.
Page 186: Filtering Bgp Routes Using Route Maps
• ge: minimum prefix length to be matched. • le: maximum prefix length to me matched. For information about configuring prefix lists, refer to Access Control Lists (ACLs). Return to CONFIGURATION mode. CONFIG-PREFIX LIST mode exit Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number Filter routes based on the criteria in the configured prefix list.
Page 187: Filtering Bgp Routes Using As-Path Information
Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. not using multipath and add path simultaneously in a route reflector. NOTE: Dell Networking recommends Border Gateway Protocol IPv4 (BGPv4)
Page 188: Aggregating Routes
EXEC Privilege mode. Aggregating Routes Dell Networking OS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active.
Page 189: Enabling Route Flap Dampening
(a numeric value) for routes that flap. When that penalty value reaches a configured limit, the route is not advertised, even if the route is up. In Dell Networking OS, that penalty value is 1024. As time passes and the route does not flap, the penalty value decrements or is decayed.
Page 190 – regexp regular-expression: enter a regular express to match on. By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival. You can change the path selection method to non-deterministic, that is, paths are compared in the order in which they arrived (starting with the most recent).
Page 191: Changing Bgp Timers
Value to start suppressing a route (default = 2000) Dell(conf-router_bgp)#bgp dampening 2 2000 3000 ? <1-255> Maximum duration to suppress a stable route (default = 60) Dell(conf-router_bgp)#bgp dampening 2 2000 3000 10 ? route-map Route-map to specify criteria for dampening <cr>...
Page 192: Enabling Bgp Neighbor Soft-Reconfiguration
– keepalive: the range is from 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. The default is 60 seconds. – holdtime: the range is from 3 to 65536. Time interval, in seconds, between the last keepalive message and declaring the router dead.
Page 193: Route Map Continue
The routes associated with multicast routing are used by the protocol independent multicast (PIM) to build data distribution trees. Dell Networking OS MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per peer/peer-group. The default is IPv4 Unicast routes.
Page 194: Bgp Regular Expression Optimization
If the peer has not been activated in any AFI/SAFI, the peer remains in Idle state. Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 195: Storing Last And Bad Pdus
Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is the one that causes a notification to be issued.
Page 196: Capturing Pdus
To change the maximum buffer size, use the capture bgp-pdu max-buffer-size command. To view the captured PDUs, use the show capture bgp-pdu neighbor command. Dell#show capture bgp-pdu neighbor 20.20.20.2 Incoming packet capture enabled for BGP neighbor 20.20.20.2 Available buffer size 40958758, 26 packet(s) captured using 680 bytes...
Page 197: Pdu Counters
313511 0 00:12:46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the show ip bgp neighbor command. Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions.
Page 198 Figure 24. Sample Configurations Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.21/24 R1(conf-if-te-1/21)#no shutdown R1(conf-if-te-1/21)#show config interface TengigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown...
Page 199 R1(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R1(conf-router_bgp)#neighbor 192.168.128.3 no shut R1(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 R1(conf-router_bgp)#show config router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192 168 128 3 no shutdown Example of Enabling BGP (Router 2) R2# conf...
Page 200 R3(conf-if-te-3/11)#show config interface TengigabitEthernet 3/11 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int te 3/21 R3(conf-if-te-3/21)#ip address 10.0.2.3/24 R3(conf-if-te-3/21)#no shutdown R3(conf-if-te-3/21)#show config interface TengigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown R3(conf-if-te-3/21)# R3(conf-if-te-3/21)#router bgp 100 R3(conf-router_bgp)#show config router bgp 100 R3(conf-router_bgp)#network 192.168.128.0/24 R3(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R3(conf-router_bgp)#neighbor 192.168.128.1 no shut R3(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 R3(conf-router_bgp)#neighbor 192.168.128.2 remote 99...
Page 201 CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 2;...
Page 202 2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.1 99 140 136 2 0 (0) 00:11:24 1 192.168.128.3 100 138 140 2 0 (0) 00:18:31 1 Example of Enabling Peer Groups (Router 3) R3#conf...
Page 203 Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.3 BGP state ESTABLISHED, in this state for 00:18:51 Last read 00:00:45, last write 00:00:44 Hold time is 180, keepalive interval is 60 seconds Received 138 messages, 0 in queue 7 opens, 2 notifications, 7 updates 122 keepalives, 0 route refresh requests Sent 140 messages, 0 in queue...
Page 204: Content Addressable Memory (Cam)
Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation...
Page 205 Use the cam-acl-egress command to allocate the space for egress L2, IPV4 and IPV6 ACL. The total number of available FP blocks is 4. Allocate atleast one group of L2ACL and IPV4 ACL. Dell(conf)#do show cam-acl-egress -- Chassis Egress Cam ACL --...
Page 206: Test Cam Usage
Status column in the command output indicates whether or not the policy can be enabled. Example of the test cam-usage Command Dell#test cam-usage service-policy input test-cam-usage stack-unit 7 po 0 Stack-Unit | Portpipe | CAM Partition | Available CAM | Estimated CAM per Port | Status...
Page 207: View Cam-Acl Settings
View CAM-ACL Settings Thisshow cam-acl command shows the cam-acl setting that will be loaded after the next reload. Example of Viewing CAM-ACL Settings Dell(conf)#do show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) Next Boot(in block sizes) 1 block = 128 entries...
Page 208: View Cam Usage
View CAM Usage View the amount of CAM space available, used, and remaining in each ACL partition using the show cam-usage command from EXEC Privilege mode. Example of the show cam-usage Command Dell#show cam-usage Stackunit|Portpipe| CAM Partition | Total CAM Used CAM...
Page 209: Cam Optimization
The CAM profile on all cards must match the system profile. In most cases, the system corrects mismatches by copying the correct profile to the card, and rebooting the card. If three resets do not bring up the card, or if the system is running an Dell Networking OS version prior to version 6.3.1.1, the system presents an error message.
Page 210: Control Plane Policing (Copp)
Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Page 211: Configure Control Plane Policing
Figure 26. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The system can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied. This happens because queue- based rate limiting is applied first.
Page 212: Configuring Copp For Protocols
ACL and QoS rules creates with the cpu-qos keyword. CONTROL-PLANE mode service-policy rate-limit-protocols Examples of Configuring CoPP for Different Protocols The following example shows creating the IP/IPv6/MAC extended ACL. Dell(conf)#ip access-list extended ospf cpu-qos Dell(conf-ip-acl-cpuqos)#permit ospf Dell(conf-ip-acl-cpuqos)#exit Dell(conf)#ip access-list extended bgp cpu-qos Dell(conf-ip-acl-cpuqos)#permit bgp...
Page 213: Configuring Copp For Cpu Queues
Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit The following example shows creating the QoS input policy. Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos...
Page 214: Copp For Ospfv3 Packets
Examples of Configuring CoPP for CPU Queues The following example shows creating the QoS policy. Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit The following example shows assigning the QoS policy to the queues.
Page 215 Other 4 CMIC queues will carry the L2/L3 well-known protocol streams. However there are about 20 well known protocol streams that have to share these 4 CMIC queues. Before 9.4.(0.0)Dell Networking OS used only 8 queues most of the queues are shared to multiple protocols.
Page 216 – IPv6 Multicast – 33:33:0:0:0:0 – Q1 • Add/remove specific ICMPv6 NDP protocol entry when user configures the first ipv6 address in the front panel port – Distribute ICMPv6 NS/RS packets to Q5. – Distribute ICMPv6 NA/RA packets to Q6. FP is installed for all Front panel ports.
Page 217: Configuring Copp For Ospfv3
Catch-All Entry for IPv6 Packets Dell Networking OS currently supports configuration of IPv6 subnets greater than /64 mask length, but the agent writes it to the default LPM table where the key length is 64 bits. The device supports table to store up to 256 subnets of maximum of /128 mask lengths.
Page 218: Show Commands
Dell(conf-in-qos-policy-cpuqos)#rate-police 1500 16 peak 1500 16 Create a QoS class map to differentiate the control-plane traffic and assign to the ACL. CONFIGURATION mode Dell(conf)#class-map match-any ospfv3 cpu-qos Dell(conf-class-map-cpuqos)#match ipv6 access-group ospfv3 Create a QoS input policy map to match to the class-map and qos-policy for each desired protocol.
Page 219 VRRP Dell# To view the queue mapping for the MAC protocols, use the show mac protocol-queue-mapping command. Example of Viewing Queue Mapping for MAC Protocols Dell#show mac protocol-queue-mapping Protocol Destination Mac EtherType Queue EgPort Rate (kbps) -------- ---------------- ----------- ----- ------ -----------...
Page 220: Dynamic Host Configuration Protocol (Dhcp)
Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end- stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the network and it reclaims IP addresses that are no longer in use to prevent address exhaustion.
Page 221 Option Number and Description Domain Name Option 6 Server Specifies the domain name servers (DNSs) that are available to the client. Domain Name Option 15 Specifies the domain name that clients should use when resolving hostnames via DNS. IP Address Lease Option 51 Time Specifies the amount of time that the client is allowed to use an assigned IP address.
Page 222: Assign An Ip Address Using Dhcp
• IP source address validation is a sub-feature of DHCP Snooping; the Dell Networking OS uses access control lists (ACLs) internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP source address validation. If...
Page 223: Configure The System To Be A Dhcp Server
IP source address validation on a member port of a virtual local area network (VLAN) and then attempt to apply an access list to the VLAN, Dell Networking OS displays the first line in the following message. If you first apply an ACL to a VLAN and then attempt enable IP source address validation on one of its member ports, Dell Networking OS displays the second line in the following message.
Page 224: Ip Dhcp Server
After an IP address is leased to a client, only that client may release the address. Dell Networking OS performs a IP + MAC source address validation to ensure that no client can release another clients address. This validation is a default behavior and is separate from IP+MAC source address validation.
Page 225: Specifying A Default Gateway
NOTE: Dell Networking OS does not prevent you from using a network IP as a host IP; be sure to not use a network IP as a host IP.
Page 226: Debugging The Dhcp Server
You can configure an interface on the Dell Networking system to relay the DHCP messages to a specific DHCP server using the ip helper-address dhcp-address command from INTERFACE mode, as shown in the following illustration. Specify multiple DHCP servers by using the ip helper-address dhcp-address command multiple times.
Page 227 Figure 29. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int tengigabitethernet 1/3 TenGigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24 Broadcast address is 10.11.0.255 Address determined by user input...
Page 228: Configure The System To Be A Dhcp Client
The switch can obtain a dynamically assigned IP address from a DHCP server. A start-up configuration is not received. Use bare metal provisioning (BMP) to receive configuration parameters (Dell Networking OS version and a configuration file). BMP is enabled as a factory-default setting on a switch.
Page 229: Dhcp Client Operation With Other Features
DHCP Client Operation with Other Features The DHCP client operates with other Dell Networking OS features, as the following describes. Stacking The DHCP client daemon runs only on the master unit and handles all DHCP packet transactions. It periodically synchronizes the lease file with the standby unit.
Page 230: Configure Secure Dhcp
The received stacking configuration is always applied on the master stack unit. option #230 "unit-number:3#priority:2#stack-group:14" Configure Secure DHCP DHCP as defined by RFC 2131 provides no authentication or security mechanisms. Secure DHCP is a suite of features that protects networks that use dynamic address allocation from spoofing and attacks. •...
Page 231: Ip Dhcp Snooping
Binding table entries are deleted when a lease expires, or the relay agent encounters a DHCPRELEASE, DHCPNACK, or DHCPDECLINE. Dell Networking OS Behavior: Introduced in Dell Networking OS version 7.8.1.0, DHCP snooping was available for Layer 3 only and dependent on DHCP relay agent (ip helper-address). Dell Networking OS version 8.2.1.0 extends DHCP snooping to Layer 2 and you do not have to enable relay agent to snoop on Layer 2 interfaces.
Page 232 Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command.
Page 233: Drop Dhcp Packets On Snooped Vlans Only
Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic IPv6 Address...
Page 234: Dynamic Arp Inspection
To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Dell#show ip dhcp snooping binding Codes : S - Static D - Dynamic...
Page 235: Configuring Dynamic Arp Inspection
Validate ARP frames against the DHCP snooping binding table. INTERFACE VLAN mode arp inspection Examples of Viewing the ARP Database and Packets To view entries in the ARP database, use the show arp inspection database command. Dell#show arp inspection database Protocol Address Age(min) Hardware Address Interface VLAN...
Page 236: Source Address Validation
Specify an interface as trusted so that ARPs are not validated against the binding table. INTERFACE mode arp inspection-trust Dell Networking OS Behavior: Introduced in Dell Networking OS version 8.2.1.0, DAI was available for Layer 3 only. However, Dell Networking OS version 8.2.1.1 extends DAI to Layer 2. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV).
Page 237: Dhcp Mac Source Address Validation
INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface. To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-address- validation [interface] command in EXEC Privilege mode.
Page 238: Clearing The Number Of Sav Dropped Packets
20 count (0 packets) The following output of the show ip dhcp snooping source-address-validation discard-counters interface interface command displays the number of SAV dropped packets on a particular interface. Dell>show ip dhcp snooping source-address-validation discard-counters interface TenGigabitEthernet 1/1 deny access-list on TenGigabitEthernet 1/1...
Page 239: Equal Cost Multi-Path (Ecmp)
0 lag checksum 0 nh-ecmp checksum 0 Dell Networking OS Behavior: In the Dell Networking OS versions prior to 8.2.1.2, the ExaScale default hash-algorithm is 0. Beginning with Dell Networking OS version 8.2.1.2, the default hash-algorithm is 24.
Page 240: Link Bundle Monitoring
Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same. When configured, the same seed is set for ECMP, LAG, and NH, and is used for incoming traffic only.
Page 241: Creating An Ecmp Group Bundle
Enable ECMP group path management. CONFIGURATION mode. ip ecmp-group path-fallback Example of the ip ecmp-group maximum-paths Command Dell(conf)#ip ecmp-group maximum-paths 3 User configuration has been changed. Save the configuration and reload to take effect Dell(conf)# Creating an ECMP Group Bundle Within each ECMP group, you can specify an interface.
Page 242 You can configure ecmp-group with id 2 for link bundle monitoring. This ecmp-group is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Dell(conf-ecmp-group-5)#show config ecmp-group 5...
Page 243: Enabling Fips Cryptography
Enabling FIPS Cryptography This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce. FIPS mode is also validated for numerous platforms to meet the FIPS-140-2 standard for a software-based cryptographic module.
Page 244: Generating Host-Keys
(deleting all the per-session encryption key information), actually enables/tests FIPS mode, generates new host- keys, and re-enables the SSH server (assuming it was enabled before enabling FIPS). For more information, refer to the SSH Server and SCP Commands section in the Security chapter of the Dell Networking OS Command Line Reference Guide.
Page 245: Disabling Fips Mode
: S4810 - 52-port GE/TE/FG (SE) Master priority : 0 Hardware Rev : 3.0 Num Ports : 64 Up Time : 7 hr, 3 min Dell Networking OS Version : 4810-8-3-7-1061 Jumbo Capable : yes POE Capable : no FIPS Mode : enabled...
Page 246: Force10 Resilient Ring Protocol (Frrp)
Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) may require 4 to 5 seconds to reconverge.
Page 247: Multiple Frrp Rings
Ring Checking At specified intervals, the Master node sends a ring health frame (RHF) through the ring. If the ring is complete, the frame is received on its secondary port and the Master node resets its fail-period timer and continues normal operation. If the Master node does not receive the RHF before the fail-period timer expires (a configurable timer), the Master node moves from the Normal state to the Ring-Fault state and unblocks its Secondary port.
Page 248: Important Frrp Concepts
• One Master node per ring — all other nodes are Transit. • Each node has two member interfaces — primary and secondary. • There is no limit to the number of nodes on a ring. • Master node ring port states — blocking, pre-forwarding, forwarding, and disabled. •...
Page 249: Implementing Frrp
FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP.
Page 250: Configuring The Control Vlan
Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to Layer Be sure to follow these guidelines: •...
Page 251: Configuring And Adding The Member Vlans
VLAN-ID, Range: VLAN IDs for the ring’s member VLANS. Enable FRRP. CONFIG-FRRP mode. no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands.
Page 252: Setting The Frrp Timers
VLAN-ID, Range: VLAN IDs for the ring’s Member VLANs. Enable this FRRP group on this switch. CONFIG-FRRP mode. no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. •...
Page 253: Troubleshooting Frrp
Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be Members of the same control VLAN. •...
Page 254 no ip address tagged TenGigabitEthernet 2/14,31 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 2/14,31 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 2/14 secondary TenGigabitEthernet 2/31 control-vlan member-vlan 201 mode transit no disable Example of R3 TRANSIT interface TenGigabitEthernet 3/14 no ip address switchport...
Page 255: Garp Vlan Registration Protocol (Gvrp)
Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, that type of port is referred to as a VLAN trunk port, but it is not necessary to specifically identify to the Dell Networking OS that the port is a trunk port.
Page 256: Related Configuration Tasks
Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config GARP VLAN Registration Protocol (GVRP)
Page 257: Enabling Gvrp On A Layer 2 Interface
GVRP Leave message. Additionally, the interface is not dynamically added to VLAN 45 or VLAN 46, even if a GVRP Join message is received. Example of the gvrp registration Command Dell(conf-if-te-1/21)#gvrp registration fixed 34,35 Dell(conf-if-te-1/21)#gvrp registration forbidden 45,46 Dell(conf-if-te-1/21)#show conf...
Page 258: Configure A Garp Timer
GARP devices can re-register all relevant attribute information. The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The Dell Networking OS default is 10000ms.
Page 259: Internet Group Management Protocol (Igmp)
Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports 95 interfaces on S4810 and S4820 and an unlimited number of groups on all other platforms.
Page 260: Igmp Version 3
Figure 31. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group.
Page 261 • To enable filtering, routers must keep track of more state information, that is, the list of sources that must be filtered. An additional query type, the Group-and-Source-Specific Query, keeps track of state changes, while the Group-Specific and General queries still refresh the existing state. •...
Page 262 The host’s third message indicates that it is only interested in traffic from sources 10.11.1.1 and 10.11.1.2. Because this request again prevents all other sources from reaching the subnet, the router sends another group-and-source query so that it can satisfy all other hosts. There are no other interested hosts so the request is recorded. Figure 34.
Page 263: Configure Igmp
Figure 35. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. Enable multicast routing using the ip multicast-routing command. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP Version •...
Page 264: Viewing Igmp Enabled Interfaces
Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3.
Page 265: Show Ip Igmp Groups
View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell# show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface...
Page 266: Adjusting The Igmp Querier Timeout Value
Adjusting the IGMP Querier Timeout Value If there is more than one multicast router on a subnet, only one is elected to be the querier, which is the router that sends queries to the subnet. Routers send queries to the all multicast systems address, 224.0.0.1. Initially, all routers send queries. When a router receives a query, it compares the IP address of the interface on which it was received with the source IP address given in the query.
Page 267: Igmp Snooping
If IGMP snooping is enabled on a PIM-enabled VLAN interface, data packets using the router as an Layer 2 hop may be dropped. To avoid this scenario, Dell Networking recommends that users enable IGMP snooping on server-facing end-point VLANs only.
Page 268: Disabling Multicast Flooding
INTERFACE VLAN mode ip igmp fast-leave • View the configuration. INTERFACE VLAN mode show config Example of Configuration Output After Removing a Group-Port Association Dell(conf-if-vl-100)#show config interface Vlan 100 no ip address ip igmp snooping fast-leave shutdown Dell(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN.
