Contents 1 About this Guide........................37 Audience.............................37 Conventions..........................37 Related Documents......................... 38 2 Configuration Fundamentals....................39 Accessing the Command Line....................39 CLI Modes..........................40 Navigating CLI Modes......................41 The do Command........................45 Undoing Commands....................... 45 Obtaining Help..........................46 Entering and Editing Commands..................46 Command History........................47 Filtering show Command Outputs..................48 Example of the grep Keyword..................
Page 4
Compressing Configuration Files..................61 Managing the File System.......................64 Enabling Software Features on Devices Using a Command Option......64 View Command History......................65 Upgrading Dell Networking OS.....................65 Verify Software Images Before Installation.................66 Using HTTP for File Transfers....................67 4 Management........................... 69 Configuring Privilege Levels....................69 Creating a Custom Privilege Level..................
Page 5
Configuration Task List for File Transfer Services............89 Enabling the FTP Server....................89 Configuring FTP Server Parameters................89 Configuring FTP Client Parameters................90 Terminal Lines...........................90 Denying and Permitting Access to a Terminal Line.............91 Configuring Login Authentication for Terminal Lines..........92 Setting Timeout for EXEC Privilege Mode................93 Using Telnet to get to Another Network Device...............
Page 6
Allocating FP Blocks for VLAN Processes................135 8 Access Control Lists (ACLs)....................137 IP Access Control Lists (ACLs)..................... 138 CAM Usage.........................139 Implementing ACLs on Dell Networking OS.............. 140 Important Points to Remember...................141 Configuration Task List for Route Maps..............142 Configuring Match Routes..................... 144 Configuring Set Conditions....................146...
Page 7
Configuring Filters Without a Sequence Number............. 154 Configure Layer 2 and Layer 3 ACLs.................. 155 Assign an IP ACL to an Interface..................155 Applying an IP ACL......................... 156 Counting ACL Hits......................157 Configure Ingress ACLs......................157 Configure Egress ACLs......................158 Applying Egress Layer 3 ACLs (Control-Plane)............159 IP Prefix Lists..........................159 Implementation Information..................
Page 8
Origin........................... 217 AS Path..........................217 Next Hop..........................218 Multiprotocol BGP........................218 Implement BGP with Dell Networking OS................ 219 Additional Path (Add-Path) Support................219 Advertise IGP Cost as MED for Redistributed Routes..........219 Ignore Router-ID in Best-Path Calculation..............220 Four-Byte AS Numbers....................220 AS4 Number Representation..................221...
Page 9
Changing the LOCAL_PREFERENCE Attribute............250 Configuring the local System or a Different System to be the Next Hop for BGP-Learned Routes....................... 251 Changing the WEIGHT Attribute................... 252 Enabling Multipath......................252 Filtering BGP Routes......................252 Filtering BGP Routes Using Route Maps..............254 Filtering BGP Routes Using AS-PATH Information............255 Configuring BGP Route Reflectors................256 Aggregating Routes......................
Page 10
Priority-Based Flow Control..................295 Enhanced Transmission Selection................296 Data Center Bridging Exchange Protocol (DCBx)............. 297 Data Center Bridging in a Traffic Flow................ 298 Enabling Data Center Bridging....................298 DCB Maps and its Attributes..................299 Data Center Bridging: Default Configuration..............300 Configuring Priority-Based Flow Control................. 301 Configuring Lossless Queues..................
Page 11
Configuring the Dynamic Buffer Method................. 339 Sample DCB Configuration....................340 PFC and ETS Configuration Command Examples............ 342 14 Dynamic Host Configuration Protocol (DHCP)............343 DHCP Packet Format and Options..................343 Assign an IP Address using DHCP..................345 Implementation Information....................346 Configure the System to be a DHCP Server..............347 Configuring the Server for Automatic Address Allocation........
Page 12
Managing ECMP Group Paths..................370 Creating an ECMP Group Bundle..................371 Modifying the ECMP Group Threshold................ 371 RTAG7............................372 Flow-based Hashing for ECMP................... 373 16 FIP Snooping........................377 Fibre Channel over Ethernet....................377 Ensure Robustness in a Converged Ethernet Network..........377 FIP Snooping on Ethernet Bridges..................379 FIP Snooping in a Switch Stack...................
Page 13
Configuring the Control VLAN..................405 Configuring and Adding the Member VLANs.............406 Setting the FRRP Timers....................408 Clearing the FRRP Counters..................408 Viewing the FRRP Configuration.................. 408 Viewing the FRRP Information..................408 Troubleshooting FRRP......................409 Configuration Checks..................... 409 Sample Configuration and Topology................409 19 GARP VLAN Registration Protocol (GVRP)..............412 Important Points to Remember..................
Page 14
IGMP Version 3......................... 427 Configure IGMP........................431 Related Configuration Tasks..................431 Viewing IGMP Enabled Interfaces..................431 Selecting an IGMP Version....................432 Viewing IGMP Groups......................432 Adjusting Timers........................433 Adjusting Query and Response Timers............... 433 Preventing a Host from Joining a Group................434 Enabling IGMP Immediate-Leave..................437 IGMP Snooping........................437 IGMP Snooping Implementation Information............437 Configuring IGMP Snooping..................438...
Page 15
Choosing an Interface-Range Macro................476 Monitoring and Maintaining Interfaces................476 Maintenance Using TDR....................478 Non Dell-Qualified Transceivers..................478 Splitting QSFP Ports to SFP+ Ports..................479 Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port..........480 Important Points to Remember..................480 Example Scenarios......................
Page 16
Enabling Link Dampening....................482 Link Bundle Monitoring......................484 Using Ethernet Pause Frames for Flow Control.............. 485 Enabling Pause Frames....................486 Configure the MTU Size on an Interface................486 Port-Pipes..........................487 Auto-Negotiation on Ethernet Interfaces.................488 Setting the Speed and Duplex Mode of Ethernet Interfaces........488 Set Auto-Negotiation Options..................
Page 17
Stateless Autoconfiguration................... 519 IPv6 Headers........................520 IPv6 Header Fields......................520 Extension Header Fields....................522 Addressing..........................523 Implementing IPv6 with Dell Networking OS..............524 ICMPv6............................. 527 Path MTU Discovery......................527 IPv6 Neighbor Discovery...................... 528 IPv6 Neighbor Discovery of MTU Packets..............529 Configuration Task List for IPv6 RDNSS................529 Configuring the IPv6 Recursive DNS Server...............530...
Page 18
Application of Quality of Service to iSCSI Traffic Flows...........545 Information Monitored in iSCSI Traffic Flows............545 Detection and Auto-Configuration for Dell EqualLogic Arrays......546 Configuring Detection and Ports for Dell Compellent Arrays........ 547 Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer.....547 Enable and Disable iSCSI Optimization............... 548 Default iSCSI Optimization Values..................
Page 19
Change the IS-IS Metric Style in One Level Only............575 Leaks from One Level to Another................. 577 Sample Configurations......................578 28 Link Aggregation Control Protocol (LACP)..............581 Introduction to Dynamic LAGs and LACP.................581 Important Points to Remember..................581 LACP Modes........................582 Configuring LACP Commands..................582 LACP Configuration Tasks....................583 Creating a LAG........................
Page 20
Debugging FEFD....................... 612 30 Link Layer Discovery Protocol (LLDP)................613 802.1AB (LLDP) Overview..................... 613 Protocol Data Units......................613 Optional TLVs..........................614 Management TLVs......................615 TIA-1057 (LLDP-MED) Overview..................617 TIA Organizationally Specific TLVs................617 Configure LLDP........................622 Related Configuration Tasks..................622 Important Points to Remember..................622 LLDP Compatibility......................
Page 21
Enable Multiple Spanning Tree Globally................672 Adding and Removing Interfaces..................672 Creating Multiple Spanning Tree Instances..............673 Influencing MSTP Root Selection..................674 Interoperate with Non-Dell Bridges...................675 Changing the Region Name or Revision................675 Modifying Global Parameters....................676 Modifying the Interface Parameters................... 677 Configuring an EdgePort......................678 Flush MAC Addresses after a Topology Change.............
Page 22
Networks and Neighbors....................710 Router Types........................710 Designated and Backup Designated Routers..............712 Link-State Advertisements (LSAs).................. 713 Router Priority and Cost....................714 OSPF with Dell Networking OS....................715 Graceful Restart.........................716 Fast Convergence (OSPFv2, IPv4 Only)................717 Multi-Process OSPFv2 with VRF..................717 OSPF ACK Packing......................718 Setting OSPF Adjacency with Cisco Routers.............. 718 Configuration Information....................719...
Page 23
Assigning Area ID on an Interface.................752 Assigning OSPFv3 Process ID and Router ID Globally..........752 Assigning OSPFv3 Process ID and Router ID to a VRF..........753 Configuring Stub Areas....................753 Configuring Passive-Interface..................754 Redistributing Routes...................... 754 Configuring a Default Route..................755 Enabling OSPFv3 Graceful Restart................
Page 24
Displaying Remote-Port Mirroring Configurations..........800 Configuring the Sample Remote Port Mirroring............801 Encapsulated Remote Port Monitoring................804 ERPM Behavior on a typical Dell Networking OS ............806 Decapsulation of ERPM packets at the Destination IP/ Analyzer......807 41 Private VLANs (PVLAN)......................809 Private VLAN Concepts......................
Page 25
PVST+ in Multi-Vendor Networks..................828 Enabling PVST+ Extend System ID..................828 PVST+ Sample Configurations....................829 43 Quality of Service (QoS)....................832 Implementation Information....................835 Port-Based QoS Configurations..................835 Setting dot1p Priorities for Incoming Traffic.............. 835 Honoring dot1p Priorities on Ingress Traffic.............. 836 Configuring Port-Based Rate Policing.................837 Configuring Port-Based Rate Shaping.................837 Policy-Based QoS Configurations..................
Page 26
Sample configuration to mark non-ecn packets as “yellow” with Multiple traffic class............................868 Sample configuration to mark non-ecn packets as “yellow” with single traffic class............................869 Enabling Buffer Statistics Tracking ..................870 44 Routing Information Protocol (RIP)................873 Protocol Overview......................... 873 RIPv1............................873 RIPv2...........................
Page 27
48 Security..........................903 AAA Accounting........................903 Configuration Task List for AAA Accounting..............903 AAA Authentication....................... 906 Configuration Task List for AAA Authentication............906 Obscuring Passwords and Keys..................909 AAA Authorization........................910 Privilege Levels Overview....................910 Configuration Task List for Privilege Levels..............910 RADIUS............................915 RADIUS Authentication....................915 Configuration Task List for RADIUS................
Page 28
Creating Access and Trunk Ports................. 949 Enable VLAN-Stacking for a VLAN................950 Configuring the Protocol Type Value for the Outer VLAN Tag......950 Configuring Dell Networking OS Options for Trunk Ports........951 Debugging VLAN Stacking..................... 952 VLAN Stacking in Multi-Vendor Networks..............952 VLAN Stacking Packet Drop Precedence................957...
Page 29
SNMPv3 Compliance With FIPS..................980 Configuration Task List for SNMP..................981 Related Configuration Tasks..................982 Important Points to Remember..................982 Set up SNMP........................... 982 Creating a Community....................982 Setting Up User-Based Security (SNMPv3)..............983 Reading Managed Object Values..................984 Writing Managed Object Values..................985 Configuring Contact and Location Information using SNMP........
Page 30
Stack Master Election.....................1012 Virtual IP..........................1014 Failover Roles........................1015 MAC Addressing on Stacks................... 1015 Stacking LAG........................1016 Supported Stacking Topologies...................1017 High Availability on Stacks.................... 1017 Management Access on Stacks...................1018 Mixed-mode Stacking....................1019 Important Points to Remember..................1021 Stacking Installation Tasks....................1021 Create a Stack........................1021 Add Units to an Existing Stack..................
Page 31
Disabling NTP on an Interface..................1075 Configuring a Source IP Address for NTP Packets..........1076 Configuring NTP Authentication.................1076 Dell Networking OS Time and Date................1080 Configuration Task List ....................1080 Setting the Time and Date for the Switch Software Clock........1080 Setting the Timezone....................1081 Set Daylight Saving Time....................
Page 32
57 Tunneling.......................... 1084 Configuring a Tunnel......................1084 Configuring Tunnel Keepalive Settings................1085 Configuring a Tunnel Interface..................1086 Configuring Tunnel Allow-Remote Decapsulation............1086 Configuring the Tunnel Source Anylocal................1087 58 Uplink Failure Detection (UFD)..................1088 Feature Description......................1088 How Uplink Failure Detection Works................1089 UFD and NIC Teaming......................1090 Important Points to Remember..................
Page 33
Overview..........................1114 VLT on Core Switches....................1115 Enhanced VLT........................1116 VLT Terminology........................1116 Configure Virtual Link Trunking..................1117 Important Points to Remember................... 1117 Configuration Notes.......................1118 Primary and Secondary VLT Peers................1122 RSTP and VLT........................1122 VLT Bandwidth Monitoring................... 1123 VLT and Stacking......................1123 VLT and IGMP Snooping....................
Page 34
Working of Proxy ARP for VLT Peer Nodes...............1162 VLT Nodes as Rendezvous Points for Multicast Resiliency......... 1163 Configuring VLAN-Stack over VLT................... 1164 IPv6 Peer Routing in VLT Domains Overview..............1167 IPv6 Peer Routing......................1168 Synchronization of IPv6 ND Entries in a VLT Domain..........1168 Synchronization of IPv6 ND Entries in a Non-VLT Domain........
Page 35
Configuring Route Leaking without Filtering Criteria..........1202 Configuring Route Leaking with Filtering..............1205 65 Virtual Router Redundancy Protocol (VRRP)............. 1209 VRRP Overview........................1209 VRRP Benefits........................1210 VRRP Implementation......................1210 VRRP Configuration......................1211 Configuration Task List....................1211 Setting VRRP Initialization Delay..................1221 Sample Configurations......................1222 VRRP for an IPv4 Configuration.................. 1222 VRRP in a VRF Configuration..................1227 VRRP for IPv6 Configuration..................1232 66 Debugging and Diagnostics...................
Page 36
67 Standards Compliance....................1263 IEEE Compliance........................1263 RFC and I-D Compliance....................1264 General Internet Protocols...................1264 General IPv4 Protocols....................1265 General IPv6 Protocols....................1267 Border Gateway Protocol (BGP)................. 1269 Open Shortest Path First (OSPF)..................1270 Intermediate System to Intermediate System (IS-IS)..........1270 Routing Information Protocol (RIP)................1271 Multicast..........................1271 Network Management....................1272 MIB Location..........................1277...
About this Guide This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. For complete information about all the CLI commands, see the Dell Command Line Reference Guide for your system.
Related Documents For more information about the Dell Networking switches, see the following documents: • Dell Networking OS Command Line Reference Guide • Dell Networking OS Installation Guide • Dell Networking OS Quick Start Guide • Dell Networking OS Release Notes...
In the Dell Networking OS, after you enter a command, the command is added to the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration, copy the running configuration to another location.
Security chapter. The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information.
Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level.
Page 42
Table 1. Dell Networking OS Command Modes CLI Command Mode Prompt Access Command EXEC Access the router through the Dell> console or terminal line. EXEC Privilege Dell# • From EXEC mode, enter the enable command. • From any other mode, use the end command.
Page 43
CLI Command Mode Prompt Access Command STANDARD ACCESS-LIST Dell(config-std-macl)# mac access-list standard (MAC ACCESS-LIST Modes) EXTENDED ACCESS-LIST Dell(config-ext-macl)# mac access-list extended (MAC ACCESS-LIST Modes) MULTIPLE SPANNING TREE Dell(config-mstp)# protocol spanning-tree mstp Per-VLAN SPANNING TREE Plus Dell(config-pvst)# protocol spanning-tree pvst PREFIX-LIST...
Page 44
Hit any key to stop autoboot: UPLINK STATE GROUP Dell(conf-uplink-state- uplink-state-group group-groupID)# The following example shows how to change the command mode from CONFIGURATION mode to PROTOCOL SPANNING TREE. Example of Changing Command Modes Dell(conf)#protocol spanning-tree 0 Dell(config-span)# Configuration Fundamentals...
SPANNING TREE, and so on.) without having to return to EXEC mode by preceding the EXEC mode command with the do command. The following example shows the output of the do command. Dell(conf)#do show system brief Stack MAC : 34:17:eb:f2:c2:c4...
TenGigabitEthernet 2/17 ip address 192.168.10.1/24 no shutdown Dell(conf-if-te-2/17)#no ip address Dell(conf-if-te-2/17)#show config interface TenGigabitEthernet 2/17 no ip address no shutdown Layer 2 protocols are disabled by default. To enable Layer 2 protocols, use the no disable command. For example, in PROTOCOL SPANNING TREE mode, enter no disable to enable Spanning Tree.
Deletes all characters from the cursor to the end of the word. Command History The Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands.
NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks. The except keyword displays text that does not match the specified text. The following example shows this command used in combination with the show system brief command.
Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode. A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the connection was established.
When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
Console Access The device has one RJ-45/RS-232 console port, an out-of-band (OOB) Ethernet port, and a micro USB-B console port. Serial Console The RJ-45/RS-232 console port is labeled on the upper right-hand side, as you face the PSU side of the chassis.
Pin Assignments You can connect to the console using a RJ-45 to RJ-45 rollover cable and a RJ-45 to DB-9 female DTE adapter to a terminal server (for example, a PC). The pin assignments between the console and a DTE terminal server are as follows: Table 2.
Although a version of Dell Networking OS is pre-loaded onto the system, the system is not configured when you power up the system first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
The platform has a dedicated management port and a management routing table that is separate from the IP routing table. • You can manage all Dell Networking products in-band via the front-end data ports through interfaces assigned an IP address as well. Accessing the System Remotely Configuring the system for remote access is a three-step process, as described in the following topics: Configure an IP address for the management port.
