Page 1 Dell Configuration Guide for the Z9000 System 9.4(0.0)
Page 2 WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2014 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell ™...
Page 3: Table Of Contents
........................... 43 Console Access ..........................43 Serial Console ............44 Accessing the CLI Interface and Running Scripts Using SSH ............................44 Z9000 ..............45 Entering CLI commands Using an SSH Connection ...............45 Executing Local CLI Scripts Using an SSH Connection ......................... 46 Default Configuration ........................46...
Page 4 Lock CONFIGURATION Mode ..................69 Viewing the Configuration Lock Status ............70 Recovering from a Forgotten Password on the Z9000 System ........... 71 Recovering from a Forgotten Enable Password on the Z9000 ...............72 Recovering from a Failed Start on the Z9000 System ....................73...
Page 5 6 Access Control Lists (ACLs).................. 91 ......................92 IP Access Control Lists (ACLs) ............................ 92 CAM Usage ................94 Implementing ACLs on Dell Networking OS ......................... 95 IP Fragment Handling ......................95 IP Fragments ACL Examples ......................96 Layer 4 ACL Rules Examples ......................
Page 6 ............................113 Route Maps ....................... 113 Implementation Information ......................113 Important Points to Remember ..................113 Configuration Task List for Route Maps ......................116 Configuring Match Routes ......................117 Configuring Set Conditions ...............119 Configure a Route Map for Route Redistribution ................119 Configure a Route Map for Route Tagging ..........................120 Continue Clause...
Page 7 AS Path ............................175 Next Hop ..........................176 Multiprotocol BGP ..................176 Implement BGP with Dell Networking OS ....................176 Additional Path (Add-Path) Support ..............176 Advertise IGP Cost as MED for Redistributed Routes ..............177 Ignore Router-ID for Some Best-Path Calculations ........................177...
Page 8 ..................205 Filtering Routes with Community Lists .................. 205 Manipulating the COMMUNITY Attribute ......................207 Changing MED Attributes ................207 Changing the LOCAL_PREFERENCE Attribute ...................208 Changing the NEXT_HOP Attribute ....................209 Changing the WEIGHT Attribute ........................209 Enabling Multipath ........................209 Filtering BGP Routes ..................
Page 9 ........................248 Show Commands 12 Dynamic Host Configuration Protocol (DHCP).......... 251 ....................251 DHCP Packet Format and Options ....................253 Assign an IP Address using DHCP ......................254 Implementation Information ..................255 Configure the System to be a DHCP Server ............255 Configuring the Server for Automatic Address Allocation .....................
Page 10 .......................... 277 Configuration Tasks ........................277 Preparing the System .......................... 278 Enabling FIPS Mode ........................278 Generating Host-Keys ......................279 Monitoring FIPS Mode Status ......................... 279 Disabling FIPS Mode 15 Force10 Resilient Ring Protocol (FRRP)............281 ..........................281 Protocol Overview ...........................282 Ring Status ........................
Page 11 ....................305 Viewing IGMP Enabled Interfaces ....................... 305 Selecting an IGMP Version ........................306 Viewing IGMP Groups ..........................306 Adjusting Timers ..................306 Adjusting Query and Response Timers ................307 Adjusting the IGMP Querier Timeout Value .....................307 Configuring a Static IGMP Group ....................
Page 12 ......................327 Egress Interface Selection (EIS) ....................328 Important Points to Remember ........................... 328 Configuring EIS ........................328 Management Interfaces ..................328 Configuring Management Interfaces ...............329 Configuring Management Interfaces on the S-Series ..........................330 VLAN Interfaces ..........................331 Loopback Interfaces ........................... 331 Null Interfaces ........................
Page 13 ............................352 Port-Pipes ..................352 Auto-Negotiation on Ethernet Interfaces .............353 Setting the Speed and Duplex Mode of Ethernet Interfaces ....................354 Set Auto-Negotiation Options ..................... 355 View Advanced Interface Information ................... 356 Configuring the Interface Sampling Size ..........................357 Dynamic Counters ......................357 Clearing Interface Counters ..................358...
Page 14 IPv6 Headers ........................383 IPv6 Header Fields ......................384 Extension Header Fields ........................... 385 Addressing ..................387 Implementing IPv6 with Dell Networking OS .............................. 389 ICMPv6 ......................... 389 Path MTU Discovery ........................390 IPv6 Neighbor Discovery ..................391 IPv6 Neighbor Discovery of MTU Packets ..................
Page 15 ........................401 Interface Support ..........................401 Adjacencies ..........................401 Graceful Restart ............................402 Timers ......................402 Implementation Information ....................... 403 Configuration Information ..................... 403 Configuration Tasks for IS-IS ..................412 Configuring the Distance of a Route ......................... 412 Changing the IS-Type ......................415 Redistributing IPv4 Routes ......................416 Redistributing IPv6 Routes ..................
Page 16 ...................... 447 Manage the MAC Address Table ....................447 Clearing the MAC Address Table ................447 Setting the Aging Time for Dynamic Entries ..................... 448 Configuring a Static MAC Address .................... 448 Displaying the MAC Address Table .......................... 448 MAC Learning Limit ....................449 Setting the MAC Learning Limit .......................449...
Page 17 ......................477 Configuring LLDPDU Intervals ..................477 Configuring Transmit and Receive Mode ....................... 478 Configuring a Time to Live ..........................479 Debugging LLDP ......................480 Relevant Management Objects 26 Microsoft Network Load Balancing.............. 487 ......................487 NLB Unicast Mode Scenario ......................488 NLB Multicast Mode Scenario ..................488 Limitations With Enabling NLB on Switches ................
Page 18 Adding and Removing Interfaces ..................519 Creating Multiple Spanning Tree Instances ..................... 521 Influencing MSTP Root Selection ...............521 Interoperate with Non-Dell Networking OS Bridges ..................522 Changing the Region Name or Revision ......................522 Modifying Global Parameters ....................524 Modifying the Interface Parameters ........................524...
Page 19 OSPFv3 Authentication Using IPsec ......................584 Troubleshooting OSPFv3 31 Policy-based Routing (PBR)................587 ............................587 Overview ............. 589 Implementing Policy-based Routing with Dell Networking OS ................589 Configuration Task List for Policy-based Routing ......................592 PBR Exceptions (Permit) ........................594 Sample Configuration Create the Redirect-List GOLDAssign Redirect-List GOLD to Interface 2/11View ........................595...
Page 20 ..............620 Configuring the Encapsulated Remote Port Mirroring ....................620 Configuration steps for ERPM ................622 ERPM Behavior on a typical Dell Networking OS ..........622 Decapsulation of ERPM packets at the Destination IP/ Analyzer 35 Private VLANs (PVLAN)..................625 ........................625 Private VLAN Concepts ....................
Page 21 36 Per-VLAN Spanning Tree Plus (PVST+)............635 ..........................635 Protocol Overview ......................636 Implementation Information ..................636 Configure Per-VLAN Spanning Tree Plus ...................... 636 Related Configuration Tasks ..........................637 Enabling PVST+ ..........................637 Disabling PVST+ ....................637 Influencing PVST+ Root Selection ....................639 Modifying Global PVST+ Parameters ...................640 Modifying Interface PVST+ Parameters ........................
Page 22 ..........................669 Protocol Overview ............................669 RIPv1 ............................669 RIPv2 ......................670 Implementation Information ....................... 670 Configuration Information ....................... 670 Configuration Task List ......................677 RIP Configuration Example 39 Remote Monitoring (RMON)................683 ......................683 Implementation Information ..........................683 Fault Recovery ......................684 Setting the rmon Alarm ......................685 Configuring an RMON Event ...................
Page 23 ..................... 730 Enable VLAN-Stacking for a VLAN ..........730 Configuring the Protocol Type Value for the Outer VLAN Tag ............730 Configuring Dell Networking OS Options for Trunk Ports ......................731 Debugging VLAN Stacking ................. 732 VLAN Stacking in Multi-Vendor Networks ..................735...
Page 24 44 sFlow........................745 ............................745 Overview ......................745 Implementation Information ....................746 Important Points to Remember ........................746 Enabling Extended sFlow .................747 Enabling and Disabling sFlow on an Interface ........................747 sFlow Show Commands ....................747 Displaying Show sFlow Global ..................748 Displaying Show sFlow on an Interface ..................
Page 25 ......................769 Manage VLANs using SNMP .......................... 769 Creating a VLAN ........................ 770 Assigning a VLAN Alias ....................770 Displaying the Ports in a VLAN ................770 Add Tagged and Untagged Ports to a VLAN ......................771 Managing Overload on Startup ..................
Page 26 ..............798 Configuring a Source IP Address for NTP Packets ....................799 Configuring NTP Authentication ....................801 Dell Networking OS Time and Date ......................801 Configuration Task List ............802 Setting the Time and Date for the Switch Hardware Clock ............802 Setting the Time and Date for the Switch Software Clock .........................
Page 27 ..........................823 VLT Terminology ....................... 824 Configure Virtual Link Trunking ....................824 Important Points to Remember ........................825 Configuration Notes ..................... 828 Primary and Secondary VLT Peers ..........................829 RSTP and VLT ......................829 VLT Bandwidth Monitoring ......................830 VLT and IGMP Snooping ............................830 VLT IPv6 ....................
Page 28 .......................869 Proxy Gateway in VLT Domains ................871 LLDP organizational TLV for proxy gateway ............872 Sample Configuration Scenario for VLT Proxy Gateway ..................874 Configuring an LLDP VLT Proxy Gateway 54 Virtual Router Redundancy Protocol (VRRP)..........875 ..........................875 VRRP Overview ............................876 VRRP Benefits ........................876 VRRP Implementation...
Page 29 ..........................916 Mini Core Dumps ....................916 Example of a Mini Core Text File ........................916 Enabling TCP Dumps 56 Standards Compliance..................919 ..........................919 IEEE Compliance ......................... 920 RFC and I-D Compliance ......................920 General Internet Protocols ....................... 921 General IPv4 Protocols .......................
Page 31: About This Guide
About this Guide This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. This guide supports the Z9000 platform. The Z9000 platform is available with Dell Networking OS version 8.3.11.1 and beyond.
Page 33: Configuration Fundamentals
The CLI is largely the same for the Z9000, S6000, S4810, and S4820T except for some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
Page 34 • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information. • EXEC Privilege mode has commands to view configurations, clear counters, manage configuration files, run diagnostics, and enable or disable debug operations.
Page 35: Navigating Cli Modes
GRUB Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level.
Page 36 CLI Command Mode Prompt Access Command NOTE: Access all of the following modes from CONFIGURATION mode. AS-PATH ACL Dell(config-as-path)# ip as-path access-list Gigabit Ethernet Interface interface (INTERFACE modes) Dell(conf-if-gi-0/0)# 10 Gigabit Ethernet Interface interface (INTERFACE modes) Dell(conf-if-te-0/1–2)# Interface Group Dell(conf-if-group)#...
Page 37 CLI Command Mode Prompt Access Command RAPID SPANNING TREE Dell(config-rstp)# protocol spanning-tree rstp REDIRECT Dell(conf-redirect-list)# ip redirect-list ROUTE-MAP Dell(config-route-map)# route-map ROUTER BGP Dell(conf-router_bgp)# router bgp BGP ADDRESS-FAMILY Dell(conf-router_bgp_af)# address-family {ipv4 (for IPv4) multicast | ipv6 unicast} (ROUTER BGP Mode) Dell(conf-...
Page 38: The Do Command
CLI Command Mode Prompt Access Command LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE line console orline vty Dell(config-line-console) or Dell(config-line-vty) MONITOR SESSION Dell(conf-mon-sess- monitor session sessionID)# OPENFLOW INSTANCE Dell(conf-of-instance-of- openflow of-instance id)# PORT-CHANNEL FAILOVER- Dell(conf-po-failover- port-channel failover- GROUP grp)#...
Page 39: Undoing Commands
For example, to delete an IP address configured on an interface, use the no ip address ip-address command. NOTE: Use the help or ? command as described in Obtaining Help. Example of Viewing Disabled Commands Dell(conf)#interface gigabitethernet 4/17 Dell(conf-if-gi-4/17)#ip address 192.168.10.1/24 Dell(conf-if-gi-4/17)#show config interface GigabitEthernet 4/17 ip address 192.168.10.1/24 no shutdown...
Page 40: Entering And Editing Commands
Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands.
Page 41: Command History
Dell(conf)#do show linecard all | grep 0 not present NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks.
Page 42: Multiple Users In Configuration Mode
Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode. A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the connection was established.
Page 43: Getting Started
(OOB) port. The Z9000 has a primary management (Ethernet) port and an RJ-45/RS-232 console port. Serial Console The RJ-45/RS-232 console port is labeled on the Z9000 chassis. It is in the upper right-hand side, as you face the I/O side of the chassis.
Page 44: Accessing The Cli Interface And Running Scripts Using Ssh
SSH for secure, protected communication with the device. You can open an SSH session and run commands or script files. This method of connectivity is supported with S4810, S4820T, and Z9000 switches and provides a reliable, safe communication mechanism.
Page 45: Entering Cli Commands Using An Ssh Connection
Entering CLI commands Using an SSH Connection You can run CLI commands by entering any one of the following syntax to connect to a switch using the preconfigured user credentials using SSH: ssh username@hostname <CLI Command> echo <CLI Command> | ssh admin@hostname The SSH server transmits the terminal commands to the CLI shell and the results are displayed on the screen non-interactively.
Page 46: Default Configuration
A version of Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured when you power up for the first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
Page 47: Configure The Management Port Ip Address
Configure the Management Port IP Address To access the system remotely, assign IP addresses to the management ports. NOTE: Assign different IP addresses to each RPM’s management port. Enter INTERFACE mode for the Management port. CONFIGURATION mode interface ManagementEthernet slot/port •...
Page 48: Configuring The Enable Password
To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location. • To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination syntax for a local file location. Getting Started...
Page 49 When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured. • The usbflash command is supported on Z9000. Refer to your system’s Release Notes for a list of approved USB vendors. Example of Copying a File to an FTP Server Example of Importing a File to the Local System Dell#copy flash://FTOS-EF-8.2.1.0.bin ftp://myusername:mypassword@10.10.10.10/...
Page 50: Save The Running-Configuration
EXEC Privilege mode copy running-config startup-config duplicate Dell Networking OS Behavior: If you create a startup-configuration on an RPM and then move the RPM to another chassis, the startup-configuration is stored as a backup file (with the extension .bak), and a new, empty startup-configuration file is created.
Page 51: Configure The Overload Bit For A Startup Scenario
Configure the Overload Bit for a Startup Scenario For information about setting the router overload bit for a specific period of time after a switch reload is implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell Networking OS Command Line Reference Guide.
Page 52: Managing The File System
--More-- Managing the File System The Dell Networking system can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default but can be configured to store files elsewhere.
Page 53: Enabling Software Features On Devices Using A Command Option
RPM. File management commands then apply to the external Flash rather than the internal Flash. The bold lines show that no file system is specified and that the file is saved to an external flash. Dell#cd slot0: Dell#copy running-config test Dell#copy run test 7419 bytes successfully copied...
Page 54: View Command History
This command will be stored in running-configuration and will precede all other VRF-related configurations. NOTE: The MXL and Z9000 platforms currently do not support VRF. These platforms support only the management and default VRFs, which are available by default. As a result, the feature vrf command is not available for these platforms.
Page 55: Management
Management Management is supported on the Z9000 platform. This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1.
Page 56: Allowing Access To Configuration Mode Commands
Allowing Access to CONFIGURATION Mode Commands To allow access to CONFIGURATION mode, use the privilege exec level level configure command from CONFIGURATION mode. A user that enters CONFIGURATION mode remains at his privilege level and has access to only two commands, end and exit.
Page 57 CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level {command ||...|| command} Example of EXEC Privilege Commands Dell(conf)#do show run priv privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence...
Page 58: Applying A Privilege Level To A Username
NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: •...
Page 59: Log Messages In The Internal Buffer
• Disable logging to terminal lines. CONFIGURATION mode no logging monitor • Disable console logging. CONFIGURATION mode no logging console Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer. For example, %BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enabled Configuration Task List for System Log Management There are two configuration tasks for system log management:...
Page 60: Configuring A Unix System As A Syslog Server
CONFIGURATION mode logging {ip-address | hostname} Configuring a UNIX System as a Syslog Server To configure a UNIX System as a syslog server, use the following command. • Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.conf on the UNIX system and assigning write permissions to the file.
Page 61: Display The Logging Buffer And The Logging Configuration
NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. • Specify the number of messages that Dell Networking OS saves to its logging history table.
Page 62: Configuring A Unix Logging Facility Level
– uucp (UNIX to UNIX copy protocol) Example of the show running-config logging Command To view nondefault settings, use the show running-config logging command in EXEC mode. Dell#show running-config logging logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec...
Page 63: Synchronizing Log Messages
Dell# Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
Page 64: File Transfer Services
File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces.
Page 65: Configuring Ftp Client Parameters
CONFIGURATION mode ftp-server topdir dir The default is the internal flash directory. • Specify a user name for all FTP users and configure either a plain text or encrypted password. CONFIGURATION mode ftp-server username username password [encryption-type] password Configure the following optional and required parameters: –...
Page 66: Terminal Lines
0 access-class myvtyacl Dell Networking OS Behavior: Prior to Dell Networking OS version 7.4.2.0, in order to deny access on a VTY line, apply an ACL and accounting, authentication, and authorization (AAA) to the line. Then users are denied access only after they enter a username and password.
Page 67: Setting Time Out Of Exec Privilege Mode
Dell(config-line-vty)# Setting Time Out of EXEC Privilege Mode EXEC time-out is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set time out, use the following commands.
Page 68: Using Telnet To Get To Another Network Device
EXEC Privilege telnet [ip-address] If you do not enter an IP address, Dell Networking OS enters a Telnet dialog that prompts you for one. Enter an IPv4 address in dotted decimal format (A.B.C.D). Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported.
Page 69: Lock Configuration Mode
Dell# Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message You can set two types of lockst: auto and manual.
Page 70: Recovering From A Forgotten Password On The Z9000 System
The Z9000 boots up with the factory default configuration. The default Dell Networking OS system prompt displays when the system boot up is complete. NOTE: Do not press any keys during the boot-up process. Copy the startup-config into the running-config.
Page 71: Recovering From A Forgotten Enable Password On The Z9000
Log onto the system using the console. Power-cycle the chassis by switching off all of the power modules and then switching them back on. Press any key to abort the boot process. You enter grub on the Z9000, as indicated by the grub> prompt.
Page 72: Recovering From A Failed Start On The Z9000 System
Recovering from a Failed Start on the Z9000 System A system that does not start correctly might be attempting to boot from a corrupted Dell Networking OS image or from a mis-specified location. In this case, you can restart the system and interrupt the boot process to point the system to another boot location.
Page 73: Restoring The Factory Default Settings
After the restore is complete, the units power cycle immediately. The following example illustrates the restore factory-defaults command to restore the factory default settings. Dell#restore factory-defaults stack-unit 0 nvram *********************************************************************** Warning - Restoring factory defaults will delete the existing persistent settings (stacking, fanout, etc.) After restoration the unit(s) will be powercycled immediately.
Page 75 (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over- RADIUS to communicate with the server.
Page 76: 802.1X
It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator. •...
Page 77 The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server. The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests that the supplicant prove that it is who it claims to be, using a specified method (an EAP- Method).
Page 78: Eap Over Radius
The Type value for EAP messages is 79. Figure 5. EAP Over RADIUS RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.
Page 79: Important Points To Remember
Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
Page 80: Enabling 802.1X
Enabling 802.1X Enable 802.1X globally. Figure 6. 802.1X Enabled Enable 802.1X globally. CONFIGURATION mode dot1x authentication Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication 802.1X...
Page 81: Configuring Request Identity Re-Transmissions
Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. The bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication [output omitted]...
Page 82: Configuring A Quiet Period After A Failed Authentication
NOTE: There are several reasons why the supplicant might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP Request Identity frame.
Page 83: Forcibly Authorizing Or Unauthorizing A Port
Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#show dot1x interface TenGigabitEthernet 0/0 802.1X...
Page 84: Re-Authenticating A Port
Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-0/0)#dot1x reauthentication interval 7200 Dell(conf-if-Te-0/0)#dot1x reauth-max 10 Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: 802.1X...
Page 85: Configuring Timeouts
The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: ----------------------------- Dot1x Status:...
Page 86: Configuring Dynamic Vlan Assignment With Port Authentication
The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using Tunnel-Private-Group-ID The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.
Page 87: Guest And Authentication-Fail Vlans
Authentication). Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data.
Page 88: Configuring A Guest Vlan
INTERFACE mode. View your configuration using the show config command from INTERFACE mode or using the show dot1x interface command from EXEC Privilege mode. Example of Viewing Guest VLAN Configuration Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 21 switchport...
Page 89 Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown...
Page 91: Access Control Lists (Acls)
• Access control lists (ACLs), Ingress IP and MAC ACLs , and Egress IP and MAC ACLs are supported on the Z9000 platform. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses.
Page 92: Ip Access Control Lists (Acls)
When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created. The sequence numbers are listed in the display output of the show config and show ip accounting access-list commands.
Page 93 CAM Optimization User Configurable CAM Allocation User configurable CAM allocations are supported on the Z9000 platform. Allocate space for IPV6 ACLs by using the cam-acl command in CONFIGURATION mode. The CAM space is allotted in filter processor (FP) blocks. The total space allocated must equal 13 FP blocks.
Page 94: Implementing Acls On Dell Networking Os
Implementing ACLs on Dell Networking OS You can assign one IP ACL per interface with Dell Networking OS. If you do not assign an IP ACL to an interface, it is not used by the software in any other capacity.
Page 95: Ip Fragment Handling
Implementing the required rules uses a significant number of CAM entries per TCP/UDP entry. • For IP ACL, Dell Networking OS always applies implicit deny. You do not have to configure it. • For IP ACL, Dell Networking OS applies implicit permit for second and subsequent fragment just prior to the implicit deny.
Page 96: Layer 4 Acl Rules Examples
In this first example, TCP packets from host 10.1.1.1 with TCP destination port equal to 24 are permitted. All others are denied. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24 Dell(conf-ext-nacl)#deny ip any any fragment Dell(conf-ext-nacl) In the following example, the TCP packets that are first fragments or non-fragmented from host 10.1.1.1 with TCP destination port equal to 24 are permitted.
Page 97: Configure A Standard Ip Acl
To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
Page 98: Configuring A Standard Ip Acl Filter
To delete a filter, use the no seq sequence-number command in IP ACCESS LIST mode. If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of 5.
Page 99: Configure An Extended Ip Acl
Dell(config-std-nacl)# To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. Dell#show ip accounting access example interface gig 4/12 Extended IP access list example seq 15 deny udp any any eq 111 seq 20 deny udp any any eq 2049...
Page 100 In the example, filter 15 was configured before filter 5, but the show config command displays the filters in the correct order. Dell(config-ext-nacl)#seq 15 deny ip host 112.45.0.0 any log Dell(config-ext-nacl)#seq 5 permit tcp 12.1.3.45 0.0.255.255 any Dell(config-ext-nacl)#show confi ip access-list extended dilling seq 5 permit tcp 12.1.0.0 0.0.255.255 any...
Page 101: Configuring Filters Without A Sequence Number
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five.
Page 102: Assign An Ip Acl To An Interface
When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When Dell Networking OS switches the packets, first the L3 ACL filters them, then the L2 ACL filters them. •...
Page 103: Applying An Ip Acl
To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show running-config command in EXEC mode. Example of Viewing ACLs Applied to an Interface Dell(conf-if)#show conf interface GigabitEthernet 0/0 ip address 10.2.1.100 255.255.255.0...
Page 104: Configure Ingress Acls
15 permit 1.1.1.2 Configure Egress ACLs Egress ACLs are supported on the Z9000 platform. Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized traffic.
Page 105: Applying Egress Layer 3 Acls (Control-Plane)
To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface gige 0/0 Dell(conf-if-gige0/0)#ip access-group abcd out Dell(conf-if-gige0/0)#show config gigethernet 0/0 no ip address...
Page 106: Ip Prefix Lists
(if configured) is applied. When the route prefix matches a filter, Dell Networking OS drops or forwards the packet based on the filter’s designated action. If the route prefix does not match any of the filters in the prefix list, the route is dropped (that is, implicit deny).
Page 107: Implementation Information
Configuring a prefix list • Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following commands.
Page 108 To delete a filter, use the no seq sequence-number command in PREFIX LIST mode. If you are creating a standard prefix list with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The Dell Networking OS assigns filters in multiples of five.