Page 269: Fast Convergence After Mstp Topology Changes
The following describes the fast convergence feature. When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
Page 270: Protocol Separation
One typical example is an SSH session to an unknown destination or an SSH connection that is destined to the management port IP address. The management default route can coexist with front-end default routes. If SSH is specified as a management application, SSH links to and from an unknown destination uses the management default route.
Page 271: Enabling And Disabling Management Egress Interface Selection
Enabling and Disabling Management Egress Interface Selection You can enable or disable egress-interface-selection using the management egress-interface-selection command. NOTE: Egress Interface Selection (EIS) works only with IPv4 routing. When the feature is enabled using the management egress-interface-selection command, the following events are performed: •...
Page 272: Handling Of Switch-Initiated Traffic
• In the netstat output, the prefix “mgmt” is added to routes in the EIS table so that the user can distinguish between routes in the EIS Routing table and default routing table. • If the management port IP address is removed, the corresponding connected route is removed from both the EIS routing table and default routing table.
Page 273: Handling Of Transit Traffic (Traffic Separation)
The fallback route between the management and data networks is used in such a case. At any given time, end users can access Dell Networking OS applications using either ip1 or ip2. Return traffic for such end-user-originated sessions destined to management port ip1 is handled using the EIS route lookup.
Page 274: Behavior Of Various Applications For Switch-Initiated Traffic
Traffic type / Switch initiated traffic Switch-destined traffic Transit Traffic Application type destination uses the front-end selected based on route lookup in EIS table. If port to management default route only. No change in the management port is down or the route port is blocked the existing behavior.
Page 275: Behavior Of Various Applications For Switch-Destined Traffic
Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled EIS Behavior Default Behavior EIS Behavior Default Behavior EIS Behavior Default Behavior radius EIS Behavior Default Behavior Sflow-collector Default Behavior Snmp (SNMP Mib response and SNMP EIS Behavior Default Behavior Traps) EIS Behavior Default Behavior...
Page 276: Interworking Of Eis With Various Applications
To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address. All IGMP control packets and IP multicast data traffic originating from receivers is forwarded to multicast router interfaces.
Page 277: Interfaces
Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). • 10 Gigabit Ethernet / 40 Gigabit Ethernet interfaces are supported on the Z9000 platform. Basic Interface Configuration •...
Page 278: View Basic Interface Information
NOTE: To end output from the system, such as the output from the show interfaces command, enter CTRL+C and Dell Networking OS returns to the command prompt. NOTE: The CLI output may be incorrectly displayed as 0 (zero) for the Rx/Tx power values. To obtain the correct power information, perform a simple network management protocol (SNMP) query.
Page 279: Enabling A Physical Interface
To view which interfaces are enabled for Layer 3 data transmission, use the show ip interfaces brief command in EXEC Privilege mode. In the following example, TenGigabitEthernet interface 1/6 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally up. Dell#show ip interface brief Interface IP-Address...
Page 280: Physical Interfaces
• Clearing Interface Counters Overview of Layer Modes On all systems running Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode.
Page 281: Configuring Layer 2 (Data Link) Mode
To set Layer 2 data transmissions through an individual interface, use the following command. • Enable Layer 2 data transmissions through an individual interface. INTERFACE mode switchport Example of a Basic Layer 2 Interface Configuration Dell(conf-if)#show config interface Port-channel 1 no ip address switchport no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands.
Page 282: Configuring Layer 3 (Interface) Mode
View Basic Interface Information. To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode. Dell>show ip int vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49.1/24 Broadcast address is 1.1.49.255...
Page 283: Important Points To Remember
You can configure this interface with Dell Networking OS, but the configuration options on this interface are limited. You cannot configure Gateway addresses and IP addresses if it appears in the main routing table of Dell Networking OS. In addition, proxy ARP is not supported on this interface.
Page 284: Configuring Management Interfaces On The S-Series
To display the configuration for a given port, use the show interface command in EXEC Privilege mode, as shown in the following example. To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int TenGigabitEthernet 1/1 TenGigabitEthernet 1/1 is up, line protocol is up...
Page 285: Loopback Interfaces
Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol.
Page 286: Null Interfaces
(LAG) or port channel. A LAG is “a group of links that appear to a MAC client as if they were a single link” according to IEEE 802.3ad. In Dell Networking OS, a LAG is referred to as a port channel interface.
Page 287: 10/100/1000 Mbps Interfaces In Port Channels
1/1-4 while in port channel interface mode, and Dell Networking OS determines if the first interface specified (TenGig 1/1) is up. After it is up, the common speed of the port channel is 1000 Mb/s. Dell Networking OS disables those interfaces configured with speed 10000 Mb/s or whose speed is 10000 Mb/s as a result of auto-negotiation.
Page 288: Creating A Port Channel
The physical interfaces in a port channel can be on any line card in the chassis, but must be the same physical type. NOTE: Port channels can contain a mix of Gigabit Ethernet and 10/100/1000 Ethernet interfaces, but Dell Networking...
Page 289 Dell> When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief command indicates the primary port.
Page 290: Reassigning An Interface To A New Port Channel
An interface can be a member of only one port channel. If the interface is a member of a port channel, remove it from the first port channel and then add it to the second port channel. Each time you add or remove a channel member from a port channel, Dell Networking OS recalculates the hash algorithm for the port channel.
Page 291: Assigning An Ip Address To A Port Channel
EXEC mode Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)# vlan tagged 2-5,100,4010 Dell#show interfaces switchport te 1/1 Codes: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Trunk, H - VSN tagged...
Page 292: Load Balancing Through Port Channels
For LAG hashing on the source IP, destination IP, source transmission control protocol (TCP)/user datagram protocol (UDP) port, and destination TCP/UDP port are used for hash computation by default. For packets without a Layer 3 header, Dell Networking OS automatically uses load-balance mac source-dest-mac.
Page 293 | [ecmp{crc16|crc16cc|crc32LSB|crc32MSB|crc-upper|dest-ip |lsb |xor1| xor2| xor4| xor8| xor16}|lag{crc16|crc16cc|crc32LSB|crc32MSB|xor1|xor2|xor4|xor8|xor16}| seed ] For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change the Hash algorithm seed value to get better hash value Hash seed is used to compute the hash value.
Page 294: Bulk Configuration
Dell(config)# interface range tengigabitethernet 1/1 - 23 Dell(config-if-range-te-1/1-23)# no shutdown Dell(config-if-range-te-1/1-23)# Create a Multiple-Range The following is an example of multiple range. Example of the interface range Command (Multiple Ranges) Dell(conf)#interface range tengigabitethernet 1/5 - 10 , tengigabitethernet 1/1 , vlan 1 Dell(conf-if-range-te-1/1,te-1/5-10,vl-1)# Interfaces...
Page 295: Defining Interface Range Macros
The following is an example showing how duplicate entries are omitted from the interface-range prompt. Example of the Interface-Range Prompt for Duplicate Interfaces Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)#interface range tengigabitethernet 2/1 - 23 , tengigabitethernet 2/1 - 23 ,...
Page 296: Define The Interface Range
• a — Page down • q — Quit Dell#monitor interface Te 3/1 Dell uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.: 2s Interface: Te 3/1, Disabled, Link is Down, Linespeed is 1000 Mbit Interfaces...
Page 297: Maintenance Using Tdr
Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs.
Page 298: Splitting Qsfp Ports To Sfp+ Ports
Similarly, you can enable the fan-out mode to configure the QSFP port on a device to act as an SFP or SFP+ port. As the QSA enables a QSFP or QSFP+ port to be used as an SFP or SFP+ port, Dell Networking OS does not immediately detect the QSA after you insert it into a QSFP port cage.
Page 299: Important Points To Remember
When you remove the QSA module alone from a 40 Gigabit port, without connecting any SFP or SFP+ cables; Dell Networking OS does not generate any event. However, when you remove a QSA module that has SFP or SFP+ optical cables plugged in, Dell Networking OS generates a SFP or SFP+ Removed event.
Page 300 NOTE: In the following show interfaces tengigbitethernet commands, the ports 1,2, and 3 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is inserted into these ports. This is a software limitation for this release.
Page 301 ……………… Dell#show interfaces tengigabitethernet 0/7 transceiver SFP 0 Serial ID Base Fields SFP 0 Id = 0x0d SFP 0 Ext Id = 0x00 SFP 0 Connector = 0x23 SFP 0 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00...
Page 302 NOTE: In the following show inventory media command output, the port numbers 1, 2, 3, 5, 6, and 7 ports are actually inactive. However, Dell Networking OS still shows that optical cables are inserted into these ports. This is a software limitation for this release.
Page 303: Link Dampening
TenGigabitEthernet 1/1 ip address 10.10.19.1/24 dampening 1 2 3 4 no shutdown To view dampening information on all or specific dampened interfaces, use the show interfaces dampening command from EXEC Privilege mode. Dell# show interfaces dampening InterfaceStateFlapsPenaltyHalf-LifeReuseSuppressMax-Sup Te 1/1Up005750250020 Interfaces...
Page 304: Link Bundle Monitoring
The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, Dell Networking OS divides the packet into fragments no bigger than the size set in the ip mtu command.
Page 305: Using Ethernet Pause Frames For Flow Control
Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it.
Page 306: Enabling Pause Frames
The MTU range is from 592 to 12000, with a default of 1500. IP MTU automatically configures. The following table lists the various Layer 2 overheads found in Dell Networking OS and the number of bytes. Table 16. Layer 2 Overhead...
Page 307: Port-Pipes
Port-Pipes A port pipe is a Dell Networking-specific term for the hardware path that packets follow through a system. Port pipes travel through a collection of circuits (ASICs) built into line cards and RPMs on which various processing events for the packets occur.
Page 308 NOTE: The show interfaces status command displays link status, but not administrative status. For both link and administrative status, use the show ip interface [interface | brief | linecard slot-number] [configuration] command. Dell#show interfaces status Port Description Status Speed Duplex Vlan...
Page 309: Set Auto-Negotiation Options
Force port to slave mode Dell(conf-if-gi-1/1)# For details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command. The interface sends keepalive messages to itself to test network connectivity on the interface.
Page 310: View Advanced Interface Information
Dell#show ip interface stack-unit 1 configured Dell#show ip interface tengigabitEthernet 1 configured Dell#show ip interface br configured Dell#show ip interface br stack-unit 1 configured Dell#show ip interface br tengigabitEthernet 1 configured Dell#show running-config interfaces configured Dell#show running-config interface tengigabitEthernet 1 configured In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information.
Page 311: Dynamic Counters
Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, Dell Networking OS automatically turns on counting when you enable the application, and is turned off when you disable the application. NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance.
Page 312: Clearing Interface Counters
Example of the clear counters Command When you enter this command, confirm that you want Dell Networking OS to clear the interface counters for that interface. Dell#clear counters te 1/1 Clear counters on TenGigabitEthernet 1/1 [confirm]...
Page 313 in between the ranges. You can associate multicast MAC or hardware addresses to an interface range and VLANs by using the mac- address-table static multicast-mac-address vlan vlan-id output-range interface command. Interfaces...
Page 314: Internet Protocol Security (Ipsec)
Internet Protocol Security (IPSec) Internet protocol security (IPSec) is available on Dell Networking OS. IPSec is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways.
Page 315 crypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption des Define the crypto policy. CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXform-set session-key inbound esp 256 auth <key> encrypt <key> session-key outbound esp 257 auth <key> encrypt <key> match 0 tcp a::1 /128 0 a::2 /128 23 match 1 tcp a::1 /128 23 a::2 /128 0 match 2 tcp a::1 /128 0 a::2 /128 21 match 3 tcp a::1 /128 21 a::2 /128 0...
Page 316: Ipv4 Routing
Disabled IP Addresses Dell Networking OS supports IP version 4, as described in RFC 791. Dell Networking OS also supports classful routing and variable length subnet masks (VLSM). With VLSM, you can configure one network with different masks. Supernetting, which increases the number of subnets, is also supported.
Page 317: Assigning Ip Addresses To An Interface
IP communication between the system and hosts connected to that interface. In Dell Networking OS, you can assign one primary address and up to 255 secondary IP addresses to each interface. Enter the keyword interface then the type of interface and slot/port information.
Page 318 – tag tag-value: the range is from 1 to 4294967295. (optional) Example of the show ip route static Command To view the configured routes, use the show ip route static command. Dell#show ip route static Destination Gateway Dist/Metric Last Change...
Page 319: Configure Static Routes For The Management Interface
Direct, Lo 0 --More-- Dell Networking OS installs a next hop that is on the directly connected subnet of current IP address on the interface (for example, if interface TenGigabitEthernet 1/1 is on 172.31.5.0 subnet, Dell Networking OS installs the static route).
Page 320: Ipv4 Path Mtu Discovery Overview
S 6.1.2.2/32 via 6.1.20.2, Te 5/1 00:02:30 S 6.1.2.3/32 via 6.1.20.2, Te 5/1 00:02:30 S 6.1.2.4/32 via 6.1.20.2, Te 5/1 00:02:30 S 6.1.2.5/32 via 6.1.20.2, Te 5/1 00:02:30 S 6.1.2.6/32 via 6.1.20.2, Te 5/1 00:02:30 S 6.1.2.7/32 via 6.1.20.2, Te 5/1 00:02:30 S 6.1.2.8/32 via 6.1.20.2, Te 5/1...
Page 321: Configuring The Icmp Source Interface
Dell>show ip tcp reduced-syn-ack-wait Enabling Directed Broadcast By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive directed broadcasts, use the following command.
Page 322: Resolution Of Host Names
The host table contains both statically configured and dynamically learnt host and IP addresses. If Dell Networking OS cannot resolve the domain, it tries the domain name assigned to the local system. If that does not resolve the partial domain, Dell Networking OS searches the list of domains configured.
Page 323: Configuring Dns With Traceroute
Configure this command up to six times to specify a list of possible domain names. Dell Networking OS searches the domain names in the order they were configured until a match is found or the list is exhausted.
Page 324: Arp
Dell Networking OS uses two forms of address resolution: address resolution protocol (ARP) and Proxy ARP. ARP runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network. Over time, Dell Networking OS creates a forwarding table mapping the MAC addresses to their corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time.
Page 325: Enabling Proxy Arp
In the request, the host uses its own IP address in the Sender Protocol Address and Target Protocol Address fields. In Dell Networking OS versions prior to 8.3.1.0, if a gratuitous ARP is received some time after an ARP request is sent, only RP2 installs the ARP information.
Page 326: Enabling Arp Learning Via Gratuitous Arp
ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address.
Page 327: Configuring Arp Retries
Configuring ARP Retries In Dell Networking OS versions prior to 8.3.1.0, the number of ARP retries is set to five and is not configurable. After five retries, Dell Networking OS backs off for 20 seconds before it sends a new request. Beginning with Dell Networking OS version 8.3.1.0, the number of ARP retries is configurable.
Page 328: Udp Helper
IP address of packets to match those addresses. Configure UDP Helper Configuring Dell Networking OS to direct UDP broadcast is a two-step process: Enable UDP helper and specify the UDP ports for which traffic is forwarded. Refer to Enabling UDP Helper.
Page 329: Configuring A Broadcast Address
Time since last interface status change: 00:07:44 Configurations Using UDP Helper When you enable UDP helper and the destination IP address of an incoming packet is a broadcast address, Dell Networking OS suppresses the destination address of the packet. The following sections describe various configurations that employ UDP helper to direct broadcasts.
Page 330: Udp Helper With Subnet Broadcast Addresses
It is flooded on VLAN 101 without changing the destination address because the forwarding process is Layer 2. If you enabled UDP helper, the system changes the destination IP address to the configured broadcast address 1.1.255.255 and forwards the packet to VLAN 100. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured.
Page 331: Udp Helper With No Configured Broadcast Addresses
To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Te 5/1 with IP DA (0xffffffff) will be sent on Te 5/2 Te 5/3 Vlan 3 01:44:54: Pkt rcvd on Te 7/1 is handed over for DHCP processing.
Page 332 2005-07-05 11:59:36 %RELAY-I-BOOTREPLY, Forwarded BOOTREPLY for 00:02:2D:8D:46:DC to 128.141.128.90 Packet 0.0.0.0:68 -> 255.255.255.255:67 TTL 128 IPv4 Routing...
Page 333: Ipv6 Routing
IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
Page 334: Ipv6 Headers
Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised so the neighbor can use this information to auto-configure its address. However, received ND messages are not used to create an IPv6 address.
Page 335 Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet Source.
Page 336: Extension Header Fields
Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing. In IPv4, this is known as the Time to Live (TTL) field and uses seconds rather than hops. Each time the packet moves through a forwarding router, this field decrements by 1. If a router receives a packet with a Hop Limit of 1, it decrements it to 0 (zero).
Page 337: Addressing
Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet’s Source IP Address identifying the unknown option type. Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet’s Source IP Address only if the Destination IP Address is not a multicast address.
Page 338: Implementing Ipv6 With Dell Networking Os
Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform. The sections following the table give greater detail about the feature.
Page 339: Icmpv6
ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 4443.
Page 340: Path Mtu Discovery
Informational messages provide diagnostic functions and additional host functions, such as Neighbor Discovery and Multicast Listener Discovery. These messages also include Echo Request and Echo Reply messages. The Dell Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages.
Page 341: Ipv6 Neighbor Discovery Of Mtu Packets
Figure 43. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate. For example, if you set ipv6 nd mtu to 1280, the interface still passes 1500-byte packets, if that is what is set with the mtu command.
Page 342: Debugging Ipv6 Rdnss Information Sent To The Host
Dell(conf-if-te-1/1)#do debug ipv6 nd tengigabitethernet 1/1 ICMPv6 Neighbor Discovery packet debugging is on for tengigabitethernet 1/1 Dell(conf-if-te-1/1)#00:13:02 : : cp-ICMPV6-ND: Sending RA on Te 1/1 current hop limit=64, flags: M-, O-, router lifetime=1800 sec, reachable time=0 ms, retransmit time=0 ms...
Page 343: Secure Shell (Ssh) Over An Ipv6 Transport
Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 The following are configuration tasks for the IPv6 protocol.
Page 344: Assigning An Ipv6 Address To An Interface
Assigning an IPv6 Address to an Interface Essentially, IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully. To assign an IPv6 address to an interface, use the ipv6 address command.
Page 345: Assigning A Static Ipv6 Route
Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router.
Page 346: Showing Ipv6 Information
– For a port channel interface, enter the keywords port-channel then a number. – For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Example of the show ipv6 interface Command Dell#show ipv6 int ManagementEthernet 1/1 ManagementEthernet 1/1 is up, line protocol is up IPV6 is enabled...
Page 347: Showing Ipv6 Routes
– To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command. Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0...
Page 348: Showing The Running-Configuration For An Interface
– For the Management interface on the stack-unit, enter the keyword ManagementEthernet then the slot/port information. The slot range is from 0 to 1. The port range is 0. Example of the show running-config interface Command Dell#show run int Te 2/2 interface TenGigabitEthernet 2/2 no ip address...
Page 349: Configuring Ipv6 Ra Guard
NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted router advertisement guard messages that arrive at the network device platform.
Page 350: Configuring Ipv6 Ra Guard On An Interface
The retransmission time range is from 100 to 4,294,967,295 milliseconds. 15. Display the configurations applied on the RA guard policy mode. POLICY LIST CONFIGURATION mode show config Example of the show config Command Dell(conf-ra_guard_policy_list)#show config ipv6 nd ra-guard policy test device-role router hop-limit maximum 251 mtu 1350...