• 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default.
• To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination syntax for a local file location. Table 3. Forming a copy Command...
27952672 bytes successfully copied Example of Importing a File to the Local System core1#$//copy ftp://myusername:mypassword@10.10.10.10//Dell/ Dell-EF-8.2.1.0.bin flash:// Destination file name [Dell-EF-8.2.1.0.bin.bin]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands.
Page 58
• When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured. Example of Copying a File to current File System Dell#copy tftp://10.16.127.35/dv-maa-test nfsmount:// Destination file name [dv-maa-test]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!.! 44250499 bytes successfully copied Dell# Dell#copy ftp://10.16.127.35 nfsmount:...
Scenario For information about setting the router overload bit for a specific period of time after a switch reload is implemented, see the Intermediate System to Intermediate System (IS-IS) section in the Dell Command Line Reference Guide for your system.
Page 60
“Startup-config last updated,” you have made changes that have not been saved and are preserved after a system reboot. Example of the show running-config Command Dell#show running-config Current Configuration ... ! Version 9.4(0.0) ! Last configuration change at Tue Mar 11 21:33:56 2014 by admin ! Startup-config last updated at Tue Mar 11 12:11:00 2014 by default <output truncated for brevity>...
2.1.1.1/16 switchport shut shut shut shut shut shut Dell# show running-config Dell# show running-config compressed <snip> <snip> interface TenGigabitEthernet 1/1 interface TenGigabitEthernet 1/1 no ip address no ip address switchport Getting Started...
Page 62
switchport shutdown shutdown Interface group TenGigabitEthernet 1/2 – 4 , TenGigabitEthernet 1/10 interface TenGigabitEthernet 1/2 no ip address no ip address shutdown shutdown interface TenGigabitEthernet 1/34 interface TenGigabitEthernet 1/3 ip address 2.1.1.1/16 no ip address shutdown shutdown interface group Vlan 2 , Vlan 100 interface TenGigabitEthernet 1/4 no ip address no ip address...
Page 63
Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field).
Managing the File System The Dell Networking system can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default but can be configured to store files elsewhere. To view file system information, use the following command.
[12/5 10:57:12]: CMD-(CLI):line vty 0 9 [12/5 10:57:13]: CMD-(CLI):boot system rpm0 primary flash://FTOS-CB-1.1.1.2E2.bin Upgrading Dell Networking OS NOTE: To upgrade Dell Networking Operating System (OS), refer to the Release Notes for the version you want to load on the system. Getting Started...
Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file displays next to the software image file on the iSupport page. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy command.
To copy a file on the USB device, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that HTTP server to use a specific routing table.
Page 68
To enable an HTTP client to look up the VRF table corresponding to either management VRF or any nondefault VRF, use the ip http vrf command in CONFIGURATION mode. • Configure an HTTP client with a VRF that is used to connect to the HTTP server. CONFIGURATION MODE Dell(conf)#ip http vrf {management | <vrf-name>} Getting Started...
Management This chapter describes the different protocols or services used to manage the Dell Networking system. Topics: • Configuring Privilege Levels • Configuring Logging • Track Login Activity • Limit Concurrent Login Sessions • Log Messages in the Internal Buffer •...
Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set. You can then customize privilege levels 2-14 by: • restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode •...
When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: •...
no logging console Audit and Security Logs This section describes how to configure, display, and clear audit and security logs. The following is the configuration task list for audit and security logs: • Enabling Audit and Security Logs • Displaying Audit and Security Logs •...
May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security...
• 1 – Displays syslog message format as described in RFC 5424, The SYSLOG Protocol Example of Configuring the Logging Message Format Dell(conf)#logging version ? <0-1> Select syslog version (default = 0) Dell(conf)#logging version 1 Display the Logging Buffer and the Logging...
You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Figure 2. Setting Up a Secure Connection to a Syslog Server Pre-requisites To configure a secure connection from the switch to the syslog server: On the switch, enable the SSH server Dell(conf)#ip ssh server enable Management...
On the syslog server, create a reverse SSH tunnel from the syslog server to the Dell OS switch, using following syntax: ssh -R <remote port>:<syslog server>:<syslog server listen port> user@remote_host -nNf In the following example the syslog server IP address is 10.156.166.48 and the listening port is 5141.
The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics command.
Page 80
Example of the show login statistics user user-id command The show login statistics user user-id command displays the successful and failed login details of a specific user in the last 30 days or the custom defined time period. Dell# show login statistics user admin ------------------------------------------------------------------ User: admin Last login time: 12:52:01 UTC Tue Mar 22 2016 Last login location: Line vty0 ( 10.16.127.143 )
Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, auxiliary, and console lines. You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions.
Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this procedure: •...
Escape character is '^]'. Login: admin Password: Maximum concurrent sessions for the user reached. Current sessions for user admin: Line Location vty 0 10.14.1.97 vty 1 10.14.1.97 vty 2 10.14.1.97 vty 3 10.14.1.97 Kill existing session? [line number/Enter to cancel]: Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
no logging console Sending System Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over UDP.
CONFIGURATION mode logging buffered size NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. • Specify the number of messages that Dell Networking OS saves to its logging history table.
%CHMGR-5-CARDDETECTED: Line card 10 present %CHMGR-5-CARDDETECTED: Line card 12 present %TSM-6-SFM_DISCOVERY: Found SFM 0 %TSM-6-SFM_DISCOVERY: Found SFM 1 %TSM-6-SFM_DISCOVERY: Found SFM 2 %TSM-6-SFM_DISCOVERY: Found SFM 3 %TSM-6-SFM_DISCOVERY: Found SFM 4 %TSM-6-SFM_DISCOVERY: Found SFM 5 %TSM-6-SFM_DISCOVERY: Found SFM 6 %TSM-6-SFM_DISCOVERY: Found SFM 7 %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP %TSM-6-SFM_DISCOVERY: Found SFM 8 %TSM-6-SFM_DISCOVERY: Found 9 SFMs...
Dell# Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces.
NOTE: To transmit large files, Dell Networking recommends configuring the switch as an FTP server. Configuration Task List for File Transfer Services The configuration tasks for file transfer services are: • Enable FTP Server (mandatory) • Configure FTP Server Parameters (optional) •...
• encryption-type: enter 0 for plain text or 7 for encrypted text. • password: enter a text string. NOTE: You cannot use the change directory (cd) command until you have configured ftp-server topdir. To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode. Configuring FTP Client Parameters To configure FTP client parameters, use the following commands.
Denying and Permitting Access to a Terminal Line Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines. • Layer 3 ACLs deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny traffic.
A combination of authentication methods is called a method list. If the user fails the first authentication method, Dell Networking OS prompts the next method until all methods are exhausted, at which point the connection is terminated. The available authentication methods are: Prompt for the enable password.
Dell(config-line-vty)# Setting Timeout for EXEC Privilege Mode EXEC timeout is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set timeout, use the following commands. •...
EXEC Privilege telnet [ip-address] If you do not enter an IP address, Dell Networking OS enters a Telnet dialog that prompts you for one. Enter an IPv4 address in dotted decimal format (A.B.C.D). Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported.
EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode. Example of Locking CONFIGURATION Mode for Single-User Access Dell(conf)#configuration mode exclusive auto BATMAN(conf)#exit 3d23h35m: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Dell#config ! Locks configuration mode exclusively.
After the restore is complete, the units power cycle immediately. The following example illustrates the restore factory-defaults command to restore the factory default settings. Dell#restore factory-defaults stack-unit 1 nvram *********************************************************************** Warning - Restoring factory defaults will delete the existing persistent settings (stacking, fanout, etc.) After restoration the unit(s) will be powercycled immediately.
Page 97
Hit any key to abort the boot process. You enter uBoot immediately, the => prompt indicates success. (during bootup) press any key Assign the new location to the Dell Networking OS image it uses when the system reloads. uBoot mode => setenv primary_boot f10boot Boot variable (f10boot) can take the following values: •...
802.1ag Ethernet operations, administration, and maintenance (OAM) are a set of tools used to install, monitor, troubleshoot, and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: • Service layer OAM — IEEE 802.1ag connectivity fault management (CFM) •...
• there are complex interactions between various Layer 2 and Layer 3 protocols such as spanning tree protocol (STP), link aggregation group (LAG), virtual router redundancy protocol (VRRP), and electronic commerce messaging protocol (ECMP) configurations. • ping and traceroute are not designed to verify data connectivity in the network and within each node in the network (such as in the switching fabric and hardware forwarding tables).
There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP — monitors the forwarding path internal to a bridge on the customer or provider edge. On Dell Networking systems, the internal forwarding path is effectively the switch fabric and forwarding engine.
Configure Up-MEPs on ingress ports, ports that send traffic towards the bridge relay. Configure Down-MEPs on egress ports, ports that send traffic away from the bridge relay. Figure 5. Maintenance End Points Implementation Information The S-Series has a single MAC address for all physical/LAG interfaces and hence only one MEP is allowed per MA (per VLAN or per MD level).
The range is from 0 to 7. Display maintenance domain information. EXEC Privilege mode show ethernet cfm domain [name | brief] Example of Viewing Configured Maintenance Domains Dell# show ethernet cfm domain Domain Name: customer Level: 7 Total Service: 1 Services...
There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP — monitors the forwarding path internal to a bridge on the customer or provider edge. On Dell Networking systems, the internal forwarding path is effectively the switch fabric and forwarding engine.
The range is from 1 to 8191. Display configured MEPs and MIPs. EXEC Privilege mode show ethernet cfm maintenance-points local [mep | mip] Dell#show ethernet cfm maintenance-points local mep --------------------------------------------------------------- MPID Domain Name Level Type Port CCM-Status MA Name VLAN...
MEPs must listen to these multicast MAC addresses and process these messages. MIPs may optionally process the CCM messages the MEPs originate and construct a MIP CCM database. MEPs and MIPs filter CCMs from higher and lower domain levels as described in the following table. Table 7.
The default is 10 seconds. Enabling Cross-Checking To enable cross-checking, use the following commands. Enable cross-checking. ETHERNET CFM mode mep cross-check enable The default is Disabled. Start the cross-check operation for an MEP ETHERNET CFM mode mep cross-check mep-id Configure the amount of time the system has to wait for a remote MEP to come up before the cross- check operation is started.
Sending Linktrace Messages and Responses Linktrace message and response (LTM, LTR), also called Layer 2 Traceroute, is an administratively sent multicast frames transmitted by MEPs to track, hop-by-hop, the path to another MEP or MIP within the maintenance domain. All MEPs and MIPs in the same domain respond to an LTM with a unicast LTR. Intermediate MIPs forward the LTM toward the target MEP.
Delete all Link Trace Cache entries. EXEC Privilege mode clear ethernet cfm traceroute-cache Example of Viewing the Link Trace Cache Dell#show ethernet cfm traceroute-cache Traceroute to 00:01:e8:52:4a:f8 on Domain Customer2, Level 7, MA name Test2 with VLAN 2 ------------------------------------------------------------------------------ Hops Host...
To enable CFM SNMP traps, use the following command. • Enable SNMP trap messages for Ethernet CFM. CONFIGURATION mode snmp-server enable traps ecfm Example of Viewing CFM SNMP Trap Information Dell#show ethernet cfm maintenance-points local mep -------------------------------------------------------------------- MPID Domain Name Level Type...
Received: 0 Rcvd Out Of Order: 0 Received Bad MSDU: 0 Transmitted: Example of viewing CFM statistics by port. Dell#show ethernet cfm port-statistics interface TenGigabitEthernet 1/5 Port statistics for port: Te 1/5 ================================== RX Statistics ============= Total CFM Pkts 75394 CCM Pkts 75394...
Page 114
(typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server.
Page 115
The following figures show how the EAP frames are encapsulated in Ethernet and RADIUS frames. Figure 7. EAP Frames Encapsulated in Ethernet and RADUIS Figure 8. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant.
The authenticator changes the port state to authorized if the server can authenticate the supplicant. In this state, network traffic can be forwarded normally. NOTE: The Dell Networking switches place 802.1X-enabled ports in the unauthorized state by default. Topics: •...
Page 117
Access-Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. Figure 9. EAP Port-Authentication 802.1X...
The Type value for EAP messages is 79. Figure 10. EAP Over RADIUS RADIUS Attributes for 802.1X Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.
Configuring a Guest VLAN • Configuring an Authentication-Fail VLAN Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. •...
Enabling 802.1X Enable 802.1X globally. Figure 11. 802.1X Enabled Enable 802.1X globally. CONFIGURATION mode dot1x authentication Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] Enable 802.1X on the supplicant interface only. 802.1X...
Page 121
Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication [output omitted]...
Configuring Request Identity Re- Transmissions When the authenticator sends a Request Identity frame and the supplicant does not respond, the authenticator waits for 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits can be configured.
EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-2/1)#dot1x tx-period 90 Dell(conf-if-range-Te-2/1)#dot1x max-eap-req 10 Dell(conf-if-range-Te-2/1)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 2/1 802.1x information on Te 2/1: ----------------------------- Dot1x Status: Enable...
Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Te-1/1)#dot1x port-control force-authorized Dell(conf-if-Te-1/1)#show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status:...
Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-1/1)#dot1x reauthentication interval 7200 Dell(conf-if-Te-1/1)#dot1x reauth-max 10 Dell(conf-if-Te-1/1)#do show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status: Enable...
The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard dot1x procedure: The host sends a dot1x packet to the Dell Networking system The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port...
Dynamic VLAN Assignment with Port Authentication). Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either 802.1X...
INTERFACE mode. View your configuration using the show config command from INTERFACE mode or using the show dot1x interface command from EXEC Privilege mode. Example of Viewing Guest VLAN Configuration Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 2/1 switchport...
Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This section describes the access control list (ACL) virtual local area network (VLAN) group, and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs To minimize the number of entries in CAM, enable and configure the ACL CAM feature.
After these verification steps are performed, the ACL manager considers the command valid and sends the information to the ACL agent on the line card. The ACL manager notifies the ACL agent in the following cases: • A VLAN member is added or removed from a group and previously associated VLANs exist in the group. •...
• Within a port, you can apply Layer 2 ACLs on a VLAN or a set of VLANs. In this case, CAM optimization is not applied. • To enable optimization of CAM space for Layer 2 or Layer 3 ACLs that are applied to ports, the port number is removed as a qualifier for ACL application on ports, and port bits are used.
{group name | detail} Dell#show acl-vlan-group detail Group Name : TestGroupSeventeenTwenty Egress IP Acl : SpecialAccessOnlyExpertsAllowed Vlan Members : 100,200,300 Group Name : CustomerNumberIdentificationEleven Egress IP Acl : AnyEmployeeCustomerElevenGrantedAccess Vlan Members : 2-10,99 Group Name : HostGroup Egress IP Acl :...
| OUT-L3 ACL | OUT-V6 ACL Codes: * - cam usage is above 90%. The following output displays CAM space usage when you configure Layer 2 and Layer 3 ACLs: Dell#show cam-usage acl Stackunit|Portpipe| CAM Partition | Total CAM Used CAM...
| OUT-L2 ACL | OUT-L3 ACL | OUT-V6 ACL Codes: * - cam usage is above 90%. The following output displays CAM space usage for Layer 2 ACLs: Dell#show cam-usage switch Stackunit|Portpipe| CAM Partition | Total CAM Used CAM |Available CAM...
Page 136
You can configure only two of these features at a time. • To allocate the number of FP blocks for VLAN open flow operations, use the cam-acl-vlan vlanopenflow <0-2> command. • To allocate the number of FP blocks for VLAN iSCSI counters, use the cam-acl-vlan vlaniscsi <0-2>...
Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer An ACL is essentially a filter containing some criteria to match (examine IP, transmission control protocol...
IP Access Control Lists (ACLs) In Dell Networking switch/routers, you can create two different types of IP ACLs: standard or extended. A standard ACL filters packets based on the source IP packet. An extended ACL filters traffic based on the following criteria: •...
When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created. The sequence numbers are listed in the display output of the show config and show ip accounting access-list commands.
L2 Egress Access list NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher. Assigning ACLs to VLANs When you apply an ACL to a VLAN using single port-pipe, a copy of the ACL entries gets installed in the ACL CAM on the port-pipe.
In cases where class-maps with overlapping ACL rules are applied to different queues, use the order keyword to specify the order in which you want to apply ACL rules. The order can range from 0 to 254. Dell Networking OS writes to the CAM ACL rules with lower-order numbers (order numbers closer to 0) before rules with higher-order numbers so that packets are matched as you intended.
You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. Dell Networking OS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, such as redistribute, traffic passes...
Page 143
Networking OS does a match between all of those match commands. If there are multiple match commands with different parameters, Dell Networking OS does a match ONLY if there is a match among ALL the match commands. In the following example, there is a match if a route has any of the tag values specified in the match commands.
In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement.
Page 145
The parameters are: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port[/ subport] information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. •...
To create route map instances, use these commands. There is no limit to the number of match commands per route map, but the convention is to keep the number of match filters in a route map low. Set commands do not require a corresponding match command. Configuring Set Conditions To configure a set condition, use the following commands.
Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins.
Implementing the required rules uses a significant number of CAM entries per TCP/UDP entry. • For IP ACL, Dell Networking OS always applies implicit deny. You do not have to configure it. • For IP ACL, Dell Networking OS applies implicit permit for second and subsequent fragment just prior to the implicit deny.
In this first example, TCP packets from host 10.1.1.1 with TCP destination port equal to 24 are permitted. All others are denied. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24 Dell(conf-ext-nacl)#deny ip any any fragment Dell(conf-ext-nacl) Access Control Lists (ACLs)
To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of five.
To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. The following examples shows how to view a standard ACL filter sequence for an interface. Dell#show ip accounting access example interface gig 4/12 Extended IP access list example seq 15 deny udp any any eq 111...