Page 109 [prefix-name] Example of the show ip prefix-list detail Command Example of the show ip prefix-list summary Command Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0)
Page 110 Dell(conf-router_rip)#show config router rip distribute-list prefix juba out network 10.0.0.0 Dell(conf-router_rip)#router ospf 34 Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode.
Page 111: Acl Resequencing
ACL Resequencing ACL resequencing allows you to re-number the rules and remarks in an access or prefix list. The placement of rules within the list is critical because packets are matched against rules in sequential order. To order new rules using the current numbering scheme, use resequencing whenever there is no opportunity.
Page 112 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1...
Page 113: Route Maps
Implementation Information The Dell Networking OS implementation of route maps allows route maps with the no match or no set commands. When there is no match command, all traffic matches the route map and the set command applies.
Page 114 You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. Dell Networking OS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, such as redistribute, traffic passes through all instances of that route map until a match is found.
Page 115 When there are multiple match commands with the same parameter under one instance of route-map, Dell Networking OS does a match between all of those match commands. If there are multiple match commands with different parameters, Dell Networking OS does a match ONLY if there is a match among ALL the match commands.
Page 116: Configuring Match Routes
In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement. If there is a match anywhere, the route is permitted.
Page 117: Configuring Set Conditions
– For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • Match destination routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip address prefix-list-name • Match destination routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 address prefix-list-name •...
Page 118 • Add an AS-PATH number to the beginning of the AS-PATH. CONFIG-ROUTE-MAP mode set as-path prepend as-number [... as-number] • Generate a tag to be added to redistributed routes. CONFIG-ROUTE-MAP mode set automatic-tag • Specify an OSPF area or ISIS level for redistributed routes. CONFIG-ROUTE-MAP mode set level {backbone | level-1 | level-1-2 | level-2 | stub-area} •...
Page 119: Configure A Route Map For Route Redistribution
Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins.
Page 120: Continue Clause
You can enable logging separately for each of these FP entries, which relate to each of the ACL entries configured in an ACL. Dell Networking OS saves a table that maps each ACL entry that matches the ACL name on the received packet, sequence number of the rule, and the interface index in the...
Page 121: Guidelines For Configuring Acl Logging
(in the next interval) is generated for that ACL entry. Guidelines for Configuring ACL Logging This functionality is supported on the Z9000 platform. Keep the following points in mind when you configure logging of ACL activities: •...
Page 122: Configuring Acl Logging
251 indices available for ACL logging. Configuring ACL Logging This functionality is supported on the Z9000 platform. To configure the maximum number of ACL log messages to be generated and the frequency at which these messages must be generated, perform the following steps: NOTE: This example describes the configuration of ACL logging for standard IP access lists.
Page 123: Behavior Of Flow-Based Monitoring
The port mirroring application maintains and performs all the monitoring operations on the chassis. ACL information is sent to the ACL manager, which in turn notifies the ACL agent to add entries in the CAM area. Duplicate entries in the ACL are not saved. When a packet arrives at a port that is being monitored, the packet is validated against the configured ACL rules.
Page 124 The show monitor session session-id command has been enhanced to display the Type field in the output, which indicates whether a particular session is enabled for flow-monitoring. Example Output of the show Command Dell(conf-mon-sess-0)#do show monitor session 0 SessID Source...
Page 125: Enabling Flow-Based Monitoring
Layer 3 ingress and egress traffic. You can specify traffic using standard or extended access-lists. Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define access-list rules that include the keyword monitor. Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor. CONFIGURATION mode ip access-list...
Page 126 SessID Source Destination Mode Source IP Dest IP ------ ------ ----------- ---- --------- -------- Te 0/0 Te 0/2 Flow Access Control Lists (ACLs)
Page 127: Access Control List (Acl) Vlan Groups And Content Addressable Memory (Cam)
VLANs and when Layer 2 or Layer 3 ACLs are applied on a set of ports. In releases of Dell Networking OS that do not support the CAM optimization functionality, when an ACL is applied on a VLAN, the ACL rules are configured with the rule-specific parameters and the VLAN as additional attributes in the ACL region.
Page 128: Guidelines For Configuring Acl Vlan Groups
• The description of the ACL group is added or removed. Guidelines for Configuring ACL VLAN groups ACL VLAN groups are supported on the Z9000 platform. Keep the following points in mind when you configure ACL VLAN groups: • The interfaces, to which the ACL VLAN group is applied, function as restricted interfaces. The ACL VLAN group name is used to identify the group of VLANs that is used to perform hierarchical filtering.
Page 129: Configuring Acl Vlan Groups And Configuring Fp Blocks For Vlan Parameters
The maximum number of VLANs that you can configure as a member of ACL VLAN groups is limited to 512 on the Z9000 switch if two slices are allocated. If only one virtual flow processing slice is allocated, the maximum number of VLANs that you can configure as a member of an ACL VLAN group is 256 for the Z9000 switch.
Page 130: Configuring Fp Blocks For Vlan Parameters
{VLAN-range} Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name. CONFIGURATION (conf-acl-vl-grp) mode show acl-vlan-group {group name | detail} Dell#show acl-vlan-group detail Group Name : TestGroupSeventeenTwenty Egress IP Acl : SpecialAccessOnlyExpertsAllowed...
Page 131: Viewing Cam Usage
| OUT-L2 ACL Viewing CAM Usage This functionality is supported on the Z9000 platform. View the amount of CAM space available, used, and remaining in each partition (including IPv4Flow and Layer 2 ACL sub- partitions) using the show cam-usage command in EXEC Privilege mode Display Layer 2, Layer 3, ACL, or all CAM usage statistics.
Page 132: Allocating Fp Blocks For Vlan Processes
16384 Allocating FP Blocks for VLAN Processes This functionality is supported on the Z9000 platform. The VLAN ContentAware Processor (VCAP) application is a preingress CAP that modifies the VLAN settings before packets are forwarded. To support the ACL CAM optimization functionality, the CAM carving feature is enhanced.
Page 133 You can configure only two of these features at a time. • To allocate the number of FP blocks for VLAN open flow operations, use the cam-acl-vlan vlanopenflow <0-2> command. • To allocate the number of FP blocks for VLAN iSCSI counters, use the cam-acl-vlan vlaniscsi <0-2>...
Page 135: Bidirectional Forwarding Detection (Bfd)
BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, BFD agents maintain sessions that reside on the line card, which frees resources on the route processor module (RPM). Only session state changes are reported to the BFD Manager (on the RPM), which in turn notifies the routing protocols that are registered with it.
Page 136: Bfd Packet Format
NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client. BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet.
Page 137 Required Min Echo The minimum rate at which the local system would like to receive echo packets. NOTE: Dell Networking OS does not currently support the echo function. Authentication An optional method for authenticating control packets.
Page 138: Bfd Sessions
Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up.
Page 139: Session State Changes
handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated. The passive system receives the control packet and changes its state to Up. Both systems agree that a session has been established. However, because both members must send a control packet — that requires a response —...
Page 140: Important Points To Remember
Important Points to Remember • On the platform, Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4.
Page 141: Configure Bfd For Physical Ports
• Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol.
Page 142 Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 11. Establishing a BFD Session on Physical Ports Enter interface mode.
Page 143 2.2.2.2 on interface Gi 4/24 (diag: 0) Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role (active). Dell Networking recommends maintaining the default values. To view session parameters, use the show bfd neighbors detail command.
Page 144: Configure Bfd For Static Routes
2.2.2.1 on interface Gi 2/1 (diag: 7) Configure BFD for Static Routes Configuring BFD for static routes is supported on Z9000, , , and. BFD offers systems a link state detection mechanism for static routes. With BFD, systems are notified to remove static routes from the routing table as soon as the link state change occurs, rather than waiting until packets fail to reach their next hop.
Page 145 Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 12. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes...
Page 146: Configure Bfd For Ospf
Configure BFD for OSPF BFD for OSPF is only supported on the Z9000 platform. When using BFD with OSPF, the OSPF protocol registers with the BFD manager on the RPM. BFD sessions are established with all neighboring interfaces participating in OSPF. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the OSPF protocol that a link state change occurred.
Page 147 Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state.
Page 148 INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS...
Page 149: Configure Bfd For Ospfv3
Disable BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 is only supported on the Z9000 platform. BFD for OSPFv3 provides support for IPV6. Configuring BFD for OSPFv3 is a two-step process: Enable BFD globally.
Page 150: Configure Bfd For Is-Is
Configure BFD for IS-IS BFD for IS-IS is supported on the Z9000 platform. When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager on the RPM. BFD sessions are then established with all neighboring interfaces participating in IS-IS. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the IS-IS protocol that a link state change occurred.
Page 151 Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 14. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands.
Page 152 The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.2 2.2.2.1 Gi 2/1...
Page 153: Configure Bfd For Bgp
Configure BFD for BGP Bidirectional forwarding detection (BFD) for BGP is supported on the Z9000 platform. In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces.
Page 154 Figure 15. Establishing Sessions with BGP Neighbors The sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command). • By establishing a BFD session with a specified BGP neighbor (the neighbor {ip-address | peer- group-name} bfd command) BFD packets originating from a router are assigned to the highest priority egress queue to minimize transmission delays.
Page 155 typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. Enable BFD globally. CONFIGURATION mode bfd enable Specify the AS number and enter ROUTER BGP configuration mode. CONFIGURATION mode router bgp as-number Add a BGP neighbor or peer group in a remote AS.
Page 156 ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode).
Page 157 Example of Verifying BGP Configuration Example of Viewing All BFD Neighbors Example of Viewing BFD Neighbor Detail Example of Viewing Configured BFD Counters Example of Viewing BFD Summary Information Example of Viewing BFD Information for a Specified Neighbor R2# show running-config bgp router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown...
Page 158 Statistics: Number of packets received from neighbor: 4762 Number of packets sent to neighbor: 4490 Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34...
Page 159 Down Admin Down The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down...
Page 160: Configure Bfd For Vrrp
Peer active in peer-group outbound optimization Configure BFD for VRRP BFD for VRRP is supported on the Z9000 platform. When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM). BFD sessions are established with all neighboring interfaces participating in VRRP. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the VRRP protocol that a link state change occurred.
Page 161 Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 16. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. •...
Page 162 The bold line shows that VRRP BFD sessions are enabled. R1(conf-if-gi-4/25)#vrrp bfd all-neighbors R1(conf-if-gi-4/25)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.5.1 2.2.5.2 Gi 4/25 Down 1000 1000 3 V To view session state information, use the show vrrp command.
Page 163: Configuring Protocol Liveness
Disabling BFD for VRRP If you disable any or all VRRP sessions, the sessions are torn down. A final Admin Down control packet is sent to all neighbors and sessions on the remote system change to the Down state. To disable all VRRP sessions on an interface, sessions for a particular VRRP group, or for a particular VRRP session on an interface, use the following commands.
Page 164 R1(conf-if-gi-4/24)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Gi 4/24 (diag: 0) 00:54:38 : Sent packet for session with neighbor 2.2.2.2 on Gi 4/24 TX packet dump: Version:1, Diag code:0, State:Down, Poll bit:0, Final bit:0, Demand bit:0 myDiscrim:4, yourDiscrim:0, minTx:1000000, minRx:1000000, multiplier:3, minEchoRx:0 00:54:38 : Received packet for session with neighbor 2.2.2.2 on Gi 4/24...
Page 165: Border Gateway Protocol Ipv4 (Bgpv4)
Border Gateway Protocol IPv4 (BGPv4) Border gateway protocol IPv4 (BGPv4) version 4 (BGPv4) is supported on the Z9000 platform. This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter.
Page 166 Figure 17. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easily detected and discarded.
Page 167: Sessions And Peers
Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers.
Page 168: Establish A Session
Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established.
Page 169: Bgp Attributes
Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speakers announce only the best route for a given prefix, route reflector rules are applied after the router makes its best path decision. •...
Page 170: Best Path Selection Criteria
In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Page 171 Figure 20. BGP Best Path Selection Best Path Selection Details Prefer the path with the largest WEIGHT attribute. Prefer the path with the largest LOCAL_PREF attribute. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. Routes originated with the Originated via a network or redistribute commands are preferred over routes originated with the aggregate-address command.
Page 172: Weight
Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. Dell Networking OS deems the paths as equal and does not perform steps 9 through 11, if the following criteria is met: the IBGP multipath or EBGP multipath are configured (the maximum-path command).
Page 173: Multi-Exit Discriminators (Meds)
and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B. Figure 21. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path.
Page 174: Origin
BGP. In Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold). The lower case letter (i) indicates an origin code of IGP (shown in bold).
Page 175: As Path
NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Hash Refcount Metric Path Address...
Page 176: Multiprotocol Bgp
For some peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. Dell Networking OS supports configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost.
Page 177: Ignore Router-Id For Some Best-Path Calculations
MED: 100 Ignore Router-ID for Some Best-Path Calculations Dell Networking OS allows you to avoid unnecessary BGP best-path transitions between external paths under certain conditions. The bgp bestpath router-id ignore command reduces network disruption caused by routing and forwarding plane changes and allows for faster convergence.
Page 178: As4 Number Representation
If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported. ASPLAIN is the method Dell Networking OS has used for all previous Dell Networking OS versions. ASPLAIN remains the default method with Dell Networking OS. With the ASPLAIN notation, a 32-bit binary AS number is translated into a decimal value.
Page 179: As Number Migration
Dell(conf-router_bgp)#show conf router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 <output truncated> Dell(conf-router_bgp)#do show ip bgp BGP table version is 31571, local router ID is 172.30.1.57 <output truncated> AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057...
Page 180 appear as if it still belongs to Router B’s old network (AS 200) as far as communicating with Router C is concerned. Figure 23. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature.
Page 181: Bgp4 Management Information Base (Mib)
(SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell website. NOTE: For the Force10-BGP4-V2-MIB and other MIB documentation, refer to the Dell iSupport web page. Important Points to Remember •...
Page 182: Configuration Information
To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5.
Page 183: Enabling Bgp
By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled. To enable a neighbor or peer group, enter the neighbor {ip-address | peer-group-name} no shutdown command.
Page 184 NOTE: Sample Configurations for enabling BGP routers are found at the end of this chapter. Assign an AS number and enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number • as-number: from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format).
Page 185 Enable the BGP neighbor. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} no shutdown Example of the show ip bgp summary Command (2-Byte AS number displayed) Example of the show ip bgp summary Command (4-Byte AS number displayed) Example of the show ip bgp neighbors Command Example of Verifying BGP Configuration NOTE: When you change the configuration of a BGP neighbor, always reset it by entering the clear ip bgp * command in EXEC Privilege mode.
Page 186 For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID.
Page 187: Configuring As4 Number Representations
Term Description ASPLAIN the method Dell Networking OS used for all previous Dell Networking OS versions. It remains the default method with Dell Networking OS. With the ASPLAIN notation, a 32–bit binary AS number is translated into a decimal value.
Page 188 NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot • Enable ASDOT+ AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot+...
Page 189: Configuring Peer Groups
Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy. A maximum of 256 peer groups are allowed on the system.
Page 190 To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. When you create a peer group, it is disabled (shutdown). The following example shows the creation of a peer group (zanzibar) (in bold). Dell(conf-router_bgp)#neighbor zanzibar peer-group Dell(conf-router_bgp)#show conf router bgp 45...
Page 191 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes...
Page 192: Configuring Bgp Fast Fall-Over
To verify fast fall-over is enabled on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fall-over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.5...
Page 193 Foreign host: 100.100.100.100, Foreign port: 179 Dell# To verify that fast fall-over is enabled on a peer-group, use the show ip bgp peer-group command (shown in bold). Dell#sh ip bgp peer-group Peer-group test fall-over enabled BGP version 4 Minimum time between advertisement runs is 5 seconds...
Page 194: Configuring Passive Peering
When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor. To work around this, change the BGP configuration or change the order of the peer group configuration.
Page 195: Allowing An As Number To Appear In Its Own As Path
– Peer Group Name: 16 characters. – AS-number: 0 to 65535 (2-Byte) or 1 to 4294967295 (4-Byte) or 0.1 to 65535.65535 (Dotted format). – No Prepend: specifies that local AS values are not prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS.
Page 196: Enabling Graceful Restart
Use this feature to lessen the negative effects of a BGP restart. Dell Networking OS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer group.
Page 197: Enabling Neighbor Graceful Restart
If you configure your system to do so, Dell Networking OS can perform the following actions during a hot failover: • Save all forwarding information base (FIB) and content addressable memory (CAM) entries on the line card and continue forwarding traffic while the secondary route processor module (RPM) is coming online.
Page 198: Filtering On An As-Path Attribute
• Set the maximum restart time for the neighbor or peer-group. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} graceful-restart [restart-time time- in-seconds] The default is 120 seconds. • Local router supports graceful restart for this neighbor or peer-group as a receiver only. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} graceful-restart [role receiver-only] •...
Page 199: Regular Expressions As Filters
For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in Dell Networking OS. Border Gateway Protocol IPv4 (BGPv4)
Page 200 Dell(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#neigh 10.155.15.2 filter-list 1 in Dell(conf-router_bgp)#ex Dell(conf)#ip as-path access-list Eagle Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in...
Page 201: Redistributing Routes
10.155.15.2 remote-as 32 neighbor 10.155.15.2 filter-list 1 in neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#ex Dell(conf)#ex Dell#show ip as-path-access-lists ip as-path access-list Eagle deny 32$ Dell# Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process.
Page 202: Enabling Additional Paths
One attribute you can manipulate is the COMMUNITY attribute. This attribute is an optional attribute that is defined for a group of destinations. In Dell Networking OS, you can assign a COMMUNITY attribute to BGP routers by using an IP community list. After you create an IP community list, you can apply routing decisions to all routers meeting the criteria in the IP community list.
Page 203 To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
Page 204: Configuring An Ip Extended Community List
To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
Page 205: Filtering Routes With Community Lists
In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, Dell Networking OS does not send the COMMUNITY attribute. To send the COMMUNITY attribute to BGP neighbors, use the following command. •...
Page 206 To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbor or peer group.
Page 207: Changing Med Attributes
209 7170 1455 i --More-- Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands.
Page 208: Changing The Next_Hop Attribute
CONFIG-ROUTER-BGP mode bgp default local-preference value – value: the range is from 0 to 4294967295. The default is 100. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode. A more flexible method for manipulating the LOCAL_PREF attribute value is to use a route map.
Page 209: Changing The Weight Attribute
AS-Path ACLs filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map.
Page 210 For inbound and outbound updates the order of preference is: • prefix lists (using the neighbor distribute-list command) • AS-PATH ACLs (using the neighbor filter-list command) • route maps (using the neighbor route-map command) Prior to filtering BGP routes, create the prefix list, AS-PATH ACL, or route map. For configuration information about prefix lists, AS-PATH ACLs, and route maps, refer to Access Control Lists...
Page 211: Filtering Bgp Routes Using Route Maps
• If the prefix list contains no filters, all routes are permitted. • If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes.
Page 212: Filtering Bgp Routes Using As-Path Information
BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information.
Page 213: Aggregating Routes
BGP mode or the show running-config bgp in EXEC Privilege mode. Aggregating Routes Dell Networking OS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active.
Page 214: Configuring Bgp Confederations
When that penalty value reaches a configured limit, the route is not advertised, even if the route is up. In Dell Networking OS, that penalty value is 1024. As time passes and the route does not flap, the penalty value decrements or is decayed. However, if the route flaps again, it is assigned another penalty.
Page 215 • history entry — an entry that stores information on a downed route • dampened path — a path that is no longer advertised • penalized path — a path that is assigned a penalty To configure route flap dampening parameters, set dampening parameters using a route map, clear information on route dampening and return suppressed routes to active state, view statistics on route flapping, or change the path selection from the default mode (deterministic) to non-deterministic, use the following commands.
Page 216 – regexp regular-expression: enter a regular express to match on. By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival. You can change the path selection method to non- deterministic, that is, paths are compared in the order in which they arrived (starting with the most recent).
Page 217: Changing Bgp Timers
10.114.8.33 18508 117265 25069 780266 20 00:38:50 102759 Dell> To view which routes are dampened (non-active), use the show ip bgp dampened-routes command in EXEC Privilege mode. Changing BGP Timers To configure BGP timers, use either or both of the following commands.
Page 218 without clearing the BGP Session. Soft-reconfig can be done on a per-neighbor basis and can either be inbound or outbound. BGP soft-reconfiguration clears the policies without resetting the TCP connection. To reset a BGP connection using BGP soft reconfiguration, use the clear ip bgp command in EXEC Privilege mode at the system prompt.
Page 219: Route Map Continue
(PIM) to build data distribution trees. MBGP for IPv4 multicast is supported on the Z9000 platform. Dell Networking OS MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per peer/peer-group.
Page 220: Bgp Regular Expression Optimization
Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 221: Storing Last And Bad Pdus
Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is the one that causes a notification to be issued.
Page 222: Capturing Pdus
Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv4 Unicast BGP table version 1395, neighbor version 1394 Prefixes accepted 1 (consume 4 bytes), 0 withdrawn by peer Prefixes advertised 0, rejected 0, 0 withdrawn from peer Connections established 3;...
Page 223: Pdu Counters
313511 0 00:12:46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the show ip bgp neighbor command. Border Gateway Protocol IPv4 (BGPv4)
Page 224: Sample Configurations
Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI.
Page 225 Example of Enabling BGP (Router 1) Example of Enabling BGP (Router 2) Example of Enabling BGP (Router 3) Example of Enabling Peer Groups (Router 1) Example of Enabling Peer Groups (Router 2) Example of Enabling Peer Groups (Router 3) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown...
Page 226 R2(conf-if-lo-0)#int te 2/11 R2(conf-if-te-2/11)#ip address 10.0.1.22/24 R2(conf-if-te-2/11)#no shutdown R2(conf-if-te-2/11)#show config interface TengigabitEthernet 2/11 ip address 10.0.1.22/24 no shutdown R2(conf-if-te-2/11)#int te 2/31 R2(conf-if-te-2/31)#ip address 10.0.2.2/24 R2(conf-if-te-2/31)#no shutdown R2(conf-if-te-2/31)#show config interface TengigabitEthernet 2/31 ip address 10.0.2.2/24 no shutdown R2(conf-if-te-2/31)# R2(conf-if-te-2/31)#router bgp 99 R2(conf-router_bgp)#network 192.168.128.0/24 R2(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R2(conf-router_bgp)#neighbor 192.168.128.1 no shut...
Page 227 R3(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R3(conf-router_bgp)#neighbor 192.168.128.1 no shut R3(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 R3(conf-router_bgp)#neighbor 192.168.128.2 remote 99 R3(conf-router_bgp)#neighbor 192.168.128.2 no shut R3(conf-router_bgp)#neighbor 192.168.128.2 update loop 0 R3(conf-router_bgp)#show config conf R1(conf)#router bgp 99 R1(conf-router_bgp)# network 192.168.128.0/24 R1(conf-router_bgp)# neighbor AAA peer-group R1(conf-router_bgp)# neighbor AAA no shutdown R1(conf-router_bgp)# neighbor BBB peer-group R1(conf-router_bgp)# neighbor BBB no shutdown R1(conf-router_bgp)# neighbor 192.168.128.2 peer-group AAA...
Page 228 'Connection Reset' Sent : 1 Recv: 0 Last notification (len 21) sent 00:00:57 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host: 192.168.128.1, Local port: 179 Foreign host: 192.168.128.2, Foreign port: 65464 BGP neighbor is 192.168.128.3, remote AS 100, external link Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.3 BGP state ESTABLISHED, in this state for 00:00:37...
Page 229 R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.2 no shutdown R3(conf-router_bgp)# neighbor 192.168.128.1 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.1 no shutdown R3(conf-router_bgp)# R3(conf-router_bgp)#end R3#show ip bgp summary...
Page 230 BGP version 4, remote router ID 192.168.128.3 BGP state ESTABLISHED, in this state for 00:18:51 Last read 00:00:45, last write 00:00:44 Hold time is 180, keepalive interval is 60 seconds Received 138 messages, 0 in queue 7 opens, 2 notifications, 7 updates 122 keepalives, 0 route refresh requests Sent 140 messages, 0 in queue Border Gateway Protocol IPv4 (BGPv4)
Page 231: Content Addressable Memory (Cam)
Content addressable memory (CAM) is supported on the Z9000 platform. CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies.
Page 232 Use the cam-acl-egress command to allocate the space for egress L2, IPV4 and IPV6 ACL. The total number of available FP blocks is 4. Allocate atleast one group of L2ACL and IPV4 ACL. Dell(conf)#do show cam-acl-egress -- Chassis Egress Cam ACL --...
Page 233: Test Cam Usage
Test CAM Usage The test cam-usage command is supported on the Z9000 platform. Use this command to determine whether sufficient CAM space is available to enable a service-policy. Create a Class Map with all required ACL rules, then execute the test cam-usage command in Privilege mode to verify the actual CAM space required.