Page 351: Monitoring Ipv6 Ra Guard
[interface_type slot/port | count value] The count range is from 1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, refer to Dell Networking OS Command Line Reference Guide. IPv6 Routing...
Page 352: Intermediate System To Intermediate System
IS-IS is supported on the Z9000 with Dell Networking OS 9.0(0.0). • • The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. • The IS-IS protocol standards are listed in the Standards Compliance chapter.
Page 353: Multi-Topology Is-Is
Figure 44. ISO Address Format Multi-Topology IS-IS Multi-topology IS-IS (MT IS-IS) allows you to create multiple IS-IS topologies on a single router with separate databases. Use this feature to place a virtual physical topology into logical routing domains, which can each support different routing and security policies.
Page 354: Graceful Restart
neighbor within its LSPs. The local router does not form an adjacency if both routers do not have at least one common MT over the interface. Graceful Restart Both Helper and Restart modes of Graceful restart are supported on the device. Graceful restart is a protocol-based mechanism that preserves the forwarding table of the restarting router and its neighbors for a specified period to minimize the loss of packets.
Page 355: Configuration Information
By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing;...
Page 356 • Controlling Routing Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with neighbors, enable IS-IS on an interface, instead of on a network as with other routing protocols.
Page 357 To view the IS-IS configuration, enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 358 IS-IS: LSP checksum errors received : 0 IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: •...
Page 359 LSP. The 'overload' bit is an indication to the receiving router that database synchronization did not complete at the restarting router. To view all graceful restart-related configurations, use the show isis graceful-restart detail command in EXEC Privilege mode. Dell#show isis graceful-restart detail Configured Timer Value Intermediate System to Intermediate System...
Page 360 Dell# To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode. Dell#show isis interface TenGigabitEthernet 1/34 TenGigabitEthernet 1/34 is up, line protocol is up MTU 1497, Encapsulation SAP...
Page 361: Router Isis
If you configure narrow, transition, or narrow transition metric style, the cost can be a number between 0 and 63. If you configure wide or wide transition metric style, the cost can be a number between 0 and 16,777,215. Dell Networking OS supports five different metric styles: narrow, wide, transition, narrow transition, and wide transition.
Page 362 To view which metric types are generated and received, use the show isis protocol command in EXEC Privilege mode. The IS-IS matrixes settings are in bold. Example of Viewing IS-IS Metric Types Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 363: Configuring The Distance Of A Route
– default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. The range is from 0 to 16777215 if the metric style is wide or wide transition. • Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | level-2] –...
Page 364 Another method of controlling routing information is to filter the information through a prefix list. Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS.
Page 365 Enter the type of interface and slot/port information: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. – For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. –...
Page 366: Redistributing Ipv4 Routes
– static: for user-configured routes. – bgp: for BGP routes only. • Deny RTM download for pre-existing redistributed IPv6 routes. ROUTER ISIS-AF IPV6 mode distribute-list redistributed-override in Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process. With the redistribute command syntax, you can include BGP, OSPF, RIP, static, or directly connected routes in the IS-IS process.
Page 367: Configuring Authentication Passwords
redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: – level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. –...
Page 368: Setting The Overload Bit
Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system.
Page 369: Is-Is Metric Styles
– interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. Dell Networking OS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
Page 370: Maximum Values In The Routing Table
Metric Style Correct Value Range for the isis metric Command wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all other metric styles support a range of 0 to 0xFE000000.
Page 371: Leaks From One Level To Another
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narrow transition transition original value wide transition wide original value wide transition narrow default value (10) if the original value is greater than 63.
Page 372: Sample Configurations
Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of the following three different methods: • Congruent Topology — You must configure both IPv4 and IPv6 addresses on the interface. Enable the ip router isis and ipv6 router isis commands on the interface.
Page 373 TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17...
Page 374 Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config router isis net 34.0000.0000.AAAA.00 address-family ipv6 unicast multi-topology transition exit-address-family Dell (conf-router_isis)# Intermediate System to Intermediate System...
Page 375: Link Aggregation Control Protocol (Lacp)
Link aggregation control protocol (LACP) is supported on Dell Networking OS. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic.
Page 376: Lacp Modes
You can configure a maximum of 128 port-channels with up to 16 members per channel. LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state.
Page 377: Lacp Configuration Tasks
Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface Gigabitethernet 3/15 Dell(conf-if-gi-3/15)#no shutdown Dell(conf-if-gi-3/15)#port-channel-protocol lacp Dell(conf-if-gi-3/15-lacp)#port-channel 32 mode active Dell(conf)#interface Gigabitethernet 3/16 Dell(conf-if-gi-3/16)#no shutdown Dell(conf-if-gi-3/16)#port-channel-protocol lacp Dell(conf-if-gi-3/16-lacp)#port-channel 32 mode active Dell(conf)#interface Gigabitethernet 4/15 Dell(conf-if-gi-4/15)#no shutdown...
Page 378: Setting The Lacp Long Timeout
Dell(conf)#interface Gigabitethernet 4/16 Dell(conf-if-gi-4/16)#no shutdown Dell(conf-if-gi-4/16)#port-channel-protocol lacp Dell(conf-if-gi-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing static channel- member configuration in LAG 32. Setting the LACP Long Timeout PDUs are exchanged between port channel (LAG) interfaces to maintain LACP sessions.
Page 379: Shared Lag State Tracking
Figure 46. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking. To achieve this functionality, you must group LAG 1 and LAG 2 into a single entity, called a failover group.
Page 380: Important Points About Shared Lag State Tracking
2d1h45m: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Po 2 To view the status of a failover group member, use the show interface port-channel command. Dell#show interface port-channel 2 Port-channel 2 is up, line protocol is down (Failover-group 1 is down)
Page 381: Lacp Basic Configuration Example
LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names. Figure 48. LACP Basic Configuration Example Configure a LAG on ALPHA The following example creates a LAG on ALPHA.
Page 382 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 over 64-byte pkts, 121 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 136 Multicasts, 0 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds):...
Page 383 Figure 50. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP)
Page 384 Figure 51. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/31)#shutdown Alpha(conf-if-gi-2/31)#port-channel-protocol lacp Alpha(conf-if-gi-2/31-lacp)#port-channel 10 mode active Alpha(conf-if-gi-2/31-lacp)#no shut Alpha(conf-if-gi-2/31)#show config interface GigabitEthernet 2/31 no ip address port-channel-protocol LACP port-channel 10 mode active...
Page 385 Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config interface Port-channel 10 no ip address switchport no shutdown Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/21)#port-channel-protocol lacp Bravo(conf-if-gi-3/21-lacp)#port-channel 10 mode active Bravo(conf-if-gi-3/21-lacp)#no shut Bravo(conf-if-gi-3/21)#end interface GigabitEthernet 3/21 no ip address port-channel-protocol LACP port-channel 10 mode active no shutdown Bravo(conf-if-gi-3/21)#end...
Page 386 Figure 52. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP)
Page 387 Figure 53. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP)
Page 388: Setting Up A Threshold For Utilization Of High-Gigabit Port Channels
SNMP traps are generated. The Dell Networking OS already contains the functionality to monitor the performance and traffic handling of virtual interfaces created as LAG bundles and ECMP configured on physical user ports. You can now verify the traffic distribution and processing of high-Gigabit Ethernet port channels.
Page 389: Guidelines For Monitoring High-Gigabit Port Channels
This capability detects whether the configured applications or utilities are causing traffic to be unevenly distributed on a hiGig link bundle for best performance. This capability to monitor the port channel bundles is applicable for any platform that contains backplane high-Gigabit Ethernet links. The collected and derived data rates for the configured rate-interval monitor and examine the working efficiency and traffic-handling capacity of the LAG bundles on high-Gigabit Ethernet trunk interfaces that are created statically.
Page 390: Enabling The Verification Of Member Links Utilization In A High-Gigabit Port Channel
Global Configuration mode to enable this functionality to detect the working efficiency of the high-Gigabit port channel bundle interfaces. CONFIGURATION mode Dell(conf)#hg-link-bundle-monitor slot 0 npuUnit 0 hg-port-channel 0 enable Specify the trigger threshold for higig link bundle monitoring. CONFIGURATION mode Dell(conf)#hg-link-bundle-monitor trigger-threshold 30 Specify the interval in seconds for higig link bundle monitoring.
Page 391 In an NPU unit, the port numbering of backplane local ports starts from the end of the last front-end local port ID used. Until Dell Networking OS Release 9.2(0.0), the show commands displayed only the details computed by the buffer statistics tracking counters for the egress queues.
Page 392: Layer 2
Layer 2 Layer 2 features are supported on Dell Networking OS. Manage the MAC Address Table Dell Networking OS provides the following management activities for the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries •...
Page 393: Displaying The Mac Address Table
Recovering from Learning Limit and Station Move Violations Dell Networking OS Behavior: When configuring the MAC learning limit on a port or VLAN, the configuration is accepted (becomes part of running-config and show mac learning-limit interface) before the system verifies that sufficient CAM space exists.
Page 394: Setting The Mac Learning Limit
Dell Networking OS Behavior: If you do not configure the dynamic option, the systems do not detect station moves in which a MAC address learned off of a MAC-limited port is learned on another port on same line card. Therefore, Dell Networking OS does not take any configured station-move violation action.
Page 395: Mac Learning-Limit No-Station-Move
EXEC Privilege mode show mac learning-limit Dell Networking OS Behavior: The systems do not generate a station-move violation log entry for physical interfaces or port- channels when you configure mac learning-limit or when you configure mac learning-limit station-move- violation log. Dell Networking OS detects a station-move violation only when you configure mac learning-limit dynamic and logs the violation only when you configure the mac learning-limit station-move-violation log, as shown in the following example.
Page 396: Recovering From Learning Limit And Station Move Violations
station-move-violation shutdown-offending • Shut down both the first and second port to learn the MAC address. INTERFACE mode station-move-violation shutdown-both • Display a list of all of the interfaces configured with MAC learning limit or station move violation. CONFIGURATION mode show mac learning-limit violate-action NOTE: When the MAC learning limit (MLL) is configured as no-station-move, the MLL will be processed as static entries internally.
Page 397: Configure Redundant Pairs
ARP is resolved (in the previous example, this location is Port 0/5 of the switch). To ensure that the MAC address is disassociated with one port and re-associated with another port in the ARP table, configure the mac-address-table station-move refresh-arp command on the Dell Networking switch at the time that NIC teaming is being configured on the server.
Page 398 Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces.
Page 399: Important Points About Configuring Redundant Pairs
TenGigabitEthernet 3/42 no shutdown interface TenGigabitEthernet 3/42 no ip address switchport no shutdown Dell(conf-if-range-te-3/41-42)# Dell(conf-if-range-te-3/41-42)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned YES Manual up TenGigabitEthernet 3/42 unassigned NO Manual up down [output omitted]...
Page 400: Far-End Failure Detection
Te 2/1 (Up) Dell#configure Dell(conf)#interface port-channel 1 Dell(conf-if-po-1)#switchport backup interface port-channel 2 Apr 9 00:15:13: %STKUNIT0-M:CP %IFMGR-5-L2BKUP_WARN: Do not run any Layer2 protocols on Po 1 and Po 2 Apr 9 00:15:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Po 2...
Page 401: Fefd State Changes
You can enable FEFD globally or on a per-interface basis. Interface FEFD configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. Configuring FEFD You can configure FEFD for all interfaces from CONFIGURATION mode, or on individual interfaces from INTERFACE mode.
Page 402: Enabling Fefd On An Interface
Te 1/3 Normal 3 Admin Shutdown Te 1/4 Normal 3 Admin Shutdown Dell#show run fefd fefd-global mode normal fefd-global interval 3 Enabling FEFD on an Interface To enable, change, or disable FEFD on an interface, use the following commands. •...
Page 403: Debugging Fefd
Dell(conf-if-te-1/1)#shutdown 2w1d22h: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Te 1/1 Dell(conf-if-te-1/1)#2w1d22h : FEFD state on Te 1/1 changed from ANY to Unknown 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 1/1 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 4/1...
Page 404 Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Te 1/1) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Te 4/1) Sender hold time -- 3 (second) An RPM Failover In the event that an RPM failover occurs, FEFD becomes operationally down on all enabled ports for approximately 8-10 seconds before automatically becoming operational again.
Page 405: Link Layer Discovery Protocol (Lldp)
Link Layer Discovery Protocol (LLDP) The link layer discovery protocol (LLDP) is supported on Dell Networking OS. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Page 406: Optional Tlvs
Organizationally Specific TLVs. Figure 60. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs A management TLV is an optional TLVs sub-type. This kind of TLV contains essential management information about the sender.
Page 407 Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs.
Page 408: Tia-1057 (Lldp-Med) Overview
• LLDP-MED Network Connectivity Device — any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: •...
Page 409 • The possible values of the LLDP-MED device type are shown in the following. The Dell Networking system is a network connectivity device, which is Type 4. When you enable LLDP-MED in Dell Networking OS (using the advertise med command), the system begins transmitting this TLV.
Page 410 An integer represents the application type (the Type integer shown in the following table), which indicates a device function for which a unique network policy is defined. An individual LLDP-MED network policy TLV is generated for each application type that you specify with the Dell Networking OS CLI (Advertising TLVs).
Page 411 • Power Value — Dell Networking advertises the maximum amount of power that can be supplied on the port. By default the power is 15.4W, which corresponds to a power value of 130, based on the TIA-1057 specification. You can advertise a different power value using the max-milliwatts option with the power inline auto | static command.
Page 412: Configure Lldp
Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000.
Page 413: Enabling Lldp
LLDP multiplier configuration Negate a command or set its defaults show Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/3 Dell(conf-if-te-1/3)#protocol lldp Dell(conf-if-te-1/3-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol on this interface Exit from configuration mode exit Exit from LLDP configuration mode...
Page 414: Disabling And Undoing Lldp On Management Ports
Disabling and Undoing LLDP on Management Ports To disable or undo LLDP on management ports, use the following command. Enter Protocol LLDP mode. CONFIGURATION mode. protocol lldp Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode. management-interface Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no.
Page 415: Viewing The Lldp Configuration
Dell(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description hello 10 no disable Dell(conf-lldp)# Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/31 Dell(conf-if-te-1/31)#show config interface TenGigabitEthernet 1/31 no ip address switchport no shutdown Dell(conf-if-te-1/31)#protocol lldp Dell(conf-if-te-1/31-lldp)#show config protocol lldp...
Page 416: Viewing Information Advertised By Adjacent Lldp Agents
Information valid for next 120 seconds Time since last information change of this neighbor: 01:50:16 Remote MTU: 1554 Remote System Desc: Dell Networks Real Time Operating System Software Dell Operating System Version: 1.0. Dell Application Software Version: 9.4.0.0. Copyright (c) 1999-2014...
Page 417: Configuring Transmit And Receive Mode
R1(conf-lldp)# Configuring Transmit and Receive Mode After you enable LLDP, Dell Networking systems transmit and receive LLDPDUs by default. To configure the system to transmit or receive only and return to the default, use the following commands. •...
Page 418: Configuring A Time To Live
advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? Rx only Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable...
Page 419: Debugging Lldp
View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. debug lldp detail Figure 66. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs •...
Page 420 Table 29. LLDP Configuration MIB Objects MIB Object LLDP Variable LLDP MIB Object Description Category LLDP adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP Configuration agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplier Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs.
Page 421 TLV Type TLV Name TLV Variable System LLDP MIB Object Port Description port description Local lldpLocPortDesc Remote lldpRemPortDesc System Name system name Local lldpLocSysName Remote lldpRemSysName System Description system description Local lldpLocSysDesc Remote lldpRemSysDesc System Capabilities system capabilities Local lldpLocSysCapSupported Remote lldpRemSysCapSupported Management Address...
Page 422 TLV Type TLV Name TLV Variable System LLDP MIB Object PPVID Local lldpXdot1LocProtoVlanId Remote lldpXdot1RemProtoVlanId VLAN Name Local lldpXdot1LocVlanId Remote lldpXdot1RemVlanId VLAN name length Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName VLAN name Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName Table 32. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable...
Page 423 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Remote lldpXMedRemMediaPolicy Priority DSCP Value Local lldpXMedLocMediaPolicy Dscp Remote lldpXMedRemMediaPolicy Dscp Location Identifier Location Data Format Local lldpXMedLocLocationSubt Remote lldpXMedRemLocationSub type Location ID Data Local lldpXMedLocLocationInfo Remote lldpXMedRemLocationInfo Extended Power via MDI Power Device Type Local lldpXMedLocXPoEDevice...
Page 424: Microsoft Network Load Balancing
Microsoft Network Load Balancing This functionality is supported on Dell Networking OS. Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
Page 425: Limitations With Enabling Nlb On Switches
When an ARP request is sent to a server cluster, either the active server or all the servers send a reply, depending on the cluster configuration. If the active server sends a reply, the Dell switch learns the active server’s MAC address. If all servers reply, the switch registers only the last received ARP reply, and the switch learns one server’s actual MAC address;...
Page 426: Configuring A Switch For Nlb
Configuring a Switch for NLB This functionality is supported on the Z9000 platform. To enable a switch for unicast NLB mode of functioning, perform the following steps: Enter the ip vlan-flooding command to specify that all Layer 3 unicast routed data traffic, going through a VLAN member port, needs to be flooded across all the member ports of that VLAN.
Page 427: Multicast Source Discovery Protocol (Msdp)
Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Page 428: Anycast Rp
RP in more than one area. New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell Networking OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446. Configure Multicast Source Discovery Protocol Configuring MSDP is a four-step process.
Page 429: Related Configuration Tasks
Enable MSDP. Peer the RPs in each routing domain with each other. Refer to Enable MSDP. Related Configuration Tasks The following lists related MSDP configuration tasks. • Enable MSDP • Manage the Source-Active Cache • Accept Source-Active Messages that Fail the RFP Check •...
Page 430 Figure 69. Configuring Interfaces for MSDP Multicast Source Discovery Protocol (MSDP)
Page 431 Figure 70. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP)
Page 432 Figure 71. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP)
Page 433: Enable Msdp
Figure 72. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. Enable MSDP. CONFIGURATION mode ip multicast-msdp Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary...
Page 434: Manage The Source-Active Cache
Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking OS caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the reverse path forwarding (RPF) and policy check.
Page 435: Clearing The Source-Active Cache
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries.