Page 153
In the example, filter 15 was configured before filter 5, but the show config command displays the filters in the correct order. Dell(config-ext-nacl)#seq 15 deny ip host 112.45.0.0 any log Dell(config-ext-nacl)#seq 5 permit tcp 12.1.3.45 0.0.255.255 any Dell(config-ext-nacl)#show confi ip access-list extended dilling seq 5 permit tcp 12.1.0.0 0.0.255.255 any...
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five.
When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When Dell Networking OS switches the packets, first the L3 ACL filters them, then the L2 ACL filters them. •...
To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show running-config command in EXEC mode. Example of Viewing ACLs Applied to an Interface Dell(conf-if)#show conf interface TenGigabitEthernet 1/1 ip address 10.2.1.100 255.255.255.0...
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te1/1)#ip access-group abcd in Dell(conf-if-te1/1)#show config tengigabitethernet 1/1 no ip address...
To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface TenGigabitEthernet 1/1 Dell(conf-if-te-1/1)#ip access-group abcd out Dell(conf-if-te-1/1)#show config TenGigabitEthernet 1/1 no ip address...
(if configured) is applied. When the route prefix matches a filter, Dell Networking OS drops or forwards the packet based on the filter’s designated action. If the route prefix does not match any of the filters in the prefix list, the route is dropped (that is, implicit deny).
Configuring a prefix list • Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following commands.
Page 161
To delete a filter, use the no seq sequence-number command in PREFIX LIST mode.If you are creating a standard prefix list with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The Dell Networking OS assigns filters in multiples of five.
Page 162
[prefix-name] Examples of the show ip prefix-list Command The following example shows the show ip prefix-list detail command. Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0)
Page 163
Dell(conf-router_rip)#show config router rip distribute-list prefix juba out network 10.0.0.0 Dell(conf-router_rip)#router ospf 34 Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode.
Example of Viewing Configured Prefix Lists (ROUTER OSPF mode) To view the configuration, use the show config command in ROUTER OSPF mode, or the show running- config ospf command in EXEC mode. Dell(conf-router_ospf)#show config router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1...
10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1...
10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1...
Page 167
You can enable logging separately for each of these FP entries, which relate to each of the ACL entries configured in an ACL. Dell Networking OS saves a table that maps each ACL entry that matches the ACL name on the received packet, sequence number of the rule, and the interface index in the database. When the configured maximum threshold has exceeded, log generation stops.
Guidelines for Configuring ACL Logging This functionality is supported on the platform. Keep the following points in mind when you configure logging of ACL activities: • During initialization, the ACL logging application tags the ACL rule indices for which a match condition exists as being in-use, which ensures that the same rule indices are not reused by ACL logging again.
specified maximum limit, the generation of ACL logs is terminated. You can enter a threshold in the range of 1-100. By default, 10 ACL logs are generated if you do not specify the threshold explicitly. CONFIG-STD-NACL mode seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [log [threshold-in-msgs count] ] Specify the interval in minutes at which ACL logs must be generated.
Page 170
The show monitor session session-id command has been enhanced to display the Type field in the output, which indicates whether a particular session is enabled for flow-monitoring. Example Output of the show Command Dell(conf-mon-sess-0)#do show monitor session 0 SessID Source...
Layer 3 ingress and egress traffic. You can specify traffic using standard or extended access-lists. Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define access-list rules that include the keyword monitor. Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor. CONFIGURATION mode ip access-list...
[nlbclusteracl number] ipv4pbr number }openflow number | fcoe number} [ipv4udfenable] [iscsioptacl number] [vrfv4acl number] Dell(conf)#cam-acl l2acl 1 ipv4acl 8 ipv6acl 2 ipv4qos 0 l2qos 2 l2pt 0 ipmacacl 0 vman-qos 0 ecfmacl 0 ipv4udfenable View the currently configured CAM allocation.
Page 173
Configure a UDF ID to parse packet headers using the specified number of offset and required bytes. CONFIGURATION-UDF TCAM mode key description udf-id id packetbase PacketBase offset bytes length bytes Dell(conf-udf-tcam)#key innerL3header udf-id 6 packetbase innerL3Header offset 0 length 2 View the UDF TCAM configuration.
Page 174
Configure the match criteria for the packet type in which UDF offset bytes are parsed. CONFIGURATION-UDF TCAM mode match l2ethertype ipv4 ipprotocol value vlantag tagStatus Dell(conf-udf-tcam)#match l2ethertype ipv4 ipprotocol 4 vlantag any View the UDF TCAM configuration. CONFIGURATION-UDF TCAM mode...
Page 175
5 permit ip any any udf-pkt-format ipnip udf-qualifier-value ipnip_val1 Dell(config-ext-nacl)# Access Control Lists (ACLs)
BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, BFD agents maintain sessions that reside on the line card, which frees resources on the route processor. Only session state changes are reported to the BFD Manager (on the route processor), which in turn notifies the routing protocols that are registered with it.
Page 177
NOTE: The Dell Networking Operating System (OS) does not support multi-hop BFD sessions. If a system does not receive a control packet within an agreed-upon amount of time, the BFD agent changes the session state to Down. It then notifies the BFD manager of the change and sends a control packet to the neighbor that indicates the state change (though it might not be received if the link or receiving interface is faulty).
BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet. Figure 13. BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed.
Page 179
Required Min Echo The minimum rate at which the local system would like to receive echo packets. NOTE: Dell Networking OS does not currently support the echo function. Authentication An optional method for authenticating control packets. Type,...
Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up. State...
Page 181
The active system sends a steady stream of control packets that indicates that its session state is Down, until the passive system responds. These packets are sent at the desired transmit interval of the Active system. The Your Discriminator field is set to zero. When the passive system receives any of these control packets, it changes its session state to Init and sends a response that indicates its state change.
Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of •...
• Dell Networking OS supports only OSPF, OSPFv3, IS-IS, and BGP protocols as BFD clients. Configure BFD This section contains the following procedures. • Configuring BFD for Physical Ports • Configure BFD for Static Routes • Configure BFD for OSPF •...
Page 184
Example of Verifying BFD is Enabled To verify that BFD is enabled globally, use the show running bfd command. The bold line shows that BFD is enabled. R1(conf)#bfd ? enable Enable BFD protocol protocol-liveness Enable BFD protocol-liveness R1(conf)#bfd enable R1(conf)#do show running-config bfd bfd enable R1(conf)# Establishing a Session on Physical Ports...
Page 185
2.2.2.2 on interface Te 4/24 (diag: 0) Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role (active). Dell Networking recommends maintaining the default values. To view session parameters, use the show bfd neighbors detail command.
Local Addr: 2.2.2.1 Local MAC Addr: 00:01:e8:09:c3:e5 Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:06:95:a2 Int: TenGigabitEthernet 4/24 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 4 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 4 Role: Passive Delete session on Down: False Client Registered: CLI...
Page 187
Configuring BFD for static routes is a three-step process: Enable BFD globally. Configure static routes on both routers on the system (either local or remote). Configure an IP route to connect BFD on the static routes using the ip route bfd command. Related Configuration Tasks •...
LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 2.2.2.2 Te 4/24 To view detailed session information, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information. Changing Static Route Session Parameters BFD sessions are configured with default intervals and a default role.
Page 189
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state.
Page 190
• Establish sessions with OSPF neighbors on a single interface. INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors - Active session role...
To disable BFD sessions, use the following commands. • Disable BFD sessions with all OSPFv3 neighbors. ROUTER-OSPFv3 mode no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6.
sessions. If you change a parameter at the interface level, the change affects all OSPF sessions on that interface. To change parameters for all OSPF sessions or for OSPF sessions on a single interface, use the following commands. • Change parameters for OSPF sessions. ROUTER-OSPF mode bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive]...
Page 193
Related Configuration Tasks • Changing IS-IS Session Parameters • Disabling BFD for IS-IS Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 19.
Page 194
• Establish sessions with IS-IS neighbors on a single interface. INTERFACE mode isis bfd all-neighbors Example of Verifying Sessions with IS-IS Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors - Active session role...
To disable BFD sessions, use the following commands. • Disable BFD sessions with all IS-IS neighbors. ROUTER-ISIS mode no bfd all-neighbors • Disable BFD sessions with IS-IS neighbors on a single interface. INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence.
Page 196
For example, the following illustration shows a sample BFD configuration on Router 1 and Router 2 that use eBGP in a transit network to interconnect AS1 and AS2. The eBGP routers exchange information with each other as well as with iBGP routers to maintain connectivity and accessibility within each autonomous system. Figure 20.
Page 197
session (other routing protocols) about the failure. It then depends on the individual routing protocols that uses the BGP link to determine the appropriate response to the failure condition. The typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router.
Page 198
• Disable a BFD for BGP session with a specified neighbor. ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode).
Page 199
EXEC Privilege mode show ip bgp neighbors [ip-address] Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown...
Page 200
Statistics: Number of packets received from neighbor: 4762 Number of packets sent to neighbor: 4490 Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34...
Page 201
De-registration : 0 Init Down Admin Down The following example shows viewing BFD summary information. The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory...
Prefixes accepted 0 (consume 0 bytes), withdrawn 0 by peer, martian prefixes ignored 0 Prefixes advertised 0, denied 0, withdrawn 0 from peer Connections established 1; dropped 0 Last reset never Local host: 2.2.2.3, Local port: 63805 Foreign host: 2.2.2.2, Foreign port: 179 E1200i_ExaScale# R2# show ip bgp neighbors 2.2.2.3 BGP neighbor is 2.2.2.3, remote AS 1, external link...
Page 203
Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 21. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. •...
Page 204
Examples of Viewing VRRP Sessions To view the established sessions, use the show bfd neighbors command. The bold line shows that VRRP BFD sessions are enabled. Dell(conf-if-te-4/25)#vrrp bfd all-neighbors Dell(conf-if-te-4/25)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI...
To view session parameters, use the show bfd neighbors detail command, as shown in the example in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors command example in Displaying BFD for BGP Information. Disabling BFD for VRRP If you disable any or all VRRP sessions, the sessions are torn down.
Page 206
CONFIGURATION debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command. R1(conf-if-te-4/24)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Te 4/24 (diag: 0) 00:54:38 : Sent packet for session with neighbor 2.2.2.2 on Te 4/24 TX packet dump: Version:1, Diag code:0, State:Down, Poll bit:0, Final bit:0, Demand bit:0...
Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS).
Page 208
You can group autonomous systems into three categories (multihomed, stub, and transit), defined by their connections and operation. • multihomed AS — is one that maintains connections to more than one other AS. This group allows the AS to remain connected to the Internet in the event of a complete failure of one of their connections. However, this type of AS does not allow traffic from one AS to pass through on its way to another AS.
Page 209
in “full mesh.” As seen in the illustration below, four routers connected in a full mesh have three peers each, six routers have five peers each, and eight routers in full mesh have seven peers each. Figure 23. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially.
Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies.
proper peers. If the peers are members of a peer group however, the information can be sent to one place and then passed onto the peers within the group. Route Reflectors Route reflectors reorganize the iBGP core into a hierarchy and allow some route advertisement rules. NOTE: Do not use route reflectors (RRs) in the forwarding path.
In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Page 213
NOTE: The bgp bestpath as-path multipath-relax command is disabled by default, preventing BGP from load-balancing a learned route across two or more eBGP peers. To enable load-balancing across different eBGP peers, enable the bgp bestpath as-path multipath-relax command. A system error results if you configure the bgp bestpath as-path ignore command and the bgp bestpath as-path multipath-relax command at the same time.
Page 214
Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. Dell Networking OS deems the paths as equal and does not perform steps 9 through 11, if the following criteria is met: the IBGP multipath or EBGP multipath are configured (the maximum-path command).
Weight The weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight is preferred. The route with the highest weight is installed in the IP routing table. Local Preference Local preference (LOCAL_PREF) represents the degree of preference within the entire AS.
Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria.
BGP. In Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold). The lower case letter (i) indicates an origin code of IGP (shown in bold).
Implement BGP with Dell Networking The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By default, a BGP speaker advertises only the best path to its peers for a given address prefix.
Table 11. Redistributed Route Rules Command Settings BGP Local Routing MED Advertised to Peer MED Advertised to Peer Information Base WITH route-map metric- WITHOUT route-map type internal metric-type internal redistribute isis (IGP cost MED: IGP cost 20 MED = 20 MED = 0 = 20) redistribute isis route-...
AS4 Number Representation Dell Networking OS supports multiple representations of 4-byte AS numbers: asplain, asdot+, and asdot. NOTE: The ASDOT and ASDOT+ representations are supported only with the 4-Byte AS numbers feature. If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported.
172.30.1.250 local-as 65057 <output truncated> Dell(conf-router_bgp)#do show ip bgp BGP table version is 31571, local router ID is 172.30.1.57 <output truncated> AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 <output truncated>...
Page 223
C’s configuration. Local-AS allows this behavior to happen by allowing Router B to appear as if it still belongs to Router B’s old network (AS 200) as far as communicating with Router C is concerned. Figure 28. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature.
(SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4- mibv2-05. To see these enhancements, download the MIB from the Dell website. NOTE: For the Force10-BGP4-V2-MIB and other MIB documentation, refer to the Dell iSupport web page. Important Points to Remember •...
To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5.
To enable the BGP process and begin exchanging information, assign an AS number and use commands in ROUTER BGP mode to configure a BGP neighbor. By default, BGP is disabled. By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled.
Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer.
Page 228
address-family [ipv4 | ipv6} vrf Use this command to enter BGP for IPv6 mode (CONF-ROUTER_BGPv6_AF). Add a neighbor as a remote AS. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group name} remote-as as-number • peer-group name: 16 characters • as-number: from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format) Formats: IP Address A.B.C.D You must...
Page 229
Active For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID.
Connections established 0; dropped 0 Last reset never No active TCP connection Dell# The following example shows verifying the BGP configuration using the show running-config bgp command.. Dell#show running-config bgp router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24...
Page 231
• Enable ASPLAIN AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asplain NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot •...
172.30.1.250 no shutdown 5332332 9911991 65057 18508 12182 7018 46164 i The following example shows the bgp asnotation asdot+ command output. Dell(conf-router_bgp)#bgp asnotation asdot+ Dell(conf-router_bgp)#sho conf router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in...
Page 233
To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. When you create a peer group, it is disabled (shutdown). The following example shows the creation of a peer group (zanzibar) (in bold). Dell(conf-router_bgp)#neighbor zanzibar peer-group Dell(conf-router_bgp)#show conf router bgp 45...
Page 234
10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes...
To verify that you enabled fast fall-over on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fall-over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.5...
If you enable passive peering for the peer group, the software does not send an OPEN message, but it responds to an OPEN message. When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor.
You can constrain the number of passive sessions accepted by the neighbor. The limit keyword allows you to set the total number of sessions the neighbor will accept, between 2 and 265. The default is 256 sessions. Configure a peer group that does not initiate TCP connections with other peers. CONFIG-ROUTER-BGP mode neighbor peer-group-name peer-group passive limit Enter the limit keyword to restrict the number of sessions accepted.
Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number. The second two lines in bold show the local AS number (6500) maintained during migration. To disable this feature, use the no neighbor local-as command in CONFIGURATION ROUTER BGP mode.
Speeds convergence by advertising a special update packet known as an end-of-RIB marker. This marker indicates the peer has been updated with all routes in the local RIB. If you configure your system to do so, Dell Networking OS can perform the following actions during a hot failover: •...
BGP graceful restart is active only when the neighbor becomes established. Otherwise, it is disabled. Graceful-restart applies to all neighbors with established adjacency. With the graceful restart feature, Dell Networking OS enables the receiving/restarting mode by default. In Receiver-Only mode, graceful restart saves the advertised routes of peers that support this capability when they restart.
• Local router supports graceful restart for this neighbor or peer-group as a receiver only. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} graceful-restart [role receiver-only] • Set the maximum time to retain the restarting neighbor’s or peer-group’s stale paths. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} graceful-restart [stale-path-time time- in-seconds] The default is 360 seconds.
For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in Dell Networking OS. Regular...
Dell(conf-router_bgp)#ex Dell(conf)#ex Dell#show ip as-path-access-lists ip as-path access-list Eagle deny 32$ Dell# Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process. With the redistribute command, you can include ISIS, OSPF, static, or directly connected routes in the BGP process.
One attribute you can manipulate is the COMMUNITY attribute. This attribute is an optional attribute that is defined for a group of destinations. In Dell Networking OS, you can assign a COMMUNITY attribute to BGP routers by using an IP community list. After you create an IP community list, you can apply routing decisions to all routers meeting the criteria in the IP community list.
To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity- list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity- list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, Dell Networking OS does not send the COMMUNITY attribute. To send the COMMUNITY attribute to BGP neighbors, use the following command.
Page 249
To view BGP routes matching a certain community number or a pre-defined BGP community, use the show ip bgp community command in EXEC Privilege mode. Dell>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal...
209 7170 1455 i --More-- Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands.
route-map map-name [permit | deny] [sequence-number] Change LOCAL_PREF value for routes meeting the criteria of this route map. CONFIG-ROUTE-MAP mode set local-preference value Return to CONFIGURATION mode. CONFIG-ROUTE-MAP mode exit Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number Apply the route map to the neighbor or peer group’s incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode.
By default, the software allows one path to a destination. You can enable multipath to allow up to 64 parallel paths to a destination. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. To allow more than one path, use the following command.
Page 253
NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map. NOTE: You can create inbound and outbound policies. Each of the commands used for filtering has in and out parameters that you must apply. In Dell Networking OS, the order of preference varies depending on whether the attributes are applied for inbound updates or outbound updates.