Page 234: View Cam Profiles
The show running-config cam-profile command shows the current profile and microcode. NOTE: If you select the CAM profile from CONFIGURATION mode, the output of this command does not reflect any changes until you save the running-configuration and reload the chassis. Dell#show running-config cam-profile cam-profile default microcode default Dell# View CAM-ACL Settings The show cam-acl command is supported on the platform.
Page 235 The default values for the show cam-acl command for the are: Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) 1 block = 128 entries...
Page 236: View Cam Usage
View CAM Usage View the amount of CAM space available, used, and remaining in each ACL partition using the show cam-usage command from EXEC Privilege mode. Example of the show cam-usage Command Dell#show cam-usage Stackunit|Portpipe| CAM Partition | Total CAM Used CAM...
Page 237: Cam Optimization
If three resets do not bring up the card, or if the system is running an Dell Networking OS version prior to version 6.3.1.1, the system presents an error message. In this case, manually adjust the CAM configuration on the card to match the system configuration.
Page 238 Allocate more entries in the IPv4Flow region to QoS. Dell Networking OS supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service-policy command provides this test framework. For more information, refer to Pre-Calculating Available QoS CAM Space.
Page 239: Control Plane Policing (Copp)
Control Plane Policing (CoPP) Control plane policing (CoPP) is supported on the Z9000 platform. Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Page 240: Configure Control Plane Policing
Figure 26. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing For example, border gateway protocol (BGP) and internet control message protocol (ICMP) share same queue (Q6); Q6 has 400 PPS of bandwidth by default. The desired rate of ICMP is 100 PPS and the remaining 300 PPS is assigned to BGP.
Page 241: Configuring Copp For Protocols
CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. Configuring CoPP for Protocols This section lists the commands necessary to create and enable the service-policies for CoPP. For complete information about creating ACLs and QoS rules, refer to Access Control Lists (ACLs) Quality of Service...
Page 242 Dell(conf)#ipv6 access-list ipv6-icmp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit icmp Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 500 50 peak 1000 50...
Page 243: Configuring Copp For Cpu Queues
Example of Creating the QoS Policy Example of Assigning the QoS Policy to the Queues Example of Creating the Control Plane Service Policy Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit...
Page 244: Copp For Ospfv3 Packets
You can create an IPv6 ACL for control-plane traffic policing for OSPFv3, in addition to the CoPP support for VRRP, BGP, and ICMP. This functionality is supported on the S4810, S4820T,S6000, MXL, and Z9000 platforms. You can use the ipv6 access-list name cpu-qos permit ospfv3 command to allow CoPP traffic for OSPFv3.
Page 245 Increased CPU Queues for CoPP FTOS classifies every packet ingress from the front end port to system as control traffic or data traffic by having the pre-defined rules based on protocol type or packets types like ttl, slow path etc. FP is used to classify the traffic to transmit the control traffic to CMIC port.
Page 246 NDP Packets Neighbor discovery protocol has 4 types of packets NS, NA, RA, RS. These packets need to be taken to CPU for neighbor discovery. • Unicast NDP packets: – Packets hitting the L3 host/route table and discovered as local terminated packets/CPU bound traffic.
Page 247: Configuring Copp For Ospfv3
VRRPv3, BGPv6, and ICMPv6. This functionality is supported on the S4810, S4820T, S6000, MXL, and Z9000 platforms. You can use the ipv6 access-list name cpu-qos permit ospfv3 or the ipv6 access-list name cpu-qos ospfv3 command to allow CoPP traffic for OSPFv3. The control plane management support for IPv6 ICMPv6 packets is enhanced to enable more number of CPU queues on port to be available and other COPP improvements have been implemented.
Page 248: Show Commands
Create a QoS input policy for the router and assign the policing. CONFIGURATION mode Dell(conf)#qos-policy-input ospfv3_rate cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 1500 16 peak 1500 16 Create a QoS class map to differentiate the control-plane traffic and assign to the ACL. CONFIGURATION mode...
Page 249 2000 1100 Dell# To view the queue mapping for each configured protocol, use the show ip protocol-queue- mapping command. Dell#show ip protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) -------- -------- -------- ------- ----- ------ ----------- TCP (BGP) any/179 179/any...
Page 251: Dynamic Host Configuration Protocol (Dhcp)
Dynamic Host Configuration Protocol (DHCP) Dynamic host configuration protocol (DHCP) is available on the Z9000 platform. DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators.
Page 252 Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Option 6 Server Specifies the domain name servers (DNSs) that are available to the client. Domain Name Option 15 Specifies the domain name that clients should use when resolving hostnames via...
Page 253: Assign An Ip Address Using Dhcp
Option Number and Description Identifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Option 82 Snooping Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database.
Page 254: Implementation Information
(VLAN) and then attempt to apply an access list to the VLAN, Dell Networking OS displays the first line in the following message. If you first apply an ACL to a VLAN and then attempt enable IP source address validation on one of its member ports, Dell Networking OS displays the second line in the following message.
Page 255: Configure The System To Be A Dhcp Server
Configure the System to be a DHCP Server Configuring the system to be a DHCP server is supported only on the Z9000 platform. A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient.
Page 256 DHCP <POOL> mode show config After an IP address is leased to a client, only that client may release the address. Dell Networking OS performs a IP + MAC source address validation to ensure that no client can release another clients address.
Page 257: Specifying A Default Gateway
DHCP <POOL> default-router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Using DNS for Address Resolution A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses.
Page 258: Creating Manual Binding Entries
NOTE: Dell Networking OS does not prevent you from using a network IP as a host IP; be sure to not use a network IP as a host IP.
Page 259: Configure The System To Be A Relay Agent
You can configure an interface on the Dell Networking system to relay the DHCP messages to a specific DHCP server using the ip helper-address dhcp-address command from INTERFACE mode, as shown in the following illustration.
Page 260 Figure 29. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int gig 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24 Broadcast address is 10.11.0.255 Address determined by user input...
Page 261: Configure The System To Be A Dhcp Client
The switch can obtain a dynamically assigned IP address from a DHCP server. A start-up configuration is not received. Use bare metal provisioning (BMP) to receive configuration parameters (Dell Networking OS version and a configuration file). BMP is enabled as a factory-default setting on a switch.
Page 262: Dhcp Client Operation With Other Features
DHCP Client Operation with Other Features The DHCP client operates with other Dell Networking OS features, as the following describes. Stacking The DHCP client daemon runs only on the master unit and handles all DHCP packet transactions. It periodically synchronizes the lease file with the standby unit.
Page 263: Configure The System For User Port Stacking (Option 230)
Virtual Router Redundancy Protocol (VRRP) Do not enable the DHCP client on an interface and set the priority to 255 or assign the same DHCP interface IP address to a VRRP virtual group. Doing so guarantees that this router becomes the VRRP group owner.
Page 264: Dhcp Snooping
Dell Networking OS Behavior: Introduced in Dell Networking OS version 7.8.1.0, DHCP snooping was available for Layer 3 only and dependent on DHCP relay agent (ip helper-address). Dell Networking OS version 8.2.1.0 extends DHCP snooping to Layer 2 and you do not have to enable relay agent to snoop on Layer 2 interfaces.
Page 265 Dell Networking OS Behavior: Binding table entries are deleted when a lease expires or when the relay agent encounters a DHCPRELEASE. Line cards maintain a list of snooped VLANs. When the binding table is exhausted, DHCP packets are dropped on snooped VLANs, while these packets are forwarded across non-snooped VLANs.
Page 266: Drop Dhcp Packets On Snooped Vlans Only
To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Dell#show ip dhcp snooping binding Codes : S - Static D - Dynamic...
Page 267 receives an ARP message for which a relevant entry already exists in its ARP cache, it overwrites the existing entry with the new information. The lack of authentication in ARP makes it vulnerable to spoofing. ARP spoofing is a technique attackers use to inject false IP-to-MAC mappings into the ARP cache of a network device.
Page 268: Configuring Dynamic Arp Inspection
Specify an interface as trusted so that ARPs are not validated against the binding table. INTERFACE mode arp inspection-trust Dell Networking OS Behavior: Introduced in Dell Networking OS version 8.2.1.0, DAI was available for Layer 3 only. However, Dell Networking OS version 8.2.1.1 extends DAI to Layer 2. Dynamic Host Configuration Protocol (DHCP)
Page 269: Source Address Validation
Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 11. Three Types of Source Address Validation Source Address Validation Description IP Source Address Validation Prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP binding table.
Page 270: Enabling Ip+Mac Source Address Validation
INTERFACE mode ip dhcp source-address-validation ipmac Dell Networking OS creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface. To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-address-validation [interface] command in EXEC Privilege mode.
Page 271: Equal Cost Multi-Path (Ecmp)
0 lag checksum 0 nh-ecmp checksum 0 Dell Networking OS Behavior: In the Dell Networking OS versions prior to 8.2.1.2, the ExaScale default hash-algorithm is 0. Beginning with Dell Networking OS version 8.2.1.2, the default hash-algorithm is 24.
Page 272: Configuring The Hash Algorithm Seed
This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops. Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same. When configured, the same seed is set for ECMP, LAG, and NH, and is used for incoming traffic only.
Page 273: Managing Ecmp Group Paths
Te 0/1 Managing ECMP Group Paths Managing ECMP group paths is supported only on the Z9000 platform. Configure the maximum number of paths for an ECMP route that the L3 CAM can hold to avoid path degeneration. When you do not configure the maximum number of routes, the CAM can hold a maximum ECMP per route.
Page 274: Creating An Ecmp Group Bundle
Creating an ECMP Group Bundle Within each ECMP group, you can specify an interface. If you enable monitoring for the ECMP group, the utilization calculation is performed when the average utilization of the link-bundle (as opposed to a single link within the bundle) exceeds 60%. Create a user-defined ECMP group bundle.
Page 275 Dell(conf-ecmp-group-5)#show config ecmp-group 5 interface tengigabitethernet 0/2 interface tengigabitethernet 0/3 link-bundle-monitor enable Dell(conf-ecmp-group-5)# Equal Cost Multi-Path (ECMP)
Page 277: Enabling Fips Cryptography
Enabling FIPS Cryptography Federal information processing standard (FIPS) cryptography is supported on the Z9000 platform. This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.
Page 278: Enabling Fips Mode
FIPS mode, generates new host-keys, and re-enables the SSH server (assuming it was enabled before enabling FIPS). For more information, refer to the SSH Server and SCP Commands section in the Security chapter of the Dell Networking OS Command Line Reference Guide. Enabling FIPS Cryptography...
Page 279: Monitoring Fips Mode Status
: S4810 - 52-port GE/TE/FG (SE) Master priority : 0 Hardware Rev : 3.0 Num Ports : 64 Up Time : 7 hr, 3 min Dell Networking OS Version : 4810-8-3-7-1061 Jumbo Capable : yes POE Capable : no FIPS Mode : enabled...
Page 280 • To disable FIPS mode from a console port. CONFIGURATION mode no fips mode enable The following Warning message displays: WARNING: Disabling FIPS mode will close all SSH/Telnet connections, restart those servers, and destroy all configured host keys. Proceed (y/n) ? Enabling FIPS Cryptography...
Page 281: Force10 Resilient Ring Protocol (Frrp)
Force10 Resilient Ring Protocol (FRRP) Force10 resilient ring protocol (FRRP) is supported on the Z9000 platform. FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the...
Page 282: Ring Status
The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node. Ring Status The ring failure notification and the ring status checks provide two ways to ensure the ring remains up and active in the event of a switch or port failure.
Page 283: Multiple Frrp Rings
Multiple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system. More than the recommended number of rings may cause interface instability. You can configure multiple rings with a single switch connection; a single ring can have multiple FRRP groups; multiple rings can be connected with a common link.
Page 284 Concept Explanation Control VLAN Each ring has a unique Control VLAN through which tagged ring health frames (RHF) are sent. Control VLANs are used only for sending RHF, and cannot be used for any other purpose. Member VLAN Each ring maintains a list of member VLANs. Member VLANs must be consistent across the entire ring.
Page 285: Implementing Frrp
• FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP.
Page 286: Configuring The Control Vlan
Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to Layer Be sure to follow these guidelines: •...
Page 287: Configuring And Adding The Member Vlans
Assign the Primary and Secondary ports and the control VLAN for the ports on the ring. CONFIG-FRRP mode. interface primary int slot/port secondary int slot/port control-vlan vlan id Interface: • For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet then the slot/port information.
Page 288 To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring. Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id VLAN ID: the range is from 1 to 4094. Tag the specified interface or range of interfaces to this VLAN.
Page 289: Setting The Frrp Timers
Identify the Member VLANs for this FRRP group. CONFIG-FRRP mode. member-vlan vlan-id {range} VLAN-ID, Range: VLAN IDs for the ring’s Member VLANs. Enable this FRRP group on this switch. CONFIG-FRRP mode. no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval.
Page 290: Troubleshooting Frrp
• Show the information for the identified FRRP group. EXEC or EXEC PRIVELEGED mode. show frrp ring-id Ring ID: the range is from 1 to 255. • Show the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255.
Page 291 no ip address tagged GigabitEthernet 1/24,34 no shutdown protocol frrp 101 interface primary GigabitEthernet 1/24 secondary GigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master no disable interface GigabitEthernet 2/14 no ip address switchport no shutdown interface GigabitEthernet 2/31 no ip address switchport no shutdown interface Vlan 101...
Page 292 secondary GigabitEthernet 3/14 control-vlan 101 member-vlan 201 mode transit no disable Force10 Resilient Ring Protocol (FRRP)
Page 293: Garp Vlan Registration Protocol (Gvrp)
GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP) is supported on the Z9000 platform. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches.
Page 294: Configure Gvrp
GVRP information exchanged. In the following example, that type of port is referred to as a VLAN trunk port, but it is not necessary to specifically identify to the Dell Networking OS that the port is a trunk port.
Page 295: Enabling Gvrp Globally
To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command.
Page 296: Configure A Garp Timer
The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The Dell Networking OS default is 10000ms. Example of the garp timer Command...
Page 297 LeaveAll Timer 5000 Dell(conf)# Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. GARP VLAN Registration Protocol (GVRP)
Page 299: Internet Group Management Protocol (Igmp)
Dell Networking Operating System (OS) supports IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • Dell Networking systems cannot serve as an IGMP host or an IGMP version 1 IGMP Querier.
Page 300 Figure 31. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group.
Page 301: Igmp Version 3
response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. •...
Page 302 Figure 33. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
Page 303 Figure 34. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
Page 304: Configure Igmp
Figure 35. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. Enable multicast routing using the ip multicast-routing command. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP Version •...
Page 305: Viewing Igmp Enabled Interfaces
Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3.
Page 306: Viewing Igmp Groups
View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell(conf-if-gi-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface...
Page 307: Adjusting The Igmp Querier Timeout Value
INTERFACE mode ip igmp query-interval • Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Adjusting the IGMP Querier Timeout Value If there is more than one multicast router on a subnet, only one is elected to be the querier, which is the router that sends queries to the subnet.
Page 308: Enabling Igmp Immediate-Leave
If IGMP snooping is enabled on a PIM-enabled VLAN interface, data packets using the router as an Layer 2 hop may be dropped. To avoid this scenario, Dell Networking recommends that users enable IGMP snooping on server-facing end-point VLANs only.
Page 309: Removing A Group-Port Association
• Specifying a Port as Connected to a Multicast Router • Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell(conf)#ip igmp snooping enable Dell(conf)#do show running-config igmp ip igmp snooping enable Dell(conf)# Removing a Group-Port Association To configure or view the remove a group-port association feature, use the following commands.
Page 310: Specifying A Port As Connected To A Multicast Router
• Configure the switch to only forward unregistered packets to ports on a VLAN that are connected to mrouter ports. CONFIGURATION mode no ip igmp snooping flood Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN, use the following commands. •...
Page 311: Fast Convergence After Mstp Topology Changes
The following describes the fast convergence feature. When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
Page 312: Protocol Separation
One typical example is an SSH session to an unknown destination or an SSH connection that is destined to the management port IP address. The management default route can coexist with front-end default routes. If SSH is specified as a management application, SSH links to and from an unknown destination uses the management default route.
Page 313: Enabling And Disabling Management Egress Interface Selection
The switch also processes user-specified port numbers for applications such as RADIUS, TACACS, SSH, and sFlow. The OS maintains a list of configured management applications and their port numbers. You can configure two default routes, one configured on the management port and the other on the front- end port.
Page 314: Handling Of Management Route Configuration
• If ping and traceroute are destined to the management port IP address, the response traffic for these packets is sent by doing route lookup in the EIS routing table. When the feature is disabled using the no management egress-interface-selection command, the following operations are performed: •...
Page 315: Handling Of Switch-Destined Traffic
• If the route lookup in the EIS routing table fails or if management port is down, then packets are dropped. The application-specific count of the dropped packets is incremented and is viewed using the show management application pkt-drop-cntr command. This counter is cleared using clear management application pkt-drop-cntr command.
Page 316: Handling Of Transit Traffic (Traffic Separation)
The fallback route between the management and data networks is used in such a case. At any given time, end users can access Dell Networking OS applications using either ip1 or ip2. Return traffic for such end-user-originated sessions destined to management port ip1 is handled using the EIS route lookup.
Page 317: Behavior Of Various Applications For Switch-Initiated Traffic
Transit Traffic This phenomenon occurs where traffic is transiting the switch. Traffic has not originated from the switch and is not terminating on the switch. • Drop the packets that are received on the front-end data port with destination on the management port.
Page 318: Behavior Of Various Applications For Switch-Destined Traffic
Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled EIS Behavior Default Behavior EIS Behavior Default Behavior EIS Behavior Default Behavior radius EIS Behavior Default Behavior Sflow-collector Default Behavior Snmp (SNMP Mib response and EIS Behavior Default Behavior SNMP Traps) EIS Behavior Default Behavior...
Page 319: Interworking Of Eis With Various Applications
Default Behavior: Route lookup is done in the default routing table and appropriate egress port is selected. Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled EIS Behavior Default Behavior http EIS Behavior Default Behavior EIS Behavior Default Behavior Snmp (snmp mib response) EIS Behavior Default Behavior...
Page 320: Designating A Multicast Router Interface
To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address.
Page 321: Interfaces
Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). • 10 Gigabit Ethernet / 40 Gigabit Ethernet interfaces are supported on the Z9000 platform. Basic Interface Configuration •...
Page 322: Interface Types
NOTE: To end output from the system, such as the output from the show interfaces command, enter CTRL+C and Dell Networking OS returns to the command prompt. NOTE: The CLI output may be incorrectly displayed as 0 (zero) for the Rx/Tx power values. To obtain the correct power information, perform a simple network management protocol (SNMP) query.
Page 323 Dell#show interfaces tengigabitethernet 1/0 TenGigabitEthernet 1/0 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:05:f3:6a Current address is 00:01:e8:05:f3:6a Pluggable media present, XFP type is 10GBASE-LR. Medium is MultiRate, Wavelength is 1310nm XFP receive power reading is -3.7685 Interface index is 67436603 Internet address is 65.113.24.238/28...
Page 324: Enabling A Physical Interface
INTERFACE mode, use the exit command or end command. You cannot delete a physical interface. Physical Interfaces The Management Ethernet interface is a single RJ-45 Fast Ethernet port on each unit of the Z9000 The interface provides dedicated management access to the system.
Page 325: Configuration Task List For Physical Interfaces
Dell Networking OS Behavior: The Z9000 system uses a single MAC address for all physical interfaces. Configuration Task List for Physical Interfaces By default, all interfaces are operationally disabled and traffic does not pass through them. The following section includes information about optional configurations for physical interfaces: •...
Page 326: Configuring Layer 2 (Interface) Mode
Example of a Basic Layer 2 Interface Configuration Dell(conf-if)#show config interface Port-channel 1 no ip address switchport no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface.
Page 327: Configuring Layer 3 (Interface) Mode
ICMP unreachables are not sent Egress Interface Selection (EIS) Egress Interface Selection (EIS) is available on the Z9000 platform. EIS allows you to isolate the management and front-end port domains by preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding...
Page 328: Important Points To Remember
SNMP responses for security. Management Interfaces The Z9000 system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system.
Page 329: Configuring Management Interfaces On The S-Series
To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int gig 0/48 GigabitEthernet 0/48 is up, line protocol is up Description: This is the Managment Interface...
Page 330: Vlan Interfaces
NOTE: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol.
Page 331: Loopback Interfaces
Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Because this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability.
Page 332: Port Channel Definition And Standards
There are 128 port-channels with eight members per channel. NOTE: If you are using either 10G ports or 40G ports, the Z9000 supports eight members per LAG. As soon as you configure a port channel, Dell Networking OS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel.
Page 333: 10/100/1000 Mbps Interfaces In Port Channels
Dell Networking OS determines if the first interface specified (TenGig 0/1) is up. After it is up, the common speed of the port channel is 1000 Mb/s. Dell Networking OS disables those interfaces configured with speed 10000 Mb/s or whose speed is 10000 Mb/s as a result of auto- negotiation.
Page 334: Creating A Port Channel
Creating a Port Channel You can create up to 128 port channels with eight port members per group on the Z9000 . To configure a port channel, use the following commands. Create a port channel. CONFIGURATION mode interface port-channel id-number Ensure that the port channel is active.
Page 335 Example of Error Due to an Attempt to Configure an Interface that is Part of a Port Channel To view the port channel’s status and channel members in a tabular format, use the show interfaces port-channel brief command in EXEC Privilege mode, as shown in the following example. Dell#show int port brief LAG Mode Status Uptime Ports...
Page 336: Reassigning An Interface To A New Port Channel
Time since last interface status change: 04:31:57 Dell> When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs).
Page 337: Configuring The Minimum Oper Up Links In A Port Channel
Dell(conf-if-portch)#show config interface Port-channel 4 no ip address channel-member GigabitEthernet 1/8 no shutdown Dell(conf-if-portch)#no chann gi 1/8 Dell(conf-if-portch)#int port 5 Dell(conf-if-portch)#channel gi 1/8 Dell(conf-if-portch)#sho conf interface Port-channel 5 no ip address channel-member GigabitEthernet 1/8 shutdown Dell(conf-if-portch)# Configuring the Minimum Oper Up Links in a Port Channel You can configure the minimum links in a port channel (LAG) that must be in “oper up”...
Page 338: Assigning An Ip Address To A Port Channel
EXEC mode Dell(conf)# interface tengigabitethernet 0/1 Dell(conf-if-te-0/1)#switchport Dell(conf-if-te-0/1)# vlan tagged 2-5,100,4010 Dell#show interfaces switchport te 0/1 Codes: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Trunk, H - VSN tagged...
Page 339: Deleting Or Disabling A Port Channel
Dell Networking OS allows you to modify the hashing algorithms used for flows and for fragments. The load-balance and hash-algorithm commands are available for modifying the distribution algorithms.
Page 340: Changing The Hash Algorithm
|xor1| xor2| xor4| xor8| xor16}|lag{crc16|crc16cc|crc32LSB|crc32MSB|xor1| xor2|xor4|xor8|xor16}| seed ] For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change the Hash algorithm seed value to get better hash value Hash seed is used to compute the hash value.
Page 341: Bulk Configuration
Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh-ecmp checksum 26 Dell(conf)# The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crc- lower. This command takes the lower 32 bits of the hash key to compute the egress port. Other options for ECMP hash-algorithms are: •...
Page 342: Bulk Configuration Examples
The following is an example showing how duplicate entries are omitted from the interface-range prompt. Example of the Interface-Range Prompt for Duplicate Interfaces Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)#interface range gigabitethernet 2/0 - 23 , gigabitethernet 2/0 -...
Page 343: Defining Interface Range Macros
Example of the Interface-Range Prompt for Overlapping Port Ranges Dell(conf)#inte ra gi 2/1 - 11 , gi 2/1 - 23 Dell(conf-if-range-gi-2/1-23)# Commas...
Page 344: Choosing An Interface-Range Macro
T — Increase refresh interval (by 1 second) • t — Decrease refresh interval (by 1 second) • c — Clear screen • a — Page down • q — Quit Dell#monitor interface gi 3/1 Dell uptime is 1 day(s), 4 hour(s), 31 minute(s) Interfaces...
Page 345: Maintenance Using Tdr
Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs. TDR sends a signal onto the physical cable and examines the reflection of the signal that returns.
Page 346: Splitting Qsfp Ports To Sfp+ Ports
– stack-unit: enter the stack member unit identifier of the stack member to reset. The range is from 0 to 11. – number: enter the port number of the 40G port to be split. The Z9000 range is from 0 to 31. Important Points to Remember •...
Page 347: Link Dampening
• The system must be reloaded after issuing the CLI for the change to take effect. Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes. Every time an interface changes a state or flaps, routing protocols are notified of the status of the routes that are affected by the change in state.
Page 348 The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, Dell Networking OS divides the packet into fragments no bigger than the size set in the ip mtu command.
Page 349: Link Bundle Monitoring
Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Z9000 platform. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it. The destination sends a PAUSE frame back to the source, stopping the sender’s transmission for a period of time.
Page 350: Threshold Settings
The discard threshold defines when the interface starts dropping the packet on the interface. This may be necessary when a connected device does not honor the flow control frame sent by the Z9000 . The discard threshold should be larger than the buffer threshold so that the buffer holds at least hold at least three packets.
Page 351: Configure The Mtu Size On An Interface