Page 436 Figure 73. MSDP Default Peer, Scenario 1 Multicast Source Discovery Protocol (MSDP)
Page 437 Figure 74. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP)
Page 438 Figure 75. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP)
Page 439: Specifying Source-Active Messages
If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check. Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50...
Page 440: Limiting The Source-Active Messages From A Peer
24.0.50.2 200.0.0.50 10.0.50.2 00:13:49 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 00:13:49 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 10.0.50.2 Rpf-Fail 00:33:18 229.0.50.65...
Page 441: Preventing Msdp From Caching A Remote Source
seq 10 deny ip any any R1_E600(conf)#do show ip msdp sa-cache R1_E600(conf)#do show ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands.
Page 442: Logging Changes In Peership States
Example of Verifying the System is not Advertising Local Sources In the following example, R1 stops advertising source 10.11.4.2. Because it is already in the SA cache of R3, the entry remains there until it expires. [Router 1] R1_E600(conf)#do show run msdp ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter...
Page 443: Clearing Peer Statistics
SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none [Router 1] R1_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering:...
Page 444: Msdp With Anycast Rp
03:16:09 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:16:27 : MSDP-0: Peer 192.168.0.3, sent Source Active msg 03:16:38 : MSDP-0: Peer 192.168.0.3, sent Keepalive msg 03:16:39 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:17:09 : MSDP-0: Peer 192.168.0.3, sent Keepalive msg 03:17:10 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:17:27 : MSDP-0: Peer 192.168.0.3,...
Page 445: Configuring Anycast Rp
Figure 77. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback Make this address the RP for the group.
Page 446: Reducing Source-Active Message Flooding
CONFIGURATION mode ip msdp peer Advertise the network of each of the unique Loopback addresses throughout the network. ROUTER OSPF mode network Reducing Source-Active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, the RPs forward received active source information back to the originating RP, which violates the RFP rule.
Page 447 network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.11/32 area 0 ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.22 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.22 ip msdp originator-id Loopback 1! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 The following example shows an R2 configuration for MSDP with Anycast RP.
Page 448 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200...
Page 449: Msdp Sample Configurations
ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.22 ip route 192.168.0.1/32 10.11.0.23 ip route 192.168.0.22/32 10.11.0.23 ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 MSDP Sample Configurations The following examples show the running-configurations described in this chapter. For more information, refer to the illustrations in the Related Configuration Tasks section.
Page 450 interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown interface Loopback 0 ip address 192.168.0.2/32 no shutdown router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.2/32 area 0 redistribute static redistribute connected redistribute bgp 100 router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200...
Page 451 ip multicast-routing interface TenGigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown interface TenGigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown interface TenGigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown interface Loopback 0 ip address 192.168.0.4/32 no shutdown router ospf 1 network 10.11.5.0/24 area 0 network 10.11.6.0/24 area 0...
Page 452: Multiple Spanning Tree Protocol (Mstp)
Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) is supported on Dell Networking OS. Protocol Overview MSTP — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
Page 453: Spanning Tree Variations
Implementation Information The following describes the MSTP implementation information. • The Dell Networking OS MSTP implementation is based on IEEE 802.1Q-2003 and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP.
Page 454: Enable Multiple Spanning Tree Globally
Specify the keyword vlan then the VLANs that you want to participate in the MSTI. Examples of Configuring and Viewing MSTI The following examples shows the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)#msti 1 vlan 100 Multiple Spanning Tree Protocol (MSTP)
Page 455: Influencing Mstp Root Selection
All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID...
Page 456: Interoperate With Non-Dell Networking Os Bridges
A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default region name on Dell Networking OS is null. • Revision is a 2-byte number. The default revision number on Dell Networking OS is 0.
Page 457: Modifying Global Parameters
Max-hops — the maximum number of hops a BPDU can travel before a receiving switch discards it. NOTE: Dell Networking recommends that only experienced network administrators change MSTP parameters. Poorly planned modification of MSTP parameters can negatively affect network performance.
Page 458: Modifying The Interface Parameters
Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode. Dell(conf-mstp)#forward-delay 16 Dell(conf-mstp)#exit Dell(conf)#do show running-config spanning-tree mstp protocol spanning-tree mstp no disable name my-mstp-region MSTI 1 VLAN 100...
Page 459: Configuring An Edgeport
Dell(conf-if-te-3/11)# Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes. However, you may activate the flushing mechanism defined by 802.1Q-2003 using the tc-flush-standard command, which flushes MAC addresses after every topology change notification.
Page 460: Mstp Sample Configurations
Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 79. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs.
Page 461 interface Vlan 200 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. Assign Layer-2 interfaces to the MSTP topology.
Page 462 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 (Step 2) interface TenGigabitEthernet 3/11 no ip address switchport no shutdown interface TenGigabitEthernet 3/21 no ip address switchport no shutdown (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 3/11,21 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3/11,21...
Page 463: Debugging And Verifying Mstp Configurations
– Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp protocol spanning-tree mstp name Tahiti...
Page 464 The following example shows viewing the debug log of a successful MSTP configuration. Dell#debug spanning-tree mstp bpdu MSTP debug bpdu is ON Dell# 4w0d4h : MSTP: Sending BPDU on Te 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x6e CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0...
Page 465: Multicast Features
Multicast with ECMP Dell Networking multicast uses equal-cost multi-path (ECMP) routing to load-balance multiple streams across equal cost links. When creating the shared-tree protocol independent multicast (PIM) uses routes from all configured routing protocols to select the best route to the rendezvous point (RP). If there are multiple, equal-cost paths, the PIM selects the route with the least number of currently running multicast streams.
Page 466: Implementation Information
Because protocol control traffic in Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic.
Page 467: First Packet Forwarding For Lossless Multicast
All initial multicast packets are forwarded to receivers to achieve lossless multicast. In previous versions, when the Dell Networking system is an RP, all initial packets are dropped until PIM creates an (S,G) entry. When the system is an RP and a Source DR, these initial packet drops represent a loss of native data, and when the system is an RP only, the initial packets drops represent a loss of register packets.
Page 468 Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, Dell Networking OS clears multicast routing table and re-learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists.
Page 469 Figure 81. Preventing a Host from Joining a Group Table 35. Preventing a Host from Joining a Group — Description Location Description • Interface TenGigabitEthernet 1/21 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown • Interface TenGigabitEthernet 1/31 1/31 •...
Page 470 Location Description • no shutdown • Interface TenGigabitEthernet 2/11 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface TenGigabitEthernet 2/31 2/31 • ip pim sparse-mode • ip address 10.11.23.1/24 • no shutdown • Interface TenGigabitEthernet 3/1 •...
Page 471 Preventing a PIM Router from Forming an Adjacency To prevent a router from participating in PIM (for example, to configure stub multicast routing), use the following command. • Prevent a router from participating in protocol independent multicast (PIM). INTERFACE mode ip pim neighbor-filter Preventing a Source from Registering with the RP To prevent the PIM source DR from sending register packets to RP for the specified multicast source and group, use the following...
Page 472 Figure 82. Preventing a Source from Transmitting to a Group Table 36. Preventing a Source from Transmitting to a Group — Description Location Description • Interface TenGigabitEthernet 1/21 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown •...
Page 473 To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
Page 474 NOTE: When you configure a join filter that filter is applicable for both ingress and egress flows. There is no option to specify in or out parameters while configuring a join filter. Multicast Features...
Page 475: Object Tracking
IPv4/IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking Operating System (OS) client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes.
Page 476: Track Layer 2 Interfaces
Figure 83. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. •...
Page 477: Set Tracking Delays
For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. • The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes.
Page 478: Vrrp Object Tracking
Track Layer 3 Interfaces • Track an IPv4/IPv6 Route For a complete listing of all commands related to object tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that tracks the line-protocol state of a Layer 2 interface and monitors its operational status (UP or DOWN).
Page 479: Tracking A Layer 3 Interface
The text string can be up to 80 characters. (Optional) Display the tracking configuration and the tracked object’s status. EXEC Privilege mode show track object-id Example of Configuring Object Tracking Dell(conf)#track 100 interface tengigabitethernet 7/1 line-protocol Dell(conf-track-100)#delay up 20 Dell(conf-track-100)#description San Jose data center Dell(conf-track-100)#end Dell#show track 100...
Page 480: Track An Ipv4/Ipv6 Route
(Optional) Display the tracking configuration and the tracked object’s status. EXEC Privilege mode show track object-id Example of Configuring Object Tracking (IPv4 Interface) Example of Configuring Object Tracking (IPv6 Interface) Dell(conf)#track 101 interface tengigabitethernet 7/2 ip routing Dell(conf-track-101)#delay up 20 Dell(conf-track-101)#description NYC metro Dell(conf-track-101)#end Dell#show track 101...
Page 481 – For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. – The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes.
Page 482 IP route 10.0.0.0/8 reachability Reachability is Down (route not in route table) 2 changes, last change 00:02:49 Tracked by: Dell#configure Dell(conf)#track 4 ip route 3.1.1.0/24 reachability vrf vrf1 Dell(conf)#track 105 ipv6 route 1234::/64 reachability Dell(conf-track-105)#delay down 5 Dell(conf-track-105)#description Headquarters Dell(conf-track-105)#end...
Page 483: Displaying Tracked Objects
EXEC Privilege mode show track object-id Example of the track ip route metric threshold Command Example of the track ipv6 route metric threshold Command Dell(conf)#track 6 ip route 2.1.1.0/24 metric threshold Dell(conf-track-6)#delay down 20 Dell(conf-track-6)#delay up 20 Dell(conf-track-6)#description track ip route metric...
Page 484 Router# show track brief ResId Resource Parameter State LastChange IP route reachability 10.16.0.0/16 Dell#show track resolution IP Route Resolution ISIS OSPF IPv6 Route Resolution ISIS Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) Object Tracking...
Page 485 3 changes, last change 00:02:39 First-hop interface is GigabitEthernet 13/4 Dell#show running-config track track 1 ip route 23.0.0.0/8 reachability track 2 ipv6 route 2040::/64 metric threshold delay down 3 delay up 5 threshold metric up 200 track 3 ipv6 route 2050::/64 reachability track 4 interface GigabitEthernet 13/4 ip routing track 5 ip route 192.168.0.0/24 reachability vrf red...
Page 486: Open Shortest Path First (Ospfv2 And Ospfv3)
Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS).
Page 487: Area Types
A not-so-stubby area (NSSA) can import AS external route information and send it to the backbone. It cannot receive external AS information from the backbone or other areas. However, a virtual link can traverse it. • Totally stubby areas are referred to as no summary areas in the Dell Networking OS. Open Shortest Path First (OSPFv2 and OSPFv3)
Page 488: Networks And Neighbors
Each router has a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router’s IP address reflect each other.
Page 489 Figure 85. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example.
Page 490: Designated And Backup Designated Routers
These router designations are not the same ad the router IDs described earlier. The DRs and BDRs are configurable in Dell Networking OS. If you do not define DR or BDR in Dell Networking OS, the system assigns them. OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR.
Page 491: Router Priority And Cost
For all LSA types, there are 20-byte LSA headers. One of the fields of the LSA header is the link-state ID. Each router link is defined as one of four types: type 1, 2, 3, or 4. The LSA includes a link ID field that identifies, by the network number and mask, the object this link connects to.
Page 492: Ospf With Dell Networking Os
Figure 86. Priority and Cost Examples OSPF with Dell Networking OS Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within that 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes.
Page 493: Graceful Restart
When the restarting router completes its restart, it flushes the Type 9 and 11 LSAs, notifying its neighbors that the restart is complete. This notification happens before the grace period expires. Dell Networking routers support the following OSPF graceful restart functionality: •...
Page 494: Fast Convergence (Ospfv2, Ipv4 Only)
Dell Networking OS allows you to accept and originate LSAa as soon as they are available to speed up route information propagation. NOTE: The faster the convergence, the more frequent the route calculations and updates. This impacts CPU utilization and may impact adjacency stability in larger topologies.
Page 495: Ospf Ack Packing
In Dell Networking OS, the OSPF dead interval value is, by default, set to 40 seconds, and is independent of the OSPF hello interval. Configuring a hello interval does not change the dead interval in Dell Networking OS. In contrast, the OSPF dead interval on a Cisco router is, by default, four times as long as the hello interval.
Page 496: Configuration Information
Enable OSPF globally. Assign network area and neighbors. Add interfaces or configure other attributes. For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Open Shortest Path First (OSPFv2 and OSPFv3)
Page 497 In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described.
Page 498 EXEC mode show ip ospf process-id Example of Viewing the Current OSPFv2 Status Dell#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs...
Page 499 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out to all physical interfaces assigned an IP address that is a subset of a network on which OSPF is enabled.
Page 500 Loopback interfaces also help the OSPF process. OSPF picks the highest interface address as the router-id and a Loopback interface address has a higher precedence than other interface addresses. Example of Viewing OSPF Status on a Loopback Interface Dell#show ip ospf 1 int TenGigabitEthernet 1/23 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.2, Network Type BROADCAST, Cost: 1...
Page 501 Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID Router Network S-Net S-ASBR Type-7 Subtotal 2.2.2.2...
Page 502 When disabled, the parameter is set at 0. NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support.
Page 503: Ip Ospf Cost
Dell# Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors.
Page 504 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface TenGigabitEthernet 1/1 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.2.100...
Page 505 Graceful restart is enabled for the global OSPF process. For more information, refer to Graceful Restart. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • grace period — the length of time the graceful restart process can last before OSPF terminates it. •...
Page 506 After you enable restart mode the router advertises the neighbor as fully adjacent during a restart. For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to the following.
Page 507 Dell(conf-router_ospf)# Troubleshooting OSPFv2 Dell Networking OS has several tools to make troubleshooting easier. Be sure to check the following, as these questions represent typical issues that interrupt an OSPFv2 process. NOTE: The following is not a comprehensive list, just some examples of typical troubleshooting checks.
Page 508 – packet: view OSPF packet information. – spf: view SPF information. – database-timers rate-limit: view the LSAs currently in the queue. Example of Viewing OSPF Configuration Dell#show run ospf router ospf 3 router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1...
Page 509: Sample Configurations For Ospfv2
2 virtual-link 90.90.90.90 retransmit-interval 300 ipv6 router ospf 999 default-information originate always router-id 10.10.10.10 Dell# Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations.
Page 510: Ospf Area 0 - Te 3/1 And 3/2
OSPF Area 0 — Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 interface Loopback 30 ip address 192.168.100.100/24 no shutdown interface TenGigabitEthernet 3/1 ip address 10.1.13.3/24 no shutdown interface TenGigabitEthernet 3/2 ip address 10.2.13.3/24 no shutdown OSPF Area 0 —...
Page 511: Enabling Ipv6 Unicast Routing
Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following command. • Enable IPv6 unicast routing globally. CONFIGURATION mode ipv6 unicast routing Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands. Assign an IPv6 address to the interface.
Page 512: Configuring Stub Areas
router-id {number} – number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Configuring Stub Areas To configure IPv6 stub areas, use the following command.
Page 513: Configuring A Default Route
– tag tag-value: The range is from 0 to 4294967295. Configuring a Default Route To generate a default external route into the OSPFv3 routing domain, configure Dell Networking OS. To specify the information for the default route, use the following command.
Page 514 30.1.1.0/24 area 0 ipv6 router ospf 1 log-adjacency-changes graceful-restart grace-period 180 The following example shows the show ipv6 ospf database database-summary command. Dell#show ipv6 ospf database database-summary OSPFv3 Router with ID (200.1.1.1) (Process ID 1) Open Shortest Path First (OSPFv2 and OSPFv3)
Page 515: Ospfv3 Authentication Using Ipsec
Tunnel mode — is more secure and encrypts both the header and payload. On the receiving side, an IPsec-compliant device decrypts each packet. NOTE: Dell Networking OS supports only Transport Encryption mode in OSPFv3 authentication with IPsec. With IPsec-based authentication, Crypto images are used to include the IPsec secure socket application programming interface (API) required for use with OSPFv3.
Page 516 Transport mode. It is possible to insert the ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
Page 517 – Configuring IPsec Authentication for an OSPFv3 Area – Configuring IPsec Encryption for an OSPFv3 Area – Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands. Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List for OSPFv3 (OSPF for...
Page 518 – null: causes an encryption policy configured for the area to not be inherited on the interface. – ipsec spi number: is the security policy index (SPI) value. The range is from 256 to 4294967295. – esp encryption-algorithm: specifies the encryption algorithm used with ESP. The valid values are 3DES, DES, AES- CBC, and NULL.
Page 519 show crypto ipsec policy Configuring IPsec Encryption for an OSPFv3 Area To configure, remove, or display IPsec encryption in an OSPFv3 area, use the following commands. Prerequisite: Before you enable IPsec encryption in an OSPFv3 area, first enable OSPFv3 globally on the router (refer to Configuration Task List for OSPFv3 (OSPF for IPv6)).
Page 520 Outbound ESP Cipher Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set : esp-128-aes esp-sha1-hmac The following example shows the show crypto ipsec sa ipv6 command. Dell#show crypto ipsec sa ipv6 Interface: TenGigabitEthernet 1/1 Link Local address: fe80::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 Open Shortest Path First (OSPFv2 and OSPFv3)
Page 521: Troubleshooting Ospfv3
STATUS : ACTIVE Troubleshooting OSPFv3 Dell Networking OS has several tools to make troubleshooting easier. Consider the following information as these are typical issues that interrupt the OSPFv3 process. NOTE: The following troubleshooting section is not meant to be a comprehensive list, only examples of typical troubleshooting checks.
Page 522 • show virtual links • show ipv6 routes Viewing Summary Information To get general route, configuration, links status, and debug information, use the following commands. • View the summary information of the IPv6 routes. EXEC Privilege mode show ipv6 route summary •...
Page 523: Policy-Based Routing (Pbr)
Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. This chapter covers the following topics: • Overview • Implementing Policy-based Routing with Dell Networking OS • Configuration Task List for Policy-based Routing • Sample Configuration...
Page 524: Implementing Policy-Based Routing With Dell Networking Os
• If the specified next-hops are not reachable, then the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-Lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: The user can provide a tunnel id for a redirect rule.