• prefix-list-name: enter the name of a configured prefix list. • in: apply the prefix list to inbound routes. • out: apply the prefix list to outbound routes. As a reminder, the following are rules concerning prefix lists: • If the prefix list contains no filters, all routes are permitted. •...
• out: apply the route map to outbound routes. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode. Filtering BGP Routes Using AS-PATH Information To filter routes based on AS-PATH information, use these commands.
EXEC Privilege mode. Aggregating Routes Dell Networking OS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active.
In the show ip bgp command, aggregates contain an ‘a’ in the first column (shown in bold) and routes suppressed by the aggregate contain an ‘s’ in the first column. Dell#show ip bgp BGP table version is 0, local router ID is 10.101.15.13 Status codes: s suppressed, d damped, h history, * valid, >...
Page 258
To minimize this instability, you may configure penalties (a numeric value) for routes that flap. When that penalty value reaches a configured limit, the route is not advertised, even if the route is up. In Dell Networking OS, that penalty value is 1024. As time passes and the route does not flap, the penalty value decrements or is decayed.
Page 259
By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival. You can change the path selection method to non-deterministic, that is, paths are compared in the order in which they arrived (starting with the most recent).
• keepalive: the range is from 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. The default is 60 seconds. • holdtime: the range is from 3 to 65536. Time interval, in seconds, between the last keepalive message and declaring the router dead.
When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates. Dell>router bgp 100 neighbor 10.108.1.1 remote-as 200 neighbor 10.108.1.1 soft-reconfiguration inbound...
The routes associated with multicast routing are used by the protocol independent multicast (PIM) to build data distribution trees. Dell Networking OS MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per peer/peer-group.
In-BGP is shown using the show ip protocols command. Dell Networking OS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is the one that causes a notification to be issued.
To change the maximum buffer size, use the capture bgp-pdu max-buffer-size command. To view the captured PDUs, use the show capture bgp-pdu neighbor command. Dell#show capture bgp-pdu neighbor 20.20.20.2 Incoming packet capture enabled for BGP neighbor 20.20.20.2 Available buffer size 40958758, 26 packet(s) captured using 680 bytes...
313511 0 00:12:46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the show ip bgp neighbor command. Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions.
Page 268
Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.21/24 R1(conf-if-te-1/21)#no shutdown R1(conf-if-te-1/21)#show config interface TengigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown R1(conf-if-te-1/21)#int te 1/31 R1(conf-if-te-1/31)#ip address 10.0.3.31/24...
Page 270
R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int te 3/11 R3(conf-if-te-3/11)#ip address 10.0.3.33/24 R3(conf-if-te-3/11)#no shutdown R3(conf-if-te-3/11)#show config interface TengigabitEthernet 3/11 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int te 3/21 R3(conf-if-te-3/21)#ip address 10.0.2.3/24 R3(conf-if-te-3/21)#no shutdown R3(conf-if-te-3/21)#show config interface TengigabitEthernet 3/21...
Page 271
neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown R1#show ip bgp summary BGP router identifier 192.168.128.1, local AS number 99 BGP table version is 1, main routing table version 1 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory 2 BGP path attribute entrie(s) using 96 bytes of memory 2 BGP AS-PATH entrie(s) using 74 bytes of memory...
Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies.
Page 275
NLB ARP entries are available for use. This platform supports upto 1024 CAM entries. Select 1 to configure 1024 entries. Select 2 to configure 2048 entries. Even though you can perform CAM carving to allocate the maximum number of NLB entries, Dell Networking recommends you to use a maximum of 64 NLB ARP entries.
Privilege mode. The Status column in the command output indicates whether or not you can enable the policy. Example of the test cam-usage Command Dell#test cam-usage service-policy input test-cam-usage stack-unit 2 po 0 Stack-Unit| Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status -----------------------------------------------------------------------------------...
View CAM-ACL Settings The show cam-acl command shows the cam-acl setting that will be loaded after the next reload. Example of Viewing CAM-ACL Settings Dell(conf)#do show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) Next Boot(in block sizes)
View the amount of CAM space available, used, and remaining in each ACL partition using the show cam- usage command from EXEC Privilege mode. Example of the show cam-usage Command Dell#show cam-usage Stackunit|Portpipe| CAM Partition | Total CAM Used CAM...
Page 280
Verify that you have configured a CAM profile that allocates 24 K entries to the IPv4 system flow region. Allocate more entries in the IPv4Flow region to QoS. Dell Networking OS supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service-policy command provides this test framework. For more information, refer to Pre-Calculating Available QoS CAM Space.
Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level. CoPP increases security on the system by protecting the routing processor from unnecessary or DoS traffic, giving priority to important control plane and management traffic.
Page 282
The following illustration shows an example of the difference between having CoPP implemented and not having CoPP implemented. Figure 30. Control Plane Policing Figure 31. CoPP Implemented Versus CoPP Not Implemented Control Plane Policing (CoPP)
Configure Control Plane Policing The system can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied.
Page 284
ACL and QoS rules creates with the cpu-qos keyword. CONTROL-PLANE mode service-policy rate-limit-protocols Examples of Configuring CoPP for Different Protocols The following example shows creating the IP/IPv6/MAC extended ACL. Dell(conf)#ip access-list extended ospf cpu-qos Dell(conf-ip-acl-cpuqos)#permit ospf Dell(conf-ip-acl-cpuqos)#exit Dell(conf)#ip access-list extended bgp cpu-qos Dell(conf-ip-acl-cpuqos)#permit bgp...
Examples of Configuring CoPP for CPU Queues The following example shows creating the QoS policy. Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit The following example shows assigning the QoS policy to the queues.
Page 287
Other 4 CMIC queues will carry the L2/L3 well-known protocol streams. However there are about 20 well known protocol streams that have to share these 4 CMIC queues. Before 9.4.(0.0)Dell Networking OS used only 8 queues most of the queues are shared to multiple protocols. So, increasing the number of CMIC queues will reduce the contention among the protocols for the queue bandwidth.
Page 288
As part of enhancements, CPU queues are increased from 8 to 12 on CPU port. However, the front-end port and the backplane ports support only 8 queues. As a result, when packets are transmitted to the local CPU, the CPU uses Q0-Q11 queues. The control packets that are tunneled to the master unit are isolated from the data queues and the control queues in the backplane links.
Page 289
• Unknown traffic in IP Subnet range • Unknown traffic hitting the default route entry. • Multicast NDP packets • NDP packets with destination MAC is multicast • DST MAC 33:33:XX:XX:XX:XX • NDP Packets in VLT peer routing enable • VLT peer routing enable cases each VLT node will have route entry for link local address of both self and peer VLT node.
Catch-All Entry for IPv6 Packets Dell Networking OS currently supports configuration of IPv6 subnets greater than /64 mask length, but the agent writes it to the default LPM table where the key length is 64 bits. The device supports table to store up to 256 subnets of maximum of /128 mask lengths.
Dell(conf-class-map-cpuqos)#match ipv6 access-group ospfv3 Create a QoS input policy map to match to the class-map and qos-policy for each desired protocol. CONFIGURATION mode Dell(conf)#policy-map-input ospfv3_policy cpu-qos Dell(conf-policy-map-in-cpuqos)#class-map ospfv3 qos-policy ospfv3_rate Enter Control Plane mode. CONFIGURATION mode Dell(conf)#control-plane-cpuqos Assign the protocol based service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL and QoS rules created with the cpu-qos keyword.
Page 292
Dell# To view the queue mapping for the MAC protocols, use the show mac protocol-queue-mapping command. Example of Viewing Queue Mapping for MAC Protocols Dell#show mac protocol-queue-mapping Protocol Destination Mac EtherType Queue EgPort Rate (kbps) -------- ---------------- ----------- ----- ------ -----------...
Data Center Bridging (DCB) Data center bridging (DCB) refers to a set of enhancements to Ethernet local area networks used in data center environments, particularly with clustering and storage area networks. Topics: • Ethernet Enhancements in Data Center Bridging • Enabling Data Center Bridging •...
Page 294
DCB-enabled network is required in a data center. The Dell Networking switches that support a unified fabric and consolidate multiple network infrastructures use a single input/output (I/O) device called a converged network adapter (CNA).
Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. Priority-Based Flow Control In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to congestion.
• PFC uses DCB MIB IEEE 802.1azd2.5 and PFC MIB IEEE 802.1bb-d2.2. • A dynamic threshold handles intermittent traffic bursts and varies based on the number of PFC priorities contending for buffers, while a static threshold places an upper limit on the transmit time of a queue after receiving a message to pause a specified priority.
Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: •...
Data Center Bridging in a Traffic Flow The following figure shows how DCB handles a traffic flow on an interface. Figure 34. DCB PFC and ETS Traffic Handling Enabling Data Center Bridging DCB is automatically configured when you configure FCoE or iSCSI optimization. Data center bridging supports converged enhanced Ethernet (CEE) in a data center network.
Set PFC buffering on the DCB stack unit. CONFIGURATION mode Dell(conf)#dcb enable pfc-queues NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For more information, refer to Ethernet Pause Frames.
DCB is enabled. PFC and ETS are globally enabled by default. The default dot1p priority-queue assignments are applied as follows: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 Queue : 0 Dell(conf)# PFC is not applied on specific dot1p priorities.
2 maps to dot1p priority 4; priority group 4 maps to dot1p priorities 5, 6, and 7. Dell Networking OS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBx starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE, and CIN versions of PFC...
Although, each port on the S4810, S4820T, and S5000 devices support 8 QoS queues, you can configure only 4 QoS queues (0-3) to manage data traffic. The remaining 4 queues (4-7) are reserved for control traffic. Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 Queue : 0...
The default: No lossless queues are configured. NOTE: Dell Networking OS Behavior: By default, no lossless queues are configured on a port. A limit of two lossless queues is supported on a port. If the amount of priority traffic that you configure to be paused exceeds the two lossless queues, an error message displays.
In a switch stack, configure all stacked ports with the same PFC configuration. • Dell Networking OS allows you to change the default dot1p priority-queue assignments only if the change satisfies the following requirements in DCB maps already applied to the interfaces: •...
INTERFACE dcb-map name configure it with the PFC and ETS settings in the map; for example: Dell# interface tengigabitEthernet Dell(config-if-te-1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port. You cannot apply a DCB map on an interface...
map. This type of DCB configuration is useful on interfaces that require PFC for lossless traffic, but do not transmit converged Ethernet traffic. Table 18. Configuring PFC without a DCB Map Step Task Command Command Mode Enter interface configuration mode on an CONFIGURATION interface Ethernet port.
Page 307
If the traffic congestion is on PORT B , Egress DROP is on PORT A or C, as the PFC is not enabled on PORT B. Refer the following configuration for queue to dot1p mapping: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 ->...
Step Task Command Command Mode The maximum number of lossless queues globally supported on a port is 2. You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has been applied, or which is already configured for PFC using the pfc priority command.
Buffer Sizes for Lossless or PFC Packets You can configure up to a maximum of 4 lossless (PFC) queues. By configuring 4 lossless queues, you can configure 4 different priorities and assign a particular priority to each application that your network is used to process.
Enable DCB globally. Dell(conf)#dcb enable Apply PFC Priority configuration. Configure priorities on which PFC is enabled. Dell(conf-if-te-1/1)#pfc priority 1,2 Using PFC to Manage Converged Ethernet Traffic To use PFC for managing converged Ethernet traffic, use the following command: dcb-map stack-unit all dcb-map-name...
Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings is applied on an egress interface. Configure a DCB Map. CONFIGURATION mode dcb-map dcb-map-name The dcb-map-name variable can have a maximum of 32 characters. Create an ETS priority group.
Dell Networking OS Behavior: A priority group consists of 802.1p priority values that are grouped for similar bandwidth allocation and scheduling, and that share latency and loss requirements. All 802.1p priorities mapped to the same queue must be in the same priority group.
QoS OUTPUT POLICY mode Dell(conf-if-te-0/1)#exit Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Data Center Bridging (DCB)
• Dell Networking OS supports hierarchical scheduling on an interface. The control traffic on Dell Networking OS is redirected to control queues as higher priority traffic with strict priority scheduling. After the control queues drain out, the remaining data traffic is scheduled to queues according to the bandwidth and scheduler configuration in the DCB map.
If an error occurs when a port receives a peer’s ETS configuration, the port’s configuration resets to the ETS configuration in the previously configured DCB map. If no DCB map was previously applied, the port resets to the default ETS parameters. ETS Prerequisites and Restrictions On a switch, ETS is enabled by default on Ethernet ports with equal bandwidth assigned to each 802.1p priority.
Priority group 1 Assigns traffic to one priority queue with 20% of the link bandwidth and strict-priority scheduling. Priority group 2 Assigns traffic to one priority queue with 30% of the link bandwidth. Priority group 3 Assigns traffic to two priority queues with 50% of the link bandwidth and strict-priority scheduling.
Configure a DCBx Operation DCB devices use data center bridging exchange protocol (DCBx) to exchange configuration information with directly connected peers using the link layer discovery protocol (LLDP) protocol. DCBx can detect the misconfiguration of a peer DCB device, and optionally, configure peer DCB devices with DCB feature settings to ensure consistent operation in a data center network.
Page 319
source) receives and overwrites its configuration with internally propagated information, one of the following actions is taken: • If the peer configuration received is compatible with the internally propagated port configuration, the link with the DCBx peer is enabled. • If the received peer configuration is not compatible with the currently configured port configuration, the link with the DCBx peer port is disabled and a syslog message for an incompatible configuration is generated.
On a DCBx port in a manual role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. When making a configuration change to a DCBx port in a Manual role, Dell Networking recommends shutting down the interface using the shutdown command, change the configuration, then re-activate the interface using the no shutdown command.
Configuration Source Election When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port first checks to see if there is an active configuration source on the switch. • If a configuration source already exists, the received peer configuration is checked against the local port configuration.
Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection mode (the DCBx version auto command), a DCBx port automatically detects the DCBx version on a peer port. Legacy CIN and CEE versions are supported in addition to the standard IEEE version 2.5 DCBx.
On the S4048, PFC and ETS use DCBx to exchange link-level configuration with DCBx peer devices. Figure 35. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, enable LLDP in both Send (TX) and Receive (RX) mode (the protocol lldp mode command;...
Page 324
Configure ports to operate in a manual role. Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port[/subport] Enter LLDP Configuration mode to enable DCBx operation. INTERFACE mode [no] protocol lldp Configure the DCBx version used on the interface, where: auto configures the port to operate using the DCBx version received from a peer.
Page 325
To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-tlv pfc ets-reco. On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe | iscsi} •...
Page 326
• ets-conf: enables transmission of ETS Configuration TLVs. • ets-reco: enables transmission of ETS Recommend TLVs. • pfc: enables transmission of PFC TLVs. NOTE: You can configure the transmission of more than one TLV type at a time. You can only enable ETS recommend TLVs (ets-reco) if you enable ETS configuration TLVs (ets-conf).
in a DCBx TLV from a remote peer but received a different, conflicting DCBx version. DSM_DCBx_PFC_PARAMETERS_MATCH and DSM_DCBx_PFC_PARAMETERS_MISMATCH: A local DCBx port received a compatible (match) or incompatible (mismatch) PFC configuration from a peer. DSM_DCBx_ETS_PARAMETERS_MATCH and DSM_DCBx_ETS_PARAMETERS_MISMATCH: A local DCBx port received a compatible (match) or incompatible (mismatch) ETS configuration from a peer.
Page 328
Examples of the show Commands The following example shows the show dot1p-queue mapping command. Dell(conf)# show qos dot1p-queue-mapping Dot1p Priority: 0 1 2 3 4 5 6 7 Queue : 0 0 0 1 2 3 3 3 The following example shows the show dcb command.
Page 329
PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# show interfaces tengigabitethernet 1/4 pfc summary Interface TenGigabitEthernet 1/4 Admin mode is on Admin is enabled Remote is enabled, Priority list is 4...
Page 330
Fields Description on, PFC advertisements are enabled to be sent and received from peers; received PFC configuration takes effect. The admin operational status for a DCBx exchange of PFC configuration is enabled or disabled. Remote is enabled; Priority list Remote Willing Status Operational status (enabled or disabled) of peer is enabled device for DCBx exchange of PFC configuration with...
Page 331
Te 1/1 Te 1/1 Te 1/1 The following example shows the show interface ets summary command. Dell(conf)#do show interfaces te 1/1 ets summary Interface TenGigabitEthernet 1/1 Max Supported TC is 4 Number of Traffic Classes is 8 Admin mode is on...
Page 332
Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled The following example shows the show interface ets detail command. Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8...
Page 333
Priority# Bandwidth Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts, 0 Error Traffic Class TLV Pkts The following table describes the show interface ets detail command fields.
Page 334
ETS TLV Statistic: Error Conf TLV pkts Number of ETS Error Configuration TLVs received. The following example shows the show stack-unit all stack-ports all pfc details command. Dell(conf)# show stack-unit all stack-ports all pfc details stack unit 1 stack-port all Admin mode is On...
Page 335
Admin is enabled TC-grp Priority# Bandwidth ------------------------------------------------ 0,1,2,3,4,5,6,7 100% Dell(conf)# show stack-unit all stack-ports all ets details Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: --------------------...
Page 336
The following example shows the show interface DCBx detail command (IEEE). Dell(conf-if-te-1/17-lldp)#do sho int te 2/12 dc d E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled...
Page 337
Sequence Number: 1 Acknowledgment Number: 1 Total DCBx Frames transmitted 994 Total DCBx Frames received 646 Total DCBx Frame errors 0 Total DCBx Frames unrecognized 0 The following table describes the show interface DCBx detail command fields. Table 24. show interface DCBx detail Command Description Field Description Interface...
NOTE: Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS. However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces.
dot1p Value in Egress Queue Assignment the Incoming Frame dot1p Value in Egress Queue Assignment the Incoming Frame Configuring the Dynamic Buffer Method Priority-based flow control using dynamic buffer spaces is supported on the switch. To configure the dynamic buffer capability, perform the following steps: Enable the DCB application.