1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The MTU range is from 592 to 12000, with a default of 1500. IP MTU automatically configures. The following table lists the various Layer 2 overheads found in Dell Networking OS and the number of bytes.
Page 352: Port-Pipes
1518 bytes and its IP MTU cannot be higher than 1500 bytes. Port-Pipes A port pipe is a Dell Networking-specific term for the hardware path that packets follow through a system. Port pipes travel through a collection of circuits (ASICs) built into line cards and RPMs on which various processing events for the packets occur.
Page 353: Setting The Speed And Duplex Mode Of Ethernet Interfaces
NOTE: The show interfaces status command displays link status, but not administrative status. For both link and administrative status, use the show ip interface [interface | brief | linecard slot-number] [configuration] command. Dell#show interfaces status Port Description Status Speed Duplex Vlan...
Page 354: Set Auto-Negotiation Options
Show autoneg configuration information Dell(conf-if-te-0/1)#mode ? forced-master Force port to master mode forced-slave Force port to slave mode Dell(conf-if-te-0/1)# For details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Interfaces...
Page 355: View Advanced Interface Information
Dell#show ip interface linecard 1 configured Dell#show ip interface gigabitEthernet 1 configured Dell#show ip interface br configured Dell#show ip interface br linecard 1 configured Dell#show ip interface br gigabitEthernet 1 configured Dell#show running-config interfaces configured Dell#show running-config interface gigabitEthernet 1 configured In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information.
Page 356: Configuring The Interface Sampling Size
0 throttles, 0 discarded Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h40m Dell(conf)#interface tengigabitethernet 10/0 Dell(conf-if-te-10/0)#rate-interval 100 Dell#show interfaces Interfaces...
Page 357: Dynamic Counters
Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, Dell Networking OS automatically turns on counting when you enable the application, and is turned off when you disable the application. NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance.
Page 358: Enhanced Validation Of Interface Ranges
– (OPTIONAL) To clear unknown source address (SA) drop counters when you configure the MAC learning limit on the interface, enter the keywords learning-limit. Example of the clear counters Command When you enter this command, confirm that you want Dell Networking OS to clear the interface counters for that interface. Dell#clear counters gi 0/0...
Page 359: Internet Protocol Security (Ipsec)
Internet Protocol Security (IPSec) Internet protocol security (IPSec) is available on the Z9000 platform. IPSec is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways.
Page 360: Configuring Ipsec
Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. Define the transform set. CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp- encryption des Define the crypto policy. CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXform-set session-key inbound esp 256 auth <key>...
Page 361: Ipv4 Routing
For more information about IP addressing, refer to RFC 791, Internet Protocol. Implementation Information In Dell Networking OS, you can configure any IP address as a static route except IP addresses already assigned to interfaces. NOTE: Dell Networking OS supports 31-bit subnet masks (/31, or 255.255.255.254) as defined by RFC 3021.
Page 362: Assigning Ip Addresses To An Interface
[VLAN] or port channel) interfaces to enable IP communication between the system and hosts connected to that interface. In Dell Networking OS, you can assign one primary address and up to 255 secondary IP addresses to each interface. Enter the keyword interface then the type of interface and slot/port information.
Page 363: Configuring Static Routes
– tag tag-value: the range is from 1 to 4294967295. (optional) Example of the show ip route static Command To view the configured routes, use the show ip route static command. Dell#show ip route static Destination Gateway Dist/Metric Last Change...
Page 364: Configure Static Routes For The Management Interface
Direct, Lo 0 --More-- Dell Networking OS installs a next hop that is on the directly connected subnet of current IP address on the interface (for example, if interface gig 0/0 is on 172.31.5.0 subnet, Dell Networking OS installs the static route).
Page 365: Ipv4 Path Mtu Discovery Overview
--More-- IPv4 Path MTU Discovery Overview This functionality is supported on the Z9000 platform. The size of the packet that can be sent across each hop in the network path without being fragmented is called the path maximum transmission unit (PMTU). This value might vary for the same route between two devices, mainly over a public network, depending on the network load and speed, and it is not a consistent value.
Page 366: Using The Configured Source Ip Address In Icmp Messages
Using the Configured Source IP Address in ICMP Messages This feature is supported on the Z9000 platform. ICMP error or unreachable messages are now sent with the configured IP address of the source interface instead of the front-end port IP address as the source IP address. Enable the generation of ICMP unreachable messages through the ip unreachable command in Interface mode.
Page 367: Enabling Directed Broadcast
Dell>show ip tcp reduced-syn-ack-wait Enabling Directed Broadcast By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive directed broadcasts, use the following command.
Page 368: Specifying The Local System Domain And A List Of Domains
Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches the host table first to resolve the partial domain.
Page 369: Arp
ARP runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network. Over time, Dell Networking OS creates a forwarding table mapping the MAC addresses to their corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time.
Page 370: Configuration Tasks For Arp
In Dell Networking OS, Proxy ARP enables hosts with knowledge of the network to accept and forward packets from hosts that contain no knowledge of the network. Proxy ARP makes it possible for hosts to be ignorant of the network, including subnetting.
Page 371: Enabling Proxy Arp
Gratuitous ARP can mean an ARP request or reply. In the context of ARP learning via gratuitous ARP on Dell Networking OS, the gratuitous ARP is a request. A gratuitous ARP request is an ARP request that is not needed according to the ARP specification, but one that hosts may send to: •...
Page 372: Enabling Arp Learning Via Gratuitous Arp
In the request, the host uses its own IP address in the Sender Protocol Address and Target Protocol Address fields. In Dell Networking OS versions prior to 8.3.1.0, if a gratuitous ARP is received some time after an ARP request is sent, only RP2 installs the ARP information. For example: At time t=0 Dell Networking OS sends an ARP request for IP A.B.C.D...
Page 373: Configuring Arp Retries
Configuring ARP Retries In Dell Networking OS versions prior to 8.3.1.0, the number of ARP retries is set to five and is not configurable. After five retries, Dell Networking OS backs off for 20 seconds before it sends a new request.
Page 374: Icmp
The following lists the configuration tasks for ICMP. • Enabling ICMP Unreachable Messages For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled.
Page 375: Important Points To Remember
To enable UDP helper, use the following command. • Enable UPD helper. ip udp-helper udp-ports Example of Enabling UDP Helper Example of the show ip udp-helper Command Dell(conf-if-gi-1/1)#ip udp-helper udp-port 1000 Dell(conf-if-gi-1/1)#show config interface GigabitEthernet 1/1 ip address 2.1.1.1/24 ip udp-helper udp-port 1000 no shutdown To view the interfaces and ports on which you enabled UDP helper, use the show ip udp-helper command from EXEC Privilege mode.
Page 376: Configurations Using Udp Helper
UDP Helper with No Configured Broadcast Addresses UDP Helper with Broadcast-All Addresses When the destination IP address of an incoming packet is the IP broadcast address, Dell Networking OS rewrites the address to match the configured broadcast address. In the following illustration: Packet 1 is dropped at ingress if you did not configure UDP helper address.
Page 377: Udp Helper With Subnet Broadcast Addresses
It is flooded on VLAN 101 without changing the destination address because the forwarding process is Layer 2. If you enabled UDP helper, the system changes the destination IP address to the configured broadcast address 1.1.255.255 and forwards the packet to VLAN 100. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured.
Page 378: Udp Helper With Configured Broadcast Addresses
To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Gi 5/0 with IP DA (0xffffffff) will be sent on Gi 5/1 Gi 5/2 Vlan 3 01:44:54: Pkt rcvd on Gi 7/0 is handed over for DHCP processing.
Page 379 When using the IP helper and UDP helper on the same interface, use the debug ip dhcp command. Example Output from the debug ip dhcp Command Packet 0.0.0.0:68 -> 255.255.255.255:67 TTL 128 2005-11-05 11:59:35 %RELAY-I-PACKET, BOOTP REQUEST (Unicast) received at interface 172.21.50.193 BOOTP Request, XID = 0x9265f901, secs = 0 hwaddr = 00:02:2D:8D: 46:DC,...
Page 381: Ipv6 Routing
IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
Page 382: Ipv6 Headers
NOTE: Dell Networking OS provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS). By default, RA response messages are sent when an RS message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only.
Page 383: Ipv6 Header Fields
IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 41. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling.
Page 384: Extension Header Fields
The following lists the Next Header field values. Value Description Hop-by-Hop option header IPv4 Exterior Gateway Protocol (EGP) IPv6 Routing header Fragmentation header Encrypted Security Authentication header No Next Header Destinations option header NOTE: This table is not a comprehensive list of Next Header field values. For a complete and current listing, refer to the Internet Assigned Numbers Authority (IANA) web page at .
Page 385: Addressing
However, if the Destination Address is a Hop-by-Hop options header, the Extension header is examined by every forwarding router along the packet’s route. The Hop-by-Hop options header must immediately follow the IPv6 header, and is noted by the value 0 (zero) in the Next Header field. Extension headers are processed in the order in which they appear in the packet header.
Page 386 of double colons is supported in a single address. Any number of consecutive 0000 groups may be reduced to two colons, as long as there is only one double colon used in an address. Leading and/or trailing zeros in a group can also be omitted (as in ::1 for localhost, 1:: for network addresses and :: for unspecified addresses).
Page 387: Implementing Ipv6 With Dell Networking Os
Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform.
Page 388 Documentation and Functionality Release Introduction Chapter Location Z9000 IS-IS for IPv6 8.3.11 Intermediate System to Intermediate System IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide. IS-IS for IPv6 support for 8.3.11 Intermediate System to redistribution Intermediate System...
Page 389: Icmpv6
ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 4443.
Page 390: Ipv6 Neighbor Discovery
Figure 42. Path MTU Discovery Process IPv6 Neighbor Discovery IPv6 neighbor discovery protocol (NDP) is supported on the Z9000 platform. NDP is a top-level protocol for neighbor discovery on an IPv6 network. In lieu of address resolution protocol (ARP), NDP uses “Neighbor Solicitation” and “Neighbor Advertisement” ICMPv6 messages for determining relationships between neighboring nodes.
Page 391: Ipv6 Neighbor Discovery Of Mtu Packets
SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 The following are configuration tasks for the IPv6 protocol.
Page 392: Adjusting Your Cam-Profile
IPv6 addresses are supported on the Z9000 platform. Essentially, IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully.
Page 393: Assigning A Static Ipv6 Route
(:). Omitting zeros is accepted as described in Addressing. Assigning a Static IPv6 Route IPv6 static routes are supported on the Z9000 platform. To configure IPv6 static routes, use the ipv6 route command. NOTE: After you configure a static IPv6 route (the ipv6 route command) and configure the forwarding router’s address (specified in the ipv6 route command) on a neighbor’s interface, the...
Page 394: Configuring Telnet With Ipv6
IPv6 telnet is supported on the Z9000 platform. The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router.
Page 395: Showing An Ipv6 Interface
– For a port-channel interface, enter the keywords port-channel then the port-channel number. – For a VLAN interface, enter the keyword vlan then the VLAN ID. Example of the show ipv6 interface Command () Dell#show ipv6 int man 1/0 ManagementEthernet 1/0 is up, line protocol is up IPV6 is enabled...
Page 396: Showing Ipv6 Routes
– To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Example of the show ipv6 route summary Command Example of the show ipv6 route Command Example of the show ipv6 route static Command Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0 static 0 0...
Page 397: Showing The Running-Configuration For An Interface
– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Example of the show running-config interface Command Dell#show run int gi 2/2 interface GigabitEthernet 2/2 no ip address ipv6 address 3:4:5:6::8/24...
Page 398 – *: all routes. – ipv6 address: the format is x:x:x:x::x. – mask: the prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. IPv6 Routing...
Page 399: Intermediate System To Intermediate System
IS-IS is supported on the Z9000 with Dell Networking OS 9.0(0.0). • • The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. • The IS-IS protocol standards are listed in the Standards Compliance chapter.
Page 400: Multi-Topology Is-Is
The NET length is variable, with a maximum of 20 bytes and a minimum of 8 bytes. It is composed of the following: • area address — within your routing domain or area, each area must have a unique area value. The first byte is called the authority and format indicator (AFI).
Page 401: Transition Mode
Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi- topology. A router operating in multi-topology mode does not recognize the ability of the single- topology mode router to support IPv6 traffic, which leads to holes in the IPv6 topology. While in Transition mode, both types of TLVs (single-topology and multi-topology) are sent in LSPs for all configured IPv6 addresses, but the router continues to operate in single-topology mode (that is, the topological restrictions of the single-topology mode remain in effect).
Page 402: Timers
By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing; however, the ISO NET format is supported for addressing.
Page 403: Configuration Information
• Accepts external IPv6 information and advertises this information in the PDUs. The following table lists the default IS-IS values. Table 15. IS-IS Default Values IS-IS Parameter Default Value Complete sequence number PDU (CSNP) interval 10 seconds IS-to-IS hello PDU interval 10 seconds IS-IS interface metric Metric style...
Page 404 Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with neighbors, enable IS-IS on an interface, instead of on a network as with other routing protocols.
Page 405 ROUTER ISIS mode. To view the IS-IS configuration, enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 406 IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: •...
Page 407 Set the minimum interval between SPF calculations. ROUTER ISIS AF IPV6 mode spf-interval [level-l | level-2 | interval] [initial_wait_interval [second_wait_interval]] Use this command for IPv6 route computation only when you enable multi-topology. If using single- topology mode, to apply to both IPv4 and IPv6 route computations, use the spf-interval command in CONFIG ROUTER ISIS mode.
Page 408 LSP. The 'overload' bit is an indication to the receiving router that database synchronization did not complete at the restarting router. To view all graceful restart-related configurations, use the show isis graceful-restart detail command in EXEC Privilege mode. Dell#show isis graceful-restart detail Configured Timer Value ====================== Graceful Restart...
Page 409 Dell# To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode. Dell#show isis interface G1/34 GigabitEthernet 2/10 is up, line protocol is up MTU 1497, Encapsulation SAP Routing Protocol: IS-IS...
Page 410 16,777,215. Dell Networking OS supports five different metric styles: narrow, wide, transition, narrow transition, and wide transition. By default, Dell Networking OS generates and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the metric style of the IS-IS process.
Page 411 To view which metric types are generated and received, use the show isis protocol command in EXEC Privilege mode. The IS-IS matrixes settings are in bold. Example of Viewing IS-IS Metric Types Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 412: Configuring The Distance Of A Route
INTERFACE mode isis metric default-metric [level-1 | level-2] – default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. The range is from 0 to 16777215 if the metric style is wide or wide transition. •...
Page 413 The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level. To view the Link State databases, use the show isis database command. Dell#show isis database IS-IS Level-1 Link State Database LSPID...
Page 414 Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS.
Page 415: Redistributing Ipv4 Routes
Applying IPv6 Routes To apply prefix lists to incoming or outgoing IPv6 routes, use the following commands. NOTE: These commands apply to IPv6 IS-IS only. To apply prefix lists to IPv4 routes, use ROUTER ISIS mode, previously shown. • Apply a configured prefix list to all incoming IPv6 IS-IS routes. ROUTER ISIS-AF IPV6 mode distribute-list prefix-list-name in [interface] Enter the type of interface and slot/port information:...
Page 416: Redistributing Ipv6 Routes
NOTE: These commands apply to IPv4 IS-IS only. To apply prefix lists to IPv6 routes, use ADDRESS- FAMILY IPV6 mode, shown later. • Include BGP, directly connected, RIP, or user-configured (static) routes in IS-IS. ROUTER ISIS mode redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map map-name] Configure the following parameters:...
Page 417: Configuring Authentication Passwords
– map-name: enter the name of a configured route map. • Include specific OSPF routes in IS-IS.ROUTER ISIS mode redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: –...
Page 418: Setting The Overload Bit
Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system.
Page 419: Is-Is Metric Styles
– interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. Dell Networking OS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
Page 420: Configure Metric Values
• narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) • transition (supports both narrow and wide and uses a TLV up to 63) • narrow transition (accepts both narrow and wide and sends only narrow or old-style TLV) •...
Page 421 Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value NOTE: A truncated value is a value that is higher than 63, but set back to 63 because the higher value is not supported. wide narrow transition default value (10) if the original value is greater than 63.
Page 422: Leaks From One Level To Another
Table 18. Metric Value when the Metric Style Changes Multiple Times Beginning Metric Next Metric Style Resulting Metric Next Metric Style Final Metric Value Style Value wide transition truncated value wide original value is recovered wide transition transition truncated value wide transition original value is recovered...
Page 423: Sample Configurations
The following example shows the response from the router: Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of the following three different methods: • Congruent Topology — You must configure both IPv4 and IPv6 addresses on the interface. Enable the ip router isis and ipv6 router isis commands on the interface.
Page 424 TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17...
Page 425 34.0000.0000.AAAA.00 address-family ipv6 unicast multi-topology exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config router isis net 34.0000.0000.AAAA.00 address-family ipv6 unicast multi-topology transition exit-address-family...
Page 427: Link Aggregation Control Protocol (Lacp)
Link aggregation control protocol (LACP) is supported on the Z9000 platform. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic.
Page 428: Lacp Modes
You can configure a maximum of up to 128 port-channels with eight members per channel. LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state.
Page 429: Lacp Configuration Tasks
CONFIGURATION mode switchport Example of Configuring a LAG Interface Example of the tagged Command Dell(conf)#interface port-channel 32 Dell(conf-if-po-32)#no shutdown Dell(conf-if-po-32)#switchport The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG.
Page 430: Configuring The Lag Interfaces As Dynamic
Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface Gigabitethernet 3/15 Dell(conf-if-gi-3/15)#no shutdown Dell(conf-if-gi-3/15)#port-channel-protocol lacp Dell(conf-if-gi-3/15-lacp)#port-channel 32 mode active Dell(conf)#interface Gigabitethernet 3/16 Dell(conf-if-gi-3/16)#no shutdown Dell(conf-if-gi-3/16)#port-channel-protocol lacp Dell(conf-if-gi-3/16-lacp)#port-channel 32 mode active Dell(conf)#interface Gigabitethernet 4/15 Dell(conf-if-gi-4/15)#no shutdown...
Page 431: Monitoring And Debugging Lacp
Dell(conf-if-po-32)#switchport Dell(conf-if-po-32)#lacp long-timeout Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.45a5 Actor Admin Key 1, Oper Key 1, Partner Oper Key 1...
Page 432: Configuring Shared Lag State Tracking
Figure 46. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking.
Page 433: Important Points About Shared Lag State Tracking
port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time.
Page 434: Lacp Basic Configuration Example
• Only a LAG can be a member of a failover group. • You can configure shared LAG state tracking on one side of a link or on both sides. • If a LAG that is part of a failover group is deleted, the failover group is deleted. •...
Page 435 Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface Index is 109101113 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode full duplex, Slave Flowcontrol rx on tx on ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface"...
Page 436 Figure 49. Inspecting the LAG Configuration Link Aggregation Control Protocol (LACP)
Page 437 Figure 50. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP)
Page 438 Figure 51. Verifying LAG 10 Status on ALPHA Using the show lacp Command Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/31)#shutdown Alpha(conf-if-gi-2/31)#port-channel-protocol lacp Alpha(conf-if-gi-2/31-lacp)#port-channel 10 mode active Alpha(conf-if-gi-2/31-lacp)#no shut Alpha(conf-if-gi-2/31)#show config interface GigabitEthernet 2/31 no ip address port-channel-protocol LACP port-channel 10 mode active no shutdown Alpha(conf-if-gi-2/31)#...
Page 439 interface GigabitEthernet 2/31 no ip address Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config interface Port-channel 10 no ip address switchport no shutdown Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/21)#port-channel-protocol lacp Bravo(conf-if-gi-3/21-lacp)#port-channel 10 mode active Bravo(conf-if-gi-3/21-lacp)#no shut Bravo(conf-if-gi-3/21)#end interface GigabitEthernet 3/21...
Page 440 Figure 52. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP)
Page 441 Figure 53. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP)
Page 442: Setting Up A Threshold For Utilization Of High-Gigabit Port Channels
Setting Up a Threshold for Utilization of High-Gigabit Port Channels This functionality is supported on the Z9000 platform. You can monitor a backplane high-Gigabit Ethernet port channel and generate a system logging message or an SNMP trap when the traffic distribution and the handled data packets on the bundle are uneven or inconsistent.
Page 443 To provision trunk groups on Z9000 platforms, one trunk group (hiGig link bundle) on each leaf unit is created and four trunk groups on each spine unit are created. A total of 12 trunk groups are present on the two spines and four leafs of the Z9000 platform.
Page 444: Guidelines For Monitoring High-Gigabit Port Channels
NPU, and the port channel identifiers. • For Z9000, slotId (stack unitId) is constant and does not vary. NpuUnitId ranges from 0-5 and local portChannelId ranges from 0-0 for leaf NpuUnits and 0-3 for spine NpuUnits.
Page 445: Enabling The Verification Of Member Links Utilization In A High-Gigabit Port Channel
Enabling the Verification of Member Links Utilization in a High-Gigabit Port Channel This procedure is supported on the Z9000 platform. To examine the working efficiency of the high-Gigabit Ethernet port channel interfaces, perform the following steps: Use the hg-link-bundle-monitor slot slotId npuUnit npuUnitId hg-port-channel portChannelId enable command in Global Configuration mode to enable this functionality to detect the working efficiency of the high-Gigabit port channel bundle interfaces.
Page 446 In an NPU unit, the port numbering of backplane local ports starts from the end of the last front-end local port ID used. Until Dell Networking OS Release 9.2(0.0), the show commands displayed only the details computed by the buffer statistics tracking counters for the egress queues. You can use the show hardware stack- unit <unit-num>...
Page 447: Layer 2
Layer 2 Layer 2 features are supported on the Z9000 platform. Manage the MAC Address Table Dell Networking OS provides the following management activities for the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries •...
Page 448: Configuring A Static Mac Address
Setting Station Move Violation Actions • Recovering from Learning Limit and Station Move Violations Dell Networking OS Behavior: When configuring the MAC learning limit on a port or VLAN, the configuration is accepted (becomes part of running-config and show mac learning-limit Layer 2...
Page 449: Setting The Mac Learning Limit
Entries created before this option is set are not affected. Dell Networking OS Behavior: If you do not configure the dynamic option, the systems do not detect station moves in which a MAC address learned off of a MAC-limited port is learned on another port on same line card.
Page 450: Mac Learning-Limit Mac-Address-Sticky
EXEC Privilege mode show mac learning-limit Dell Networking OS Behavior: The systems do not generate a station-move violation log entry for physical interfaces or port-channels when you configure mac learning-limit or when you configure mac learning-limit station-move-violation log. Dell Networking OS detects a station-move...
Page 451: Learning Limit Violation Actions
Learning Limit Violation Actions Learning limit violation actions are supported only on the Z9000 platform. To configure the system to take an action when the MAC learning limit is reached on an interface and a new address is received using one the following options with the mac learning-limit command, use the following commands.
Page 452: Recovering From Learning Limit And Station Move Violations
Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down using the shutdown command and then re-enabling it using the no shutdown command.
Page 453: Configure Redundant Pairs
Down state until the primary fails, at which point it transitions to Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces.
Page 454 Up state. If the primary interface fails and later comes back up, it remains as the backup interface for the redundant pair. Dell Networking OS supports only Gigabit, 10 Gigabit, and 40-Gigabit ports and port channels as primary/ backup interfaces in redundant pairs. (A port channel is also referred to as a link aggregation group (LAG).
Page 455: Important Points About Configuring Redundant Pairs
GigabitEthernet 3/42 no shutdown interface GigabitEthernet 3/42 no ip address switchport no shutdown Dell(conf-if-range-gi-3/41-42)# Dell(conf-if-range-gi-3/41-42)#do show ip int brief | find 3/41 GigabitEthernet 3/41 unassigned YES Manual up GigabitEthernet 3/42 unassigned NO Manual up down [output omitted]...
Page 456: Far-End Failure Detection
Dell(conf-if-po-1)# Far-End Failure Detection Far-end failure detection (FEFD) is supported on the Z9000 platform. FEFD is a protocol that senses remote data link errors in a network. FEFD responds by sending a unidirectional report that triggers an echoed response after a specified time interval. You can enable FEFD globally or locally on an interface basis.
Page 457: Fefd State Changes
Figure 58. Configuring Far-End Failure Detection The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not available.
Page 458: Configuring Fefd
You can enable FEFD globally or on a per-interface basis. Interface FEFD configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. Configuring FEFD You can configure FEFD for all interfaces from CONFIGURATION mode, or on individual interfaces from INTERFACE mode.
Page 459: Enabling Fefd On An Interface
Gi 1/2 Normal 3 Admin Shutdown Gi 1/3 Normal 3 Admin Shutdown Dell#show run fefd fefd-global mode normal fefd-global interval 3 Enabling FEFD on an Interface To enable, change, or disable FEFD on an interface, use the following commands. •...
Page 460: Debugging Fefd
2w1d22h: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Gi 1/0 Dell(conf-if-gi-1/0)#2w1d22h : FEFD state on Gi 1/0 changed from ANY to Unknown 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Gi 1/0 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Gi 4/0...
Page 461 Dell#debug fefd packets Dell#2w1d22h : FEFD packet sent via interface Gi 1/0 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Gi 1/0) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Gi 4/0) Sender hold time -- 3 (second) 2w1d22h : FEFD packet received on interface Gi 4/0...
Page 463: Link Layer Discovery Protocol (Lldp)
Link Layer Discovery Protocol (LLDP) The link layer discovery protocol (LLDP) is supported on the Z9000 platform. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Page 464: Optional Tlvs
Organizationally Specific TLVs. Figure 60. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs A management TLV is an optional TLVs sub-type. This kind of TLV contains essential management information about the sender.
Page 465 Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs.
Page 466: Tia-1057 (Lldp-Med) Overview
• LLDP-MED Network Connectivity Device — any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Link Layer Discovery Protocol (LLDP)