Page 525: Configuration Task List For Policy-Based Routing
Create a redirect list by entering the list name. Format: 16 characters Delete the redirect list with the no ip redirect-list command. The following example creates a redirect list by the name of “xyz.” Dell(conf)#ip redirect-list ? WORD Redirect-list name (max 16 chars) Dell(conf)#ip redirect-list xyz Create a Rule for a Redirect-list Use the following command in CONFIGURATION REDIRECT-LIST mode to set the rules for the redirect list.
Page 526 Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 ? Mask A.B.C.D or /nn Mask in dotted decimal or in slash format Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 ? Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 Dell(conf-redirect-list)#do show ip redirect-list IP redirect-list xyz: Defined as: seq 5 redirect 3.3.3.3 ip host 222.1.1.1 host 77.1.1.1...
Page 527: Pbr Exceptions (Permit)
Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Since the order of rules is important, ensure that you configure any necessary sequence numbers.
Page 528 Dell(conf-if-te-1/2)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration...
Page 529: Sample Configuration
Showing CAM PBR Configuration Example : Dell#show cam pbr stack-unit 1 port-set 0 TCP Flag: Bit 5 - URG, Bit 4 - ACK, Bit 3 - PSH, Bit 2 - RST, Bit 1 - SYN, Bit 0 - FIN...
Page 530: Create The Redirect-List Goldassign Redirect-List Gold To Interface 2/11View Redirect-List Gold
• seq 15 permit ip any PBR Sample Configuration examples are shown below: Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD.
Page 531 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 tcp any any Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp any host 144.144.144.144 Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the Status of the Track Objects (Up/Down):...
Page 532 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp any any Dell(conf-redirect-list)#redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp any any...
Page 533 Verify the Applied Redirect Rules: Dell#show ip redirect-list explicit_tunnel IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144, Track 1 [up],...
Page 534: Pim Sparse-Mode (Pim-Sm)
The SPT-Threshold is zero, which means that the last-hop designated router (DR) joins the shortest path tree (SPT) to the source after receiving the first multicast packet. • Dell Networking OS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. •...
Page 535: Refuse Multicast Traffic
RP to prune its SPT to the source with a Prune message. Dell Networking OS Behavior: When the router creates an SPT to the source, there are then two paths between the receiver and the source, the SPT and the RPT. Until the router can prune itself from the RPT, the receiver receives duplicate multicast packets which may cause disruption.
Page 536: Related Configuration Tasks
Enable PIM-Sparse mode. INTERFACE mode ip pim sparse-mode Examples of Viewing PIM-SM Information To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface Ver/ Query Mode...
Page 537: Configuring S,G Expiry Timers
10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf)#ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer To display the expiry time configuration, use the show running-configuration [acl | pim] command from EXEC Privilege mode. PIM Sparse-Mode (PIM-SM)
Page 538: Configuring A Static Rendezvous Point
226.1.1.1 165.87.50.5 To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configuring a Designated Router Multiple PIM-SM routers might be connected to a single local area network (LAN) segment.
Page 539: Creating Multicast Boundaries And Domains
NOTE: In helper-only mode, the system preserves the PIM states of a neighboring router while the neighbor gracefully restarts, but the Dell Networking system allows itself to be taken off the forwarding path if it restarts. Enter an example that illustrates the current task (optional).
Page 540: Pim Source-Specific Mode (Pim-Ssm)
SPT. PIM-SSM uses IGMPv3. Because receivers subscribe to a source and group, the RP and shared tree is unnecessary; only SPTs are used. On Dell Networking systems, it is possible to use PIM-SM with IGMPv3 to achieve the same result, but PIM-SSM eliminates the unnecessary protocol overhead.
Page 541: Enabling Pim-Ssm
Then, specify the multicast source. • When an SSM map is in place and Dell Networking OS cannot find any matching access lists for a group, it continues to create (*,G) entries because there is an implicit deny for unspecified groups in the ACL.
Page 542 ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ip access-list standard map seq 5 permit host 239.0.0.2 ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address...
Page 543 Member Ports: Te 1/1/1 R1(conf)#do show ip igmp ssm-map 239.0.0.2 SSM Map Information Group : 239.0.0.2 Source(s) : 10.11.5.2 R1(conf)#do show ip igmp groups detail Interface Vlan 300 Group 239.0.0.2 Uptime 00:00:01 Expires Never Router mode IGMPv2-Compat Last reporter 10.11.3.2 Last reporter mode IGMPv2 Last report...
Page 544: Port Monitoring
• In general, a monitoring port should have no ip address and no shutdown as the only configuration; Dell Networking OS permits a limited set of commands for monitoring ports. You can display these commands using the ? command. A monitoring port also may not be a member of a VLAN.
Page 545 Te 2/5 both Port Dell(conf-mon-sess-5)# Dell(conf)#mon ses 300 Dell(conf-mon-sess-300)#source tengig 1/17 destination tengig 1/4 direction tx % Error: Exceeding max MG ports for this MD port pipe. Dell(conf-mon-sess-300)# Dell(conf-mon-sess-300)#source tengig 1/17 destination tengig 1/1 direction tx Dell(conf-mon-sess-300)#do show mon session...
Page 546: Configuring Port Monitoring
Figure 88. Port Monitoring Configurations on the S-Series Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs.
Page 547 Te 1/1 Te 1/2 Port Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#source po 10 dest ten 1/2 dir rx Dell(conf-mon-sess-0)#do show monitor session SessID Source Destination Mode Source IP Dest IP ------ ------ ----------- ---- --------- -------- Te 1/1 Te 1/2 Port Po 10...
Page 548: Enabling Flow-Based Monitoring
Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define in access-list rules that include the keyword monitor. For port monitoring, Dell Networking OS only considers traffic matching rules with the keyword monitor. CONFIGURATION mode ip access-list...
Page 549: Remote Port Mirroring
Remote Port Mirroring While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port on the same switch/router, remote port mirroring allows you to monitor Layer 2 and Layer 3 ingress and/or egress traffic on multiple source ports on different switches and forward the mirrored traffic to multiple destination ports on different switches.
Page 550: Configuring Remote Port Mirroring
Configuring Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches). Configuration Notes When you configure remote port mirroring, the following conditions apply: •...
Page 551: Displaying Remote-Port Mirroring Configurations
Port-channel 10 destination remote-vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode. Dell(conf)#do show monitor session SessID Source Destination...
Page 552: Configuring The Sample Remote Port Mirroring
Configuring the sample Source Remote Port Mirroring Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#mode remote-port-mirroring Dell(conf-if-vl-10)#tagged te 1/4 Dell(conf-if-vl-10)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source te 1/5 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Dell(conf-mon-sess-1)#exit Dell(conf)#inte vlan 100 Dell(conf-if-vl-100)#tagged te 1/7 Dell(conf-if-vl-100)#exit Dell(conf)#interface vlan 20...
Page 553 Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/28-29 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir both Dell(conf-mon-sess-3)#no disable Dell(conf-mon-sess-3)# Dell(conf-mon-sess-3)#exit Dell(conf)#end Dell# Dell#show monitor session SessID Source...
Page 554 Create Source RPM session as follows (port-channel 1 and port-channel 2 are LACP). Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source port-channel 1 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Show the output for the LACP. Dell#show interfaces port-channel brief...
Page 555: Configuring The Encapsulated Remote Port Mirroring
Important: The steps to be followed for the ERPM Encapsulation : • Dell Networking OS supports ERPM Source session only. The Encapsulated packets terminate at the destination ip or at the analyzer. • Make sure that the destination ip is reachable via the configured ip route (static or dynamic) •...
Page 556 Sample example for monitoring the VLANs as source, an access list with monitor keyword in its rules needs to be attached to the vlan interface. Dell(conf)#mac access-list standard flow Dell(config-std-macl)#seq 5 permit 00:00:0a:00:00:0b count monitor Dell#show running-config interface vlan 11 interface Vlan 11...
Page 557: Erpm Behavior On A Typical Dell Networking Os
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported.
Page 558 GRE header ends. Basically all the bits after 0x88BE need to be removed from the packet and sent out through another interface. – This script erpm.zip is available for download at the following location: http://en.community.dell.com/techcenter/ networking/m/force10_networking_scripts/20438882.aspx – Unzip the erpm.zip and copy the erpm.py file to the Linux server.
Page 559: Private Vlans (Pvlan)
Private VLANs (PVLAN) The private VLAN (PVLAN) feature is supported on Dell Networking OS. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide.
Page 560: Using The Private Vlan Commands
– There are two types of secondary VLAN — community VLAN and isolated VLAN. PVLAN port types include: • Community port — a port that belongs to a community VLAN and is allowed to communicate with other ports in the same community VLAN and with promiscuous ports.
Page 561: Configuration Task List
Layer 3 traffic is still transmitted across secondary VLANs. NOTE: The outputs of the show arp and show vlan commands provide PVLAN data. For more information, refer to Dell Networking OS Command Line Reference Guide . Configuration Task List The following sections contain the procedures that configure a private VLAN.
Page 562: Creating A Primary Vlan
Dell#conf Dell(conf)#interface TenGigabitEthernet 2/1 Dell(conf-if-te-2/1)#switchport mode private-vlan promiscuous Dell(conf)#interface TenGigabitEthernet 2/2 Dell(conf-if-te-2/2)#switchport mode private-vlan host Dell(conf)#interface TenGigabitEthernet 2/3 Dell(conf-if-te-2/3)#switchport mode private-vlan trunk Dell(conf)#interface TenGigabitEthernet 2/2 Dell(conf-if-te-2/2)#switchport mode private-vlan host Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport mode private-vlan promiscuous Creating a Primary VLAN A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN.
Page 563: Creating A Community Vlan
(OPTIONAL) Enable/disable Layer 3 communication between secondary VLANs. INTERFACE VLAN mode ip local-proxy-arp NOTE: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the same VLAN, the packet is NOT dropped. Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN.
Page 564: Private Vlan Configuration Example
The following example shows the use of the PVLAN commands that are used in VLAN INTERFACE mode to configure the PVLAN member VLANs (primary, community, and isolated VLANs). Dell#conf Dell(conf)# interface vlan 10 Dell(conf-vlan-10)# private-vlan mode primary Dell(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 Dell(conf-vlan-10)# untagged Te 2/1 Dell(conf-vlan-10)# tagged Te 2/3 Dell(conf)# interface vlan 101 Dell(conf-vlan-101)# private-vlan mode community...
Page 565: Inspecting The Private Vlan Configuration
[interface interface] This command is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. • Display the configured PVLANs or interfaces that are part of a PVLAN.
Page 566 This command is specific to the PVLAN feature. The following examples show the results of using this command without the command options on the C300 and S50V switches in the topology diagram previously shown. • Display the primary-secondary VLAN mapping. The following example shows the output from the S50V. show vlan private-vlan mapping This command is specific to the PVLAN feature.
Page 567 interface TenGigabitEthernet 1/6 no ip address switchport switchport mode private-vlan host no shutdown interface TenGigabitEthernet 1/25 no ip address switchport switchport mode private-vlan trunk no shutdown interface Vlan 4000 private-vlan mode primary private-vlan mapping secondary-vlan 4001-4003 no ip address tagged TenGigabitEthernet 1/3,25 no shutdown interface Vlan 4001 private-vlan mode community...
Page 568: Per-Vlan Spanning Tree Plus (Pvst+)
Spanning Tree Protocol (STP) chapter. Figure 91. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 37. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d...
Page 569: Implementation Information
• The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multivendor network, verify that the costs are values you intended.
Page 570: Influencing Pvst+ Root Selection
PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode. Dell_E600(conf-pvst)#show config verbose protocol spanning-tree pvst no disable...
Page 571: Modifying Global Pvst+ Parameters
The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority.
Page 572: Modifying Interface Pvst+ Parameters
NOTE: The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multi-vendor network, verify that the costs are values you intended.
Page 573: Configuring An Edgeport
Dell Networking systems do not expect PVST+ BPDU (tagged or untagged) on an untagged port. If this situation occurs, Dell Networking OS places the port in an Error-Disable state. This behavior might result in the network not converging. To prevent Dell...
Page 574: Enabling Pvst+ Extend System Id
VLAN unaware. There is no data loop in this scenario; however, you can employ PVST+ to avoid potential misconfigurations. If you enable PVST+ on the Dell Networking switch in this network, P1 and P2 receive BPDUs from each other. Ordinarily, the Bridge ID in the frame matches the Root ID, a loop is detected, and the rules of convergence require that P2 move to blocking state because it has the lowest port ID.
Page 575 switchport no shutdown interface TenGigabitEthernet 1/32 no ip address switchport no shutdown protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface Vlan 100 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown interface Vlan 300 no ip address...
Page 576 no shutdown interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096 Per-VLAN Spanning Tree Plus (PVST+)
Page 577: Quality Of Service (Qos)
Quality of Service (QoS) Quality of service (QoS) is supported on Dell Networking OS. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 39. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features Feature Direction...
Page 578: Implementation Information
Create WRED Profiles Egress Figure 94. Dell Networking QoS Architecture Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication. It also implements these Internet Engineering Task Force (IETF) documents: Quality of Service (QoS)
Page 579: Port-Based Qos Configurations
Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value. You cannot assign a dot1p value to an individual interface in a port-channel.
Page 580: Configuring Port-Based Rate Policing
Configuring Port-Based Rate Shaping Dell Networking OS Behavior: Rate shaping is effectively rate limiting because of its smaller buffer size. Rate shaping on tagged ports is slightly greater than the configured rate and rate shaping on untagged ports is slightly less than configured rate.
Page 581: Policy-Based Qos Configurations
Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them.
Page 582 CLASS MAP mode match {ip | ipv6 | ip-any} After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. Link the class-map to a queue.
Page 583 To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. In the following example, traffic is classified in two Queues, 1 and 2.
Page 584 5 permit ip host 23.64.0.3 any seq 10 deny ip any any ip access-list extended AF2 seq 5 permit ip host 23.64.0.5 any seq 10 deny ip any any Dell# show cam layer3-qos interface tengigabitethernet 2/4 Port Dscp Proto Tcp Dst SrcIp DstIp DSCP...
Page 585: Create A Qos Policy
NOTE: To avoid issues misconfiguration causes, Dell Networking recommends configuring either DCBX or Egress QoS features, but not both simultaneously. If you enable both DCBX and Egress QoS at the same time, the DCBX configuration is applied and unexpected behavior occurs on the Egress QoS.
Page 586: Create Policy Maps
CONFIGURATION mode qos-policy-output After you configure an output QoS policy, do one or more of the following: Scheduler Strict — Policy-based Strict-priority Queueing configuration is done through scheduler strict. It is applied to Qos- policy-output. When scheduler strict is applied to multiple Queues, high queue number takes precedence. Allocating Bandwidth to Queue Specifying WRED Drop Precedence Configuring Policy-Based Rate Shaping...
Page 587 Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP values. When you configure trust DSCP, the matched packets and matched bytes counters are not incremented in the show qos statistics.
Page 588 Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature. The following table specifies the queue to which the classified traffic is sent based on the dot1p value. Table 43. Default dot1p to Queue Mapping...
Page 589 • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior detects when an ACL exists in the CAM rather than writing it to the CAM multiple times.
Page 590 Dell# show qos dscp-color-policy summary Interface dscp-color-map TE 1/10 mapONE TE 1/11 mapTWO Display summary information about a color policy for a specific interface. Dell# show qos dscp-color-policy summary tengigabitethernet 1/10 Interface dscp-color-map TE 1/10 mapONE Quality of Service (QoS)
Page 591: Enabling Qos Rate Adjustment
Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations.
Page 592: Enabling Strict-Priority Queueing
For example, to include the Preamble and SFD, type qos-rate-adjust 8. For variable length overhead fields, know the number of bytes you want to include. The default is disabled. Enabling Strict-Priority Queueing Strict-priority means that Dell Networking OS de-queues all packets from the assigned queue before servicing any other queues. • The strict-priority supersedes bandwidth-percentage configuration. •...
Page 593: Creating Wred Profiles
After you create a WRED profile, you must specify to which traffic Dell Networking OS should apply the profile. Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it.
Page 594: Displaying Default And Configured Wred Profiles
Pre-Calculating Available QoS CAM Space Before Dell Networking OS version 7.3.1, there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable; from 1 to 16 entries might be used per rule depending upon its complexity).
Page 595: Configuring Weights And Ecn For Wred
• Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status ===================================================================== L2ACL...
Page 596: Global Service Pools With Wred And Ecn Settings
Global Service Pools With WRED and ECN Settings A global buffer pool, whichis a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed, can be configured on the Z9000 platform. Support for global service pools is now available. You can configure global service pools that are shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed.
Page 597: Configuring Wred And Ecn Attributes
Dell(conf) #service-class wred yellow backplane queue1 thresh-2 queue3 thresh-1 Dell(conf) #service-class wred weight backplane queue0 11 queue6 4 queue7 9 Create a global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed.
Page 598: Guidelines For Configuring Ecn For Classifying And Color-Marking Packets
In the existing software, ECE/CWR TCP flag qualifiers are not supported. • Because this functionality forcibly marks all the packets matching the specific match criteria as ‘yellow’, Dell Networking OS does not support Policer based coloring and this feature concurrently.
Page 599 (TCP/UDP/IP/ICMP) at the level where the ‘DSCP’ qualifier is positioned in the current ACL commands. Dell Networking OS supports the capability to contain DSCP and ECN classifiers simultaneously for the same ACL entry. You can use the ecn keyword with the ip access-list standard, ip access-list extended, seq, and permit commands for standard and extended IPv4 ACLs to match incoming packets with the specified ECN values.
Page 600: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Single Traffic Class
• You can now use the ‘ecn’ match qualifier along with the above TCP flag for classification. The following combination of match qualifiers is acceptable to be configured for the Dell Networking OS software through L3 ACL command: • Classification based on DSCP only •...
Page 601: Applying Layer 2 Match Criteria On A Layer 3 Interface
To apply a Layer 2 policy on a Layer 3 interface: Configure an interface with an IP address or a VLAN sub-interface CONFIGURATION mode Dell(conf)# interface fo 1/4 INTERFACE mode Dell(conf-if-fo-1/4)# ip address 90.1.1.1/16 Configure a Layer 2 QoS policy with Layer 2 (Dot1p or source MAC-based) match criteria.
Page 602: Applying Dscp And Vlan Match Criteria On A Service Queue
Configure the DSCP value to be set on matched packets. QOS-POLICY-IN mode Dell(conf-qos-policy-in)#set ip-dscp 5 Create an input policy map. CONFIGURATION mode Dell(conf)#policy-map-input pp_policmap Create a service queue to associate the class map and QoS policy map. POLICY-MAP mode Dell(conf-policy-map-in)#service-queue 0 class-map pp_classmap qos-policy pp_qospolicy Quality of Service (QoS)
Page 603: Routing Information Protocol (Rip)
RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9. Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces.
Page 604: Configuration Information
Controlling Route Metrics • Debugging RIP For a complete listing of all commands related to RIP, refer to the Dell Networking OS Command Reference Interface Guide. Enabling RIP Globally By default, RIP is not enabled in Dell Networking OS. To enable RIP globally, use the following commands.
Page 605 After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode.
Page 606 Those routes must meet the conditions of the prefix list; if not, Dell Networking OS drops the route. Prefix lists are globally applied on all interfaces running RIP. Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process.