7 Assign the DCB policy to the DCB buffer threshold profile. CONFIGURATION mode Dell(conf)# dcb-policy buffer-threshold stack-unit all stack-ports all dcb- policy-name Assign the DCB policy to the DCB buffer threshold profile on interfaces. This setting takes precedence over the default buffer-threshold setting.
Page 341
• One lossless queue is used. Figure 36. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
The following examples show PFC and ETS configuration commands to manage your data center traffic. Enabling DCB Dell(conf)#dcb enable Configure DCB map and enable PFC, and ETS Dell(conf)# service-class dynamic dot1p Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# service-class dynamic dot1p Apply DCB map to relevant interface...
Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the network and it reclaims IP addresses that are no longer in use to prevent address exhaustion.
Page 344
specify the parameters that they require, and the server sends only those parameters. Some common options are shown in the following illustration. Figure 37. DHCP packet Format The following table lists common DHCP options. Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask.
Option Number and Description Clients use this option to tell the server which parameters it requires. It is a series of octets where each octet is DHCP option code. Renewal Time Option 58 Specifies the amount of time after the IP address is granted that the client attempts to renew its lease with the original server.
IP source address validation. If you configure IP source address validation on a member port of a virtual local area network (VLAN) and then to apply an access list to the VLAN, Dell Networking OS displays the first line in the following message. If you first apply an ACL to a VLAN and then enable IP source address validation on one of its member ports, Dell Networking OS displays the second line in the following message.
40000/253 (approximately 158). If the subnet is increased, more pools can be configured. The maximum subnet that can be configured for a single pool is /17. Dell Networking OS displays an error message for configurations that exceed the allocated memory.
After an IP address is leased to a client, only that client may release the address. Dell Networking OS performs a IP + MAC source address validation to ensure that no client can release another clients address. This validation is a default behavior and is separate from IP+MAC source address validation.
Specify default gateway(s) for the clients on the subnet, in order of preference. DHCP <POOL> default-router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution —using DNS or NetBIOS WINS. Dynamic Host Configuration Protocol (DHCP)
NOTE: Dell Networking OS does not prevent you from using a network IP as a host IP; be sure to not use a network IP as a host IP. Create an address pool.
You can configure an interface on the Dell Networking system to relay the DHCP messages to a specific DHCP server using the ip helper-address dhcp-address command from INTERFACE mode, as shown...
Page 352
in the following illustration. Specify multiple DHCP servers by using the ip helper-address dhcp- address command multiple times. When you configure the ip helper-address command, the system listens for DHCP broadcast messages on port 67. The system rewrites packets received from the client and forwards them via unicast to the DHCP servers;...
To interrupt a BMP process, prevent a loop from occurring, and apply the Dell Networking OS image and startup configuration stored in the local flash, enter the stop bmp command from the console. To reconfigure the switch so that it boots up in normal mode using the...
This section describes how to configure and view an interface as a DHCP client to receive an IP address. Dell Networking OS Behavior: The ip address dhcp command enables DHCP server-assigned dynamic addresses on an interface. The setting persists after a switch reboot. To stop DHCP transactions and save the dynamically acquired IP address, use the shutdown command on the interface.
ip address dhcp Dynamically assigned IP addresses can be released without removing the DHCP client operation on the interface on a switch configured as a DHCP client. Manually acquire a new IP address from the DHCP server by releasing a dynamically acquired IP address while retaining the DHCP client configuration on the interface.
DHCP Client Operation with Other Features The DHCP client operates with other Dell Networking OS features, as the following describes. Stacking The DHCP client daemon runs only on the master unit and handles all DHCP packet transactions. It periodically synchronizes the lease file with the standby unit.
Virtual Router Redundancy Protocol (VRRP) Do not enable the DHCP client on an interface and set the priority to 255 or assign the same DHCP interface IP address to a VRRP virtual group. Doing so guarantees that this router becomes the VRRP group owner. To use the router as the VRRP owner, if you enable a DHCP client on an interface that is added to a VRRP group, assign a priority less than 255 but higher than any other priority assigned in the group.
Remote ID This identifies the host from which the message is received. The value of this sub- option is the MAC address of the relay agent that adds Option 82. The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the server. The server can use this information to: •...
Binding table entries are deleted when a lease expires, or the relay agent encounters a DHCPRELEASE, DHCPNACK, or DHCPDECLINE. DHCP snooping is supported on Layer 2 and Layer 3 traffic. DHCP snooping on Layer 2 interfaces does require a relay agent. Binding table entries are deleted when a lease expires or when the relay agent encounters a DHCPRELEASE.
Page 360
Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command.
Page 361
Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic IPv6 Address...
To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Dell#show ip dhcp snooping binding Codes : S - Static D - Dynamic...
address. The client then thinks that the attacker is the gateway, and sends all internet-bound packets to it. Likewise, the attacker sends the gateway an ARP message containing the attacker’s MAC address and the client’s IP address. The gateway then thinks that the attacker is the client and forwards all packets addressed to the client to it.
Examples of Viewing the ARP Information To view entries in the ARP database, use the show arp inspection database command. Dell#show arp inspection database Protocol Address Age(min) Hardware Address Interface VLAN --------------------------------------------------------------------- Internet 10.1.1.251 00:00:4d:57:f2:50 Te 1/2 Vl 10 Internet 10.1.1.252...
Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 26. Three Types of Source Address Validation Source Address Validation Description IP Source Address Validation Prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP binding table.
DHCP MAC source address validation (SAV) validates a DHCP packet’s source hardware address against the client hardware address field (CHADDR) in the payload. Dell Networking OS ensures that the packet’s source MAC address is checked against the CHADDR field in the DHCP header only for packets from snooped VLANs.
Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface. To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-address-validation [interface] command in EXEC Privilege mode.
0 lag checksum 0 nh-ecmp checksum 0 Dell Networking OS Behavior: In the Dell Networking OS versions prior to 8.2.1.2, the ExaScale default hash- algorithm is 0. Beginning with Dell Networking OS version 8.2.1.2, the default hash-algorithm is 24.
This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops. Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same. When configured, the same seed is set for ECMP, LAG, and NH, and is used for incoming traffic only.
These two ecmp-groups are not related in any way. Example of Viewing Link Bundle Monitoring Dell# show link-bundle-distribution ecmp-group 1 Link-bundle trigger threshold - 60 ECMP bundle - 1 Utilization[In Percent] - 44 Alarm State - Active Interface...
Creating an ECMP Group Bundle Within each ECMP group, you can specify an interface. If you enable monitoring for the ECMP group, the utilization calculation is performed when the average utilization of the link-bundle (as opposed to a single link within the bundle) exceeds 60%. Create a user-defined ECMP group bundle.
You can configure ecmp-group with id 2 for link bundle monitoring. This ecmp-group is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Dell(conf-ecmp-group-5)#show config ecmp-group 5 interface tengigabitethernet 1/2...
The second portion comes from static physical configuration such as ingress and egress port numbers. • RTAG7 hashing also provides options to select between multiple hash algorithms that would result in balanced traffic distribution for various traffic patterns. Dell(conf)#hash-algorithm ecmp ? crc16 CRC16_BISYNC - 16 bit CRC16-bisync polynomial crc16cc...
Page 374
distribute the traffic over multiple paths towards its destination. In a multi-tier network where load balancing is performed at each tier, static hash algorithms polarize the traffic where load balancing is ineffective in the higher tiers. The polarization effect is exaggerated if all the nodes in the network have to choose from the same set of ECMP paths.
Page 375
CRC16_BISYNC_AND_XOR8 - Upper 8 bits of CRC16-BISYNC and lower 8 bits of xor8 xor16 CR16 - 16 bit XOR] Example to view show hash-algorithm: Dell(conf)#hash-algorithm ecmp flow-based-hashing crc16 Dell(conf)#end Dell#show hash-algorithm Hash-Algorithm linecard 0 Port-Set 0 Seed 185270328 Hg-Seed 185282673...
Page 376
EcmpFlowBasedHashingAlgo- crc16 EcmpAlgo- crc32MSB LagAlgo- crc32LSB HgAlgo- crc16 Figure 41. After Polarization Effect Traffic flow after enabling flow-based hashing When the flow-based hashing is enabled at all the nodes in the multi-tier network, traffic distribution is balanced at all tiers of the network nullifying the polarization effect. Traffic occurs by the randomness for the flow-based hashing algorithm across multiple nodes in a given network.
FIP Snooping The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a switch stack. Topics: •...
Page 378
To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, FIP establishes virtual point-to-point links between FCoE end-devices (server ENodes and target storage devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges. Ethernet bridges commonly provide ACLs that can emulate a point-to-point link by providing the traffic enforcement required to create a Fibre Channel-level of robustness.
FIP Function Description Logout On receiving a FLOGI packet, FSB deletes all existing sessions from the ENode to the FCF. Figure 42. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF.
Page 380
Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows: Port-based ACLs These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs.
Page 381
ToR switch and an S4048–ON switch.The switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the FCF switch. Figure 43. FIP Snooping on a Dell Networking Switch The following sections describe how to configure the FIP snooping feature on a switch: •...
Example. Statistical information is available for FIP Snooping-related information. For available commands, refer to the FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure FIP snooping on a switch, ensure that certain conditions are met.
You must apply the CAM-ACL space for the FCoE region before enabling the FIP-Snooping feature. If you do not apply CAM-ACL space, the following error message is displayed: Dell(conf)#feature fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe.
fedgovacl nlbclusteracl: st-sjc-s5000-29# Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configure FIP Snooping. As soon as you enable the FCoE transit feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied.
Configure a Port for a Bridge-to-Bridge Link If a switch port is connected to another FIP snooping bridge, configure the FCoE-Trusted Port mode for bridge-bridge links. Initially, all FCoE traffic is blocked. Only FIP frames with the ALL_FCF_MAC and ALL_ENODE_MAC values in their headers are allowed to pass.
Impact Description FIP snooping in ENode or FCF mode, the ENode/FCF MAC-based ACLs are deleted. FIP Snooping Restrictions The following restrictions apply when you configure FIP snooping. • The maximum number of FCoE VLANs supported on the switch is eight. •...
Configure the port for bridge-to-FCF links. INTERFACE mode or CONFIGURATION mode fip-snooping port-mode fcf NOTE: To disable the FCoE transit feature or FIP snooping on VLANs, use the no version of a command; for example, no feature fip-snooping or no fip-snooping enable. Displaying FIP Snooping Information Use the following show commands to display information on FIP snooping.
Page 388
Worldwide port name of the CNA port. Port WWNN Worldwide node name of the CNA port. The following example shows the show fip-snooping config command. Dell# show fip-snooping config FIP Snooping Feature enabled Status: Enabled FIP Snooping Global enabled Status: Enabled Global FC-MAP Value: 0X0EFC00...
Page 389
Number of ENodes connected to the FCF. FC-ID Fibre Channel session ID assigned by the FCF. The following example shows the show fip-snooping statistics interface vlan command (VLAN and port). Dell# show fip-snooping statistics interface vlan 100 Number of Vlan Requests FIP Snooping...
Page 390
Number of FCF Discovery Timeouts Number of VN Port Session Timeouts Number of Session failures due to Hardware Config :0 Dell(conf)# Dell# show fip-snooping statistics int tengigabitethernet 1/11 Number of Vlan Requests Number of Vlan Notifications Number of Multicast Discovery Solicits...
Page 391
Number of FLOGO Accepts Number of FLOGO Rejects Number of CVL Number of FCF Discovery Timeouts Number of VN Port Session Timeouts Number of Session failures due to Hardware Config :0 The following table describes the show fip-snooping statistics command fields. Table 33.
Page 392
Number of Session failures due to Hardware Config Number of session failures due to hardware configuration that occurred on the interface. The following example shows the show fip-snooping system command. Dell# show fip-snooping system Global Mode : Enabled FCOE VLAN List (Operational) : 1, 100...
ENode server-facing port (1/1), and to configure the FIP snooping ports as tagged members of the FCoE VLAN enabled for FIP snooping. Example of Enabling the FIP Snooping Feature on the Switch (FIP Snooping Bridge) Dell(conf)# feature fip-snooping FIP Snooping...
Page 394
Example of Enabling FIP Snooping on the FCoE VLAN Dell(conf)# interface vlan 10 Dell(conf-if-vl-10)# fip-snooping enable Example of Enabling an FC-MAP Value on a VLAN Dell(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01 NOTE: Configuring an FC-MAP value is only required if you do not use the default FC-MAP value (0x0EFC00).
US Department of Commerce. FIPS mode is also validated for numerous platforms to meet the FIPS-140-2 standard for a software-based cryptographic module. This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. NOTE: The Dell Networking OS uses an embedded FIPS 140-2-validated cryptography module (Certificate #1747) running on NetBSD 5.1 per FIPS 140-2 Implementation Guidance section G.5...
Preparing the System Before you enable FIPS mode, Dell Networking recommends making the following changes to your system. Disable the Telnet server (only use secure shell [SSH] to access the system). Disable the FTP server (only use secure copy [SCP] to transfer files to and from the system).
FIPS mode, generates new host-keys, and re-enables the SSH server (assuming it was enabled before enabling FIPS). For more information, refer to the SSH Server and SCP Commands section in the Security chapter of the Dell Networking OS Command Line Reference Guide.
Page 398
CONFIGURATION mode no fips mode enable The following Warning message displays: WARNING: Disabling FIPS mode will close all SSH/Telnet connections, restart those servers, and destroy all configured host keys. Proceed (y/n) ? FIPS Cryptography...
Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) and may require 4 to 5 seconds to reconverge.
Each Transit node is also configured with a Primary port and a Secondary port on the ring, but the port distinction is ignored as long as the node is configured as a Transit node. If the ring is complete, the Master node logically blocks all data traffic in the transmit and receive directions on the Secondary port to prevent a loop.
During the time between the Transit node detecting that its link is restored and the Master node detecting that the ring is restored, the Master node’s Secondary port is still forwarding traffic. This can create a temporary loop in the topology. To prevent this, the Transit node places all the ring ports transiting the newly restored port into a temporary blocked state.
FRRP groups. Switch R3 has two instances of FRRP running on it: one for each ring. The example topology that follows shows R3 assuming the role of a Transit node for both FRRP 101 and FRRP 202. Figure 45. Example of Multiple Rings Connected by Single Switch Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks.
• One Master node per ring — all other nodes are Transit. • Each node has two member interfaces — primary and secondary. • There is no limit to the number of nodes on a ring. • Master node ring port states — blocking, pre-forwarding, forwarding, and disabled. •...
• FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP.
FRRP Configuration These are the tasks to configure FRRP. • Creating the FRRP Group • Configuring the Control VLAN • Configure Primary and Secondary ports • Configuring and Adding the Member VLANs • Configure Primary and Secondary ports Other FRRP related commands are: •...
To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the Master node. Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id VLAN ID: from 1 to 4094. Tag the specified interface or range of interfaces to this VLAN.
Page 407
• All VLANS must be in Layer 2 mode. • Tag control VLAN ports. Member VLAN ports, except the Primary/Secondary interface, can be tagged or untagged. • The control VLAN must be the same for all nodes on the ring. To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring.
Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. • Enter the desired intervals for Hello-Interval or Dead-Interval times. CONFIG-FRRP mode. timer {hello-interval|dead-interval} milliseconds • Hello-Interval: the range is from 50 to 2000, in increments of 50 (default is 500). •...
Ring ID: the range is from 1 to 255. • Show the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks •...
Page 410
protocol frrp 101 interface primary TenGigabitEthernet 1/24 secondary TenGigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master no disable Example of R2 TRANSIT interface TenGigabitEthernet 2/14 no ip address switchport no shutdown interface TenGigabitEthernet 2/31 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 2/14,31...
Page 411
mode transit no disable Force10 Resilient Ring Protocol (FRRP)
If spanning tree and GVRP are both required, implement the rapid spanning tree protocol (RSTP). The device does not support enabling GVRP and MSTP at the same time. Dell(conf)#protocol spanning-tree pvst Dell(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST.
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, GVRP is configured on VLAN trunk ports. Figure 46.
To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command.
The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The Dell Networking OS default is 10000ms. GARP VLAN Registration Protocol (GVRP)
LeaveAll Timer 5000 Dell(conf)# Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. RPM Redundancy The current version of Dell Networking OS supports 1+1 hitless route processor module (RPM) redundancy.
Removing a Provisioned Logical Stack Unit • Hitless Behavior • Graceful Restart • Software Resiliency • Hot-Lock Behavior Component Redundancy Dell Networking systems eliminate single points of failure by providing dedicated or load-balanced redundancy for each component. High Availability (HA)
Automatic and Manual Stack Unit Failover Stack unit failover is the process of the standby unit becoming a management unit. Dell Networking OS fails over to the standby stack unit when: Communication is lost between the standby and primary stack unit.
Specifying an Auto-Failover Limit When a non-recoverable fatal error is detected, an automatic failover occurs. However, Dell Networking OS is configured to auto-failover only three times within any 60 minute period. You may specify a different auto-failover count. To re-enable the auto-failover-limit with its default parameters, use the redundancy auto-failover- limit command without parameters.
Disabling Auto-Reboot To disable auto-reboot, use the following command. • Prevent a failed stack unit from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot Manually Synchronizing Management and Standby Units To manually synchronize Management and Standby units at any time, use the following command. •...
A graceful-restart router does not immediately assume that a neighbor is permanently down and so does not trigger a topology change. Packet loss is non-zero, but trivial, and so is still called hitless. Dell Networking OS supports graceful restart for the following protocols: •...
If any health checks on the stack unit fail, the Dell Networking OS fails over to standby stack unit. If any health checks on a line card fail, Dell Networking OS resets the card to bring it back to the correct state.