Page 467: Tia Organizationally Specific Tlvs
LLDP-MED is designed for, but not limited to, VoIP endpoints. TIA Organizationally Specific TLVs The Dell Networking system is an LLDP-MED Network Connectivity Device (Device Type 4). Network connectivity devices are responsible for: • transmitting an LLDP-MED capability TLV to endpoint devices •...
Page 468 LLDP-MED capability (as shown in the following table). • The possible values of the LLDP-MED device type are shown in the following. The Dell Networking system is a network connectivity device, which is Type 4. When you enable LLDP-MED in Dell Networking OS (using the advertise med command), the system begins transmitting this TLV.
Page 469 An integer represents the application type (the Type integer shown in the following table), which indicates a device function for which a unique network policy is defined. An individual LLDP-MED network policy TLV is generated for each application type that you specify with the Dell Networking OS CLI (Advertising TLVs).
Page 470 NOTE: As shown in the following table, signaling is a series of control packets that are exchanged between an endpoint device and a network connectivity device to establish and maintain a connection. These signal packets might require a different network policy than the media packets for which a connection is made.
Page 471: Configure Lldp
• Power Type — there are two possible power types: power source entity (PSE) or power device (PD). The Dell Networking system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification. •...
Page 472: Important Points To Remember
Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000.
Page 473: Enabling Lldp
Enabling LLDP LLDP is enabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs. To enable LLDP, use the following command. Enter Protocol LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp Enable LLDP.
Page 474: Advertising Tlvs
Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no. Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. •...
Page 475: Viewing The Lldp Configuration
Figure 65. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Example of Viewing LLDP Global Configurations Example of Viewing LLDP Interface Configurations R1(conf)#protocol lldp R1(conf-lldp)#show config protocol lldp...
Page 476: Viewing Information Advertised By Adjacent Lldp Agents
Time since last information change of this neighbor: 01:50:16 Remote MTU: 1554 Remote System Desc: Dell Force10 Networks Real Time Operating System Software . Dell Force10 Operating System Version: 1.0. Dell Force10 App lication Software Version: 7.5.1.0. Copyright (c) 19...
Page 477: Configuring Lldpdu Intervals
R1(conf-lldp)# Configuring Transmit and Receive Mode After you enable LLDP, Dell Networking systems transmit and receive LLDPDUs by default. To configure the system to transmit or receive only and return to the default, use the following commands. •...
Page 478: Configuring A Time To Live
• Return to the default setting. CONFIGURATION mode or INTERFACE mode no mode Example of Configuring a Single Mode R1(conf)#protocol lldp R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? Rx only Tx only R1(conf-lldp)#mode tx...
Page 479: Debugging Lldp
advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#multiplier ? <2-10> Multiplier (default=4) R1(conf-lldp)#multiplier 5 R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description multiplier 5 no disable R1(conf-lldp)#no multiplier R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id...
Page 480: Relevant Management Objects
Figure 66. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on the local agent •...
Page 481 MIB Object LLDP Variable LLDP MIB Object Description Category msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs. txInfoTTL lldpTxInfoTTL Time to live for transmitted TLVs. Basic TLV mibBasicTLVsTxEnable lldpPortConfigTLVsTxEnabl Indicates which Selection management TLVs are enabled for system ports.
Page 482 Table 28. LLDP System MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object Chassis ID chassis ID subtype Local lldpLocChassisIdSub type Remote lldpRemChassisIdSu btype chassid ID Local lldpLocChassisId Remote lldpRemChassisId Port ID port subtype Local lldpLocPortIdSubtyp Remote lldpRemPortIdSubty port ID Local...
Page 483 TLV Type TLV Name TLV Variable System LLDP MIB Object interface numbering Local lldpLocManAddrIfSu subtype btype Remote lldpRemManAddrIfS ubtype interface number Local lldpLocManAddrIfId Remote lldpRemManAddrIfId Local lldpLocManAddrOID Remote lldpRemManAddrOI Table 29. LLDP 802.1 Organizationally specific TLV MIB Objects TLV Type TLV Name TLV Variable System...
Page 484 Table 30. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object lldpXMedPortCapSu LLDP-MED LLDP-MED Local pported Capabilities Capabilities lldpXMedPortConfig TLVsTx Enable lldpXMedRemCapSu Remote pported lldpXMedRemConfig TLVsTxEnable LLDP-MED Class Local lldpXMedLocDevice Type Class Remote lldpXMedRemDevice Class Network Policy Application Type Local...
Page 485 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Location Identifier Location Data Local lldpXMedLocLocatio Format nSubtype Remote lldpXMedRemLocati onSubtype Location ID Data Local lldpXMedLocLocatio nInfo Remote lldpXMedRemLocati onInfo Extended Power via Power Device Type Local lldpXMedLocXPoED eviceType Remote lldpXMedRemXPoED eviceType lldpXMedLocXPoEPS...
Page 487: Microsoft Network Load Balancing
Microsoft Network Load Balancing This functionality is supported on the Z9000 platform. Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
Page 488: Nlb Multicast Mode Scenario
If the active server sends a reply, the Dell switch learns the active server’s MAC address. If all servers reply, the switch registers only the last received ARP reply, and the switch learns one server’s actual MAC address;...
Page 489: Enable And Disable Vlan Flooding
Configuring a Switch for NLB This functionality is supported on the Z9000 platform. To enable a switch for unicast NLB mode of functioning, perform the following steps: Enter the ip vlan-flooding command to specify that all Layer 3 unicast routed data traffic, going through a VLAN member port, needs to be flooded across all the member ports of that VLAN.
Page 491: Multicast Source Discovery Protocol (Msdp)
Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on the Z9000 platform. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Page 492 Figure 67. Multicast Source Discovery Protocol (MSDP) RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected.
Page 493: Anycast Rp
New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell Networking OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446. Configure Multicast Source Discovery Protocol Configuring MSDP is a four-step process.
Page 494 • Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active Cache • Preventing MSDP from Caching a Local Source • Preventing MSDP from Caching a Remote Source • Preventing MSDP from Advertising a Local Source •...
Page 495 Figure 70. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP)
Page 496 Figure 71. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP)
Page 497: Enable Msdp
Figure 72. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. Enable MSDP. CONFIGURATION mode ip multicast-msdp Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Multicast Source Discovery Protocol (MSDP)
Page 498: Manage The Source-Active Cache
Example of Configuring MSDP Example of Viewing Peer Information R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr Local Addr State Source Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache).
Page 499: Limiting The Source-Active Cache
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries.
Page 500 Figure 73. MSDP Default Peer, Scenario 1 Multicast Source Discovery Protocol (MSDP)
Page 501 Figure 74. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP)
Page 502 Figure 75. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP)
Page 503: Specifying Source-Active Messages
RPs that the ACL denies are subject to the normal RPF check. Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Multicast Source Discovery Protocol (MSDP)
Page 504: Limiting The Source-Active Messages From A Peer
Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 00:13:49 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 00:13:49 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 00:13:49 Dell#ip msdp sa-cache rejected-sa...
Page 505: Preventing Msdp From Caching A Remote Source
Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache. To apply the redistribute filter to entries already present in the SA cache, first clear the SA cache.
Page 506: Preventing Msdp From Advertising A Local Source
R3_E600(conf)#do show ip msdp sa-cache R3_E600(conf)# R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.0(639) Connect Source: Lo 0 State: Listening Up/Down Time: 00:01:19 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none...
Page 507: Logging Changes In Peership States
Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with the higher IP address listens on port 639.
Page 508: Debugging Msdp
Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.3(639) Connect Source: Lo 0 State: Established Up/Down Time: 00:04:26 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 5/0 SAs learned from this peer: 0 SA Filtering:...
Page 509 technique is less effective as traffic increases because preemptive load balancing requires prior knowledge of traffic distributions. • lack of scalable register decasulation: With only a single RP per group, all joins are sent to that RP regardless of the topological distance between the RP, sources, and receivers, and data is transmitted to the RP until the SPT switch threshold is reached.
Page 510: Configuring Anycast Rp
Configuring Anycast RP To configure anycast RP, use the following commands. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback Make this address the RP for the group.
Page 511 CONFIGURATION mode ip msdp originator-id Example of R1 Configuration for MSDP with Anycast RP Example of R2 Configuration for MSDP with Anycast RP Example of R3 Configuration for MSDP with Anycast RP ip multicast-routing interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown interface GigabitEthernet 1/2...
Page 512 ip address 10.11.0.23/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown interface Loopback 1 ip address 192.168.0.22/32 no shutdown router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.22/32 area 0 redistribute static redistribute connected redistribute bgp 100 router bgp 100...
Page 513: Msdp Sample Configurations
neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.22 update-source Loopback 0 neighbor 192.168.0.22 no shutdown ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.22 ip route 192.168.0.1/32 10.11.0.23 ip route 192.168.0.22/32 10.11.0.23 ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 MSDP Sample Configurations The following examples show the running-configurations described in this chapter.
Page 514 interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown interface Loopback 0 ip address 192.168.0.2/32 no shutdown router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0...
Page 515 redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-multihop 255 neighbor 192.168.0.2 update-source Loopback 0 neighbor 192.168.0.2 no shutdown ip multicast-msdp ip msdp peer 192.168.0.1 connect-source Loopback 0 ip route 192.168.0.2/32 10.11.0.23 ip multicast-routing interface GigabitEthernet 4/1 ip pim sparse-mode...
Page 517: Multiple Spanning Tree Protocol (Mstp)
Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) is supported on the Z9000 platform. Protocol Overview MSTP — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
Page 518: Spanning Tree Variations
Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 31. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w...
Page 519: Enable Multiple Spanning Tree Globally
Enable MSTP. PROTOCOL MSTP mode no disable Example of Verifying MSTP is Enabled To verify that MSTP is enabled, use the show config command in PROTOCOL MSTP mode. Dell(conf)#protocol spanning-tree mstp Dell(config-mstp)#show config protocol spanning-tree mstp no disable Dell# Adding and Removing Interfaces To add and remove interfaces, use the following commands.
Page 520 All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID 1 100...
Page 521: Influencing Mstp Root Selection
Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default region name on Dell Networking OS is null. • Revision is a 2-byte number. The default revision number on Dell Networking OS is 0.
Page 522: Changing The Region Name Or Revision
Dell Networking OS equipment that participates in MSTP, ensure these values match on all the equipment. NOTE: Some non-Dell Networking OS equipment may implement a non-null default region name. SFTOS, for example, uses the Bridge ID, while others may use a MAC address.
Page 523 The default is 15 seconds. Change the hello-time parameter. PROTOCOL MSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds.
Page 524: Modifying The Interface Parameters
Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port. • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port.
Page 525: Flush Mac Addresses After A Topology Change
Dell(conf-if-gi-3/41)# Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes. However, you may activate the flushing mechanism defined by 802.1Q-2003 using the tc-flush- standard command, which flushes MAC addresses after every topology change notification.
Page 526: Mstp Sample Configurations
EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 79. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs.
Page 527 (Step 3) interface Vlan 100 no ip address tagged GigabitEthernet 1/21,31 no shutdown interface Vlan 200 no ip address tagged GigabitEthernet 1/21,31 no shutdown interface Vlan 300 no ip address tagged GigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs.
Page 528 Router 3 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. Assign Layer-2 interfaces to the MSTP topology. Create VLANs mapped to MSTP instances tag interfaces to the VLANs. (Step 1) protocol spanning-tree mstp no disable...
Page 529: Debugging And Verifying Mstp Configurations
(Step 2) interface 1/0/31 no shutdown spanning-tree port mode enable switchport protected 0 exit interface 1/0/32 no shutdown spanning-tree port mode enable switchport protected 0 exit (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300...
Page 530 – To verify the VLAN to MSTP instance mapping, use the show commands. – Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. Dell#show run spanning-tree mstp protocol spanning-tree mstp name Tahiti...
Page 531 4w0d4h : MSTP: Received BPDU on Gi 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x78Different Region (Indicates MSTP routers are in different regions and are not communicating with each other.) CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 Regional Bridge Id: 32768:0001.e806.953e, CIST Port Id: 128:470 Msg Age: 0, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver Name: Tahiti, Rev: 123, Int Root Path Cost: 0...
Page 533: Multicast Features
CONFIGURATION mode ip multicast-routing Multicast with ECMP Dell Networking multicast uses equal-cost multi-path (ECMP) routing to load-balance multiple streams across equal cost links. When creating the shared-tree protocol independent multicast (PIM) uses routes from all configured routing protocols to select the best route to the rendezvous point (RP). If there are multiple, equal-cost paths, the PIM selects the route with the least number of currently running multicast streams.
Page 534: Implementation Information
Because protocol control traffic in Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic.
Page 535: First Packet Forwarding For Lossless Multicast
Networking system is the RP, and has receivers for a group G, it forwards all initial multicast packets for the group based on the (*,G) entry rather than discarding them until the (S,G) entry is created, making Dell Networking systems suitable for applications sensitive to multicast packet loss.
Page 536 • If the limit is decreased after it is reached, Dell Networking OS does not clear the existing sessions. Entries are cleared after a timeout (you may also clear entries using clear ip mroute). NOTE: Dell Networking OS waits at least 30 seconds between stopping and starting IGMP join processing.
Page 537 no access list limiting Receiver 1, so both IGMP reports are accepted, and two corresponding entries are created in the routing table. Figure 81. Preventing a Host from Joining a Group Table 33. Preventing a Host from Joining a Group — Description Location Description •...
Page 538 Location Description • no shutdown • Interface GigabitEthernet 1/31 1/31 • ip pim sparse-mode • ip address 10.11.13.1/24 • no shutdown • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface GigabitEthernet 2/11 2/11 •...
Page 539 Location Description • ip igmp access-group igmpjoinfilR2G2 • no shutdown Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied.
Page 540 Figure 82. Preventing a Source from Transmitting to a Group Table 34. Preventing a Source from Transmitting to a Group — Description Location Description • Interface GigabitEthernet 1/21 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 •...
Page 541 Location Description • no shutdown • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface GigabitEthernet 2/11 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown • Interface GigabitEthernet 2/31 2/31 •...
Page 542 To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
Page 543: Open Shortest Path First (Ospfv2 And Ospfv3)
Z9000 platform. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3.
Page 544: Area Types
Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers. An area within the AS may not see the details of another area’s topology.
Page 545: Networks And Neighbors
AS information from the backbone or other areas. However, a virtual link can traverse it. • Totally stubby areas are referred to as no summary areas in the Dell Networking OS. Networks and Neighbors As a link-state protocol, OSPF sends routing information to other OSPF routers concerning the state of the links between them.
Page 546 Figure 84. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone.
Page 547: Designated And Backup Designated Routers
These router designations are not the same ad the router IDs described earlier. The DRs and BDRs are configurable in Dell Networking OS. If you do not define DR or BDR in Dell Networking OS, the system assigns them. OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR.
Page 548 available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement originated. The link-state ID for Type 4 LSAs is the router ID of the described ASBR). • Type 5: LSA — These LSAs contain information imported into OSPF from other routing processes. They are flooded to all areas, except stub areas.
Page 549: Router Priority And Cost
Figure 85. Priority and Cost Examples OSPF with Dell Networking OS Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within that 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes.
Page 550: Graceful Restart
Dell Networking OS supports stub areas, totally stub (no summary) and not so stubby areas (NSSAs) and supports the following LSAs, as described earlier. • Router (type 1) • Network (type 2) • Network Summary (type 3) • AS Boundary (type 4) •...
Page 551: Fast Convergence (Ospfv2, Ipv4 Only)
Fast convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. Dell Networking OS allows you to accept and originate LSAa as soon as they are available to speed up route information propagation.
Page 552: Rfc-2328 Compliant Ospf Flooding
Enabling RFC-2328 Compliant OSPF Flooding To enable OSPF flooding, use the following command. When you enable this command, it configures Dell Networking OS to flood LSAs on all interfaces. • Enable RFC 2328 flooding.
Page 553: Ospf Ack Packing
In Dell Networking OS, the OSPF dead interval value is, by default, set to 40 seconds, and is independent of the OSPF hello interval. Configuring a hello interval does not change the dead interval in Dell Networking OS.
Page 554: Configuration Information
Enable OSPF globally. Assign network area and neighbors. Add interfaces or configure other attributes. For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Open Shortest Path First (OSPFv2 and OSPFv3)
Page 555 In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described.
Page 556 EXEC mode show ip ospf process-id Example of Viewing the Current OSPFv2 Status Dell#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs...
Page 557 Return to CONFIGURATION mode to enable the OSPFv2 process globally. CONFIGURATION mode router ospf process-id [vrf] The range is from 0 to 65535. After the OSPF process and the VRF are tied together, the OSPF process ID cannot be used again in the system.
Page 558 Dell(conf-router_ospf-1)#network 20.20.20.20/24 area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out to all physical interfaces assigned an IP address that is a subset of a network on which OSPF is enabled.
Page 559 Loopback interfaces also help the OSPF process. OSPF picks the highest interface address as the router- id and a Loopback interface address has a higher precedence than other interface addresses. Dell#show ip ospf 1 int GigabitEthernet 13/23 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.1...
Page 560 Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database- summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID Router Network S-Net S-ASBR Type-7 Subtotal 2.2.2.2...
Page 561 When you configure a passive interface, the show ip ospf process-id interface command adds the words passive interface to indicate that the hello packets are not transmitted on that interface (shown in bold). Dell#show ip ospf 34 int GigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10...
Page 562 Dell# Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors.
Page 563 The dead interval must be the same on all routers in the OSPF network. • Change the time interval between hello-packet transmission. CONFIG-INTERFACE mode ip ospf hello-interval seconds – seconds: the range is from 1 to 65535 (the default is 10 seconds). The hello interval must be the same on all routers in the OSPF network.
Page 564 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface GigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.2.100...
Page 565 Graceful restart is enabled for the global OSPF process. For more information, refer to Graceful Restart. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • grace period — the length of time the graceful restart process can last before OSPF terminates it. •...
Page 566 After you enable restart mode the router advertises the neighbor as fully adjacent during a restart. For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to the following.
Page 567 Example of Viewing OSPF Configuration after Redistributing Routes To view the current OSPF configuration, use the show running-config ospf command in EXEC mode or the show config command in ROUTER OSPF mode. Dell(conf-router_ospf)#show config router ospf 34 Open Shortest Path First (OSPFv2 and OSPFv3)
Page 568 Dell(conf-router_ospf)# Troubleshooting OSPFv2 Dell Networking OS has several tools to make troubleshooting easier. Be sure to check the following, as these questions represent typical issues that interrupt an OSPFv2 process. NOTE: The following is not a comprehensive list, just some examples of typical troubleshooting checks.
Page 569: Sample Configurations For Ospfv2
– packet: view OSPF packet information. – spf: view SPF information. – database-timers rate-limit: view the LSAs currently in the queue. Example of Viewing OSPF Configuration Dell#show run ospf router ospf 3 router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1...
Page 570: Ospf Area 0 - Gl 1/1 And 1/2
Figure 86. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 — Gl 1/1 and 1/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 interface GigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown interface GigabitEthernet 1/2 ip address 10.2.12.2/24 no shutdown...
Page 571: Ospf Area 0 - Gl 2/1 And 2/2
Configuration Task List for OSPFv3 (OSPF for IPv6) Open shortest path first version 3 (OSPF for IPv6) is supported on the Z9000 platform. The configuration options of OSPFv3 are the same as those options for OSPFv2, but you may configure OSPFv3 with differently labeled commands.
Page 572: Assigning Ipv6 Addresses On An Interface
Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands. Assign an IPv6 address to the interface. CONF-INT-type slot/port mode ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits; separate each group by a colon (:).
Page 573: Configuring Stub Areas
– number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Enter an example that illustrates the current task (optional).
Page 574: Redistributing Routes
– tag tag-value: The range is from 0 to 4294967295. Configuring a Default Route To generate a default external route into the OSPFv3 routing domain, configure Dell Networking OS. To specify the information for the default route, use the following command.
Page 575 period command. The grace period is the time that the OSPFv3 neighbors continue to advertise the restarting router as though it is fully adjacent. When you enable graceful restart (restarting role), an OSPFv3 restarting expects its OSPFv3 neighbors to help when it restarts by not advertising the broken link.
Page 576 180 network 20.1.1.0/24 area 0 network 30.1.1.0/24 area 0 ipv6 router ospf 1 log-adjacency-changes graceful-restart grace-period 180 Dell#show ipv6 ospf database database-summary OSPFv3 Router with ID (200.1.1.1) (Process ID 1) Process 1 database summary Type Count/Status Oper Status...
Page 577: Ospfv3 Authentication Using Ipsec
ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
Page 578 between the two mechanisms is the extent of the coverage. ESP only protects IP header fields if they are encapsulated by ESP. You decide the set of IPsec protocols that are employed for authentication and encryption and the ways in which they are employed. When you correctly implement and deploy IPsec, it does not adversely affect users or hosts.
Page 579 – Configuring IPsec Authentication on an Interface – Configuring IPsec Encryption on an Interface – Configuring IPsec Authentication for an OSPFv3 Area – Configuring IPsec Encryption for an OSPFv3 Area – Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands.
Page 580 NOTE: When you configure encryption using the ipv6 ospf encryption ipsec command, you enable both IPsec encryption and authentication. However, when you enable authentication on an interface using the ipv6 ospf authentication ipsec command, you do not enable encryption at the same time. The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router.
Page 581 If you have enabled IPSec encryption in an OSPFv3 area using the area encryption command, you cannot use the area authentication command in the area at the same time. The configuration of IPSec authentication on an interface-level takes precedence over an area-level configuration.
Page 582 – area area-id: specifies the area for which OSPFv3 traffic is to be encrypted. For area-id, enter a number or an IPv6 prefix. – spi number: is the security policy index (SPI) value. The range is from 256 to 4294967295. –...
Page 583 Inbound ESP Cipher Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Outbound ESP Cipher Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set : esp-128-aes esp-sha1-hmac Dell#show crypto ipsec sa ipv6 Interface: TenGigabitEthernet 0/0 Link Local address: fe80::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 inbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac...
Page 584: Troubleshooting Ospfv3
STATUS : ACTIVE Troubleshooting OSPFv3 Dell Networking OS has several tools to make troubleshooting easier. Consider the following information as these are typical issues that interrupt the OSPFv3 process. NOTE: The following troubleshooting section is not meant to be a comprehensive list, only examples of typical troubleshooting checks.
Page 585 • show ipv6 routes Viewing Summary Information To get general route, configuration, links status, and debug information, use the following commands. • View the summary information of the IPv6 routes. EXEC Privilege mode show ipv6 route summary • View the summary information for the OSPFv3 database. EXEC Privilege mode show ipv6 ospf database •...
Page 587: Policy-Based Routing (Pbr)
Policy-based Routing (PBR) Policy-based Routing is supported on the Z9000 platform. This chapter covers the following topics: • Overview • Implementing Policy-based Routing with Dell Networking OS • Configuration Task List for Policy-based Routing • Sample Configuration Overview Policy-based Routing (PBR) enables you to make routing decisions based on policies applied to a specific interface.
Page 588 • If the specified next-hops are not reachable, then the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-Lists are applied at Ingress. Policy-based Routing (PBR)
Page 589: Implementing Policy-Based Routing With Dell Networking Os
Implementing Policy-based Routing with Dell Networking OS • Non-contiguous bitmasks for PBR • Hot-Lock PBR Non-contiguous bitmasks for PBR Non-contiguous bitmasks for PBR allows more granular and flexible control over routing policies. Network addresses that are in the middle of a subnet can be included or excluded. Specific bitmasks can be entered using the dotted decimal format.
Page 590 The following example creates a redirect list by the name of “xyz.” Dell(conf)#ip redirect-list ? WORD Redirect-list name (max 16 chars) Dell(conf)#ip redirect-list xyz Create a Rule for a Redirect-list Use the following command in CONFIGURATION REDIRECT-LIST mode to set the rules for the redirect list.
Page 591 15 redirect 10.1.1.3 ip 20.1.1.0/25 any seq 20 redirect 10.1.1.3 ip 20.1.1.0/24 any Dell(conf-redirect-list)# NOTE: Starting in release 9.4(0.0), Dell Networking OS supports the use of multiple recursive routes with the same source-address and destination-address combination in a redirect policy on an router.
Page 592: Pbr Exceptions (Permit)
Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Since the order of rules is important, ensure that you configure any necessary sequence numbers.
Page 593 Dell(conf-if-te-1/0)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration, use the following command in EXEC mode:...
Page 594: Sample Configuration
ARP status for the specified next-hop. Showing CAM PBR Configuration Example : Dell(conf-if-te-8/1)#do show cam pbr stack-unit 0 port-set 0 TCP Flag: Bit 5 - URG, Bit 4 - ACK, Bit 3 - PSH, Bit 2 - RST, Bit 1 - SYN, Bit...
Page 595: Redirect-List Gold