Page 607 Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send version or the ip rip receive version commands in INTERFACE mode.
Page 608 The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold). Dell#show ip protocols...
Page 609 Default routes are not enabled in RIP unless specified. Use the default-information originate command in ROUTER RIP mode to generate a default route into RIP. In Dell Networking OS, default routes received in RIP updates from other routes are advertised if you configure the default-information originate command.
Page 610: Rip Configuration Example
Enable debugging of RIP. Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function. Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command.
Page 611 RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-te-2/3)# Core2(conf-if-te-2/3)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config router rip network 10.0.0.0 version 2 Core2(conf-router_rip)#...
Page 612 10.11.20.0/24 Direct, Te 2/3 00:02:02 10.11.30.0/24 via 10.11.20.1, Te 2/3 120/1 00:01:20 10.200.10.0/24 Direct, Te 2/4 00:03:03 10.300.10.0/24 Direct, Te 2/5 00:02:42 192.168.1.0/24 via 10.11.20.1, Te 2/3 120/1 00:01:20 192.168.2.0/24 via 10.11.20.1, Te 2/3 120/1 00:01:20 Core2# 192.168.1.0/24 via 10.11.20.1, Te 2/3 120/1 00:05:22 192.168.2.0/24 via 10.11.20.1, Te 2/3...
Page 613 • To display Core 3 RIP activity, use the show ip protocols command. Examples of the show ip Commands to View Learned RIP Routes on Core 3 The following example shows the show ip rip database command to view the learned RIP routes on Core 3. Core3#show ip rip database Total number of routes in RIP database: 7 10.11.10.0/24...
Page 614 Routing Information Sources: Gateway Distance Last Update 10.11.20.2 00:00:22 Distance: (default is 120) Core3# RIP Configuration Summary Examples of Viewing RIP Configuration on Core 2 and Core 3 The following example shows viewing the RIP configuration on Core 2. interface TenGigabitEthernet 2/1 ip address 10.11.10.1/24 no shutdown interface TenGigabitEthernet 2/3...
Page 615: Remote Monitoring (Rmon)
RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment.
Page 616: Setting The Rmon Alarm
1, which is configured with the RMON event command. Possible events include a log entry or an SNMP trap. If the 1.3.6.1.2.1.2.2.1.20.1 value changes to 0 (falling-threshold 0), the alarm is reset and can be triggered again. Dell(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 1 owner nms1 Configuring an RMON Event To add an event in the RMON event table, use the rmon event command in GLOBAL CONFIGURATION mode.
Page 617: Configuring Rmon Collection Statistics
The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode.
Page 618 The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john, both the sampling interval and the number of buckets use their respective defaults. Dell(conf-if-mgmt)#rmon collection history controlEntry 20 owner john Remote Monitoring (RMON)
Page 619: Rapid Spanning Tree Protocol (Rstp)
STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 46. Spanning Tree Variations Dell Networking OS Supports...
Page 620: Rstp And Vlt
Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs.
Page 621 To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4...
Page 622 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.cbb4 Number of topology changes 4, last change occurred 00:02:17 ago on Te 1/26 Port 377 (TenGigabitEthernet 2/1) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.377 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4...
Page 623: Adding And Removing Interfaces
Max-age — the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. NOTE: Dell Networking recommends that only experienced network administrators change the Rapid Spanning Tree group parameters. Poorly planned modification of the RSTP parameters can negatively affect network performance.
Page 624: Enabling Snmp Traps For Root Elections And Topology Changes
PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter.
Page 625: Enabling Snmp Traps For Root Elections And Topology Changes
CAUTION: Configure EdgePort only on links connecting to an end station. If you enable EdgePort on an interface connected to a network, it can cause loops. Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Page 626: Configuring Fast Hellos For Link State Detection
To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE mode. In the following example, the bold line indicates that the interface is in EdgePort mode.
Page 627: Software-Defined Networking (Sdn)
Software-Defined Networking (SDN) Dell Networking operating software supports Software-Defined Networking (SDN). For more information, refer to the SDN Deployment Guide. Software-Defined Networking (SDN)
Page 628: Security
Security features are supported on Dell Networking OS. This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide.
Page 629 – tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null Username Sessions When you activate AAA accounting, the Dell Networking OS software issues accounting records for all users on the system, including users whose username string is NULL because of protocol translation.
Page 630: Show Accounting
If the first method list does not respond or returns an error, Dell Networking OS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, Dell Networking OS does not apply the next method list.
Page 631 To configure an authentication method and method list, use the following commands. Dell Networking OS Behavior: If you use a method list on the console port in which RADIUS or TACACS is the last authentication method, and the server is not reachable, Dell Networking OS allows access even though the username and password credentials cannot be verified.
Page 632: Obscuring Passwords And Keys
Dell(config-line-vty)# enable authentication mymethodlist Server-Side Configuration • TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable$. •...
Page 633: Aaa Authorization
Every command in Dell Networking OS is assigned a privilege level of 0, 1, or 15. You can configure up to 16 privilege levels in Dell Networking OS. Dell Networking OS is pre-configured with three privilege levels and you can configure 13 more. The three pre- configured levels are: •...
Page 634: Configuration Task List For Privilege Levels
Enabling and Disabling Privilege Levels (optional) For a complete listing of all commands related to Dell Networking OS privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can assign a specific username to limit user access to the system.
Page 635 To view the configuration for the enable secret command, use the show running-config command in EXEC Privilege mode. In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered Dell Networking OS, you can enter the enable 15 command to access and configure all CLIs.
Page 636 Line 3: The configure command is assigned to privilege level 8 because it needs to reach CONFIGURATION mode where the snmp-server commands are located. Line 4: The snmp-server commands, in CONFIGURATION mode, are assigned to privilege level 8. Dell(conf)#username john privilege 8 password john Dell(conf)#enable password level 8 notjohn Dell(conf)#privilege exec level 8 configure...
Page 637 • Set a user’s security level. EXEC Privilege mode enable or enable privilege-level If you do not enter a privilege level, Dell Networking OS sets it to 15 by default. • Move to a lower privilege level. EXEC Privilege mode disable level-number –...
Page 638: Radius
This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to the RADIUS server and requests authentication of the user and password. The RADIUS server returns one of the following responses: •...
Page 639: Radius Authentication
Setting Global Communication Parameters for all RADIUS Server Hosts (optional) • Monitoring RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Security...
Page 640 NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication. However, if you have configured RADIUS authorization and have not configured authentication, a message is logged stating this. During authorization, the next method in the list (if present) is used, or if another method is not present, an error is reported.
Page 641 To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If you configure multiple RADIUS server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. When Dell Networking OS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response.
Page 642: Tacacs
TACACS+ Remote Authentication • Specifying a TACACS+ Server Host For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the TACACS hosts specified.
Page 643: Tacacs+ Remote Authentication
If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method.
Page 644: Command Authorization
To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple times. If you configure multiple TACACS+ server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. To view the TACACS+ configuration, use the show running-config tacacs+ command in EXEC Privilege mode.
Page 645: Enabling Scp And Ssh
Enabling SCP and SSH Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use authentication.
Page 646: Removing The Rsa Host Keys And Zeroizing Storage
Examples The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes. Dell(conf)#ip ssh rekey volume 4096...
Page 647: Configuring The Hmac Algorithm For The Ssh Server
• hmac-sha2-256 • hmac-sha2-256-96 When FIPS is enabled, the default HMAC algorithm is hmac-sha1-96. Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm list. Dell(conf)# ip ssh server mac hmac-sha1-96 Security...
Page 648: Configuring The Ssh Server Cipher List
Secure Shell (SSH) is enabled by default using the SSH Password Authentication method. Enabling SSH Authentication by Password Authenticate an SSH client by prompting for a password when attempting to connect to the Dell Networking system. This setup is the simplest method of authentication and uses SSH version 1.
Page 649 Create a list of IP addresses and usernames that are permitted to SSH in a file called rhosts. Refer to the second example. Copy the file shosts and rhosts to the Dell Networking system. Disable password authentication and RSA authentication, if configured...
Page 650: Troubleshooting Ssh
Enable host-based authentication on the server (Dell Networking system) and the client (Unix machine). The following message appears if you attempt to log in via SSH and host-based is disabled on the client. In this case, verify that host-based authentication is set to “Yes”...
Page 651: Telnet
VTY line with a deny-all access class. After users identify themselves, Dell Networking OS retrieves the access class from the local database and applies it. (Dell Networking OS then can close the connection if a user is denied access.) NOTE: If a VTY user logs in with RADIUS authentication, the privilege level is applied from the RADIUS server only if you configure RADIUS authentication.
Page 652: Vty Line Remote Authentication And Authorization
Dell Networking OS retrieves the access class from the VTY line. The Dell Networking OS takes the access class from the VTY line and applies it to ALL users. Dell Networking OS does not need to know the identity of the incoming user and can immediately apply the access class. If the authentication method is RADIUS, TACACS+, or line, and you have configured an access class for the VTY line, Dell Networking OS immediately applies it.
Page 653: Role-Based Access Control
The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user can enter and the actions the user can perform. This allows for greater flexibility in assigning permissions for each command to each role and as a result, it is easier and much more efficient to administer user rights.
Page 654 When you enable role-based only AAA authorization using the aaa authorization role-only command in Configuration mode, the Dell Networking OS checks to ensure that you do not lock yourself out and that the user authentication is available for all terminal lines.
Page 655: User Roles
Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles. The system defined user roles are as follows: •...
Page 656 Create a new user role, myrole and inherit security administrator permissions. Dell(conf)#userrole myrole inherit secadmin Verify that the user role, myrole, has inherited the security administrator permissions. The output highlighted in bold indicates that the user role has successfully inherited the security administrator permissions.
Page 657 Note that the netadmin role is not listed in the Role access: secadmin,sysadmin, which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin show users Dell#show role mode exec show users...
Page 658: Aaa Authentication And Authorization For Roles
Example The following example creates a user name that is authenticated based on a user role. Dell (conf) #username john password 0 password role secadmin The following example deletes a user role. NOTE: If you already have a user ID that exists with a privilege level, you can add the user role to username that has a...
Page 659 • Configuring AAA Authentication for Roles • Configuring AAA Authorization for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination. Users with defined roles and users with privileges are authenticated with the same mechanism.
Page 660 For RBAC and privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled “Force10-avpair”. The value is a string in the following format: protocol : attribute sep value “attribute”...
Page 661: Role Accounting
The following example configures an AV pair which allows a user to login from a network access server with a privilege level of 15, to have access to EXEC commands. The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl=<number> where number is a value between 0 and 15.
Page 662: Display Information About User Roles
Global configuration mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Security...
Page 663 Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line Role access: netadmin,sysadmin Displaying Information About Users Logged into the Switch To display information on all users logged into the switch, using the show users command in EXEC Privilege mode. The output displays privilege level and/or user role.
Page 664: Service Provider Bridging
Service Provider Bridging Service provider bridging is supported on Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks. It enables service providers to use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider.
Page 665: Important Points To Remember
To switch traffic, add these interfaces to a non-default VLAN-Stack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN. • This limitation becomes relevant if you enable the port as a multi-purpose port (carrying single-tagged and double-tagged traffic).
Page 666: Creating Access And Trunk Ports
Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Dell Networking OS Options for Trunk Ports • Debugging VLAN Stacking • VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands.
Page 667: Configuring The Protocol Type Value For The Outer Vlan Tag
The default is 9100. To display the S-Tag TPID for a VLAN, use the show running-config command from EXEC privilege mode. Dell Networking OS displays the S-Tag TPID only if it is a non-default value. Configuring Dell Networking OS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic.
Page 668: Debugging Vlan Stacking
While 802.1Q requires that the inner tag TPID is 0x8100, it does not require a specific value for the outer tag TPID. Systems may use any 2-byte value; Dell Networking OS uses 0x9100 (shown in the following) while non-Dell Networking systems might use a different value.
Page 669 For example, 0x8100 and any other TPID beginning with 0x81 were treated as the same TPID, as shown in the following illustration. Dell Networking OS Versions 8.2.1.0 and later differentiate between 0x9100 and 0x91XY, also shown in the following illustration.
Page 670 Figure 100. Single and Double-Tag TPID Match Service Provider Bridging...
Page 671 Figure 101. Single and Double-Tag First-byte TPID Match Service Provider Bridging...
Page 672: Vlan Stacking Packet Drop Precedence
Figure 102. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility Enable drop eligibility globally before you can honor or mark the DEI value. When you enable drop eligibility, DEI mapping or marking takes place according to the defaults.
Page 673: Honoring The Incoming Dei Value
By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an Dell Networking OS drop precedence. Precedence can have one of three colors.
Page 674: Dynamic Mode Cos For Vlan Stacking
1:8 expansion in these content addressable memory (CAM) tables. Dell Networking OS Behavior: For Option A shown in the previous illustration, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence.
Page 675: Mapping C-Tag To S-Tag Dot1P Values
Examples of QoS Interface Configuration and Rate Policing policy-map-input in layer2 service-queue 3 class-map a qos-policy 3 class-map match-any a layer2 match mac access-group a mac access-list standard a seq 5 permit any qos-policy-input 3 layer2 rate-police 40 Likewise, in the following configuration, packets with dot1p priority 0–3 are marked as dot1p 7 in the outer tag and queued to Queue 3.
Page 676: Layer 2 Protocol Tunneling
Separate C-Tag values by commas. Dashed ranges are permitted. Dynamic Mode CoS overrides any Layer 2 QoS configuration in case of conflicts. and queues packets, the only remaining applicable QoS configuration is rate NOTE: Because dot1p-mapping marks metering. You may use Rate Shaping or Rate Policing. Layer 2 Protocol Tunneling Spanning tree bridge protocol data units (BPDUs) use a reserved destination MAC address called the bridge group address, which is 01-80-C2-00-00-00.
Page 677 Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge.
Page 678: Implementation Information
Specifying a Destination MAC Address for BPDUs By default, Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command.
Page 679: Debugging Layer 2 Protocol Tunneling
Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. •...
Page 680: Sflow
Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe.
Page 681: Enabling Extended Sflow
Confirm that extended information packing is enabled. show sflow Examples of Verifying Extended sFlow The bold line shows that extended sFlow settings are enabled on all three types. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768...
Page 682: Enabling And Disabling Sflow On An Interface
Collector IP addr: 100.1.1.12, Agent IP addr: 100.1.1.1, UDP port: 6343 VRF: Default 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected Example of viewing the sflow max-header-size extended on an Interface Mode Dell#show sflow interface tengigabitethernet 1/1 Te 1/1 sFlow type :Ingress Configured sampling rate...
Page 683: Sflow Show Commands
Show Commands Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Globally • Displaying Show sFlow on an Interface • Displaying Show sFlow on a Line Card Displaying Show sFlow Global To view sFlow statistics, use the following command.
Page 684: Displaying Show Sflow On A Stack-Unit
Examples of the sFlow show Commands The following example shows the show sflow interface command. Dell#show sflow interface tengigabitethernet 1/1 Te 1/1 sFlow type :Ingress Configured sampling rate :16384 Actual sampling rate :16384 Counter polling interval...
Page 685: Changing The Polling Intervals
Changing the Polling Intervals The sflow polling-interval command configures the polling interval for an interface in the maximum number of seconds between successive samples of counters sent to the collector. This command changes the global default counter polling (20 seconds) interval. You can configure an interface to use a different polling interval.
Page 686: Important Points To Remember
To export extended-gateway data, BGP must learn the IP destination address. • If the IP destination address is not learned via BGP the Dell Networking system does not export extended-gateway data. • If the IP source address is learned via IGP, srcAS and srcPeerAS are zero.
Page 687 IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description IP DA is not learned via BGP. Version 7.8.1.0 allows extended gateway information in cases where the source and destination IP addresses are learned by different routing protocols, and for cases where is source is reachable over ECMP.
Page 688: Simple Network Management Protocol (Snmp)
The following describes SNMP implementation information. • Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901, and SNMP version 3 as defined by RFC 2571. •...
Page 689: Configuration Task List For Snmp
NOTE: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these configurations use SNMP version 2c.
Page 690: Important Points To Remember
User ACLs override group ACLs. Set up SNMP As previously stated, Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models. The primary difference between the two versions is that version 2 supports two additional protocol operations (informs operation and snmpgetbulk query) and one additional object (counter64 object).
Page 691: Setting Up User-Based Security (Snmpv3)
Setting Up User-Based Security (SNMPv3) When setting up SNMPv3, you can set users up with one of the following three types of configuration for SNMP read/write operations. Users are typically associated to an SNMP group with permissions provided, such as OID view. •...
Page 692: Reading Managed Object Values
You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable objects using the snmpwalk command.
Page 693: Configuring Contact And Location Information Using Snmp
You may use up to 55 characters. The default is None. • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmp-server location text You may use up to 55 characters.
Page 694: Enabling A Subset Of Snmp Traps
PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command.
Page 695 LINECARDUP: %sLine card %d is up CARD_MISMATCH: Mismatch: line card %d is type %s - type %s required. RPM_STATE: RPM1 is in Active State RPM_STATE: RPM0 is in Standby State RPM_DOWN: RPM 0 down - hard reset RPM_DOWN: RPM 0 down - card removed HOT_FAILOVER: RPM Failover Completed SFM_DISCOVERY: Found SFM 1 SFM_REMOVE: Removed SFM 1...
Page 696: Copy Configuration Files Using Snmp
• copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses. The examples in this section use IPv4 addresses; however, you can substitute IPv6 addresses for the IPv4 addresses in all of the examples.
Page 697 • If copySourceFileType is set to running-config or startup-config, copySrcFileName is not required. 1 = Dell Networking OS file copyDestFileType .1.3.6.1.4.1.6027.3.5.1.1.1.1.5 Specifies the type of file to copy to. 2 = running-config • If copySourceFileType is...
Page 698: Copying A Configuration File