Event messages provide system administrators diagnostics and auditing information. Dell Networking OS sends event messages to the internal buffer, all terminal lines, the console, and optionally to a syslog server. For more information about event messages and configurable options, refer to Management.
Dell Networking Operating System (OS) supports IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports an unlimited number of groups.
IGMP Protocol Overview IGMP has three versions. Version 3 obsoletes and is backwards-compatible with version 2; version 2 obsoletes version 1. IGMP Version 2 IGMP version 2 improves on version 1 by specifying IGMP Leave messages, which allows hosts to notify routers that they no longer care about traffic for a particular group.
Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group.
Page 428
are sent to the all IGMP version 3-capable multicast routers address 244.0.0.22, as shown in the second illustration. Figure 48. IGMP Version 3 Packet Structure Figure 49. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports.
Page 429
cannot record the include request. There are no other interested hosts, so the request is recorded. At this point, the multicast routing protocol prunes the tree to all but the specified sources. The host’s third message indicates that it is only interested in traffic from sources 10.11.1.1 and 10.11.1.2. Because this request again prevents all other sources from reaching the subnet, the router sends another group-and-source query so that it can satisfy all other hosts.
Page 430
Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group- and-specific and general queries. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
View IGMP-enabled interfaces. EXEC Privilege mode show ip igmp interface Example of the show ip igmp interface Command Dell#show ip igmp interface TenGigabitEthernet 3/10 Inbound IGMP access group is not set Internet address is 165.87.34.5/24 IGMP is up on the interface...
Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3.
Adjusting Timers The following sections describe viewing and adjusting timers. To view the current value of all IGMP timers, use the following command. • View the current value of all IGMP timers. EXEC Privilege mode show ip igmp interface For more information, refer to the example shown in Viewing IGMP Enabled Interfaces.
Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, the Dell Networking OS clears the multicast routing table and re-learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists.
Page 435
limiting Receiver 1, so both IGMP reports are accepted and two corresponding entries are created in the routing table. Figure 52. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 35.
Page 436
Location Description • no shutdown 1/31 • Interface TenGigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13.1/24 • no shutdown • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface TenGigabitEthernet 2/11 •...
IGMP control packets. IGMP Snooping Implementation Information • IGMP snooping on Dell Networking OS uses IP multicast addresses not MAC addresses. • IGMP snooping is supported on all stack members.
If IGMP snooping is enabled on a PIM-enabled VLAN interface, data packets using the router as an Layer 2 hop may be dropped. To avoid this scenario, Dell Networking recommends that users enable IGMP snooping on server-facing end-point VLANs only.
Example of Configuration Output After Removing a Group-Port Association Dell(conf-if-vl-100)#show config interface Vlan 100 no ip address ip igmp snooping fast-leave shutdown Dell(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN.
Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
The management EIS feature is applicable only for the out-of-band (OOB) management port. References in this section to the management default route or static route denote the routes configured using the management route command. The management default route can be either configured statically or returned dynamically by the DHCP client.
Application Name Port Number Client Server Supported Supported 20/21 Supported Supported Syslog Supported Telnet Supported Supported TFTP Supported Radius 1812,1813 Supported Tacacs Supported HTTP 80 for httpd Supported 443 for secure httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application If you configure a source interface is for any EIS management application, EIS might not coexist with that interface and the behavior is undefined in such a case.
Page 443
NOTE: Egress Interface Selection (EIS) works only with IPv4 routing. When the feature is enabled using the management egress-interface-selection command, the following events are performed: • The CLI prompt changes to the EIS mode. • In this mode, you can run the application and no application commands •...
Handling of Management Route Configuration When the EIS feature is enabled, the following processing occurs: • All existing management routes (connected, static and default) are duplicated and added to the management EIS routing table. • Any management static route newly added using the management route CLI is installed to both the management EIS routing table and default routing table.
• Packets whose destination TCP/UDP port does not match a configured management application, take the regular route lookup flow in the IP stack. • In the ARP layer, for all ARP packets received through the management interface, a double route lookup is done, one in the default routing table and another in the management EIS routing table.
Dell Networking OS applications using either ip1 or ip2. Return traffic for such end-user- originated sessions destined to management port ip1 is handled using the EIS route lookup. Handling of Transit Traffic (Traffic Separation) This is forwarded traffic where destination IP is not an IP address configured in the switch.
• EIS is enabled implies that EIS feature is enabled and the application might or might not be configured as a management application • EIS is disabled implies that either EIS feature itself is disabled or that the application is not configured as a management application Transit Traffic This phenomenon occurs where traffic is transiting the switch.
EIS Behavior for ICMP: ICMP packets do not have TCP/UDP ports. To do an EIS route lookup for ICMP-based applications (ping and traceroute) using the source ip option, the management port IP address should be specified as the source IP address. If management port is down or route lookup fails, packets are dropped. Default Behavior: Route lookup is done in the default routing table and appropriate egress port is selected.
If the source TCP/UDP port or source IP address does not match the management port IP address, a route lookup is done in the default routing table. EIS behavior for ICMP: ICMP packets do not have TCP/UDP ports. In this case, to perform an EIS route lookup for ICMP-based applications (ping and traceroute), you must configure ICMP as a management application.
To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address.
Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell 40G optics are set to error- disabled state.
• Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Non Dell-Qualified Transceivers • Splitting QSFP Ports to SFP+ Ports • Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port • Link Dampening •...
NOTE: To end output from the system, such as the output from the show interfaces command, enter CTRL+C and Dell Networking OS returns to the command prompt. NOTE: The CLI output may be incorrectly displayed as 0 (zero) for the Rx/Tx power values. To obtain the correct power information, perform a simple network management protocol (SNMP) query.
Page 454
To view which interfaces are enabled for Layer 3 data transmission, use the show ip interfaces brief command in EXEC Privilege mode. In the following example, TenGigabitEthernet interface 1/6 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally up. Dell#show ip interface brief Interface IP-Address...
8 mac learning-limit 10 no-station-move no shutdown Reset an interface to its factory default state. CONFIGURATION mode default interface interface-type] Dell(conf)#default interface tengigabitethernet 1/5 Verify the configuration. INTERFACE mode show config Dell(conf-if-te-1/5)#show config interface TenGigabitEthernet 1/5 no ip address shutdown All the applied configurations are removed and the interface is set to the factory default state.
• Clearing Interface Counters Overview of Layer Modes On all systems running Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode.
To set Layer 2 data transmissions through an individual interface, use the following command. • Enable Layer 2 data transmissions through an individual interface. INTERFACE mode switchport Example of a Basic Layer 2 Interface Configuration Dell(conf-if)#show config interface Port-channel 1 no ip address switchport no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands.
TenGigabitEthernet 1/2 no ip address switchport no shutdown Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Te 1/2. Dell(conf-if)# To determine the configuration of an interface, use the show config command in INTERFACE mode or the various show interface commands in EXEC mode.
Information. To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode. Dell>show ip int vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49.1/24 Broadcast address is 1.1.49.255...
You can configure this interface using the CLI, but the configuration options on this interface are limited. You cannot configure Gateway addresses and IP addresses if it appears in the main routing table of Dell Networking OS. In addition, proxy ARP is not supported on this interface.
Page 461
• must not match the virtual IP address and must not be in the same subnet as the virtual IP. Dell#show interfaces managementethernet 1/1 ManagementEthernet 1/1 is up, line protocol is up Hardware is DellForce10Eth, address is 00:01:e8:a0:bf:f3...
To display the configuration for a given port, use the show interface command in EXEC Privilege mode, as shown in the following example. To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int TenGigabitEthernet 1/1 TenGigabitEthernet 1/1 is up, line protocol is up Description: This is the Managment Interface...
You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol.
ip ospf authentication-key force10 ip ospf cost 1 ip ospf dead-interval 60 ip ospf hello-interval 15 no shutdown Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Because this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability.
There are 128 port-channels with 16 members per channel. As soon as you configure a port channel, Dell Networking OS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel.
10000 Mbps are kept up, and all other interfaces that are not set to 10G speed or auto negotiate are disabled. Dell Networking OS brings up the interfaces that are set to auto negotiate so that their speed is identical to the speed of the first channel member in the port channel.
NOTE: Port channels can contain a mix of Ethernet interfaces, but Dell Networking OS disables the interfaces that are not the same speed of the first channel member in the port channel (refer to 10/100/1000 Mbps Interfaces in Port Channels).
Page 468
EXEC Privilege mode, use the show running-config interface interface command. When an interface is added to a port channel, Dell Networking OS recalculates the hash algorithm. To add a physical interface to a port, use the following commands.
Time since last interface status change: 04:31:57 Dell> When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs).
The following example shows moving an interface from port channel 4 to port channel 3. Dell(conf-if-po-4)#show config interface Port-channel 4 no ip address channel-member TenGigabitEthernet 1/8 no shutdown Dell(conf-if-po-4)#no chann tengi 1/8 Dell(conf-if-po-4)#int port 3 Dell(conf-if-po-3)#channel tengi 1/8 Dell(conf-if-po-3)#sho conf interface Port-channel 3 no ip address...
Page 471
EXEC mode Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)# vlan tagged 2-5,100,4010 Dell#show interfaces switchport te 1/1 Codes: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Trunk, H - VSN tagged...
Dell Networking OS allows you to modify the hashing algorithms used for flows and for fragments. The load- balance and hash-algorithm commands are available for modifying the distribution algorithms.
| crc32LSB | xor1 | xor2 | xor4 | xor8 | xor16 }][stack-unit|linecard number | port-set number | [hg—seed seed-value | seedseed-value For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide. • Change to another algorithm.
Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single range. Example of the interface range Command (Single Range) Dell(config)# interface range tengigabitethernet 1/1 - 1/23 Dell(config-if-range-te-1/1-1/23)# no shutdown Dell(config-if-range-te-1/1-1/23)# Interfaces...
Page 475
The following is an example showing how duplicate entries are omitted from the interface-range prompt. Example of the Interface-Range Prompt for Duplicate Interfaces Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)#interface range tengigabitethernet 2/1 - 2/23 , tengigabitethernet 2/1...
The following example shows how to define an interface-range macro named “test” to select Ten Gigabit Ethernet interfaces 5/1 through 5/4. Example of the define interface-range Command for Macros Dell(config)# define interface-range test tengigabitethernet 5/1 - 5/4 Choosing an Interface-Range Macro To use an interface-range macro, use the following command.
Page 477
— Page down • q — Quit Dell#monitor interface Te 3/1 Dell uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.: 2s Interface: Te 3/1, Disabled, Link is Down, Linespeed is 1000 Mbit Traffic statistics: Current...
The system supports Dell-qualified transceivers and only some of the non Dell-qualified transceivers. If the system displays an error message similar to the following, the transceiver is not Dell-qualified. The Dell Networking OS places the interface in error-disabled (operationally down) state.
LineSpeed 40000 Mbit <output truncated for brevity> For information about which optics and transceivers are supported, contact your Dell representative. Splitting QSFP Ports to SFP+ Ports The platform supports splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (for a list of supported cables, refer to the Installation Guide or the Release Notes).
Similarly, you can enable the fan-out mode to configure the QSFP port on a device to act as an SFP or SFP+ port. As the QSA enables a QSFP or QSFP+ port to be used as an SFP or SFP+ port, Dell Networking OS does not immediately detect the QSA after you insert it into a QSFP port cage.
In the following show interfaces tengigbitethernet commands, the ports 1,2, and 3 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is inserted into these ports.
Dell#show interfaces tengigabitethernet 1/4 transceiver SFP 1 Serial ID Base Fields SFP 1 Id = 0x0d SFP 1 Ext Id = 0x00 SFP 1 Connector = 0x23 SFP 1 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00...
Page 483
Clearing Dampening Counters To clear dampening counters and accumulated penalties, use the following command. • Clear dampening counters. clear dampening Example of the clear dampening Command Dell# clear dampening interface Te 1/1 Dell#show interfaces dampening Tengigabitethernet 1/1 Interface Supp Flaps Penalty Half-Life...
The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, Dell Networking OS divides the packet into fragments no bigger than the size set in the ip mtu command.
Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it. The destination sends a PAUSE frame back to the source, stopping the sender’s transmission for a period of time.
As a workaround, apply the new settings, execute shut then no shut on the interface, and then check the running-config of the port. NOTE: If you disable rx flow control, Dell Networking recommends rebooting the system. The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes.
1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The following table lists the various Layer 2 overheads found in Dell Networking OS and the number of bytes. The MTU range is from 592 to 9216, with a default of 9216. IP MTU automatically configures.
NOTE: As a best practice, Dell Networking recommends keeping auto-negotiation enabled. Only disable auto-negotiation on switch ports that attach to devices not capable of supporting negotiation or where connectivity issues arise from interoperability issues.
Page 489
Example of the show interfaces status Command to View Link Status NOTE: The show interfaces status command displays link status, but not administrative status. For both link and administrative status, use the show ip interface command. Dell#show interfaces status Port Description Status Speed Duplex Vlan Te 1/1...
Dell(conf-if-te-1/1-autoneg)# For details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command.
Dell#show ip interface stack-unit 1 configured Dell#show ip interface tengigabitEthernet 1 configured Dell#show ip interface br configured Dell#show ip interface br stack-unit 1 configured Dell#show ip interface br tengigabitEthernet 1 configured Dell#show running-config interfaces configured Dell#show running-config interface tengigabitEthernet 1 configured In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information.
Page 492
Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h40m Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#rate-interval 100 Dell#show interfaces TenGigabitEthernet 1/1 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:01:9e:d9...
Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, Dell Networking OS automatically turns on counting when you enable the application, and is turned off when you disable the application. NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance.
Page 494
(OPTIONAL) To clear unknown source address (SA) drop counters when you configure the MAC learning limit on the interface, enter the keywords learning-limit. Example of the clear counters Command When you enter this command, confirm that you want Dell Networking OS to clear the interface counters for that interface. Dell#clear counters te 1/1...
Internet Protocol Security (IPSec) Internet protocol security (IPSec) is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel. •...
IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature...
Troubleshooting UDP Helper IP Addresses Dell Networking OS supports IP version 4 (as described in RFC 791), classful routing, and variable length subnet masks (VLSM). With VLSM, you can configure one network with different masks. Supernetting, which increases the number of subnets, is also supported.
• Configure Static Routes for the Management Interface (optional) For a complete listing of all commands related to IP addressing, refer to the Dell Networking OS Command Line Interface Reference Guide. Assigning IP Addresses to an Interface Assign primary and secondary IP addresses to physical or logical (for example, [virtual local area network [VLAN] or port channel) interfaces to enable IP communication between the system and hosts connected to that interface.
• tag tag-value: the range is from 1 to 4294967295. (optional) Example of the show ip route static Command To view the configured routes, use the show ip route static command. Dell#show ip route static Destination Gateway Dist/Metric Last Change...
Direct, Lo 0 --More-- Dell Networking OS installs a next hop that is on the directly connected subnet of current IP address on the interface. Dell Networking OS also installs a next hop that is not on the directly connected subnet but which recursively resolves to a next hop on the interface's configured subnet.
default byte size of an IP packet is 576. This packet size is called the maximum transmission unit (MTU) for IPv4 frames. PMTD operates by containing the do not fragment (DF) bit set in the IP headers of outgoing packets. When any device along the network path contains an MTU that is smaller than the size of the packet that it receives, the device drops the packet and sends an Internet Control Message Protocol (ICMP) Fragmentation Needed (Type 3, Code 4) message with its MTU value to the source or the sending device.
Dell>show ip tcp reduced-syn-ack-wait Enabling Directed Broadcast By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive directed broadcasts, use the following command.
The order you entered the servers determines the order of their use. Example of the show hosts Command To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set...
Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches the host table first to resolve the partial domain.
For more information about ARP, refer to RFC 826, An Ethernet Address Resolution Protocol. In Dell Networking OS, Proxy ARP enables hosts with knowledge of the network to accept and forward packets from hosts that contain no knowledge of the network. Proxy ARP makes it possible for hosts to be ignorant of the network, including subnetting.
These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command. To view the static entries in the ARP cache, use the show arp static command in EXEC privilege mode. Dell#show arp Protocol Address...
Gratuitous ARP can mean an ARP request or reply. In the context of ARP learning via gratuitous ARP on Dell Networking OS, the gratuitous ARP is a request. A gratuitous ARP request is an ARP request that is not needed according to the ARP specification, but one that hosts may send to: •...
ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address.
Beginning with Dell Networking OS version 8.3.1.0, when you enable ARP learning via gratuitous ARP, the system installs a new ARP entry, or updates an existing entry for all received ARP requests. Figure 54. ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable ARP learning via gratuitous ARP, the system does not look up the target IP.
The following lists the configuration tasks for ICMP. • Enabling ICMP Unreachable Messages For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled.
IP address of packets to match those addresses. Configure UDP Helper To configure Dell Networking OS to direct UDP broadcast, enable UDP helper and specify the UDP ports for which traffic is forwarded. See...
When you enable UDP helper and the destination IP address of an incoming packet is a broadcast address, Dell Networking OS suppresses the destination address of the packet. The following sections describe various configurations that employ UDP helper to direct broadcasts.
UDP Helper with Broadcast-All Addresses When the destination IP address of an incoming packet is the IP broadcast address, Dell Networking OS rewrites the address to match the configured broadcast address. In the following illustration: Packet 1 is dropped at ingress if you did not configure UDP helper address.
UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching interface. In the following illustration, Packet 1 has the destination IP address 1.1.1.255, which matches the subnet broadcast address of VLAN 101.
To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Te 5/1 with IP DA (0xffffffff) will be sent on Te 5/2 Te 5/3 Vlan 3 01:44:54: Pkt rcvd on Te 7/1 is handed over for DHCP processing.