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-3/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD. seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any seq 15 permit ip any any...
Page 596 View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23), ARP resolved seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23), ARP resolved seq 15 permit ip any any Applied interfaces: Te 2/11 EDGE_ROUTER#...
Page 597: Pim Sparse-Mode (Pim-Sm)
The SPT-Threshold is zero, which means that the last-hop designated router (DR) joins the shortest path tree (SPT) to the source after receiving the first multicast packet. • Dell Networking OS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. •...
Page 598: Refuse Multicast Traffic
Prune message. Dell Networking OS Behavior: When the router creates an SPT to the source, there are then two paths between the receiver and the source, the SPT and the RPT. Until the router can prune itself from the RPT, the receiver receives duplicate multicast packets which may cause disruption.
Page 599: Configuring Pim-Sm
Example of Viewing PIM Neighbors Example of Viewing the PIM Multicast Routing Table To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface VIFindex Ver/ Query DR...
Page 600: Configuring S,G Expiry Timers
NOTE: You can influence the selection of the Rendezvous Point by enabling PIM-Sparse mode on a Loopback interface and assigning a low IP address. To display PIM neighbors for each interface, use the show ip pim neighbor command EXEC Privilege mode. Dell#show ip pim neighbor Neighbor Interface Uptime/Expires Address Prio/Mode 127.87.5.5...
Page 601 10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf)#ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer To display the expiry time configuration, use the show running-configuration [acl | pim] command from EXEC Privilege mode. PIM Sparse-Mode (PIM-SM)
Page 602: Configuring A Static Rendezvous Point
226.1.1.1 165.87.50.5 To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 PIM Sparse-Mode (PIM-SM)
Page 603: Configuring A Designated Router
To enable PIM-SM graceful restart, use the following commands. • Enable PIM-SM graceful restart (non-stop forwarding capability). CONFIGURATION mode ip pim graceful-restart nsf – (option) restart-time: the time the Dell Networking system requires to restart. The default value is 180 seconds. PIM Sparse-Mode (PIM-SM)
Page 604 – (option) helper-only: this mode takes precedence over any graceful restart configuration. NOTE: In helper-only mode, the system preserves the PIM states of a neighboring router while the neighbor gracefully restarts, but the Dell Networking system allows itself to be taken off the forwarding path if it restarts.
Page 605: Pim Source-Specific Mode (Pim-Ssm)
SPT. PIM-SSM uses IGMPv3. Because receivers subscribe to a source and group, the RP and shared tree is unnecessary; only SPTs are used. On Dell Networking systems, it is possible to use PIM-SM with IGMPv3 to achieve the same result, but PIM-SSM eliminates the unnecessary protocol overhead.
Page 606: Configure Pim-Smm
Then, specify the multicast source. • When an SSM map is in place and Dell Networking OS cannot find any matching access lists for a group, it continues to create (*,G) entries because there is an implicit deny for unspecified groups in the ACL.
Page 607: Configuring Pim-Ssm With Igmpv2
When an extended ACL is associated with this command, Dell Networking OS displays an error message. If you apply an extended ACL before you create it, Dell Networking OS accepts the configuration, but when the ACL is later defined, Dell Networking OS ignores the ACL and the stated mapping has no effect.
Page 608 Interface Vlan 400 Group 239.0.0.1 Uptime 00:00:05 Expires Never Router mode INCLUDE Last reporter 10.11.4.2 Last reporter mode INCLUDE Last report received ALLOW Group source list Source address Uptime Expires 10.11.5.2 00:00:05 00:02:04 Member Ports: Gi 1/2 PIM Source-Specific Mode (PIM-SSM)
Page 609: Port Monitoring
In general, a monitoring port should have no ip address and no shutdown as the only configuration; Dell Networking OS permits a limited set of commands for monitoring ports. You can display these commands using the ? command. A monitoring port also may not be a member of a VLAN.
Page 610: Port Monitoring
Dell (conf-mon-sess-2)# Port Monitoring The Z9000 supports multiple source-destination statements in a monitor session. The maximum number of source ports that can be supported in a session is 128. The maximum number of destination ports that can be supported is 4 per port pipe.
Page 611 Dest IP ------ ------ ------------ ---- --------- -------- Te 0/0 Te 0/1 Port Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#source po 10 dest ten 0/1 dir rx Dell(conf-mon-sess-0)#do show monitor session SessID Source Destination Mode Source IP Dest IP ------ ------ ----------- ----...
Page 612: Enabling Flow-Based Monitoring
Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define in access-list rules that include the keyword monitor. For port monitoring, Dell Networking OS only considers traffic matching rules with the keyword monitor. CONFIGURATION mode ip access-list...
Page 613: Remote Port Mirroring
Flow-based Remote Port Mirroring Remote Port Mirroring is supported on the following Z9000 platform. While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port on the same switch/router, remote port mirroring allows you to monitor Layer 2 and Layer 3 ingress or egress or both ingressing or egressing traffic on multiple source ports on different switches and forward the mirrored traffic to multiple destination ports on different switches.
Page 614: Configuring Remote Port Mirroring
source session uses a separate reserved VLAN to transmit mirrored packets (mirrored source-session traffic is shown with an orange or green circle with a blue border). The reserved VLANs transport the mirrored traffic in sessions (blue pipes) to the destination analyzers in the local network.
Page 615 • Mirrored traffic is transported across the network using 802.1Q-in-802.1Q tunneling. The source address, destination address and original VLAN ID of the mirrored packet are preserved with the tagged VLAN header. Untagged source packets are tagged with the reserve VLAN ID. •...
Page 616: Displaying Remote-Port Mirroring Configurations
Port-channel 10 destination remote-vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode. Dell(conf)#do show monitor session SessID Source Destination...
Page 617 Configuring the sample Source Remote Port Mirroring Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#mode remote-port-mirroring Dell(conf-if-vl-10)#tagged te 0/4 Dell(conf-if-vl-10)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source te 0/5 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Dell(conf-mon-sess-1)#exit Dell(conf)#inte vlan 100 Dell(conf-if-vl-100)#tagged te 0/7 Dell(conf-if-vl-100)#exit Dell(conf)#interface vlan 20...
Page 618 Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 0/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 0/28-29 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir both Dell(conf-mon-sess-3)#no disable Dell(conf-mon-sess-3)# Dell(conf-mon-sess-3)#exit Dell(conf)#end Dell# Dell#show monitor session SessID Source...
Page 619 Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source remote-vlan 10 dest te 0/3 Dell(conf-mon-sess-1)#exit Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source remote-vlan 20 destination te 0/4 Dell(conf-mon-sess-2)#tagged destination te 0/4 Dell(conf-mon-sess-2)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 0/5 Dell(conf-mon-sess-3)#tagged destination te 0/5...
Page 620: Configuring The Encapsulated Remote Port Mirroring
Important: The steps to be followed for the ERPM Encapsulation : • Dell Networking OS supports ERPM Source session only. The Encapsulated packets terminate at the destination ip or at the analyzer. • Make sure that the destination ip is reachable via the configured ip route (static or dynamic) •...
Page 621 Sample example for monitoring the VLANs as source, an access list with monitor keyword in its rules needs to be attached to the vlan interface. Dell(conf)#mac access-list standard flow Dell(config-std-macl)#seq 5 permit 00:00:0a:00:00:0b count monitor Dell#show running-config interface vlan 11 interface Vlan 11...
Page 622: Erpm Behavior On A Typical Dell Networking Os
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported.
Page 623 – This script erpm.zip is available for download at the following location: http:// en.community.dell.com/techcenter/networking/m/force10_networking_scripts/ 20438882.aspx – Unzip the erpm.zip and copy the erpm.py file to the Linux server.
Page 625: Private Vlans (Pvlan)
Dell Networking OS Command Line Reference Guide. Private VLANs extend the Dell Networking OS security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN). A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair.
Page 626: Using The Private Vlan Commands
– A primary VLAN has one or more secondary VLANs. – A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. – A primary VLAN has one or more promiscuous ports. –...
Page 627: Configuration Task List
VLANs are operationally up, Layer 3 traffic is still transmitted across secondary VLANs. NOTE: The outputs of the show arp and show vlan commands provide PVLAN data. For more information, refer to the Dell Networking OS Command Line Reference Guide. Configuration Task List The following sections contain the procedures that configure a private VLAN.
Page 628: Creating A Primary Vlan
“regular” ports (ports not configured as PVLAN ports) to PVLANs. The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)#interface GigabitEthernet 2/1 Dell(conf-if-gi-2/1)#switchport mode private-vlan promiscuous Dell(conf)#interface GigabitEthernet 2/2 Dell(conf-if-gi-2/2)#switchport mode private-vlan host Dell(conf)#interface GigabitEthernet 2/3 Dell(conf-if-gi-2/3)#switchport mode private-vlan trunk...
Page 629: Creating A Community Vlan
Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be: • Specified in comma-delimited (VLAN-ID,VLAN-ID) or hyphenated-range format (VLAN-ID- VLAN-ID). • Specified with this command even before they have been created. •...
Page 630: Creating An Isolated Vlan
PVLAN member VLANs (primary, community, and isolated VLANs). Dell#conf Dell(conf)# interface vlan 10 Dell(conf-vlan-10)# private-vlan mode primary Dell(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 Dell(conf-vlan-10)# untagged Gi 2/1 Dell(conf-vlan-10)# tagged Gi 2/3 Dell(conf)# interface vlan 101 Dell(conf-vlan-101)# private-vlan mode community...
Page 631: Private Vlan Configuration Example
Dell(conf-vlan-100)# private-vlan mode isolated Dell(conf-vlan-100)# untagged Gi 2/2 Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 88. Sample Private VLAN Topology The following configuration is based on the example diagram for the C300–1: • Gi 0/0 and Gi 23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000.
Page 632: Inspecting The Private Vlan Configuration
Display the type and status of the configured PVLAN interfaces. show interfaces private-vlan [interface interface] This command is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. •...
Page 633 The following examples show the results of using this command without the command options on the C300 and S50V switches in the topology diagram previously shown. • Display the primary-secondary VLAN mapping. The following example shows the output from the S50V.
Page 634 no ip address switchport switchport mode private-vlan promiscuous no shutdown interface GigabitEthernet 0/4 no ip address switchport switchport mode private-vlan host no shutdown interface GigabitEthernet 0/5 no ip address switchport switchport mode private-vlan host no shutdown interface GigabitEthernet 0/6 no ip address switchport switchport mode private-vlan host no shutdown...
Page 635: Per-Vlan Spanning Tree Plus (Pvst+)
For more information about spanning tree, refer to the Spanning Tree Protocol (STP) chapter. Figure 89. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Per-VLAN Spanning Tree Plus (PVST+)
Page 636: Implementation Information
The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multivendor network, verify that the costs are values you intended.
Page 637: Enabling Pvst
Enabling PVST+ When you enable PVST+, Dell Networking OS instantiates STP on each active VLAN. Enter PVST context. PROTOCOL PVST mode protocol spanning-tree pvst Enable PVST+. PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands.
Page 638 Figure 90. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority.
Page 639: Modifying Global Pvst+ Parameters
The default is 15 seconds. • Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. •...
Page 640: Modifying Interface Pvst+ Parameters
NOTE: The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multi-vendor network, verify that the costs are values you intended.
Page 641: Configuring An Edgeport
[bpduguard | shutdown-on-violation] The EdgePort status of each interface is given in the output of the show spanning-tree pvst command, as previously shown. Dell Networking OS Behavior: Regarding the bpduguard shutdown-on-violation command behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Page 642: Pvst+ In Multi-Vendor Networks
PVST+ to avoid potential misconfigurations. If you enable PVST+ on the Dell Networking switch in this network, P1 and P2 receive BPDUs from each other. Ordinarily, the Bridge ID in the frame matches the Root ID, a loop is detected, and the rules of convergence require that P2 move to blocking state because it has the lowest port ID.
Page 643: Pvst+ Sample Configurations
Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.73f7...
Page 644 no ip address switchport no shutdown interface Vlan 100 no ip address tagged GigabitEthernet 2/12,32 no shutdown interface Vlan 200 no ip address tagged GigabitEthernet 2/12,32 no shutdown interface Vlan 300 no ip address tagged GigabitEthernet 2/12,32 no shutdown protocol spanning-tree pvst no disable vlan 200 bridge-priority 4096 interface GigabitEthernet 3/12...
Page 645: Quality Of Service (Qos)
Quality of service (QoS) is supported on the Z9000 platform. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 37. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based, and Multicast QoS Features Feature...
Page 646 Feature Direction Configure a Scheduler to Queue Egress Specify WRED Drop Precedence Egress Create Policy Maps Ingress + Egress Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress...
Page 647: Implementation Information
Figure 92. Dell Networking QoS Architecture Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication. It also implements these Internet Engineering Task Force (IETF) documents: • RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers •...
Page 648: Setting Dot1P Priorities For Incoming Traffic
Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value.
Page 649: Configuring Port-Based Rate Policing
Configuring port-based rate limiting is supported on the Z9000 platform. Dell Networking OS Behavior: Rate shaping is effectively rate limiting because of its smaller buffer size. Rate shaping buffers, rather than drops, traffic exceeding the specified rate until the buffer is exhausted. If any stream exceeds the configured bandwidth on a continuous basis, it can consume all of the buffer space that is allocated to the port.
Page 650: Policy-Based Qos Configurations
QoS Policy mode Rate-shape Example of rate shape Command Dell#config Dell(conf)#interface tengigabitethernet 1/0 Dell(conf-if)#rate shape 500 50 Dell(conf-if)#end Dell# Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 93. Constructing Policy-Based QoS Configurations...
Page 651: Classify Traffic
Class maps differentiate traffic so that you can apply separate quality of service policies to each class. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them.
Page 652 In cases such as these, where class-maps with overlapping ACL rules are applied to different queues, use the keyword order. Dell Networking OS writes to the CAM ACL rules with lower order numbers (order numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended.
Page 653 To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification.
Page 654: Create A Qos Policy
Matched Packets value shown in the show qos statistics command is reset. NOTE: To avoid issues misconfiguration causes, Dell Networking recommends configuring either DCBX or Egress QoS features, but not both simultaneously. If you enable both DCBX and Egress QoS at the same time, the DCBX configuration is applied and unexpected behavior occurs on the Egress QoS.
Page 655 26.67% 53.33% • Allocate bandwidth to queues. bandwidth-percentage Specifying WRED Drop Precedence Specifying WRED drop precedence is supported on the Z9000 platform. • Specify a WRED profile to yellow and/or green traffic. QOS-POLICY-OUT mode wred For more information, refer to Applying a WRED Profile to Traffic.
Page 656: Create Policy Maps
POLICY-MAP-IN mode policy-aggregate Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. Enter the context of your task here (optional). This is where introductory content goes.
Page 657 Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature. The following table specifies the queue to which the classified traffic is sent based on the dot1p value.
Page 658 Mapping dot1p Values to Service Queues All traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, you can create service classes based the queueing strategy in Honoring dot1p Values on Ingress Packets. You may apply this queuing strategy globally by entering the following command from CONFIGURATION mode.
Page 659: Enabling Qos Rate Adjustment
Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations.
Page 660: Enabling Strict-Priority Queueing
The default is disabled. Enabling Strict-Priority Queueing Strict-priority means that Dell Networking OS de-queues all packets from the assigned queue before servicing any other queues. • The strict-priority supersedes bandwidth-percentage configuration.
Page 661: Creating Wred Profiles
Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it. DSCP is a 6–bit field. Dell Networking uses the first three bits (LSB) of this field (DP) to determine the drop precedence.
Page 662: Displaying Default And Configured Wred Profiles
Pre-calculating available QoS CAM space is supported on the Z9000 platform. Before Dell Networking OS version 7.3.1, there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable; from 1 to 16 entries might be used per rule depending upon its complexity).
Page 663: Configuring Weights And Ecn For Wred
• Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status ============================================================================= L2ACL...
Page 664: Global Service Pools With Wred And Ecn Settings
A global buffer pool, whichis a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed, can be configured on the Z9000 platform. Support for global service pools is now available. You can configure global service pools that are shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed.
Page 665: Configuring Wred And Ecn Attributes
Z9000 platform. The functionality to configure a weight for WRED and ECN functionality for front-end ports is supported on the Z9000 platform. A global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed can be configured on the Z9000 platform.
Page 666 Dell(conf) #service-class wred weight queue0 11 queue6 4 queue7 9 backplane Create a global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. The Z9000 platform supports only pool mode...
Page 667: Classifying Layer 2 Traffic On Layer 3 Interfaces
Classifying Packets Based on a Combination of DSCP Code Points and VLAN IDs This functionality is supported on the Z9000 platform. You can configure a classifier map, which contains both the Differentiated Services Code Point (DSCP) and MAC VLAN IDs as parameters, for filtering packets that are received before they are forwarded or dropped.
Page 668 VLAN ID. You can attach this class map with a policy map, and associate the policy map with a service queue. When you link class maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities).
Page 669: Routing Information Protocol (Rip)
Routing Information Protocol (RIP) Routing information protocol (RIP) is supported on the Z9000 platform. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter.
Page 670: Implementation Information
Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the defaults for RIP in Dell Networking OS.
Page 671 After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode.
Page 672 A prefix list is applied to incoming or outgoing routes. Those routes must meet the conditions of the prefix list; if not, Dell Networking OS drops the route. Prefix lists are globally applied on all interfaces running RIP. Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process.
Page 673 Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send version or the ip rip receive version commands in INTERFACE mode.
Page 674 To configure an interface to receive or send both versions of RIP, include 1 and 2 in the command syntax. The command syntax for sending both RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example. Dell(conf-if)#ip rip send version 1 2 Dell(conf-if)#ip rip receive version 2 Routing Information Protocol (RIP)
Page 675 The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold). Dell#show ip protocols...
Page 676 The autosummary command requires no other configuration commands. To disable automatic route summarization, enter no autosummary in ROUTER RIP mode. NOTE: If you enable the ip split-horizon command on an interface, the system does not advertise the summarized address. Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link.
Page 677: Rip Configuration Example
Enable debugging of RIP. Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function. Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command.
Page 678 Core 2 RIP Output The examples in the section show the core 2 RIP output. Example of the show ip rip database Command to View Learned RIP Routes on Core 2 Example of the show ip route Command to Show RIP Setup on Core 2 Example of the show ip protocols Command to Show RIP Configuration Activity on Core 2 •...
Page 679 Sending updates every 30 seconds, next due in 17 Invalid after 180 seconds, hold down 180, flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in effect Outgoing filter for all interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface Recv Send...
Page 680 10.11.10.0/24 [120/1] via 10.11.20.2, 00:00:13, GigabitEthernet 3/21 10.200.10.0/24 [120/1] via 10.11.20.2, 00:00:13, GigabitEthernet 3/21 10.300.10.0/24 [120/1] via 10.11.20.2, 00:00:13, GigabitEthernet 3/21 10.11.20.0/24 directly connected,GigabitEthernet 3/21 10.11.30.0/24 directly connected,GigabitEthernet 3/11 10.0.0.0/8 auto-summary 192.168.1.0/24 directly connected,GigabitEthernet 3/43 192.168.1.0/24 auto-summary 192.168.2.0/24 directly connected,GigabitEthernet 3/44 192.168.2.0/24 auto-summary Core3#...
Page 681 Distance: (default is 120) Core3# RIP Configuration Summary Example of Viewing RIP Configuration on Core 2 Example of Viewing RIP Configuration on Core 3 interface GigabitEthernet 2/11 ip address 10.11.10.1/24 no shutdown interface GigabitEthernet 2/31 ip address 10.11.20.2/24 no shutdown interface GigabitEthernet 2/41 ip address 10.200.10.1/24 no shutdown...
Page 683: Remote Monitoring (Rmon)
Remote Monitoring (RMON) Remote monitoring (RMON) is supported on the Z9000 platform. RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces.
Page 684: Setting The Rmon Alarm
The sampling process continues after the chassis returns to operation. • Platform Adaptation — RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Setting the rmon Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode.
Page 685: Configuring An Rmon Event
This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode.
Page 686: Configuring The Rmon Collection History
The following command example enables the RMON statistics collection on the interface, with an ID value of 20 and an owner of john. Dell(conf-if-mgmt)#rmon collection statistics controlEntry 20 owner john Configuring the RMON Collection History To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in INTERFACE CONFIGURATION mode.
Page 687: Rapid Spanning Tree Protocol (Rstp)
(STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 44. Spanning Tree Variations Dell Networking OS Supports...
Page 688: Important Points To Remember
Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs.
Page 689: Enabling Rapid Spanning Tree Protocol Globally
To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. The bold lines indicate that the interface is in Layer 2 mode. Dell(conf-if-gi-1/1)#show config interface GigabitEthernet 1/1 no ip address...
Page 690 If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4...
Page 691: Adding And Removing Interfaces
Number of transitions to forwarding state 1 BPDU : sent 121, received 2 The port is not in the Edge port mode Port 379 (GigabitEthernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.379, designated path cost 0 Number of transitions to forwarding state 1...
Page 692: Modifying Global Parameters
Max-age — the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. NOTE: Dell Networking recommends that only experienced network administrators change the Rapid Spanning Tree group parameters. Poorly planned modification of the RSTP parameters can negatively affect network performance.
Page 693: Enabling Snmp Traps For Root Elections And Topology Changes
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40.
Page 694: Enabling Snmp Traps For Root Elections And Topology Changes
PortFast mode in Spanning Tree. CAUTION: Configure EdgePort only on links connecting to an end station. If you enable EdgePort on an interface connected to a network, it can cause loops. Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: Rapid Spanning Tree Protocol (RSTP)
Page 695: Configuring Fast Hellos For Link State Detection
Dell(conf-if-gi-2/0)# Configuring Fast Hellos for Link State Detection Fast hellos for link state detection are available on the Z9000 platform. To achieve sub-second link-down detection so that convergence is triggered faster, use RSTP fast hellos. The standard RSTP link-state detection mechanism does not offer the same low link-state detection speed.
Page 696 The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e811.2233...
Page 697: Software-Defined Networking (Sdn)
Software-Defined Networking (SDN) Dell Networking operating software supports Software-Defined Networking (SDN). For more information, refer to the SDN Deployment Guide. Software-Defined Networking (SDN)
Page 699: Security
Security features are supported on the Z9000 platform. This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide.
Page 700 – tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null Username Sessions When you activate AAA accounting, the Dell Networking OS software issues accounting records for all users on the system, including users whose username string is NULL because of protocol translation.
Page 701: Aaa Authentication
With AAA, you can specify the security protocol or mechanism for different login methods and different users. In Dell Networking OS, AAA uses a list of authentication methods, called method lists, to define the types of authentication and the sequence in which they are applied. You can define a method list or use the default method list.
Page 702: Configuration Task List For Aaa Authentication
If the first method list does not respond or returns an error, Dell Networking OS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, Dell Networking OS does not apply the next method list.
Page 703 To view the configuration, use the show config command in LINE mode or the show running- config in EXEC Privilege mode. NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH).
Page 704: Aaa Authorization
Every command in Dell Networking OS is assigned a privilege level of 0, 1, or 15. You can configure up to 16 privilege levels in Dell Networking OS. Dell Networking OS is pre-configured with three privilege levels and you can configure 13 more.
Page 705: Configuration Task List For Privilege Levels
You can configure passwords to control access to the box and assign different privilege levels to users. Dell Networking OS supports the use of passwords when you log in to the system and when you enter the enable command. If you move between privilege levels, you are prompted for a password if you move to a higher privilege level.
Page 706 EXEC Privilege mode. In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered Dell Networking OS, you can enter the enable 15 command to access and configure all CLIs. Configuring Custom Privilege Levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels.
Page 707 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • command: an Dell Networking OS CLI keyword (up to five keywords allowed). • reset: return the command to its default privilege mode.
Page 708 Line 3: The configure command is assigned to privilege level 8 because it needs to reach CONFIGURATION mode where the snmp-server commands are located. Line 4: The snmp-server commands, in CONFIGURATION mode, are assigned to privilege level 8. Dell(conf)#username john privilege 8 password john Dell(conf)#enable password level 8 notjohn Dell(conf)#privilege exec level 8 configure...
Page 709 • Set a user’s security level. EXEC Privilege mode enable or enable privilege-level If you do not enter a privilege level, Dell Networking OS sets it to 15 by default. • Move to a lower privilege level. EXEC Privilege mode disable level-number –...
Page 710: Radius
This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to the RADIUS server and requests authentication of the user and password. The RADIUS server returns one of the following responses: •...
Page 711: Radius Authentication
For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aaa authentication login command.
Page 712: Configuration Task List For Radius
Monitoring RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication.
Page 713 To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If you configure multiple RADIUS server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. When Dell Networking OS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response.
Page 714 – encryption-type: enter 7 to encrypt the password. Enter 0 to keep the password as plain text. – key: enter a string. The key can be up to 42 characters long. You cannot use spaces in the key. • Configure the number of times Dell Networking OS retransmits RADIUS requests. CONFIGURATION mode radius-server retransmit retries –...
Page 715: Tacacs
TACACS+ Remote Authentication • Specifying a TACACS+ Server Host For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the TACACS hosts specified.
Page 716: Tacacs+ Remote Authentication