CONFIGURATION mode snmp-server community community-name rw Copy the f10-copy-config.mib MIB from the Dell iSupport web page to the server to which you are copying the configuration file. On the server, use the snmpset command as shown in the following example.
Page 699: Copying The Startup-Config Files To The Running-Config
The following example shows copying configuration files using MIB object names. > snmpset -v 2c -r 0 -t 60 -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType. i 2 copyDestFileType.101 i 3 FTOS-COPY-CONFIG-MIB::copySrcFileType.101 = INTEGER: runningConfig(2) FTOS-COPY-CONFIG-MIB::copyDestFileType.101 = INTEGER: startupConfig(3) The following example shows copying configuration files using OIDs. >...
Page 700: Copying The Startup-Config Files To The Server Via Tftp
/home/myfilename copyServerAddress.4 a 11.11.11.11 Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP.
Page 701: Obtaining A Value For Mib Objects
MIB Object Values Description 2 = copy in progress 3 = disk full 4 = file exists 5 = file not found 6 = timeout 7 = unknown copyEntryRowStatus .1.3.6.1.4.1.6027.3.5.1.1.1.1.15 Row status Specifies the state of the copy operation. Uses CreateAndGo when you are performing the copy.
Page 702: Mib Support To Display The Available Memory Size On Flash
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory.
Page 703: Manage Vlans Using Snmp
> snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.1107787786 = STRING: "My VLAN" [Dell system output] Dell#show int vlan 10 Vlan 10 is down, line protocol is down Vlan alias name is: My VLAN Address is 00:01:e8:cc:cc:ce, Current address is 00:01:e8:cc:cc:ce...
Page 704: Displaying The Ports In A Vlan
Displaying the Ports in a VLAN Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command. Add Tagged and Untagged Ports to a VLAN The value dot1qVlanStaticEgressPorts object is an array of all VLAN members.
Page 705: Enabling And Disabling A Port Using Snmp
Create an SNMP community on the Dell system. CONFIGURATION mode snmp-server community From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. EXEC Privilege mode show interface Or, from the management system, use the snmpwwalk command to identify the interface index.
Page 706 Example of Fetching MAC Addresses Learned on a Port-Channel Using SNMP Use dot3aCurAggFdbTable to fetch the learned MAC address of a port-channel. The instance number is the decimal conversion of the MAC address concatenated with the port-channel number. --------------MAC Addresses on Force10 System------------------- Dell(conf)#do show mac-address-table VlanId Mac Address Type...
Page 707: Deriving Interface Indices
The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface. Dell Networking OS converts this binary index number to decimal, and displays it in the output of the show interface command.
Page 708: Monitor Port-Channels
Monitor Port-Channels To check the status of a Layer 2 port-channel, use f10LinkAggMib (.1.3.6.1.4.1.6027.3.2). In the following example, Po 1 is a switchport and Po 2 is in Layer 3 mode. Example of SNMP Trap for Monitored Port-Channels [senthilnathan@lithium ~]$ snmpwalk -v 2c -c public 10.11.1.1 .1.3.6.1.4.1.6027.3.2.1.1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.1.1 = INTEGER: 1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.1.2 = INTEGER: 2 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.2.1 = Hex-STRING: 00 01 E8 13 A5 C7...
Page 709: Troubleshooting Snmp Operation
SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior. • When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the output for echo replies may be incorrectly displayed.
Page 710: Storm Control
The storm control feature allows you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic.
Page 711: Spanning Tree Protocol (Stp)
• The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time.
Page 712: Configuring Interfaces For Layer 2 Mode
• To add interfaces to the spanning tree topology after you enable STP, enable the port and configure it for Layer 2 using the switchport command. • The IEEE Standard 802.1D allows 8 bits for port ID and 8 bits for priority. The 8 bits for port ID provide port IDs for 256 ports. Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled.
Page 713: Enabling Spanning Tree Protocol Globally
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally;...
Page 714 The port is not in the portfast mode To confirm that a port is participating in Spanning Tree, use the show spanning-tree 0 brief command from EXEC privilege mode. Dell#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462...
Page 715: Adding An Interface To The Spanning Tree Group
You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in STP. NOTE: Dell Networking recommends that only experienced network administrators change the spanning tree parameters. Poorly planned modification of the spanning tree parameters can negatively affect network performance.
Page 716: Modifying Interface Stp Parameters
• Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology). PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally.
Page 717: Prevent Network Disruptions With Bpdu Guard
BPDU violation. The following example shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Networking system is configured with Portfast. If the switch is connected to the hub, the BPDUs that the switch generates might trigger an undesirable topology change.
Page 718 – Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 108. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU.
Page 719: Selecting Stp Root
Te 1/6 Root 128.263 128 20000 FWD 20000 P2P Te 1/7 ErrDis 128.264 128 20000 EDS 20000 P2P Dell(conf-if-te-1/7)#do show ip interface brief tengigabitEthernet 1/7 Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7 unassigned YES Manual up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge.
Page 720: Configuring Root Guard
Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
Page 721: Enabling Snmp Traps For Root Elections And Topology Changes
• Configure all spanning tree types to be hitless. CONFIGURATION mode redundancy protocol xstp Example of Configuring all Spanning Tree Types to be Hitless Dell(conf)#redundancy protocol xstp Dell#show running-config redundancy redundancy protocol xstp Dell# STP Loop Guard The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault.
Page 722: Configuring Loop Guard
Configuring Loop Guard Enable STP loop guard on a per-port or per-port channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface.
Page 723: Displaying Stp Guard Configuration
BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU. • Verify the STP guard configured on port or port-channel interfaces. show spanning-tree 0 guard [interface interface] Example of Viewing STP Guard Configuration Dell#show spanning-tree 0 guard Interface Name Instance Sts Guard type...
Page 724: System Time And Date
Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP host with which to...
Page 725: Protocol Overview
NTP is disabled by default. To enable NTP, specify an NTP server to which the Dell Networking system synchronizes. To specify multiple servers, enter the command multiple times. You may specify an unlimited number of servers at the expense of CPU resources.
Page 726: Configuring Ntp Broadcasts
2w1d11h : NTP: Maximum Slew:-0.000470, Remainder = -0.496884 Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, Dell Networking OS drops any NTP packets sent to that interface.
Page 727: Configuring Ntp Authentication
Dell Networking OS Behavior: Dell Networking OS uses an encryption algorithm to store the authentication key that is different from previous Dell Networking OS versions; Dell Networking OS uses data encryption standard (DES) encryption to store the key in the startup-config when you enter the ntp authentication-key command. Therefore, if your system boots with a startup- configuration from an Dell Networking OS version in which you have configured ntp authentication-key, the system cannot correctly decrypt the key and cannot authenticate the NTP packets.
Page 728 • – vrf-name : Enter the name of the VRF through which the NTP server is reachable. – hostname : Enter the keyword hostname to see the IP address or host name of the remote device. – ipv4-address : Enter an IPv4 address in dotted decimal format (A.B.C.D). –...
Page 729: Dell Networking Os Time And Date
345 Dell# Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings.
Page 730: Setting The Time And Date For The Switch Software Clock
"UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. System Time and Date...
Page 731: Setting Daylight Saving Time Once
60 minutes. Example of the clock summer-time Command Dell(conf)#clock summer-time pacific date Mar 14 2009 00:00 Nov 7 2009 00:00 Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar 14 2009;Summer time ends 00:00:00 pacific Sat Nov 7 2009"...
Page 732 Examples of the clock summer-time recurring Command The following example shows the clock summer-time recurring command. Dell(conf)#clock summer-time pacific recurring Mar 14 2009 00:00 Nov 7 2009 00:00 ? Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar 14 2009;Summer time ends 00:00:00 pacific Sat Nov 7 2009"...
Page 733: Tunneling
If the tunnel mode is IPv6 or IPIP, you can use either an IPv6 address or an IPv4 address for the logical address of the tunnel, but in IPv6IP mode, the logical address must be an IPv6 address. The following sample configuration shows a tunnel configured in IPv6 mode (carries IPv6 and IPv4 traffic). Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#tunnel source 30.1.1.1 Dell(conf-if-tu-1)#tunnel destination 50.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#ip address 1.1.1.1/24...
Page 734: Configuring Tunnel Keepalive Settings
Dell(conf-if-tu-1)#ipv6 address 1abd::1/64 Dell(conf-if-tu-1)#ip address 1.1.1.1/24 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#tunnel keepalive 1.1.1.2 attempts 4 interval 6 Dell(conf-if-tu-1)#show config interface Tunnel 1 ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel destination 40.1.1.2 tunnel source 40.1.1.1 tunnel keepalive 1.1.1.2 attempts 4 interval 6...
Page 735: Configuring Tunnel Allow-Remote Decapsulation
Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config interface Tunnel 1 ip unnumbered TenGigabitEthernet 1/1 ipv6 unnumbered TenGigabitEthernet 1/1 tunnel source 40.1.1.1 tunnel mode ipip decapsulate-any no shutdown Dell(conf-if-tu-1)# Configuring Tunnel allow-remote Decapsulation You can configure an IPv4 or IPV6 address or prefix whose tunneled packet will be accepted for decapsulation.
Page 736: Guidelines For Configuring Multipoint Receive-Only Tunnels
no shutdown Guidelines for Configuring Multipoint Receive-Only Tunnels • Maximum number of allowed remote end-points that can be configured for a single multipoint receive-only tunnel is eight. Maximum number of allowed remote end-points that can be configured for all multipoint receive-only tunnels depends on the hardware table size to setup termination (it is 512 entries in S4810 and S4820T platforms) and the count is tracked across all of the tunnel remote end-points configured in the system.
Page 737: Upgrade Procedures
Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes.
Page 738: Virtual Lans (Vlans)
When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices. The Dell Networking Operating System (OS) supports up to 4093 port-based VLANs and one default VLAN, as specified in IEEE 802.1Q.
Page 739: Port-Based Vlans
Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination and source MAC addresses. That information is preserved as the frame moves through the network.
Page 740: Configuration Task List
To activate the VLAN, after you create a VLAN, assign interfaces in Layer 2 mode to the VLAN. Example of Verifying a Port-Based VLAN To view the configured VLANs, use the show vlan command in EXEC Privilege mode. Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs Status...
Page 741: Assigning Interfaces To A Vlan
(T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use the following commands.
Page 742: Moving Untagged Interfaces
Active Po1(So 0/0-1) Te 1/3 Active Po1(So 0/0-1) Te 1/1 Inactive Dell#conf Dell(conf)#interface vlan 4 Dell(conf-if-vlan)#untagged tengigabitethernet 1/2 Dell(conf-if-vlan)#show config interface Vlan 4 no ip address untagged TenGigabitEthernet 1/2 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs...
Page 743: Assigning An Ip Address To A Vlan
NOTE: You cannot assign an IP address to the Default VLAN (VLAN 1). To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command. In Dell Networking OS, you can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic. For more information, refer to Bulk Configuration.
Page 744: Enabling Null Vlan As The Default Vlan
This presents a vulnerability because both interfaces are initially placed in the native VLAN, VLAN 1, and for that period customers are able to access each other's networks. Dell Networking OS has a Null VLAN to eliminate this vulnerability. When you enable the Null VLAN, all ports are placed into it by default, so even if you activate the physical ports of multiple customers, no traffic is allowed to traverse the links until each port is place in another VLAN.
Page 745: Virtual Link Trunking (Vlt)
• Assures high availability. CAUTION: Dell Networking does not recommend enabling Stacking and VLT simultaneously. If you enable both features at the same time, unexpected behavior occurs. As shown in the following example, VLT presents a single logical Layer 2 domain from the perspective of attached devices that have a virtual link trunk terminating on separate chassis in the VLT domain.
Page 746: Vlt On Core Switches
The following example shows stacking at the access, VLT in aggregation, and Layer 3 at the core. The aggregation layer is mostly in the L2/L3 switching/routing layer. For better resiliency in the aggregation, Dell Networking recommends running the internal gateway protocol (IGP) on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system.
Page 747: Vlt Terminology
Figure 114. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages between the VLT peer switches.
Page 748 • Dell Networking strongly recommends that the VLTi (VLT interconnect) be a static LAG and that you disable LACP on the VLTi. • Ensure that the spanning tree root bridge is at the Aggregation layer. If you enable RSTP on the VLT device, refer to RSTP and for guidelines to avoid traffic loss.
Page 749: Configuration Notes
MAC address. You can configure the primary role. – In a VLT domain, the peer switches must run the same Dell Networking OS software version. – Separately configure each VLT peer switch with the same VLT domain ID and the VLT version. If the system detects mismatches between VLT peer switches in the VLT domain ID or VLT version, the VLT Interconnect (VLTi) does not activate.
Page 750 VLT peer switch using the VLTi connection. – If the size of the MTU for VLTi members is less than 1496 bytes, MAC addresses may not be synced. Dell Networking recommends retaining the default MTU allocation (1554 bytes) for VLTi members.
Page 751: Primary And Secondary Vlt Peers
– Enable Layer 3 VLAN connectivity VLT peers by configuring a VLAN network interface for the same VLAN on both switches. – Dell Networking does not recommend enabling peer-routing if the CAM is full. To enable peer-routing, a minimum of two local DA spaces for wild card functionality are required.
Page 752: Rstp And Vlt
If the VLTi link fails, the status of the remote VLT Primary Peer is checked using the backup link. If the remote VLT Primary Peer is available, the Secondary Peer disables all VLT ports to prevent loops. If all ports in the VLTi link fail or if the communication between VLTi links fails, VLT checks the backup link to determine the cause of the failure.
Page 753: Vlt Port Delayed Restoration
• Non-VLT Sync — Entries learned on non-VLT interfaces are synced on both VLT peers. • Tunneling — Control information is associated with tunnel traffic so that the appropriate VLT peer can mirror the ingress port as the VLT interface rather than pointing to the VLT peer’s VLTi link. •...
Page 754 Figure 115. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches.
Page 755: Vlt Routing
To verify the PIM neighbors on the VLT VLAN and on the multicast port, use the show ip pim neighbor, show ip igmp snooping mrouter, and show running config commands. You cannot configure VLT peer nodes as rendezvous points, but you can connect PIM routers to VLT ports. If the VLT node elected as the designated router fails and you enable VLT Multicast Routing, multicast routes are synced to the other peer for traffic forwarding to ensure minimal traffic loss.
Page 756 Configure the peer-routing timeout. VLT DOMAIN mode peer-routing—timeout value value: Specify a value (in seconds) from 1 to 65535. The default value is infinity (without configuring the timeout). VLT Multicast Routing VLT Multicast Routing provides resiliency to multicast routed traffic during the multicast routing protocol convergence period after a VLT link or VLT peer fails using the least intrusive method (PIM) and does not alter current protocol behavior.
Page 757: Non-Vlt Arp Sync
Run RSTP on both VLT peer switches. The primary VLT peer controls the RSTP states, such as forwarding and blocking, on both the primary and secondary peers. Dell Networking recommends configuring the primary VLT peer as the RSTP primary root device and configuring the secondary VLT peer as the RSTP secondary root device.
Page 758: Configuring Vlt
Dell_VLTpeer2(conf-rstp)#bridge-priority 0 Configuring VLT To configure VLT, use the following procedure. Prerequisites: Before you begin, make sure that both VLT peer switches are running the same Dell Networking OS version and are configured for RSTP as described in RSTP Configuration. For VRRP operation, ensure that you configure VRRP groups and L3...
Page 759 • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown Repeat Steps 1 to 4 on the VLT peer switch to configure the VLT interconnect.
Page 760 The range of domain IDs is from 1 to 1000. (Optional) After you configure the VLT domain on each peer switch on both sides of the interconnect trunk, by default, Dell Networking OS elects a primary and secondary VLT peer device.
Page 761 Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. (Optional) When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch.
Page 762 INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number The valid port-channel ID numbers are from 1 to 128. Repeat Steps 1 to 6 on the VLT peer switch to configure the same port channel as part of the VLT domain. On an attached switch or server: To connect to the VLT domain and add port channels to it, configure a port channel. For an example of how to verify the port-channel configuration, refer to VLT Sample Configuration.
Page 763 Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch.
Page 764 CONFIGURATION mode interface port-channel port-channel id NOTE: To benefit from the protocol negotiations, Dell Networking recommends configuring VLTs used as facing hosts/switches with LACP. Ensure both peers use the same port channel ID. Configure the peer-link port-channel in the VLT domains of each peer unit.
Page 765 In the following sample VLT configuration steps, VLT peer 1 is , VLT peer 2 is , and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers.
Page 766 Configure the backup link between the VLT peer units. Configure the peer 2 management ip/ interface ip for which connectivity is present in VLT peer 1. Configure the peer 1 management ip/ interface ip for which connectivity is present in VLT peer 2. s4810-2#show running-config vlt vlt domain 5 peer-link port-channel 1...
Page 767 port-channel 100 mode active no shutdown s60-1#show running-config interface tengigabitethernet 1/30 interface TenGigabitEthernet 1/30 no ip address port-channel-protocol LACP port-channel 100 mode active no shutdown s60-1#show running-config interface port-channel 100 interface Port-channel 100 no ip address switchport no shutdown s60-1#show interfaces port-channel 100 brief Codes: L - LACP Port-channel Mode Status...
Page 768: Pvst+ Configuration
PVST+ instance running in Secondary peer will not control the VLT-LAGs. Dell Networking recommends configuring the primary VLT peer as the primary root device for all the configured PVST+ Instances and configuring the secondary VLT peer as the secondary root device for all the configured PVST+ Instances.
Page 769: Evlt Configuration Example
eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network. In this example, you are configuring two domains. Domain 1 consists of Peer 1 and Peer 2; Domain 2 consists of Peer 3 and Peer 4, as shown in the following example.
Page 770 Next, configure the VLT domain and VLTi on Peer 2. Domain_1_Peer2#configure Domain_1_Peer2(conf)#interface port-channel 1 Domain_1_Peer2(conf-if-po-1)# channel-member TenGigabitEthernet 1/8-9 Domain_1_Peer2(conf) #vlt domain 1000 Domain_1_Peer2(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer2(conf-vlt-domain)# back-up destination 10.16.130.12 Domain_1_Peer2(conf-vlt-domain)# system-mac mac-address 00:0a:00:0a:00:0a Domain_1_Peer2(conf-vlt-domain)# unit-id 1 Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100...
Page 771: Pim-Sparse Mode Configuration Example
Domain_2_Peer4(conf-vlt-domain)# system-mac mac-address 00:0b:00:0b:00:0b Domain_2_Peer4(conf-vlt-domain)# unit-id 1 Configure eVLT on Peer 4. Domain_2_Peer4(conf)#interface port-channel 100 Domain_2_Peer4(conf-if-po-100)# switchport Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4. Domain_2_Peer4(conf)#interface range tengigabitethernet 1/31 - 32 Domain_2_Peer4(conf-if-range-te-1/31-32)# port-channel-protocol LACP Domain_2_Peer4(conf-if-range-te-1/31-32)# port-channel 100 mode active Domain_2_Peer4(conf-if-range-te-1/31-32)# no shutdown PIM-Sparse Mode Configuration Example...
Page 772: Verifying A Vlt Configuration
Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode show vlt backup-link •...
Page 773 HeartBeat Timeout: UDP Port: 34998 HeartBeat Messages Sent: 1026 HeartBeat Messages Received: 1025 Dell_VLTpeer2# show vlt backup-link VLT Backup Link ----------------- Destination: 10.11.200.20 Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: 34998 HeartBeat Messages Sent: 1030 HeartBeat Messages Received: 1014 The following example shows the show vlt brief command.
Page 774 The following example shows the show vlt role command. Dell_VLTpeer1# show vlt role VLT Role ---------- VLT Role: Primary System MAC address: 00:01:e8:8a:df:bc System Role Priority: 32768 Local System MAC address: 00:01:e8:8a:df:bc Local System Role Priority: 32768 Dell_VLTpeer2# show vlt role VLT Role ---------- VLT Role:...
Page 775: Additional Vlt Sample Configurations
Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------- -------- ---- ------- --------- ------- ------------------ Po 1 128.2 128 200000 DIS 4096 0001.e88a.d656 128.2 Po 3 128.4 128 200000 DIS 4096 0001.e88a.d656 128.4 Po 4 128.5 128 200000 DIS 4096 0001.e88a.d656 128.5 Po 100 128.101 128 800...
Page 776 Configure the port channel to an attached device. Dell_VLTpeer1(conf)#interface port-channel 110 Dell_VLTpeer1(conf-if-po-110)#no ip address Dell_VLTpeer1(conf-if-po-110)#switchport Dell_VLTpeer1(conf-if-po-110)#channel-member fortyGigE 1/56 Dell_VLTpeer1(conf-if-po-110)#no shutdown Dell_VLTpeer1(conf-if-po-110)#vlt-peer-lag port-channel 110 Dell_VLTpeer1(conf-if-po-110)#end Verify that the port channels used in the VLT domain are assigned to the same VLAN. Dell_VLTpeer1# show vlan id 10 Codes: * - Default VLAN, G - GVRP VLANs, P - Primary, C - Community, I - Isolated Q: U - Untagged, T - Tagged...
Page 777: Troubleshooting Vlt
Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 59. Troubleshooting VLT Description Behavior at Peer Up...
Page 778: Reconfiguring Stacked Switches As Vlt
“1’. Version ID mismatch A syslog error message and an A syslog error message and an Verify the Dell Networking OS SNMP trap are generated. SNMP trap are generated. software versions on the VLT peers is compatible. For more information, refer to the Release Notes for this release.
Page 779: Association Of Vlti As A Member Of A Pvlan
The association of PVLAN with the VLT LAG must also be identical. After the VLT LAG is configured to be a member of either the primary or secondary PVLAN (which is associated with the primary), ICL becomes an automatic member of that PVLAN on both switches.
Page 780: Pvlan Operations When One Vlt Peer Is Down
The PVLAN mode of VLT LAGs on one peer is validated against the PVLAN mode of VLT LAGs on the other peer. MAC addresses that are learned on that VLT LAG are synchronized between the peers only if the PVLAN mode on both the peers is identical. For example, if the MAC address is learned on a VLT LAG and the VLAN is a primary VLT VLAN on one peer and not a primary VLT VLAN on the other peer, MAC synchronization does not occur.
Page 781 Table 60. VLAN Membership and MAC Synchronization With VLT Nodes in PVLAN VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Synchronization Peer1 Peer2 Peer1 Peer2 Trunk Trunk Primary Primary Trunk Trunk Primary Normal Trunk Trunk Normal Normal Promiscuous Trunk Primary...
Page 782: Configuring A Vlt Vlan Or Lag In A Pvlan
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Synchronization Peer1 Peer2 Peer1 Peer2 Trunk Access Primary/Normal Secondary Configuring a VLT VLAN or LAG in a PVLAN You can configure the VLT peers or nodes in a private VLAN (PVLAN). Because the VLT LAG interfaces are terminated on two different nodes, PVLAN configuration of VLT VLANs and VLT LAGs are symmetrical and identical on both the VLT peers.
Page 783: Associating The Vlt Lag Or Vlt Vlan In A Pvlan
The range is from 1 to 128. (Optional) To configure a VLT LAG, enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number peer-down-vlan vlan interface number The range is from 1 to 4094.
Page 784: Proxy Arp Capability On Vlt Peer Nodes
• Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the traffic to the proxy ARP-enabled device, which in turn transmits the packets to the destination.
Page 785: Vlt Nodes As Rendezvous Points For Multicast Resiliency
When a VLT node detects peer up, it will not perform proxy ARP for the peer IP addresses. IP address synchronization occurs again between the VLT peers. Proxy ARP is enabled only if peer routing is enabled on both the VLT peers. If you disable peer routing by using the no peer- routingcommand in VLT DOMAIN node, a notification is sent to the VLT peer to disable the proxy ARP.
Page 786: Configuring Vlan-Stack Over Vlt
Configure VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 Virtual Link Trunking (VLT)
Page 787 Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 interface Port-channel 20 no ip address switchport vlan-stack trunk vlt-peer-lag port-channel 20 no shutdown Dell# Configure VLAN as VLAN-Stack VLAN and add the VLT LAG as Members to the VLAN...
Page 788 Dell# Configure VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown...
Page 789 Status Description Q Ports Active M Po10(Te 1/8) M Po20(Te 1/20) V Po1(Te 1/30-32) Dell# Virtual Link Trunking (VLT)
Page 790: Vlt Proxy Gateway
L3 end point in another VLT domain. Enable the VLT proxy gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, refer to Dell Networking OS Command Line Reference Guide. Proxy Gateway in VLT Domains Using a proxy gateway, the VLT peers in a domain can route the L3 packets destined for VLT peers in another domain as long as they have L3 reachability for the IP destinations.
Page 791: Guidelines For Enabling The Vlt Proxy Gateway
LAG to a legacy LAG when it is part of proxy-gateway. You cannot change the LLDP port channel interface to a legacy LAG when you enable the proxy gateway. Dell recommends using thevlt-peer-mac transmit command only for square VLTs without diagonal links. VLT Proxy Gateway...
Page 792: Enabling The Vlt Proxy Gateway
TLV. • This TLV is recognizable only by Dell Networking devices with this feature support. Other device ignore this field and are able to process other standard TLVs. The LLDP organizational TLV passes local destination MAC address information to peer VLT domain devices so they can act as the proxy gateway.
Page 793: Sample Configurations For Lldp Vlt Proxy Gateway
• The new proxy gateway TLV is carried on the physical links under the port channel only • There should be at least one link connection to each unit of the VLT domain Following are the prerequisites for Proxy Gateway LLDP configuration: •...
Page 794: Sample Scenario For Vlt Proxy Gateway
You can disable the VLT Proxy Gateway for a particular VLAN using an "Exclude-VLAN" configuration. The configuration has to be done in both the VLT domains [C and D in VLT domain 1 and C1 and D1 in VLT domain 2]. Sample Configuration LLDP Method Dell(conf-vlt-domain)#proxy-gateway ll Dell(conf-vlt-domain-pxy-gw-lldp)#peer-domain-link port-channel 1 exclude-vlan 10 VLT Proxy Gateway...
Page 795: Configuring An Lldp Vlt Proxy Gateway
You can configure the port channel interface for an LLDP proxy gateway and exclude a VLAN or a range of VLANs from proxy routing. This parameter is for an LLDP proxy gateway configuration. VLT DOMAIN PROXY GW LLDP mode Dell(conf-vlt-domain-proxy-gw-lldp)#peer-domain-link port-channel interface exclude-vlan vlan-range Display the VLT proxy gateway configuration.
Page 796: Virtual Router Redundancy Protocol (Vrrp)
Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is supported on Dell Networking OS. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN). The MASTER router is chosen from the virtual routers by an election process and forwards packets sent to the next hop IP address.
Page 797: Vrrp Benefits
Figure 117. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables.
Page 798: Vrrp Configuration
For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID) identifies a VRRP group.
Page 799 Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-te-1/1)#show conf interface TenGigabitEthernet 1/1 ip address 10.10.10.1/24 vrrp-group 111 no shutdown...
Page 800 The virtual IP addresses must be in the same subnet as the primary or secondary IP addresses configured on the interface. Though a single VRRP group can contain virtual IP addresses belonging to multiple IP subnets configured on the interface, Dell Networking recommends configuring virtual IP addresses belonging to the same IP subnet for any one VRRP group.
Page 801 10.10.10.3 vrrp-group 222 no shutdown The following example shows the same VRRP group (VRID 111) configured on multiple interfaces on different subnets. Dell#show vrrp ------------------ TenGigabitEthernet 1/1, VRID: 111, Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec...
Page 802 Configuring VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, Dell Networking OS includes the password in its VRRP transmission. The receiving router uses that password to verify the transmission.\ NOTE: You must configure all virtual routers in the VRRP group the same: you must enable authentication with the same password or authentication is disabled.
Page 803 MASTER. NOTE: To avoid throttling VRRP advertisement packets, Dell Networking OS recommends increasing the VRRP advertisement interval to a value higher than the default value of one second. If you do change the time interval between VRRP advertisements on one router, change it on all participating routers.
Page 804 Track an Interface or Object You can set Dell Networking OS to monitor the state of any interface according to the virtual group. Each VRRP group can track up to 12 interfaces and up to 20 additional objects, which may affect the priority of the VRRP group. If the tracked interface goes down, the VRRP group’s priority decreases by a default value of 10 (also known as cost).
Page 805 Examples of Configuring and Viewing the track Command The following example shows how to configure tracking using the track command. Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)#track Tengigabitethernet 1/2 The following example shows how to verify tracking using the show conf command. Dell(conf-if-te-1/1-vrid-111)#show conf...
Page 806: Setting Vrrp Initialization Delay
You can configure the delay for up to 15 minutes, after which VRRP enables normally. NOTE: When you reload a node that contains VRRP configuration and is enabled for VLT, Dell Networking recommends that you configure the reload timer by using the vrrp delay reload command to ensure that VRRP is functional.
Page 807: Sample Configurations
INTERFACE mode vrrp delay minimum seconds This time is the gap between an interface coming up and being operational, and VRRP enabling. The seconds range is from 0 to 900. The default is 0. • Set the delay time for VRRP initialization on all the interfaces in the system configured for VRRP. INTERFACE mode vrrp delay reload seconds This time is the gap between system boot up completion and VRRP enabling.
Page 808 Figure 118. VRRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf interface TenGigabitEthernet 2/31 ip address 10.1.1.1/24 vrrp-group 99...
Page 809 ------------------ TenGigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.3...
Page 810 Figure 119. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address.
Page 811: Vrrp In A Vrf Configuration
R2(conf-if-te-1/1-vrid-10)#virtual-address fe80::10 R2(conf-if-te-1/1-vrid-10)#virtual-address 1::10 R2(conf-if-te-1/1-vrid-10)#no shutdown R2(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 no shutdown R2(conf-if-te-1/1)#end R2#show vrrp ------------------ TenGigabitEthernet 1/1, IPv6 VRID: 10, Version: 3, Net:fe80::201:e8ff:fe6a:c59f VRF: 0 default-vrf State: Master, Priority: 100, Master: fe80::201:e8ff:fe6a:c59f (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 135...
Page 812 VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two E-Series switches. The default gateway to reach the internet in each VRF is a static route with the next hop being the virtual IP address configured in VRRP.
Page 813 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-te-1/3-vrid-105)#priority 255 S1(conf-if-te-1/3-vrid-105)#virtual-address 20.1.1.5 S1(conf-if-te-1/3)#no shutdown Dell#show vrrp tengigabitethernet 2/8 ------------------ TenGigabitEthernet 2/8, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 0 default State: Master, Priority: 100, Master: 10.1.1.1 (local)
Page 814 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-vl-300-vrid-101)#priority 255 S1(conf-if-vl-300-vrid-101)#virtual-address 20.1.1.5 S1(conf-if-vl-300)#no shutdown Dell#show vrrp vrf vrf1 vlan 400 ------------------ Vlan 400, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 Virtual Router Redundancy Protocol (VRRP)
Page 815 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.100 Authentication: (none) Dell#show vrrp vrf vrf2 port-channel 1 ------------------ Port-channel 1, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 2 vrf2 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec...
Page 816 Virtual MAC address: 00:00:5e:00:01:0a Virtual IP address: 20.1.1.100 Authentication: (none) Dell#show vrrp vrf vrf2 port-channel 1 ------------------ Port-channel 1, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 2 vrf2 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec...
Page 817: Vrrp For Ipv6 Configuration
00:00:5e:00:01:41 Virtual IP address: 192.168.0.254 Authentication: (none) VRRP for IPv6 Configuration This section shows VRRP IPv6 topology with CLI configurations. Consider an example VRRP for IPv6 configuration in which the IPv6 VRRP group consists of two routers. NOTE: This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration.
Page 818 NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address.
Page 819 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Dell# Dell#show vrrp vrf vrf1 vlan 400 Vlan 400, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:e9ed VRF: 1 vrf1 State: Master, Priority: 200, Master: fe80::201:e8ff:fe8a:e9ed (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec...
Page 820 Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Dell#show vrrp vrf vrf2 port-channel 1 Port-channel 1, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 2 vrf2 State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec...
Page 821: Series Debugging And Diagnostics
Z-Series Debugging and Diagnostics This chapter describes debugging and diagnostics for the Z-Series platform. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, they verify the identification registers of the components on the board.
Page 822 When the tests are complete, the system displays the syslog Message 1 shown and automatically reboots the unit. Dell#00:20:26 : Diagnostic test results are stored on file: flash:/TestReport-SU-0.txt Dell#00:20:31: %Z9000:0 %DIAGAGT-6-DA_DIAG_DONE: Diags finished on stack unit 0 Diags completed... Rebooting the system now!!! Diagnostic results are printed to a file in the flash using the filename format TestReport-SU-<stack-unit>.txt.
Page 823 Dell# As shown in the following output example, log messages differ somewhat when diagnostics are done on a standalone unit. Dell#diag stack-unit 1 alllevels Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut...
Page 824 ERROR: Getting PSU -1 power status failed. The following example shows how to run offline diagnostics in Debug mode. NOTE: Dell Networking highly recommends reloading the system after running the offline diagnostics in Debug mode. Dell#diag stack-unit 0 level0 verbose no-reboot...
Page 825: Trace Logs
Dell Networking OS software tasks. Each TRACE message provides the date, time, and name of the Dell Networking OS process. All messages are stored in a ring buffer that you can save to a file either manually or automatically after failover.
Page 826 It provides insight into the packet types entering the CPU to see whether CPU-bound traffic is internal (IPC traffic) or network control traffic, which the CPU must process. • View the modular packet buffers details per stack unit and the mode of allocation. show hardware stack-unit {0-11} buffer total-buffer •...
Page 827 Internal Unit User Ports from User Ports from User Ports from User Ports from No User Ports No User Ports Port Number 0 to 31 on Unit 0 32 to 63 on Unit 64 to 95 on Unit 96 to 127 on on Unit 4 on Unit 5 Unit 3...
Page 828: Environmental Monitoring
After the software has determined that the temperature levels are within normal limits, you can re-power the card safely. To bring back the line card online, use the power-on command in EXEC mode. In addition, Dell Networking requires that you install blanks in all slots without a line card to control airflow for adequate system cooling.
Page 829: Recognize An Under-Voltage Condition
Recognize an Under-Voltage Condition If the system detects an under-voltage condition, it declares an alarm. To recognize this condition, look for the system messages shown in the following example. %CHMGR-1-CARD_SHUTDOWN: Major alarm: Line card 2 down - auto-shutdown due to under voltage This message indicates that the specified card is not receiving enough power.
Page 830 Forwarding processor (FP) ASICs provide Ethernet MAC functions, queueing and buffering, as well as store feature and forwarding tables for hardware-based lookup and forwarding decisions. The 1G and 10G interfaces use different FPs. You can tune buffers at three locations. CSF —...
Page 831: Buffer Tuning Points
Buffer Tuning Points Decide to Tune Buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is very bursty (and coming from several interfaces). In this case: •...
Page 832 Displaying the Default Buffer Profile Displaying Buffer Profile Allocations Dell Networking OS Behavior: If you attempt to apply a buffer profile to a non-existent port-pipe, Dell Networking OS displays the following message. However, the configuration still appears in the running-config.
Page 833: Sample Buffer Profile Configuration
Sample Buffer Profile Configuration The two general types of network environments are sustained data transfers and voice/data. Dell Networking recommends a single-queue approach for data transfers, as shown in the following example. Single Queue Application with Default Packet Pointers (S50N Output)
Page 834: Troubleshooting Packet Loss
Total IngMac Drops :0 Total Mmu Drops :0 Total EgMac Drops :0 Total Egress Drops :0 Dell#show hardware stack-unit 0 drops unit 0 Port# :Ingress Drops :IngMac Drops :Total Mmu Drops :EgMac Drops :Egress Drops 1 0 0 0 0 0...
Page 835: Displaying Dataplane Statistics
Display input and output statistics on the party bus, which carries inter-process communication traffic between CPUs. show hardware stack-unit cpu party-bus statistics Displaying Dataplane Statistics Displaying Party Bus Statistics Dell#show hardware stack-unit 0 cpu data-plane statistics bc pci driver statistics for device: rxHandle noMhdr...
Page 836: Displaying Stack Member Counters
Dell#sh hardware stack-unit 2 cpu party-bus statistics Input Statistics: 27550 packets, 2559298 bytes 0 dropped, 0 errors Output Statistics: 1649566 packets, 1935316203 bytes 0 errors Displaying Stack Member Counters The show hardware stack-unit 0–7 {counters | details | port-stats [detail] | register} command displays internal receive and transmit statistics, based on the selected command option.
Page 837: Mini Core Dumps
Mini Core Dumps Dell Networking OS supports mini core dumps for kernel crashes. The mini core dump applies to Master units. Kernel mini core dumps are always enabled. The mini core dumps contain the stack space and some other very minimal information that can be used to debug a crash.
Page 838: Standards Compliance
This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), Dell Networking OS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website.
Page 839: Rfc And I-D Compliance
RFC and I-D Compliance Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols.
Page 840: General Ipv6 Protocols
Allocation 3128 Protection Against a Variant of the Tiny 7.6.1 Fragment Attack General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 66. General IPv6 Protocols RFC# Full Name S-Series 1886 DNS Extensions to support IP version 6 7.8.1...
Page 841: Border Gateway Protocol (Bgp)
IPv6 Stateless Address Autoconfiguration 8.3.12.0 5175 IPv6 Router Advertisement Flags Option 8.3.12.0 Border Gateway Protocol (BGP) The following table lists the Dell Networking OS support per platform for BGP protocols. Table 67. Border Gateway Protocol (BGP) RFC# Full Name S-Series/Z-Series 1997 BGP ComAmtturnibituitees 7.8.1...
Page 842: Intermediate System To Intermediate System (Is-Is)
Intermediate System to Intermediate System (IS-IS) The following table lists the Dell Networking OS support per platform for IS-IS protocol. Table 69. Intermediate System to Intermediate System (IS-IS) RFC# Full Name S-Series 1142 OSI IS-IS Intra-Domain Routing Protocol (ISO DP...
Page 843: Multicast
-sm-v2-new- 05 Protocol Independent Multicast - Sparse Mode 7.8.1 PIM-SM for IPv4 (PIM-SM): Protocol Specification (Revised) Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 72. Network Management RFC# Full Name S4810...
Page 844 RFC# Full Name S4810 S4820T Z-Series 1850 OSPF Version 2 Management 7.6.1 Information Base 1901 Introduction to Community- 7.6.1 based SNMPv2 2011 SNMPv2 Management 7.6.1 Information Base for the Internet Protocol using SMIv2 2012 SNMPv2 Management 7.6.1 Information Base for the Transmission Control Protocol using SMIv2 2013...
Page 845 RFC# Full Name S4810 S4820T Z-Series 2578 Structure of Management 7.6.1 Information Version 2 (SMIv2) 2579 Textual Conventions for SMIv2 7.6.1 2580 Conformance Statements for 7.6.1 SMIv2 2618 RADIUS Authentication Client 7.6.1 MIB, except the following four counters: radiusAuthClientInvalidServerAdd resses radiusAuthClientMalformedAcce ssResponses radiusAuthClientUnknownTypes...
Page 846 RFC# Full Name S4810 S4820T Z-Series 3418 Management Information Base 7.6.1 (MIB) for the Simple Network Management Protocol (SNMP) 3434 Remote Monitoring MIB 7.6.1 Extensions for High Capacity Alarms, High-Capacity Alarm Table (64 bits) 3580 IEEE 802.1X Remote 7.6.1 Authentication Dial In User Service (RADIUS) Usage Guidelines 3815...
Page 847 RFC# Full Name S4810 S4820T Z-Series interfaces. Used in the Programmatic Interface RESTAPI feature. IEEE 802.1AB Management Information Base 7.7.1 module for LLDP configuration, statistics, local system data and remote systems data components. IEEE 802.1AB The LLDP Management 7.7.1 Information Base extension module for IEEE 802.1 organizationally defined discovery information.
Page 848: Mib Location
You also can obtain a list of selected MIBs and their OIDs at the following URL: https://www.force10networks.com/CSPortal20/Main/Login.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/AccountRequest/AccountRequest.aspx If you have forgotten or lost your account information, contact Dell TAC for assistance. Standards Compliance...

Dell Force10 Z9000 Configuration Manual

1 About this Guide

2 Configuration Fundamentals

3 Getting Started

4 Management

802.1X

6 Access Control Lists (Acls)

7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)

8 Bidirectional Forwarding Detection (BFD)

9 Border Gateway Protocol Ipv4 (Bgpv4)

10 Content Addressable Memory (CAM)

11 Control Plane Policing (Copp)

12 Dynamic Host Configuration Protocol (DHCP)

13 Equal Cost Multi-Path (ECMP)

14 Enabling FIPS Cryptography

Quick Links

Troubleshooting

Related Manuals for Dell Force10 Z9000

Summary of Contents for Dell Force10 Z9000