NOTE: Even though Dell Networking OS listens to all ports, you can only use the ports starting from 1024 for IPv6 traffic. Ports from 0 to 1023 are reserved for internal use and you cannot use them for IPv6 traffic.
(DHCP) servers via stateful auto-configuration. NOTE: Dell Networking OS provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS). By default, RA response messages are sent when an RS message is received.
IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This fixed length provides 16 bytes each for source and destination information and 8 bytes for general header information. The IPv6 header includes the following fields: • Version (4 bits) •...
Page 521
classes and priorities. Routers understand the priority settings and handle them appropriately during conditions of congestion. Flow Label (20 bits) The Flow Label field identifies packets requiring special treatment in order to manage real-time data traffic. The sending router can label sequences of IPv6 packets so that forwarding routers can process packets within the same flow without needing to reprocess each packet’s header separately.
Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing. In IPv4, this is known as the Time to Live (TTL) field and uses seconds rather than hops. Each time the packet moves through a forwarding router, this field decrements by 1. If a router receives a packet with a Hop Limit of 1, it decrements it to 0 (zero).
This field identifies the length of the Hop-by-Hop Options header in 8-byte units, but does not include the first 8 bytes. Consequently, if the header is less than 8 bytes, the value is 0 (zero). • Options (size varies) This field can contain one or more options. The first byte if the field identifies the Option type, and directs the router how to handle the option.
Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform. The sections following the table give greater detail about the feature.
Page 525
OSPF, IS-IS, and IPv6 BGP chapters in the Dell Networking OS Command Line Reference Guide. Multiprotocol BGP 9.7.(0.1) IPv6 BGP in the Dell extensions for IPv6 Networking OS Command Line Reference Guide. IPv6 BGP MD5 9.7.(0.1) IPv6 BGP in the Dell...
Page 526
(inbound SSH) Layer 3 only IPv6 Access Control Lists 9.7.(0.1) IPv6 Access Control Lists in the Dell Networking OS Command Line Reference Guide. IPv6 Multicast IPv6 PIM in the Dell MLDv1/v2 9.7.(0.1) Networking OS Command Line Reference Guide. IPv6 Routing...
ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 4443.
IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery, Dell Networking recommends configuring the static route last or assigning an IPv6 address to the interface and assigning an address to the peer (the forwarding router’s address) less than 10 seconds apart.
a multicast address with the unicast address used as the last 24 bits. Other hosts on the link do not participate in the process, greatly increasing network bandwidth efficiency. Figure 60. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface.
Example of Debugging IPv6 RDNSS Information Sent to the Host The following example debugs IPv6 RDNSS information sent to the host. Dell(conf-if-te-1/1)#do debug ipv6 nd tengigabitethernet 1/1 ICMPv6 Neighbor Discovery packet debugging is on for tengigabitethernet 1/1 Dell(conf-if-te-1/1)#00:13:02 : : cp-ICMPV6-ND: Sending RA on Te 1/1 IPv6 Routing...
The following example displays IPv6 RDNSS information. The output in the last 3 lines indicates that the IPv6 RDNSS was correctly configured on interface te 1/1. Dell#show ipv6 interface te 1/1 TenGigabitEthernet 1/1 is up, line protocol is up IPV6 is enabled...
Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 The following are configuration tasks for the IPv6 protocol.
Assigning an IPv6 Address to an Interface Essentially, IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully.
Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router.
SNMP notifications from a device running Dell Networking OS IPv6. The Dell Networking OS SNMP-server commands for IPv6 have been extended to support IPv6. For more information regarding SNMP commands, refer to the SNMP and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide.
• For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Example of the show ipv6 interface Command Dell#show ipv6 int ManagementEthernet 1/1 ManagementEthernet 1/1 is up, line protocol is up IPV6 is enabled Stateless address autoconfiguration is enabled...
Page 537
To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command. Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0...
For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For the Management interface on the stack-unit, enter the keyword ManagementEthernet then the slot/port information. Example of the show running-config interface Command Dell#show run int Te 2/2 interface TenGigabitEthernet 2/2 no ip address ipv6 address 3:4:5:6::8/24 shutdown...
NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing. Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted router advertisement guard messages that arrive at the network device platform.
Page 540
The retransmission time range is from 100 to 4,294,967,295 milliseconds. 15 Display the configurations applied on the RA guard policy mode. POLICY LIST CONFIGURATION mode show config Example of the show config Command Dell(conf-ra_guard_policy_list)#show config ipv6 nd ra-guard policy test device-role router hop-limit maximum 251 mtu 1350...
[interface slot/port[/subport] | count value] The count range is from 1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, see the Dell Networking OS Command Line Reference Guide.
TCP/IP-based protocol for establishing and managing connections between IP-based storage devices and initiators in a storage area network (SAN). iSCSI optimization enables the network switch to auto-detect Dell’s iSCSI storage arrays and triggers a self- configuration of several key network configurations that enables optimization of the network for better storage traffic throughput.
Page 543
• Auto-detection of EqualLogic storage arrays — the switch detects any active EqualLogic array directly attached to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. • Automatic configuration of switch ports after detection of storage arrays. •...
ensure that iSCSI traffic in these sessions receives priority treatment when forwarded on stacked switch hardware. Figure 61. iSCSI Optimization Example Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets.
4, use the QoS dot1p-priority command (refer to QoS dot1p Traffic Classification and Queue Assignment). Dell Networking recommends setting the CoS dot1p priority-queue to 0 (zero). You can configure whether iSCSI frames are re-marked to contain the configured VLAN priority tag or IP DSCP when forwarded through the switch.
Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic flows. The switch uses the link layer discovery protocol (LLDP) to discover Dell EqualLogic devices on the network. LLDP is enabled by default. For more information about LLDP, refer to Link Layer Discovery Protocol (LLDP).
The command configures a port for the best iSCSI traffic conditions. The following message displays the first time you use the iscsi profile-compellent command to configure a port connected to a Dell Compellent storage array and describes the configuration changes that are automatically performed:...
Enable and Disable iSCSI Optimization The following describes enabling and disabling iSCSI optimizaiton. NOTE: iSCSI monitoring is disabled by default. iSCSI auto-configuration and auto-detection is enabled by default. If you enable iSCSI, flow control is automatically enabled on all interfaces. To disable flow control on all interfaces, use the no flow control rx on tx off command and save the configuration.
Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 44. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Disabled on the S4810, S4820T, S3048–ON, S4048– ON, and S3100 series. iSCSI CoS mode (802.1p priority queue mapping) dot1p priority 4 without the remark setting when you enable iSCSI.
Page 550
CONFIGURATION mode cam-acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman- qos 0 ecfmacl 0 fcoeacl 0 iscsioptacl 2 NOTE: Content addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: •...
Page 551
Separate port numbers with a comma. If multiple IP addresses are mapped to a single TCP port, use the no iscsi target port tcp-port-n command to remove all IP addresses assigned to the TCP number. To delete a specific IP address from the TCP port, use the no iscsi target port tcp-port-n ip-address address command to specify the address to be deleted.
ID. show iscsi sessions detailed [session isid] • Display all globally configured non-default iSCSI settings in the current Dell Networking OS session. show run iscsi Examples of the show iscsi Commands The following example shows the show iscsi command.
Page 553
VLT PEER2 Session 0: ----------------------------------------------------------------------------------- Target: iqn.2001-05.com.equallogic:0-8a0906-0f60c2002-0360018428d48c94-iom011 iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 The following example shows the show iscsi session detailed command. VLT PEER1 Dell# show iscsi session detailed Session 0: ------------------------------------------------------------ Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 33345 10.10.0.101 3260 0...
Intermediate System to Intermediate System The intermediate system to intermediate system (IS-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. Topics: • IS-IS Protocol Overview • IS-IS Addressing • Multi-Topology IS-IS •...
IS-IS Addressing IS-IS PDUs require ISO-style addressing called network entity title (NET). For those familiar with name-to-network service mapping point (NSAP) addresses, the composition of the NET is identical to an NSAP address, except the last byte is always 0. The NET is composed of the IS-IS area address, system ID, and N-selector.
The multi-topology ID is shown in the first octet of the IS-IS packet. Certain MT topologies are assigned to serve predetermined purposes: • MT ID #0: Equivalent to the “standard” topology. • MT ID #1: Reserved for IPv4 in-band management purposes. •...
restart, there is a potential to lose access to parts of the network due to the necessity of network topology changes. IS-IS graceful restart recognizes that in a modern router, the control plane and data plane are functionally separate. Restarting the control plane functionality (such as the failover of the active route processor module (RPM) to the backup in a redundant configuration) should not necessarily interrupt data packet forwarding.
By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing; however, the ISO NET format is supported for addressing.
Configuration Tasks for IS-IS The following describes the configuration tasks for IS-IS. • Enabling IS-IS • Configure Multi-Topology IS-IS (MT IS-IS) • Configuring IS-IS Graceful Restart • Changing LSP Attributes • Configuring the IS-IS Metric Style • Configuring IS-IS Cost •...
Page 560
ROUTER ISIS mode. To view the IS-IS configuration, enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 561
IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: •...
Page 562
NOTE: When you do not enable transition mode, you do not have IPv6 connectivity between routers operating in single-topology mode and routers operating in multi-topology mode. Exclude this router from other router’s SPF calculations. ROUTER ISIS AF IPV6 mode set-overload-bit Set the minimum interval between SPF calculations.
Page 563
LSP. The 'overload' bit is an indication to the receiving router that database synchronization did not complete at the restarting router. To view all graceful restart-related configurations, use the show isis graceful-restart detail command in EXEC Privilege mode. Dell#show isis graceful-restart detail Configured Timer Value ====================== Graceful Restart...
Page 564
Example of the show isis interface Command To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode. Dell#show isis interface TenGigabitEthernet 1/34 TenGigabitEthernet 1/34 is up, line protocol is up MTU 1497, Encapsulation SAP...
Page 565
Dell Networking OS supports five different metric styles: narrow, wide, transition, narrow transition, and wide transition. By default, Dell Networking OS generates and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the metric style of the IS-IS process.
Page 566
To view which metric types are generated and received, use the show isis protocol command in EXEC Privilege mode. The IS-IS matrixes settings are in bold. Example of Viewing IS-IS Metric Types Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with IS-IS enabled, you can assign a cost or metric that is used in the link state calculation. To change the metric or cost of the interface, use the following commands.
The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level. To view the Link State databases, use the show isis database command. Dell#show isis database IS-IS Level-1 Link State Database...
Page 569
Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS.
ROUTER ISIS mode distribute-list redistributed-override in Applying IPv6 Routes To apply prefix lists to incoming or outgoing IPv6 routes, use the following commands. NOTE: These commands apply to IPv6 IS-IS only. To apply prefix lists to IPv4 routes, use ROUTER ISIS mode, previously shown.
To add routes from other routing instances or protocols, use the following commands. NOTE: These commands apply to IPv4 IS-IS only. To apply prefix lists to IPv6 routes, use ADDRESS- FAMILY IPV6 mode, shown later. • Include BGP, directly connected, RIP, or user-configured (static) routes in IS-IS. ROUTER ISIS mode redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map...
Set the authentication password for a routing domain. ROUTER ISIS mode domain-password [encryption-type | hmac-md5] password The Dell OS supports both DES and HMAC-MD5 authentication methods. This password is inserted in Level 2 LSPs, Complete SNPs, and Partial SNPs. Intermediate System to Intermediate System...
Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system.
Page 574
Enter the type of interface and slot/port information to view IS-IS information on that interface only. Dell Networking OS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
The following sections provide additional information about the IS-IS metric styles. • Configuring the IS-IS Metric Style • Configure Metric Values Dell Networking OS supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) •...
Page 576
Table 47. Metric Value When the Metric Style Changes Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide narrow default value (10) if the original value is greater than 63. A message is sent to the console. wide transition truncated value (the truncated value appears in the LSP only).
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide transition narrow transition default value (10) if the original value is greater than 63. A message is sent to the console. wide transition transition truncated value (the truncated value appears in the LSP only). The original isis metric value is displayed in the show config and show running-config...
Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of the following three different methods: • Congruent Topology — You must configure both IPv4 and IPv6 addresses on the interface. Enable the ip router isis and ipv6 router isis commands on the interface.
Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and...
You can configure link dampening on individual members of a LAG. LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state.
• Enable or disable LACP on any LAN port. INTERFACE mode [no] port-channel-protocol lacp The default is LACP disabled. This command creates context. • Configure LACP mode. LACP mode [no] port-channel number mode [active | passive | off] • number: cannot statically contain any links. The default is LACP active.
To configure LACP long timeout, use the following command. • Set the LACP timeout value to 30 seconds. CONFIG-INT-PO mode lacp long-timeout Example of the lacp long-timeout and show lacp Commands Dell(conf)# interface port-channel 32 Dell(conf-if-po-32)#no shutdown Dell(conf-if-po-32)#switchport Dell(conf-if-po-32)#lacp long-timeout Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b...
Figure 64. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking.
Page 587
2d1h45m: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Po 2 To view the status of a failover group member, use the show interface port-channel command. Dell#show interface port-channel 2 Port-channel 2 is up, line protocol is down (Failover-group 1 is down)
Important Points about Shared LAG State Tracking The following is more information about shared LAG state tracking. • This feature is available for static and dynamic LAGs. • Only a LAG can be a member of a failover group. • You can configure shared LAG state tracking on one side of a link or on both sides.
Page 589
switchport no shutdown Alpha(conf-if-po-10)# Example of Viewing a LAG Port Configuration The following example inspects a LAG port configuration on ALPHA. Alpha#sh int TenGigabitEthernet 2/31 TenGigabitEthernet 2/31 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface Index is 109101113 Port will not be disabled on partial SFM failure...
Page 590
Figure 67. Inspecting the LAG Configuration Link Aggregation Control Protocol (LACP)
Page 591
Figure 68. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP)
Page 592
Figure 69. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 2/31 Alpha(conf-if-te-2/31)#no ip address Alpha(conf-if-te-2/31)#no switchport Alpha(conf-if-te-2/31)#shutdown Alpha(conf-if-te-2/31)#port-channel-protocol lacp Alpha(conf-if-te-2/31-lacp)#port-channel 10 mode active Alpha(conf-if-te-2/31-lacp)#no shut Alpha(conf-if-te-2/31)#show config interface GigabitEthernet 2/31 no ip address port-channel-protocol LACP port-channel 10 mode active...
Page 593
switchport no shutdown interface TenGigabitEthernet 2/31 no ip address Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config interface Port-channel 10 no ip address switchport no shutdown Bravo(conf-if-po-10)#exit Bravo(conf)#int tengig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown...
Page 594
Figure 70. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP)
Page 595
Figure 71. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP)
Page 596
Figure 72. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode.
Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries •...
• Specify an aging time. CONFIGURATION mode mac-address-table aging-time seconds The range is from 10 to 1000000. Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. •...
• Recovering from Learning Limit and Station Move Violations Dell Networking OS Behavior: When configuring the MAC learning limit on a port or VLAN, the configuration is accepted (becomes part of running-config and show mac learning-limit interface) before the system verifies that sufficient CAM space exists. If the CAM check fails, a message is displayed:...
Dell Networking OS Behavior: If you do not configure the dynamic option, the system does not detect station moves in which a MAC address learned from a MAC-limited port is learned on another port on the same system. Therefore, any configured violation response to detected station moves is not performed.
Dell Networking OS Behavior: The systems do not generate a station-move violation log entry for physical interfaces or port-channels when you configure mac learning-limit or when you configure mac learning-limit station-move-violation log. Dell Networking OS detects a station-move violation only when you configure mac learning-limit dynamic and logs the violation only when you configure the mac learning-limit station-move-violation log, as shown in the following example.
station-move-violation shutdown-offending • Shut down both the first and second port to learn the MAC address. INTERFACE mode station-move-violation shutdown-both • Display a list of all of the interfaces configured with MAC learning limit or station move violation. CONFIGURATION mode show mac learning-limit violate-action NOTE: When the MAC learning limit (MLL) is configured as no-station-move, the MLL will be...
Page 603
ARP table, the no mac-address-table station- move refresh-arp command should not be configured on the Dell Networking switch at the time that NIC teaming is being configured on the server.
Down state until the primary fails, at which point it transitions to Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces.
Page 605
Apply all other configurations to each interface in the redundant pair such that their configurations are identical, so that transition to the backup interface in the event of a failure is transparent to rest of the network. Figure 75. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command.
TenGigabitEthernet 3/42 no shutdown interface TenGigabitEthernet 3/42 no ip address switchport no shutdown Dell(conf-if-range-te-3/41-42)# Dell(conf-if-range-te-3/41-42)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned YES Manual up TenGigabitEthernet 3/42 unassigned NO Manual up down [output omitted]...
00:24:55: %RPM0-P:CP %IFMGR-5-ACTIVE: Changed Vlan interface state to active: Vl 1 00:24:55: %RPM0-P:CP %IFMGR-5-STATE_STBY_ACT: Changed interface state from standby to active: Te 3/42 Dell(conf-if-te-3/41)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned NO Manual administratively down down TenGigabitEthernet 3/42...
enable FEFD globally or locally on an interface basis. Disabling the global FEFD configuration does not disable the interface configuration. Figure 76. Configuring Far-End Failure Detection The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not available.
Page 609
You can enable FEFD globally or on a per-interface basis. Interface FEFD configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. • FEFD is not supported on Fibre Channel and copper Ethernet ports.
FEFD is globally 'ON', interval is 3 seconds, mode is 'Normal'. INTERFACE MODE INTERVAL STATE (second) Te 1/1 Normal 3 Bi-directional Te 1/2 Normal 3 Admin Shutdown Te 1/3 Normal 3 Admin Shutdown Te 1/4 Normal 3 Admin Shutdown Dell#show run fefd fefd-global mode normal fefd-global interval 3 Layer 2...