For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method. In the following example, the TACACS+ is incorrect, but the user is still authenticated by the secondary method.
Page 717 Example of Connecting with a TACACS+ Server Host To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple times. If you configure multiple TACACS+ server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured.
Page 718: Command Authorization
Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use authentication. SSH is enabled by default.
Page 719: Using Scp With Ssh To Copy A Software Image
Specifying an SSH Version The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 Dell(conf)#do show ip ssh SSH server : disabled.
Page 720: Secure Shell Authentication
2, respectively. Enabling SSH Authentication by Password Authenticate an SSH client by prompting for a password when attempting to connect to the Dell Networking system. This setup is the simplest method of authentication and uses SSH version 1. To enable SSH password authentication, use the following command.
Page 721 The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version 2. On the SSH client (Unix machine), generate an RSA key, as shown in the following example. Copy the public key id_rsa.pub to the Dell Networking system. Disable password authentication if enabled. CONFIGURATION mode no ip ssh password-authentication enable Bind the public keys to RSA authentication.
Page 722 Copy the file shosts and rhosts to the Dell Networking system. Disable password authentication and RSA authentication, if configured CONFIGURATION mode or EXEC Privilege mode no ip ssh password-authentication or no ip ssh rsa-authentication Enable host-based authentication. CONFIGURATION mode ip ssh hostbased-authentication enable Bind shosts and rhosts to host-based authentication.
Page 723: Troubleshooting Ssh
Dell(conf)#ip telnet server enable Dell(conf)#no ip telnet server enable VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 46. VTY Access...
Page 724: Vty Line Local Authentication And Authorization
Dell Networking OS can assign different access classes to different users by username. Until users attempt to log in, Dell Networking OS does not know if they will be assigned a VTY line. This means that incoming users always see a login prompt even if you have excluded them from the VTY line with a deny- all access class.
Page 725: Vty Mac-Sa Filter Support
(same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address.
Page 727: Service Provider Bridging
Service provider bridging is supported on the Z9000 platform. VLAN Stacking Virtual local area network (VLAN) stacking is supported on the Z9000 platform. VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q —...
Page 728: Important Points To Remember
To switch traffic, add these interfaces to a non-default VLAN- Stack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN. • This limitation becomes relevant if you enable the port as a multi-purpose port (carrying single- tagged and double-tagged traffic).
Page 729: Configure Vlan Stacking
Enabling VLAN-Stacking for a VLAN. Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Dell Networking OS Options for Trunk Ports • Debugging VLAN Stacking • VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands.
Page 730: Enable Vlan-Stacking For A Vlan
The default is 9100. To display the S-Tag TPID for a VLAN, use the show running-config command from EXEC privilege mode. Dell Networking OS displays the S-Tag TPID only if it is a non-default value. Configuring Dell Networking OS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged...
Page 731: Debugging Vlan Stacking
In the following example, GigabitEthernet 0/1 is a trunk port that is configured as a hybrid port and then added to VLAN 100 as untagged VLAN 101 as tagged, and VLAN 103, which is a stacking VLAN. Dell(conf)#int gi 0/1 Dell(conf-if-gi-0/1)#portmode hybrid...
Page 732: Vlan Stacking In Multi-Vendor Networks
While 802.1Q requires that the inner tag TPID is 0x8100, it does not require a specific value for the outer tag TPID. Systems may use any 2-byte value; Dell Networking OS uses 0x9100 (shown in the following) while non-Dell Networking systems might use a different value.
Page 733 Figure 98. Single and Double-Tag TPID Match Service Provider Bridging...
Page 734 Figure 99. Single and Double-Tag First-byte TPID Match Service Provider Bridging...
Page 735: Vlan Stacking Packet Drop Precedence
Figure 100. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet drop precedence is available on the Z9000 platform. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested.
Page 736: Honoring The Incoming Dei Value
By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an Dell Networking OS drop precedence. Precedence can have one of three colors.
Page 737: Marking Egress Packets With A Dei Value
{green | yellow} {0 | 1} Example of Viewing DEI-Marking Configuration To display the DEI-marking configuration, use the show interface dei-mark [interface slot/ port | linecard number port-set number] in EXEC Privilege mode. Dell#show interface dei-mark Default CFI/DEI Marking: 0 Interface Drop precedence CFI/DEI --------------------------------...
Page 738 1:8 expansion in these content addressable memory (CAM) tables. Dell Networking OS Behavior: For Option A shown in the previous illustration, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence.
Page 739: Mapping C-Tag To S-Tag Dot1P Values
service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly, use the following commands. Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. CONFIGURATION mode cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number {vman-qos | vman-qos-dual-...
Page 740 MAC address rewritten to the original MAC address and forwarded to the opposing network region (shown in the following illustration). Dell Networking OS Behavior: In Dell Networking OS versions prior to 8.2.1.0, the MAC address that Dell Networking systems use to overwrite the Bridge Group Address on ingress was non-configurable. The value of the L2PT MAC address was the Dell Networking-unique MAC address, 01-01-e8-00-00-00.
Page 741: Implementation Information
Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge.
Page 742: Enabling Layer 2 Protocol Tunneling
Specifying a Destination MAC Address for BPDUs By default, Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command.
Page 743: Debugging Layer 2 Protocol Tunneling
Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. •...
Page 745: Sflow
Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe. If you do not enable sFlow on any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe’s lowest sampling rate.
Page 746: Important Points To Remember
(RPM) management Ethernet port. • Dell Networking OS exports all sFlow packets to the collector. A small sampling rate can equate to many exported packets. A backoff mechanism is automatically applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect.
Page 747: Enabling And Disabling Sflow On An Interface
INTERFACE mode [no] sflow enable To disable sFlow on an interface, use the no version of this command. sFlow Show Commands Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Globally • Displaying Show sFlow on an Interface •...
Page 748: Displaying Show Sflow On An Interface
Display sFlow configuration information and statistics on a specific interface. EXEC mode show sflow interface interface-name Example of Viewing sFlow Configuration (Interface) Example of the show running-config interface Command to View sFlow Information Dell#show sflow interface gigabitethernet 1/16 Gi 1/16 Configured sampling rate :8192 Actual sampling rate...
Page 749: Configuring Specify Collectors
Example of Viewing sFlow Configuration (Line Card) Dell#show sflow stack-unit 1 stack-unit 1 Samples rcvd from h/w :165 Samples dropped for sub-sampling :69 Total UDP packets exported UDP packets exported via RPM UDP packets dropped Configuring Specify Collectors The sflow collector command allows identification of sFlow collectors to which sFlow datagrams are forwarded.
Page 750: Sflow On Lag Ports
Example of Verifying Extended sFlow is Enabled Example of Verifying Extended sFlow Disabled The bold line shows that extended sFlow settings are enabled on all three types. Dell#show sflow sFlow services are enabled Global default sampling rate: 4096 Global default counter polling interval: 15...
Page 751: Important Points To Remember
• To export extended-gateway data, BGP must learn the IP destination address. • If the IP destination address is not learned via BGP the Dell Networking system does not export extended-gateway data. • If the IP source address is learned via IGP, srcAS and srcPeerAS are zero.
Page 752 IP SA IP DA srcAS and dstAS and Description srcPeerAS dstPeerAS addresses are learned by different routing protocols, and for cases where is source is reachable over ECMP. Exported Exported Extended gateway data is packed. sFlow...
Page 753: Simple Network Management Protocol (Snmp)
The following describes SNMP implementation information. • Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901, and SNMP version 3 as defined by RFC 2571. •...
Page 754 AES-CFB 128 encryption algorithm needs to be used. Dell(conf)#snmp-server user snmpguy snmpmon 3 auth sha AArt61wq priv aes128 jntRR59a In this example, for a specified user and a group, the AES128-CFB algorithm, the authentication password to enable the server to receive packets from the host, and the privacy password to encode the message contents are configured.
Page 755: Configuration Task List For Snmp
NOTE: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these configurations use SNMP version 2c.
Page 756: Creating A Community
Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message. You must specify whether members of the community may only retrieve values (read), or retrieve and alter values (read-write).
Page 757: Reading Managed Object Values
You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable objects using the snmpwalk command.
Page 758: Writing Managed Object Values
SNMPv2-MIB::sysContact.0 = STRING: > snmpgetnext -v 2c -c mycommunity 10.11.131.161 sysContact.0 > snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Force10 Real Time Operating System Software Dell Force10 Operating System Version: 1.0 Dell Force10 Application Soft;ware Version: E_MAIN4.7.6.350...
Page 759: Configuring Contact And Location Information Using Snmp
You may use up to 55 characters. The default is None. • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmp-server location text You may use up to 55 characters.
Page 760: Subscribing To Managed Object Value Updates Using Snmp
Subscribing to Managed Object Value Updates using SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system.
Page 761: Enabling A Subset Of Snmp Traps
PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command.
Page 762 envmon fan FAN_TRAY_BAD: Major alarm: fantray %d is missing or down FAN_TRAY_OK: Major alarm cleared: fan tray %d present FAN_BAD: Minor alarm: some fans in fan tray %d are down FAN_OK: Minor alarm cleared: all fans in fan tray %d are good Enable VLT traps.
Page 763: Copy Configuration Files Using Snmp
• copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses. The examples in this section use IPv4 addresses;...
Page 764 MIB Object Object Values Description 1 = Dell Networking OS copyDestFileType Specifies the type of file file 1.3.6.1.4.1.6027.3.5.1.1.1. to copy to. • 2 = running-config copySourceFileType is running-config or 3 = startup-config startup-config, the default copyDestFileLocatio n is flash. •...
Page 765: Copying A Configuration File
CONFIGURATION mode snmp-server community community-name rw Copy the f10-copy-config.mib MIB from the Dell iSupport web page to the server to which you are copying the configuration file. On the server, use the snmpset command as shown in the following example.
Page 766: Copying The Startup-Config Files To The Running-Config
• Copy the running-config to the startup-config from the UNIX machine. snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Example of Copying Configuration Files (Using MIB Object Names) Example of Copying Configuration Files (Using OIDs) The following examples show the command syntax using MIB object names and the same command using the object OIDs.
Page 767: Copying The Startup-Config Files To The Server Via Ftp
/home/myfilename copyServerAddress.4 a 11.11.11.11 Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP.
Page 768: Additional Mib Objects To View Copy Statistics
172.16.1.56 copyUserName.10 s mylogin copyUserPassword. 10 s mypass Additional MIB Objects to View Copy Statistics Dell Networking provides more MIB objects to view copy statistics, as shown in the following table. Table 50. Additional MIB Objects for Copying Configuration Files via SNMP MIB Object...
Page 769: Obtaining A Value For Mib Objects
Obtaining a Value for MIB Objects To obtain a value for any of the MIB objects, use the following command. • Get a copy-config MIB object value. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address [OID.index | mib-object.index] index: the index value used in the snmpset command used to complete the copy operation. NOTE: You can use the entire OID rather than the object name.
Page 770: Assigning A Vlan Alias
MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto Displaying the Ports in a VLAN Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command. Add Tagged and Untagged Ports to a VLAN The value dot1qVlanStaticEgressPorts object is an array of all VLAN members.
Page 771: Managing Overload On Startup
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNMPv2-SMI::mib-2.17.7.1.4.3.1.4.1107787786 = Hex-STRING: 40 00 00 00 00 00 00 00 00 00 00...
Page 772: Enabling And Disabling A Port Using Snmp
Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs.
Page 773 Table 51. MIB Objects for Fetching Dynamic MAC Entries in the Forwarding Database MIB Object Description dot1dTpFdbTable .1.3.6.1.2.1.17.4.3 Q-BRIDGE MIB List the learned unicast MAC addresses on the default VLAN. dot1qTpFdbTable .1.3.6.1.2.1.17.7.1.2. 2 Q-BRIDGE MIB List the learned unicast MAC addresses on non- default VLANs.
Page 774: Deriving Interface Indices
The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface. Dell Networking OS converts this binary index number to decimal, and displays it in the output of the show interface command.
Page 775: Monitor Port-Channels
The system image can also be retrieved by performing an SNMP walk on the following OID: MIB Object is chSysSwModuleTable and the OID is 1.3.6.1.4.1.6027.3.10.1.2.8. Dell#show interface gig 1/21 GigabitEthernet 1/21 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:0d:b7:4e...
Page 776: Troubleshooting Snmp Operation
SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior. • When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the output for echo replies may be incorrectly displayed.
Page 777: Storm Control
The storm control feature allows you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic.
Page 779: Spanning Tree Protocol (Stp)
CPU utilization and memory consumption. Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 53. Dell Networking OS Supported Spanning Tree Protocols...
Page 780: Important Points To Remember
STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time.
Page 781: Enabling Spanning Tree Protocol Globally
INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-gi-1/1)#show config interface GigabitEthernet 1/1 no ip address switchport no shutdown...
Page 782 To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode. Dell(conf)#protocol spanning-tree 0 Dell(config-span)#show config protocol spanning-tree 0...
Page 783: Adding An Interface To The Spanning Tree Group
The port is not in the portfast mode To confirm that a port is participating in Spanning Tree, use the show spanning-tree 0 brief command from EXEC privilege mode. Dell#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462...
Page 784: Modifying Global Parameters
You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hello- time, and max-age and overwrites the values set on other bridges participating in STP. NOTE: Dell Networking recommends that only experienced network administrators change the spanning tree parameters. Poorly planned modification of the spanning tree parameters can negatively affect network performance.
Page 785: Modifying Interface Stp Parameters
• Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology). PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree 0 command from EXEC privilege mode.
Page 786: Prevent Network Disruptions With Bpdu Guard
The following example shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Networking system is configured with Portfast. If the switch is connected to the hub, the BPDUs that the switch generates might trigger an undesirable topology change. If you enable BPDU Guard, when the edge port receives the BPDU, the BPDU is dropped, the port is blocked, and a console message is generated.
Page 787 – Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). – Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 106. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: •...
Page 788: Selecting Stp Root
Gi 0/6 Root 128.263 128 20000 FWD 20000 P2P Gi 0/7 ErrDis 128.264 128 20000 EDS 20000 P2P Dell(conf-if-gi-0/7)#do show ip int br gi 0/7 Interface IP-Address OK Method Status Protocol GigabitEthernet 0/7 unassigned YES Manual up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge.
Page 789: Stp Root Guard
Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard STP root guard is supported on the platform. Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the bridge-priority command) is selected as the root bridge.
Page 790: Configuring Root Guard
Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
Page 791: Enabling Snmp Traps For Root Elections And Topology Changes
• Configure all spanning tree types to be hitless. CONFIGURATION mode redundancy protocol xstp Example of Configuring all Spanning Tree Types to be Hitless Dell(conf)#redundancy protocol xstp Dell#show running-config redundancy redundancy protocol xstp Dell# Spanning Tree Protocol (STP)
Page 792: Stp Loop Guard
STP Loop Guard STP loop guard is supported only on the platform. The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault. When a cable or interface fails, a participating STP link may become unidirectional (STP requires links to be bidirectional) and an STP port does not receive BPDUs.
Page 793: Configuring Loop Guard
Configuring Loop Guard Enable STP loop guard on a per-port or per-port channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface.
Page 794: Displaying Stp Guard Configuration
BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU. • Verify the STP guard configured on port or port-channel interfaces. show spanning-tree 0 guard [interface interface] Example of Viewing STP Guard Configuration Dell#show spanning-tree 0 guard Interface Name Instance Sts Guard type...
Page 795: System Time And Date
System time and date settings and the network time protocol (NTP) are supported on the Z9000 platform. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings.
Page 796: Protocol Overview
(secondary servers) in the hierarchy assigned as one greater than the preceding level. Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP host with which to synchronize and serve as a client to the NTP host.
Page 797: Configure The Network Time Protocol
Enabling NTP NTP is disabled by default. To enable NTP, specify an NTP server to which the Dell Networking system synchronizes. To specify multiple servers, enter the command multiple times. You may specify an unlimited number of servers at the expense of CPU resources.
Page 798: Configuring Ntp Broadcasts
2w1d11h : NTP: Maximum Slew:-0.000470, Remainder = -0.496884 Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, Dell Networking OS drops any NTP packets sent to that interface.
Page 799: Configuring Ntp Authentication
NTP authentication begins when the first NTP packet is created following the configuration of keys. NTP authentication in Dell Networking OS uses the message digest 5 (MD5) algorithm and the key is embedded in the synchronization packet that is sent to an NTP time source.
Page 800 Configuring an NTP Server To view the NTP configuration, use the show running-config ntp command in EXEC privilege mode. The following example shows an encrypted authentication key (in bold). All keys are encrypted. Dell#show running ntp ntp authenticate ntp authentication-key 345 md5 5A60910F3D211F02 ntp server 11.1.1.1 version 3...
Page 801: Dell Networking Os Time And Date
Filter dispersion — the error in calculating the minimum delay from a set of sample data from a peer. Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings.
Page 802: Setting The Time And Date For The Switch Hardware Clock
– year: enter a four-digit number as the year. The range is from 1993 to 2035. Example of the calendar set Command Dell#calendar set 08:55:00 september 18 2009 Dell# Setting the Time and Date for the Switch Software Clock You can change the order of the month and day parameters to enter the time and date as time day month year.
Page 803: Set Daylight Saving Time
Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis.
Page 804: Setting Recurring Daylight Saving Time
– offset: (OPTIONAL) enter the number of minutes to add during the summer-time period. The range is from 1 to1440. The default is 60 minutes. Example of the clock summer-time Command Dell(conf)#clock summer-time pacific date Mar 14 2009 00:00 Nov 7 2009 00:00 Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none"...
Page 805 1 to1440. The default is 60 minutes. Example of the clock summer-time recurring Command Example of Clock Summer-Time Recurring Parameters Dell(conf)#clock summer-time pacific recurring Mar 14 2009 00:00 Nov 7 2009 00:00 ? Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none"...
Page 807: Tunneling
OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel Configuring a tunnel is supported on the Z9000 platform. You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP mode. •...
Page 808: Configuring Tunnel Keepalive
5::5 tunnel mode ipv6 no shutdown Configuring Tunnel keepalive Configuring the tunnel is supported on the Z9000 platform. Configure the tunnel keepalive target, interval and attempts. • By default the tunnel keepalive is disabled. The following sample configuration shows tunnel keepalive command:...
Page 809: Configuring The Ip And Ipv6 Unnumbered
Configuring the ip and ipv6 unnumbered Configuring the tunnel interface is supported on the Z9000 platform. You can configure the tunnel in ip unnumbered and ipv6 unnumbered command. To configure the tunnel interface to operate without a unique explicit ip/ ipv6 address, select the interface from which the tunnel will borrow its address.
Page 810: Configuring The Tunnel Source Anylocal
Configuring the tunnel source anylocal Configuring a tunnel source anylocal is supported on the Z9000 platform. The anylocal argument can be used in place of the ip address or interface, but only with multipoint receive-only mode tunnels. The tunnel source anylocal command will allow the multipoint receive-only tunnel to decapsulate tunnel packets addressed to any IPv4 or IPv6 (depending on the tunnel mode) address configured on the switch that is operationally UP.
Page 811: Upgrade Procedures
Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes.
Page 813: Virtual Lans (Vlans)
Interfaces chapter. • VLAN Stacking in the Service Provider Bridging chapter. For a complete listing of all commands related to Dell Networking OS VLANs, refer to these Dell Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) •...
Page 814: Port-Based Vlans
Layer 2 mode, the interface is automatically placed in the Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination and source MAC addresses. That...
Page 815: Configuration Task List
The VLAN ID is inserted in the tag header. Figure 110. Tagged Frame Format The tag header contains some key information that Dell Networking OS uses: • The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes).
Page 816: Assigning Interfaces To A Vlan
VLAN 2. The Q column in the show vlan command example notes whether the interface is tagged (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide.
Page 817 Inactive Active Po1(So 0/0-1) Gi 3/0 Active Po1(So 0/0-1) Gi 3/1 Dell#config Dell(conf)#int vlan 4 Dell(conf-if-vlan)#tagged po 1 Dell(conf-if-vlan)#show conf interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs...
Page 818: Moving Untagged Interfaces
Active Po1(So 0/0-1) Gi 3/0 Active Po1(So 0/0-1) Gi 3/1 Inactive Dell#conf Dell(conf)#int vlan 4 Dell(conf-if-vlan)#untagged gi 3/2 Dell(conf-if-vlan)#show config interface Vlan 4 no ip address untagged GigabitEthernet 3/2 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs...
Page 819: Assigning An Ip Address To A Vlan
NOTE: You cannot assign an IP address to the Default VLAN (VLAN 1). To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command. In Dell Networking OS, you can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic. For more information, refer to Bulk Configuration.
Page 820: Enabling Null Vlan As The Default Vlan
This presents a vulnerability because both interfaces are initially placed in the native VLAN, VLAN 1, and for that period customers are able to access each other's networks. Dell Networking OS has a Null VLAN to eliminate this vulnerability. When you enable the Null VLAN, all ports are placed into it by default, so even if you activate the physical ports of multiple customers, no traffic is allowed to traverse the links until each port is place in another VLAN.
Page 821: Virtual Link Trunking (Vlt)
• Assures high availability. CAUTION: Dell Networking does not recommend enabling Stacking and VLT simultaneously. If you enable both features at the same time, unexpected behavior occurs. As shown in the following example, VLT presents a single logical Layer 2 domain from the perspective of attached devices that have a virtual link trunk terminating on separate chassis in the VLT domain.
Page 822: Vlt On Core Switches
The aggregation layer is mostly in the L2/L3 switching/routing layer. For better resiliency in the aggregation, Dell Networking recommends running the internal gateway protocol (IGP) on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system.
Page 823: Vlt Terminology
Figure 112. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages between the VLT peer switches.
Page 824: Configure Virtual Link Trunking
Configure Rapid Spanning Tree. • Dell Networking strongly recommends that the VLTi (VLT interconnect) be a static LAG and that you disable LACP on the VLTi. • Ensure that the spanning tree root bridge is at the Aggregation layer. If you enable RSTP on the VLT...
Page 825: Configuration Notes
VLT assigns the primary chassis role according to the lowest MAC address. You can configure the primary role. – In a VLT domain, the peer switches must run the same Dell Networking OS software version. – Separately configure each VLT peer switch with the same VLT domain ID and the VLT version. If the system detects mismatches between VLT peer switches in the VLT domain ID or VLT version, the VLT Interconnect (VLTi) does not activate.
Page 826 – Port-channel link aggregation (LAG) across the ports in the VLT interconnect is required; individual ports are not supported. Dell Networking strongly recommends configuring a static LAG for VLTi. – The VLT interconnect synchronizes L2 and L3 control-plane information across the two chassis.
Page 827 – Enable Layer 3 VLAN connectivity VLT peers by configuring a VLAN network interface for the same VLAN on both switches. – Dell Networking does not recommend enabling peer-routing if the CAM is full. To enable peer- routing, a minimum of two local DA spaces for wild card functionality are required.
Page 828: Primary And Secondary Vlt Peers
The SNMP MIB reports VLT statistics. Primary and Secondary VLT Peers Primary and Secondary VLT Peers are supported on the Z9000 platform. To prevent issues when connectivity between peers is lost, you can designate Primary and Secondary roles for VLT peers . You can elect or configure the Primary Peer. By default, the peer with the lowest...
Page 829: Rstp And Vlt
MAC address is selected as the Primary Peer. You can configure another peer as the Primary Peer using the VLT domain domain-id role priority priority-value command. If the VLTi link fails, the status of the remote VLT Primary Peer is checked using the backup link. If the remote VLT Primary Peer is available, the Secondary Peer disables all VLT ports to prevent loops.
Page 830: Vlt And Igmp Snooping
When you configure IGMP snooping on a VLT node, the dynamically learned groups and multicast router ports are automatically learned on the VLT peer node. VLT IPv6 VLT IPv6 is supported on the Z9000 platform. The following features have been enhanced to support IPv6: •...
Page 831 Figure 113. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches.
Page 832: Vlt Routing
VLT Unicast Routing VLT unicast routing is supported on the Z9000 platform. VLT unicast routing locally routes packets destined for the L3 endpoint of the VLT peer. This method avoids sub-optimal routing. Peer-routing syncs the MAC addresses of both VLT peers and requires two local DA entries in TCAM.
Page 833 Specify a value (in seconds) from 1 to 65535. VLT Multicast Routing VLT multicast routing is supported on the Z9000 platform. VLT Multicast Routing provides resiliency to multicast routed traffic during the multicast routing protocol convergence period after a VLT link or VLT peer fails using the least intrusive method (PIM) and does not alter current protocol behavior.
Page 834: Non-Vlt Arp Sync
Configure symmetrical Layer 2 and Layer 3 configurations on both VLT peers for any spanned VLAN. Non-VLT ARP Sync Synchronization for non-ARP routing table entries is supported on the Z9000 platform. ARP entries (including ND entries) learned on other ports are synced with the VLT peer to support station move scenarios.
Page 835: Rstp Configuration
Run RSTP on both VLT peer switches. The primary VLT peer controls the RSTP states, such as forwarding and blocking, on both the primary and secondary peers. Dell Networking recommends configuring the primary VLT peer as the RSTP primary root device and configuring the secondary VLT peer as the RSTP secondary root device.
Page 836: Configuring Vlt
Dell_VLTpeer2(conf-rstp)#bridge-priority 0 Configuring VLT To configure VLT, use the following procedure. Prerequisites: Before you begin, make sure that both VLT peer switches are running the same Dell Networking OS version and are configured for RSTP as described in RSTP Configuration. For VRRP...
Page 837 Configuring a VLT Interconnect To configure a VLT interconnect, follow these steps. Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command as described in Enabling VLT and Creating a VLT Domain.
Page 838 Enabling VLT and Creating a VLT Domain To enable VLT and create a VLT domain, use the following steps. Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode. CONFIGURATION mode vlt domain domain-id The domain ID range is from 1 to 1000. Configure the same domain ID on the peer switch to allow for common peering.
Page 839 Configuring a VLT Backup Link To configure a VLT backup link, use the following command. Specify the management interface to be used for the backup link through an out-of-band management network. CONFIGURATION mode interface managementethernet slot/ port Enter the slot (0-1) and the port (0). Configure an IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X) and mask (/x) on the interface.
Page 840 The priority values are from 1 to 65535. The default is 32768. (Optional) When you create a VLT domain on a switch, Dell Networking OS automatically creates a VLT-system MAC address used for internal system operations. VLT DOMAIN CONFIGURATION mode...
Page 841 Connecting a VLT Domain to an Attached Access Device (Switch or Server) To connect a VLT domain to an attached access device, use the following commands. On a VLT peer switch: To connect to an attached device, configure the same port channel ID number on each peer switch in the VLT domain.
Page 842 Configuring a VLT VLAN Peer-Down (Optional) To configure a VLT VLAN peer-down, use the following commands. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. Enter the port-channel number that acts as the interconnect trunk.
Page 843 Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch.
Page 844 Configure enhanced VLT. Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command in Enabling VLT and Creating a VLT Domain.
Page 845 CONFIGURATION mode interface port-channel port-channel id NOTE: To benefit from the protocol negotiations, Dell Networking recommends configuring VLTs used as facing hosts/switches with LACP. Ensure both peers use the same port channel ID. Configure the peer-link port-channel in the VLT domains of each peer unit.
Page 846 In the following sample VLT configuration steps, VLT peer 1 is , VLT peer 2 is , and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers.
Page 847 Configure the VLT links between VLT peer 1 and VLT peer 2 to the Top of Rack unit. In the following example, port Te 0/40 in VLT peer 1 is connected to Te 0/48 of TOR and port Te 0/18 in VLT peer 2 is connected to Te 0/50 of TOR.
Page 848: Evlt Configuration Example
no ip address switchport no shutdown s60-1# s60-1#show interfaces port-channel 100 brief Codes: L - LACP Port-channel Mode Status Uptime Ports 03:33:48 Te 0/48 (Up) Te 0/50 (Up) s60-1# Verify VLT is up. Verify that the VLTi (ICL) link, backup link connectivity (heartbeat status), and VLT peer link (peer chassis) are all up.
Page 849: Evlt Configuration Step Examples
Figure 114. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer1(conf)#vlt domain 1000 Domain_1_Peer1(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer1(conf-vlt-domain)# back-up destination 10.16.130.11 Domain_1_Peer1(conf-vlt-domain)# system-mac mac-address 00:0a:00:0a:00:0a Domain_1_Peer1(conf-vlt-domain)# unit-id 0 Configure eVLT on Peer 1.
Page 850 Domain_1_Peer2(conf-vlt-domain)# back-up destination 10.16.130.12 Domain_1_Peer2(conf-vlt-domain)# system-mac mac-address 00:0a:00:0a:00:0a Domain_1_Peer2(conf-vlt-domain)# unit-id 1 Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2. Domain_1_Peer2(conf)#interface range tengigabitethernet 0/28 - 29 Domain_1_Peer2(conf-if-range-te-0/16-17)# port-channel-protocol LACP Domain_1_Peer2(conf-if-range-te-0/16-17)# port-channel 100 mode active Domain_1_Peer2(conf-if-range-te-0/16-17)# no shutdown...
Page 851: Pim-Sparse Mode Configuration Example
Configure eVLT on Peer 4. Domain_2_Peer4(conf)#interface port-channel 100 Domain_2_Peer4(conf-if-po-100)# switchport Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4. Domain_2_Peer4(conf)#interface range tengigabitethernet 0/31 - 32 Domain_2_Peer4(conf-if-range-te-0/16-17)# port-channel-protocol LACP Domain_2_Peer4(conf-if-range-te-0/16-17)# port-channel 100 mode active Domain_2_Peer4(conf-if-range-te-0/16-17)# no shutdown PIM-Sparse Mode Configuration Example The following sample configuration shows how to configure the PIM Sparse mode designated router...
Page 852: Verifying A Vlt Configuration
VLT_Peer2(conf-if-vl-4001)#exit VLT_Peer2(conf)#end Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode show vlt backup-link •...
Page 853 Example of the show vlt backup-link Command Example of the show vlt brief Command Example of the show vlt detail Command Example of the show vlt role Command Example of the show running-config vlt Command Example of the show vlt statistics Command Example of the show spanning-tree rstp Command Dell_VLTpeer1# show vlt backup-link VLT Backup Link...
Page 854 Version: 5(1) Local System MAC address: 00:01:e8:8a:e7:e7 Remote System MAC address: 00:01:e8:8a:e9:70 Configured System MAC address: 00:0a:0a:01:01:0a Remote system version: 5(1) Delay-Restore timer: 90 seconds Dell_VLTpeer1# show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active VLANs ------------ ----------- ------------ ----------- ------------- 10, 20, 30 20, 30...
Page 855 ICL Hello's Received: Dell_VLTpeer2# show vlt statistics VLT Statistics ---------------- HeartBeat Messages Sent: HeartBeat Messages Received: 978 ICL Hello's Sent: ICL Hello's Received: The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is used in the VLT interconnect trunk (VLTi) to connect to VLT peer2.
Page 856: Additional Vlt Sample Configurations
Additional VLT Sample Configurations To configure VLT, configure a backup link and interconnect trunk, create a VLT domain, configure a backup link and interconnect trunk, and connect the peer switches in a VLT domain to an attached access device (switch or server). Review the following examples of VLT configurations.
Page 857: Verifying A Port-Channel Connection To A Vlt Domain
Configuring Virtual Link Trunking (VLT Peer 2) Enable VLT and create a VLT domain with a backup-link VLT interconnect (VLTi). Dell_VLTpeer2(conf)#vlt domain 999 Dell_VLTpeer2(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer2(conf-vlt-domain)#back-up destination 10.11.206.23 Dell_VLTpeer2(conf-vlt-domain)#exit Configure the backup link. Dell_VLTpeer2(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer2(conf-if-ma-0/0)#ip address 10.11.206.35/ Dell_VLTpeer2(conf-if-ma-0/0)#no shutdown Dell_VLTpeer2(conf-if-ma-0/0)#exit Configure the VLT interconnect (VLTi).
Page 858: Troubleshooting Vlt
1/18,22 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 55. Troubleshooting VLT Description...
Page 859: Reconfiguring Stacked Switches As Vlt
Peer 1 is unit ID “0”, Peer 2 unit ID must be “1’. Version ID mismatch A syslog error message A syslog error message Verify the Dell and an SNMP trap are and an SNMP trap are Networking OS software generated. generated.
Page 860: Specifying Vlt Nodes In A Pvlan
Specifying VLT Nodes in a PVLAN You can configure VLT peer nodes in a private VLAN (PVLAN) on the Z9000 platform. VLT enables redundancy without the implementation of Spanning Tree Protocol (STP), and provides a loop-free network with optimal bandwidth utilization.
Page 861: Association Of Vlti As A Member Of A Pvlan
not validated if you associate an ICL to a PVLAN. Similarly, if you dissociate an ICL from a PVLAN, although the PVLAN parity exists, ICL is removed from that PVLAN. Association of VLTi as a Member of a PVLAN If a VLAN is configured as a non-VLT VLAN on both the peers, the VLTi link is made a member of that VLAN if the VLTi link is configured as a PVLAN or normal VLAN on both the peers.
Page 862: Pvlan Operations When A Vlt Peer Is Restarted
PVLAN Operations When a VLT Peer is Restarted When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back online, a verification is performed with the newly received PVLAN configuration from the peer.
Page 863 VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Synchronization Peer1 Peer2 Peer1 Peer2 Promiscuo Trunk Primary Primary Trunk Access Primary Secondary Promiscuo Promiscuo Primary Primary Promiscuo Access Primary Secondary Promiscuo Promiscuo Primary Primary - Secondary - Secondary (Community) (Isolated) Access...
Page 864: Configuring A Vlt Vlan Or Lag In A Pvlan
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Synchronization Peer1 Peer2 Peer1 Peer2 Access Access Secondary Secondary (Community) (Community) - Primary VLAN Y - Primary VLAN X Promiscuo Access Primary Secondary Trunk Access Primary/Normal Secondary Configuring a VLT VLAN or LAG in a PVLAN You can configure the VLT peers or nodes in a private VLAN (PVLAN).
Page 865: Associating The Vlt Lag Or Vlt Vlan In A Pvlan
Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown To configure the VLT interconnect, repeat Steps 1–4 on the VLT peer switch. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. Enter the port-channel number that acts as the interconnect trunk.
Page 866: Proxy Arp Capability On Vlt Peer Nodes
Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality on VLT peer nodes is supported on the Z9000 platform. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the traffic to the proxy ARP-enabled device, which in turn transmits the packets to the destination.
Page 867: Working Of Proxy Arp For Vlt Peer Nodes
proxy ARP. For example, consider a sample topology in which VLAN 100 is configured on two VLT nodes, node 1 and node 2. ICL link is not configured between the two VLT nodes. Assume that the VLAN 100 IP address in node 1 is 10.1.1.1/24 and VLAN 100 IP address in node 2 is 20.1.1.2/24. In this case, if the ARP request for 20.1.1.1 reaches node 1, node 1 will not perform the ARP request for 20.1.1.2.
Page 868: Vlt Nodes As Rendezvous Points For Multicast Resiliency
You can configure virtual link trunking (VLT) peer nodes as rendezvous points (RPs) in a Protocol Independent Multicast (PIM) domain on the Z9000 platform. PIM uses a VLT node as the RP to distribute multicast traffic to a multicast group. Messages to join the multicast group (Join messages) and data are sent towards the RP, so that receivers can discover who the senders are and begin receiving traffic destined for the multicast group.
Page 869: Vlt Proxy Gateway
Proxy Gateway in VLT Domains The functionality to configure the proxy gateway in VLT domains is supported on the S4810, S4820T, S6000, Z9000 platforms. You can configure a proxy gateway in VLT domains. A proxy gateway enables you to locally route the packets that are destined to L3 endpoint of the other VLT domain.
Page 870 When the routing table across DCs is not symmetrical, there is a possibility of a routing miss by a DC that do not have the route for the L3 traffic. Since routing protocols will enabled and both the DC’s comes in same subnet there will not be route asymmetry dynamically.
Page 871: Lldp Organizational Tlv For Proxy Gateway
8. LLDP port channel interface can’t be changed to legacy lag when proxy gateway is enabled. 9.“vlt-peer-mac transmit” is recommended only for square VLT without any diagonal links. 10. VRRP and IPv6 routing is not supported now. 11. With the existing hardware capabilities, only 512 my_station_tcam entries can be supported. 12.
Page 872: Sample Configuration Scenario For Vlt Proxy Gateway
• There are only a couple of MACs for each unit to be transmitted so that all current active MACs can definitely be carried on the newly defined TLV. • This TLV is recognizable only by FTOS devices with this feature support. Other device will ignore this field and should still be able to process other standard TLVs.
Page 873 Trace route across VLT domains may show extra hops. IP route symmetry must be maintained across the VLT domains. Assume if the route to a destination is not available at C2, though the packet hits the MY_STATION_TCAM and routing is enabled for that VLAN, if there is no entry for that prefix in the routing table it will dropped to CPU.
Page 874: Configuring An Lldp Vlt Proxy Gateway
You can configure a proxy gateway in VLT domains. A proxy gateway enables you to locally route the packets that are destined to L3 endpoint of the other VLT domain. This functionality is supported on the S4810, S4820T, S6000, Z9000, and MXL platforms. To configure the LLDP proxy gateway, perform the following: Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode.
Page 875: Virtual Router Redundancy Protocol (Vrrp)
Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is supported on the Z9000 platform. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).
Page 876: Vrrp Benefits
Figure 115. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation Within a single VRRP group, up to 12 virtual IP addresses are supported.
Page 877: Vrrp Configuration
Track an Interface or Object • Setting VRRP Initialization Delay For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID) identifies a VRRP group.
Page 878 Though a single VRRP group can contain virtual IP addresses belonging to multiple IP subnets configured on the interface, Dell Networking recommends configuring virtual IP addresses belonging to the same IP subnet for any one VRRP group.
Page 879 The range is up to 12 addresses. Example of the virtual-address Command Example of Verifying the Virtual IP Address Configuration Example of Verifying the VRRP Group Priority Dell(conf-if-gi-1/1-vrid-111)#virtual-address 10.10.10.1 Dell(conf-if-gi-1/1-vrid-111)#virtual-address 10.10.10.2 Dell(conf-if-gi-1/1-vrid-111)#virtual-address 10.10.10.3 Dell(conf-if-gi-1/1-vrid-111)# NOTE: In the following example, the primary IP address and the virtual IP addresses are on the same subnet.
Page 880 The range is from 1 to 255. The default is 100. Example of the priority Command Example of Verifying the VRRP Group Priority Dell(conf-if-gi-1/2)#vrrp-group 111 Dell(conf-if-gi-1/2-vrid-111)#priority 125 Dellshow vrrp ------------------ GigabitEthernet 1/1, VRID: 111, Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.1 (local)
Page 881 Configuring VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, Dell Networking OS includes the password in its VRRP transmission. The receiving router uses that password to verify the transmission.\ NOTE: You must configure all virtual routers in the VRRP group the same: you must enable authentication with the same password or authentication is disabled.
Page 882 If the VRRP group misses three consecutive advertisements, the election process begins and the BACKUP virtual router with the highest priority transitions to MASTER. NOTE: To avoid throttling VRRP advertisement packets, Dell Networking OS recommends increasing the VRRP advertisement interval to a value higher than the default value of one second. If you do change the time interval between VRRP advertisements on one router, change it on all participating routers.
Page 883 Track an Interface or Object You can set Dell Networking OS to monitor the state of any interface according to the virtual group. Each VRRP group can track up to 12 interfaces and up to 20 additional objects, which may affect the priority of the VRRP group.
Page 884 Example of Verifying the Tracking Configuration Example of Viewing Tracking Status Example of Viewing VRRP Status Example of Viewing VRRP Configuration on an Interface Dell(conf-if-gi-1/1)#vrrp-group 111 Dell(conf-if-gi-1/1-vrid-111)#track gigabitethernet 1/2 Dell(conf-if-gi-1/1-vrid-111)# Dell(conf-if-gi-1/1-vrid-111)#show conf vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4...
Page 885: Setting Vrrp Initialization Delay
Setting VRRP Initialization Delay VRRP initialization delay is supported on the Z9000 platform. When configured, VRRP is enabled immediately upon system reload or boot. You can delay VRRP initialization to allow the IGP and EGP protocols to be enabled prior to selecting the VRRP Master. This delay ensures that VRRP initializes with no errors or conflicts.
Page 886: Sample Configurations
NOTE: When you reload a node that contains VRRP configuration and is enabled for VLT, Dell Networking recommends that you configure the reload timer by using the vrrp delay reload command to ensure that VRRP is functional. Otherwise, when you reload a VLT node configured for VRRP, the local destination address is not seen on the reloaded node causing suboptimal routing.
Page 887 Figure 116. VRRP for IPv4 Topology Example of Configuring VRRP for IPv4 Router 2 Example of Configuring VRRP for IPv6 Router 2 and Router 3 R2(conf)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.1.1.1/24 R2(conf-if-gi-2/31)#vrrp-group 99 R2(conf-if-gi-2/31-vrid-99)#priority 200 R2(conf-if-gi-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-gi-2/31-vrid-99)#no shut R2(conf-if-gi-2/31)#show conf interface GigabitEthernet 2/31 ip address 10.1.1.1/24 vrrp-group 99...
Page 888 virtual-address 10.1.1.3 no shutdown R2(conf-if-gi-2/31)#end R2#show vrrp ------------------ GigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address:...
Page 889 Figure 117. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address.
Page 890 Although R2 and R3 have the same default, priority (100), R2 is elected master in the VRRPv3 group because the GigE 0/0 interface has a higher IPv6 address than the GigE 1/0 interface on R3. Router 2 R2(conf)#interface gigabitethernet 0/0 R2(conf-if-gi-0/0)#no ip address R2(conf-if-gi-0/0)#ipv6 address 1::1/64 R2(conf-if-gi-0/0)#vrrp-group 10...
Page 891: Vrrp In A Vrf Configuration
VRRP in a VRF Configuration The following example shows how to enable VRRP operation in a VRF virtualized network for the following scenarios. • Multiple VRFs on physical interfaces running VRRP. • Multiple VRFs on VLAN interfaces running VRRP. To view a VRRP in a VRF configuration, use the show commands. VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN.
Page 892 Figure 118. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Example of Configuring VRRP in a VRF on Switch-2 (Non-VLAN Configuration) Switch-1 S1(conf)#ip vrf default-vrf 0 S1(conf)#ip vrf VRF-1 1 S1(conf)#ip vrf VRF-2 2 S1(conf)#ip vrf VRF-3 3 S1(conf)#interface GigabitEthernet 12/1 S1(conf-if-gi-12/1)#ip vrf forwarding VRF-1...
Page 893 S1(conf-if-gi-12/2)#no shutdown S1(conf)#interface GigabitEthernet 12/3 S1(conf-if-gi-12/3)#ip vrf forwarding VRF-3 S1(conf-if-gi-12/3)#ip address 20.1.1.5/24 S1(conf-if-gi-12/3)#vrrp-group 15 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-gi-12/3-vrid-105)#priority 255 S1(conf-if-gi-12/3-vrid-105)#virtual-address 20.1.1.5 S1(conf-if-gi-12/3)#no shutdown Switch-2 S2(conf)#ip vrf default-vrf 0 S2(conf)#ip vrf VRF-1 1 S2(conf)#ip vrf VRF-2 2 S2(conf)#ip vrf VRF-3 3...
Page 894 associated with each VLAN are configured on the provider edge (PE) router in the point-of-presence (POP). VRRP in VRF: Switch-1 VLAN Configuration VRRP in VRF: Switch-2 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 S1(conf)#ip vrf VRF-2 2 S1(conf)#ip vrf VRF-3 3 S1(conf)#interface GigabitEthernet 12/4 S1(conf-if-gi-12/4)#no ip address S1(conf-if-gi-12/4)#switchport...
Page 895 [vrf instance] Example of Verifying Configuration on VRRP in a VRF (Interface) Example of Viewing the Status of VRRP in a VRF (Global) Dell#show running-config track interface gigabitethernet 13/4 interface GigabitEthernet 13/4 ip vrf forwarding red ip address 192.168.0.1/24 vrrp-group 4 virtual-address 192.168.0.254...
Page 896 192.168.0.254 Authentication: (none) Virtual Router Redundancy Protocol (VRRP)
Page 897: Series Debugging And Diagnostics
Z-Series Debugging and Diagnostics This chapter describes debugging and diagnostics for the Z-Series platform. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications.
Page 898: Running Offline Diagnostics
Start diagnostics on the unit. diag When the tests are complete, the system displays the syslog Message 1 shown and automatically reboots the unit. Dell#00:20:26 : Diagnostic test results are stored on file: flash:/ TestReport-SU-0.txt Dell#00:20:31: %Z9000:0 %DIAGAGT-6-DA_DIAG_DONE: Diags finished on stack unit 0 Diags completed...
Page 899 Please make sure that stacking/fanout not configured for Diagnostics execution. Also reboot/online command is necessary for normal operation after the offline command is issued. Proceed with Offline [confirm yes/no]:yes Dell#00:01:34: %STKUNIT0-M:CP %CHMGR-2-STACKUNIT_DOWN: Stack unit 0 down - stack unit offline 00:01:34: %STKUNIT0-M:CP %IFMGR-1-DEL_PORT: Removed port: Fo 0/ 0,4,8,12,16,20,24,28,32,36,40,44,48,52,56,60,64,68,72,76,80,84,88,92,96,100,104,...
Page 900 Part Number : 7520057401 Product Revision Version : E9-0-0-23 **************************** Z9000 LEVEL 0 DIAGNOSTICS************************** + TEST - 1 PSU [0] STATUS ---> POWER ON PSU [0] STATUS ---> POWER OK PSU [0] STATUS ---> PSU OK Test 1.000 - Psu status monitor test ........ PASS diagS3240GetPsuOnStatus[580]: ERROR: PSU-1 is not present...
Page 901 Diagnostics Proceed with Diags [confirm yes/no]: y 00:37:32: %Z9000:0 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 0 Dell#00:37:32 : Approximate time to complete the Diags ... 1 Min 30 Sec Dell# WARNING: Reboot is highly recommended after running Offline Diagnostics in Debug Mode.
Page 902: Trace Logs
Networking OS buffers trace messages which are continuously written by various Dell Networking OS software tasks. Each TRACE message provides the date, time, and name of the Dell Networking OS process. All messages are stored in a ring buffer that you can save to a file either manually or automatically after failover.
Page 903: Show Hardware Commands
Commands These commands display information from a hardware subcomponent and from hardware-based feature tables. NOTE: Use the show hardware commands only under the guidance of the Dell Networking Technical Assistance Center (TAC). • View internal interface status of the stack-unit CPU port which connects to the external management interface.
Page 904 {0-11} unit {0-1} table-dump {table name} The Z9000 supports thirty–two 40G ports or one-hundred twenty–eight 10G ports on four port-pipes, which are also called units. The system displays internal port numbers, not the external port numbers that you see.
Page 905: Environmental Monitoring
Internal Internal Environmental Monitoring The Z9000 components use environmental monitoring hardware to detect transmit power readings, receive power readings, and temperature updates. To receive periodic power updates, enable the enable optic-info-update interval command. The output in the following example displays the environment status of the RPM.
Page 906: Troubleshoot An Over-Temperature Condition
To bring back the line card online, use the power-on command in EXEC mode. In addition, Dell Networking requires that you install blanks in all slots without a line card to control airflow for adequate system cooling.
Page 907: Buffer Tuning
Table 59. SNMP Traps and OIDs OID String OID Name Description Receiving power .1.3.6.1.4.1.6027.3.10.1.2.5.1.6 chSysPortXfpRecvPower OID to display the receiving power of the connected optics. Transmitting power .1.3.6.1.4.1.6027.3.10.1.2.5.1.8 chSysPortXfpTxPower OID to display the transmitting power of the connected optics. Temperature .1.3.6.1.4.1.6027.3.10.1.2.5.1.7 chSysPortXfpRecvTemp OID to display the Temperature...
Page 908 Front-End Link — Output queues going from the FP to the front-end PHY. All ports support eight queues — four for data traffic and four for control traffic. All eight queues are tunable. Physical memory is organized into cells of 128 bytes. The cells are organized into two buffer pools — dedicated buffer and dynamic buffer.
Page 909: Buffer Tuning Points
Buffer Tuning Points Decide to Tune Buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is very bursty (and coming from several interfaces). In this case: •...
Page 910 Displaying the Default Buffer Profile Displaying Buffer Profile Allocations Dell Networking OS Behavior: If you attempt to apply a buffer profile to a non-existent port-pipe, Dell Networking OS displays the following message. However, the configuration still appears in the running- config.
Page 911 Dedicated Buffer Buffer Packets (Kilobytes) 3.00 3.00 3.00 3.00 3.00 3.00 3.00 3.00 Dell#show buffer-profile detail fp-uplink stack-unit 0 port-set 0 Linecard 0 Port-set 0 Buffer-profile fsqueue-hig Dynamic Buffer 1256.00 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 3.00 3.00 3.00 3.00...
Page 912: Sample Buffer Profile Configuration
Sample Buffer Profile Configuration The two general types of network environments are sustained data transfers and voice/data. Dell Networking recommends a single-queue approach for data transfers, as shown in the following example. Single Queue Application with Default Packet Pointers (S50N Output)
Page 913: Displaying Drop Counters
6 0 0 0 0 0 7 0 0 0 0 0 8 0 0 0 0 0 Z9000-B4#show hardware stack-unit 0 drops unit 2 UserPort PortNumber Ingress Drops IngMac Drops Total Mmu Drops EgMac Drops Egress Drops Internal 39...
Page 914 Display input and output statistics on the party bus, which carries inter-process communication traffic between CPUs. show hardware stack-unit cpu party-bus statistics Displaying Dataplane Statistics Displaying Party Bus Statistics Dell#show hardware stack-unit 0 cpu data-plane statistics bc pci driver statistics for device: rxHandle noMhdr noMbuf...
Page 915: Displaying Stack Member Counters
Displaying Stack Member Counters The show hardware stack-unit 0–7 {counters | details | port-stats [detail] | register} command displays internal receive and transmit statistics, based on the selected command option. • Displaying Stack Unit Counters RIPC4.ge0 1,202 +1,202 RUC.ge0 1,224 +1,217 RDBGC0.ge0 RDBGC1.ge0...
Page 916: Mini Core Dumps
Mini Core Dumps Dell Networking OS supports mini core dumps for kernel crashes. The mini core dump applies to Master units. Kernel mini core dumps are always enabled. The mini core dumps contain the stack space and some other very minimal information that can be used to debug a crash. These files are small files and are written into flash until space is exhausted.
Page 917 You can use the capture-duration timer and the packet-count counter at the same time. The TCP dump stops when the first of the thresholds are met. That means that even if the duration timer is 9000 seconds, if the maximum file count parameter is met first, the dumps stop. •...
Page 919: Standards Compliance
Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), Dell Networking OS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website.
Page 920: Rfc And I-D Compliance
9,252 bytes RFC and I-D Compliance Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols.
Page 921: General Ipv4 Protocols
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 61. General IPv4 Protocols RFC# Full Name S-Series Internet Protocol 7.6.1 Internet Control Message Protocol 7.6.1 An Ethernet Address Resolution 7.6.1...
Page 922: General Ipv6 Protocols
General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 62. General IPv6 Protocols RFC# Full Name S-Series 1886 DNS Extensions to support IP version 6 7.8.1 1981 (Partial) Path MTU Discovery for IP version 6 7.8.1...
Page 923: Open Shortest Path First (Ospf)
7.8.1 draft-ietf-idrrestart- 06 Graceful Restart Mechanism for BGP 7.8.1 Open Shortest Path First (OSPF) The following table lists the Dell Networking OS support per platform for OSPF protocol. Table 64. Open Shortest Path First (OSPF) RFC# Full Name S-Series/Z-Series 1587 The OSPF Not-So-Stubby Area (NSSA) 7.6.1...
Page 924: Intermediate System To Intermediate System (Is-Is)
Intermediate System to Intermediate System (IS-IS) The following table lists the Dell Networking OS support per platform for IS-IS protocol. Table 65. Intermediate System to Intermediate System (IS-IS) RFC# Full Name S-Series 1142 OSI IS-IS Intra-Domain Routing Protocol (ISO DP 10589)
Page 925: Multicast
-sm-v2-new- 05 Protocol Independent Multicast - 7.8.1 PIM-SM for IPv4 Sparse Mode (PIM-SM): Protocol Specification (Revised) Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 68. Network Management RFC# Full Name S4810...
Page 926 RFC# Full Name S4810 S4820T Z9000 Management of TCP/IP- based internets 1157 A Simple Network 7.6.1 Management Protocol (SNMP) 1212 Concise MIB Definitions 7.6.1 1215 A Convention for Defining 7.6.1 Traps for use with the SNMP 1493 Definitions of Managed 7.6.1...
Page 927 RFC# Full Name S4810 S4820T Z9000 Digital Hierarchy (SONET/ SDH) Interface Type 2570 Introduction and 7.6.1 Applicability Statements for Internet Standard Management Framework 2571 An Architecture for 7.6.1 Describing Simple Network Management Protocol (SNMP) Management Frameworks 2572 Message Processing and 7.6.1...
Page 928 RFC# Full Name S4810 S4820T Z9000 radiusAuthClientMalforme dAccessResponses radiusAuthClientUnknown Types radiusAuthClientPacketsD ropped 3635 Definitions of Managed 7.6.1 Objects for the Ethernet- like Interface Types 2674 Definitions of Managed 7.6.1 Objects for Bridges with Traffic Classes, Multicast Filtering and Virtual LAN...
Page 929 RFC# Full Name S4810 S4820T Z9000 3418 Management Information 7.6.1 Base (MIB) for the Simple Network Management Protocol (SNMP) 3434 Remote Monitoring MIB 7.6.1 Extensions for High Capacity Alarms, High- Capacity Alarm Table (64 bits) 3580 IEEE 802.1X Remote 7.6.1...
Page 930 RFC# Full Name S4810 S4820T Z9000 isisISAdjTable isisISAdjAreaAddrTable isisISAdjIPAddrTable isisISAdjProtSuppTable draft-ietf-netmod- Defines a YANG data 9.2(0.0) 9.2(0.0) 9.2(0.0) interfaces-cfg-03 model for the configuration of network interfaces. Used in the Programmatic Interface RESTAPI feature. IEEE 802.1AB Management Information 7.7.1 Base module for LLDP...
Page 931 RFC# Full Name S4810 S4820T Z9000 FORCE10-FIB-MIB Force10 CIDR Multipath Routes MIB (The IP Forwarding Table provides information that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous...
Page 932: Mib Location
You also can obtain a list of selected MIBs and their OIDs at the following URL: https://www.force10networks.com/CSPortal20/Main/Login.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/AccountRequest/AccountRequest.aspx If you have forgotten or lost your account information, contact Dell TAC for assistance. Standards Compliance...

Dell Z9000 Configuration Manual

1 About this Guide

2 Configuration Fundamentals

3 Getting Started

4 Management

5 1X

6 Access Control Lists (Acls)

7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)

8 Bidirectional Forwarding Detection (BFD)

9 Border Gateway Protocol Ipv4 (Bgpv4)

10 Content Addressable Memory (CAM)

11 Control Plane Policing (Copp)

12 Dynamic Host Configuration Protocol (DHCP)

13 Equal Cost Multi-Path (ECMP)

14 Enabling FIPS Cryptography

15 Force10 Resilient Ring Protocol (FRRP)

Quick Links

Troubleshooting

Related Manuals for Dell Z9000

Summary of Contents for Dell Z9000