INTERFACE mode fefd {disable | interval | mode} Example of Viewing FEFD Configuration Dell(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 no ip address switchport fefd mode normal no shutdown Dell(conf-if-te-1/1)#do show fefd | grep 1/1 Te 1/1 Normal Unknown Layer 2...
Dell(conf-if-te-1/1)#shutdown 2w1d22h: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Te Dell(conf-if-te-1/1)#2w1d22h : FEFD state on Te 1/1 changed from ANY to Unknown 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 1/1 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 4/1...
Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 78. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Link Layer Discovery Protocol (LLDP)
Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs.
Page 616
Indicates whether the link is capable of being aggregated, whether it is currently in a LAG, and the port identification of the LAG. Dell Networking OS does not currently support this TLV. Maximum Frame Size Indicates the maximum frame size capability of the MAC and PHY.
• LLDP-MED Network Connectivity Device — any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: •...
Page 618
Inventory Management Implementation of this TLVs set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. Dell Networking OS does not currently support these TLVs. Inventory — Hardware Indicates the hardware Revision revision of the LLDP-MED device.
Page 619
LLDP-MED capability (as shown in the following table). • The possible values of the LLDP-MED device type are shown in the following. The Dell Networking system is a network connectivity device, which is Type 4. When you enable LLDP-MED in Dell Networking OS (using the advertise med command), the system begins transmitting this TLV.
Page 620
An integer represents the application type (the Type integer shown in the following table), which indicates a device function for which a unique network policy is defined. An individual LLDP-MED network policy TLV is generated for each application type that you specify with the Dell Networking OS CLI (Advertising TLVs).
Page 621
• Power Type — there are two possible power types: power source entity (PSE) or power device (PD). The Dell Networking system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification. •...
Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000.
LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuration Negate a command or set its defaults show Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/3 Dell(conf-if-te-1/3)#protocol lldp Dell(conf-if-te-1/3-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol on this interface...
Enabling LLDP on Management Ports LLDP on management ports is enabled by default. To enable LLDP on management ports, use the following command. Enter Protocol LLDP mode. CONFIGURATION mode protocol lldp Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode management-interface Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP on Management...
Page 625
To advertise TLVs, use the following commands. Enter LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp Advertise one or more TLVs. PROTOCOL LLDP mode advertise {dcbx-appln-tlv | dcbx-tlv | dot3-tlv | interface-port-desc | management-tlv | med } Include the keyword for each TLV you want to advertise. •...
Information valid for next 120 seconds Time since last information change of this neighbor: 01:50:16 Remote MTU: 1554 Remote System Desc: Dell Networks Real Time Operating System Software Dell Operating System Version: 1.0. Dell Application Software Version: 9.4.0.0. Copyright (c) 1999-2014...
advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description multiplier 5 no disable R1(conf-lldp)#no multiplier R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Debugging LLDP You can view the TLVs that your system is sending and receiving. To view the TLVs, use the following commands.
To stop viewing the LLDP TLVs sent and received by the system, use the no debug lldp command. Figure 84. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: •...
Page 632
Table 57. LLDP Configuration MIB Objects MIB Object LLDP Variable LLDP MIB Object Description Category LLDP adminStatus lldpPortConfigAdminStatus Whether you enable the local Configuration LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplier Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received...
Page 633
Table 58. LLDP System MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object Chassis ID chassis ID subtype Local lldpLocChassisIdSubt Remote lldpRemChassisIdSub type chassid ID Local lldpLocChassisId Remote lldpRemChassisId Port ID port subtype Local lldpLocPortIdSubtype Remote lldpRemPortIdSubtyp port ID Local lldpLocPortId...
Page 634
TLV Type TLV Name TLV Variable System LLDP MIB Object interface numbering Local lldpLocManAddrIfSub subtype type Remote lldpRemManAddrIfSu btype interface number Local lldpLocManAddrIfId Remote lldpRemManAddrIfId Local lldpLocManAddrOID Remote lldpRemManAddrOID Table 59. LLDP 802.1 Organizationally specific TLV MIB Objects TLV Type TLV Name TLV Variable System...
Page 635
Table 60. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object lldpXMedPortCapSup LLDP-MED LLDP-MED Local ported Capabilities Capabilities lldpXMedPortConfigT LVsTx Enable lldpXMedRemCapSup Remote ported lldpXMedRemConfig TLVsTxEnable LLDP-MED Class Local lldpXMedLocDeviceC Type lass Remote lldpXMedRemDevice Class Network Policy Application Type Local...
Page 636
TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Location Identifier Location Data Format Local lldpXMedLocLocation Subtype Remote lldpXMedRemLocatio nSubtype Location ID Data Local lldpXMedLocLocation Info Remote lldpXMedRemLocatio nInfo Extended Power via Power Device Type Local lldpXMedLocXPoEDe viceType Remote lldpXMedRemXPoED eviceType lldpXMedLocXPoEPS...
Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group. NLB combines the servers into a single multicast group and attempts to use the standard multicast IP or unicast IP addresses and MAC addresses to transmit of network traffic.
If the active server sends a reply, the Dell switch learns the active server’s MAC address. If all servers reply, the switch registers only the last received ARP reply and the switch learns one server’s actual MAC address; the virtual MAC address is never learned.
given in the payload. Then, all the traffic destined for the cluster is flooded out of all member ports. Because all the servers in the cluster receive traffic, failover and balancing are preserved. Enable and Disable VLAN Flooding • The older ARP entries are overwritten whenever newer NLB entries are learned. •...
Page 640
This setting causes the multicast MAC address to be mapped to the cluster IP address for the NLB mode of operation of the switch. Associate specific MAC or hardware addresses to VLANs. CONFIGURATION mode mac-address-table static multicast-mac-address vlan vlan-id output-range interface Microsoft Network Load Balancing...
Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Page 642
When an MSDP peer receives an SA message, it determines if there are any group members within the domain interested in any of the advertised sources. If there are, the receiving RP sends a join message to the originating RP, creating a shortest path tree (SPT) to the source. Figure 85.
Page 643
RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 86.
RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell Networking OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446.
Related Configuration Tasks The following lists related MSDP configuration tasks. • Enable MSDP • Manage the Source-Active Cache • Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active Cache • Preventing MSDP from Caching a Local Source •...
ip multicast-msdp Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3(conf)#do show ip msdp summary Peer Addr Local Addr State Source Up/Down Description...
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries.
Accept Source-Active Messages that Fail the RFP Check A default peer is a peer from which active sources are accepted even though they fail the RFP check. Referring to the following illustrations: • In Scenario 1, all MSPD peers are up. •...
Figure 93. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the peer accepts all sources that peer advertises.
CONFIGURATION mode ip msdp cache-rejected-sa Prevent the system from caching local SA entries based on source and group using an extended ACL. CONFIGURATION mode ip msdp redistribute list Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed.
Example of Verifying the System is not Caching Remote Sources As shown in the following example, R1 is advertising source 10.11.4.2. It is already in the SA cache of R3 when an ingress SA filter is applied to R3. The entry remains in the SA cache until it expires and is not stored in the rejected SA cache.
[Router 1] R1(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command.
Example of the debug ip msdp Command R1(conf)#do debug ip msdp All MSDP debugging has been turned on R1(conf)#03:16:08 : MSDP-0: Peer 192.168.0.3, sent Keepalive msg 03:16:09 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:16:27 : MSDP-0: Peer 192.168.0.3, sent Source Active msg 03:16:38 : MSDP-0: Peer 192.168.0.3, sent Keepalive msg 03:16:39 : MSDP-0: Peer 192.168.0.3,...
RPs use MSDP to peer with each other using a unique address. Figure 94. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address.
CONFIGURATION mode ip pim rp-address In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address. CONFIGURATION mode interface loopback Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect- source.
Page 664
interface TenGigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown interface Loopback 1 ip address 192.168.0.11/32 no shutdown...
Page 665
no shutdown router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.22/32 area 0 redistribute static redistribute connected redistribute bgp 100 router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.11 connect-source Loopback 1...
ip route 192.168.0.1/32 10.11.0.23 ip route 192.168.0.22/32 10.11.0.23 ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 MSDP Sample Configurations The following examples show the running-configurations described in this chapter. For more information, see the illustrations in the Related Configuration Tasks section. MSDP Sample Configuration: R1 Running-Config ip multicast-routing interface TenGigabitEthernet 1/1 ip pim sparse-mode...
Page 667
interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown interface Loopback 0 ip address 192.168.0.2/32 no shutdown router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.2/32 area 0 redistribute static redistribute connected redistribute bgp 100 router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200...
Page 668
neighbor 192.168.0.2 update-source Loopback 0 neighbor 192.168.0.2 no shutdown ip multicast-msdp ip msdp peer 192.168.0.1 connect-source Loopback 0 ip route 192.168.0.2/32 10.11.0.23 MSDP Sample Configuration: R4 Running-Config ip multicast-routing interface TenGigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown interface TenGigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown...
Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
Page 670
Enable Multiple Spanning Tree Globally • Adding and Removing Interfaces • Creating Multiple Spanning Tree Instances • Influencing MSTP Root Selection • Interoperate with Non-Dell Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters •...
Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 61. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w...
• Influencing MSTP Root Selection • Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology Change •...
All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID 1 100...
Current root has priority 32768, Address 0001.e806.953e Number of topology changes 2, last change occured 1d2h ago on Te 1/21 Port 374 (TenGigabitEthernet 1/21) is root Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.374 Designated root has priority 32768, address 0001.e806.953e Designated bridge has priority 32768, address 0001.e806.953e Designated port id is 128.374, designated path cost 20000 Number of transitions to forwarding state 1...
For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for the name and revision number must match on all Dell Networking OS devices. If there are non-Dell devices that participate in MSTP, ensure these values match on all devices.
Change the hello-time parameter. PROTOCOL MSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. Change the max-age parameter.
Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode. Dell(conf-mstp)#forward-delay 16 Dell(conf-mstp)#exit Dell(conf)#do show running-config spanning-tree mstp protocol spanning-tree mstp no disable name my-mstp-region MSTI 1 VLAN 100...
Enable EdgePort on an interface. INTERFACE mode spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes. However, you may activate the flushing mechanism defined by 802.1Q-2003 using the tc-flush-standard command, which flushes MAC addresses after every topology change notification.
MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 96. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs.
Page 681
interface TenGigabitEthernet 1/31 no ip address switchport no shutdown (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps:...
Page 682
no ip address tagged TenGigabitEthernet 2/11,31 no shutdown Router 3 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. Assign Layer-2 interfaces to the MSTP topology. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
Page 684
Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp protocol spanning-tree mstp name Tahiti...
Page 685
INST 2 (MSTP Instance): Flags: 0x78, Reg Root: 32768:0001.e806.953e, Int Root Cost: 0 Brg/Port Prio: 32768/128, Rem Hops: 19 Indicates MSTP routers are in the (single) region MSTP Instance MSTP Region name The following example shows viewing the debug log of an unsuccessful MSTP configuration. 4w0d4h : MSTP: Received BPDU on Te 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x78Different Region (Indicates MSTP routers are in different regions and are not communicating with each other.)
Because protocol control traffic in the Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, the Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic.
Preventing a PIM Router from Processing a Join Limiting the Number of Multicast Routes When the total number of multicast routes on a system limit is reached, the Dell Networking OS does not process Internet group management protocol (IGMP) or multicast listener discovery protocol (MLD) joins to protocol-independent multicast (PIM) —...
Page 688
Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, the Dell Networking OS clears the multicast routing table and re-learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists.
Page 689
limiting Receiver 1, so both IGMP reports are accepted and two corresponding entries are created in the routing table. Figure 97. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 63.
Page 690
Location Description • no shutdown 1/31 • Interface TenGigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13.1/24 • no shutdown • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface TenGigabitEthernet 2/11 •...
Page 691
Location Description • ip pim sparse-mode • ip address 10.11.4.1/24 • untagged TenGigabitEthernet 1/2 • ip igmp access-group igmpjoinfilR2G2 • no shutdown Preventing a PIM Router from Forming an Adjacency To prevent a router from participating in PIM (for example, to configure stub multicast routing), use the following command.
Page 692
Figure 98. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 64. Preventing a Source from Transmitting to a Group — Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 •...
Page 693
Location Description • no shutdown 1/31 • Interface TenGigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13.1/24 • no shutdown • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface TenGigabitEthernet 2/11 •...
Page 694
NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
IPv4 or IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking OS client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes.
Later, if network conditions change and the cost of the default route in each router changes, the mastership of the VRRP group is automatically reassigned to the router with the better metric. Figure 99. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object.
Track Layer 3 Interfaces You can create an object that tracks the Layer 3 state (IPv4 or IPv6 routing status) of an interface. • The Layer 3 status of an interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address.
For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. • The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes.
Track Layer 3 Interfaces • Track an IPv4/IPv6 Route For a complete listing of all commands related to object tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that tracks the line-protocol state of a Layer 2 interface and monitors its operational status (UP or DOWN).
The text string can be up to 80 characters. (Optional) Display the tracking configuration and the tracked object’s status. EXEC Privilege mode show track object-id Example of Configuring Object Tracking Dell(conf)#track 100 interface tengigabitethernet 1/1 line-protocol Dell(conf-track-100)#delay up 20 Dell(conf-track-100)#description San Jose data center Dell(conf-track-100)#end Dell#show track 100...
Page 701
Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface The following is an example of configuring object tracking for an IPv4 interface: Dell(conf)#track 101 interface tengigabitethernet 1/2 ip routing Dell(conf-track-101)#delay up 20 Dell(conf-track-101)#description NYC metro...
For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. • The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes.
Page 703
Examples of IPv4 and IPv6 Tracking Route Reachability Examples of IPv4 and IPv6 Tracking Route Reachability The following example configures object tracking on the reachability of an IPv4 route: Dell(conf)#track 104 ip route 10.0.0.0/8 reachability Dell(conf-track-104)#delay up 20 down 10 Dell(conf-track-104)#end...
Page 704
Reachability is Down (route not in route table) 2 changes, last change 00:02:49 Tracked by: Dell#configure Dell(conf)#track 4 ip route 3.1.1.0/24 reachability vrf vrf1 The following example configures object tracking on the reachability of an IPv6 route: Dell(conf)#track 105 ipv6 route 1234::/64 reachability...
Page 705
Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv4 route: Dell(conf)#track 6 ip route 2.1.1.0/24 metric threshold Dell(conf-track-6)#delay down 20 Dell(conf-track-6)#delay up 20 Dell(conf-track-6)#description track ip route metric...
Use the show running-config track command to display the tracking configuration of a specified object or all objects that are currently configured on the router. show running-config track [object-id] Examples of Viewing Tracked Objects Dell#show track Track 1 IP route 23.0.0.0/8 reachability Reachability is Down (route not in route table)
Page 707
IP Route Resolution ISIS OSPF IPv6 Route Resolution ISIS Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 1/4...
Open Shortest Path First (OSPFv2 and OSPFv3) Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS).
Autonomous System (AS) Areas OSPF operates in a type of hierarchy. The largest entity within the hierarchy is the autonomous system (AS), which is a collection of networks under a common administration that share a common routing strategy. OSPF is an intra-AS (interior gateway) routing protocol, although it is capable of receiving routes from and sending routes to other ASs.
AS information from the backbone or other areas. • Totally stubby areas are referred to as no summary areas in the Dell Networking OS. Networks and Neighbors As a link-state protocol, OSPF sends routing information to other OSPF routers concerning the state of the links between them.
Page 711
The following example shows different router designations. Figure 101. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example.
These router designations are not the same ad the router IDs described earlier. The DRs and BDRs are configurable in Dell Networking OS. If you do not define DR or BDR, the system assigns them. OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR. The router with the highest priority is elected the DR.
A link-state advertisement (LSA) communicates the router’s local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • Type 1: Router LSA — The router lists links to other routers or networks in the same area. Type 1 LSAs are flooded across their own area only.
The LSA throttling timers are configured in milliseconds, with the interval time increasing exponentially until a maximum time has been reached. If the maximum time is reached, the system, the system continues to transmit at the max-interval until twice the max-interval time has passed. At that point, the system reverts to the start-interval timer and the cycle begins again.
Figure 102. Priority and Cost Examples OSPF with Dell Networking OS The Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within the that 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes.
When the restarting router completes its restart, it flushes the Type 9 and 11 LSAs, notifying its neighbors that the restart is complete. This notification happens before the grace period expires. Dell Networking routers support the following OSPF graceful restart functionality: •...
Fast convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. Dell Networking OS allows you to accept and originate LSAs as soon as they are available to speed up route information propagation.
In Dell Networking OS, the OSPF dead interval value is, by default, set to 40 seconds, and is independent of the OSPF hello interval. Configuring a hello interval does not change the dead interval in Dell Networking OS.
Adjacent with neighbor 1.1.1.1 (Backup Designated Router) Dell (conf-if-te-2/2)# Configuration Information The interfaces must be in Layer 3 mode (assigned an IP address) and enabled so that they can send and receive traffic. The OSPF process must know about these interfaces.
Page 720
Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#end Dell# For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback). By default, OSPF, similar to all routing protocols, is disabled.
Page 721
In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described.
Page 722
Dell(conf-router_ospf-1)#network 20.20.20.20/24 area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out to all physical interfaces assigned an IP address that is a subset of a network on which OSPF is enabled.
Page 723
Loopback interface address has a higher precedence than other interface addresses. Example of Viewing OSPF Status on a Loopback Interface Dell#show ip ospf 1 int TenGigabitEthernet 1/23 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.2, Network Type BROADCAST, Cost: 1...
Page 724
Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID Router Network S-Net S-ASBR Type-7 Subtotal 2.2.2.2...
Page 725
When you configure a passive interface, the show ip ospf process-id interface command adds the words passive interface to indicate that the hello packets are not transmitted on that interface (shown in bold). Dell#show ip ospf 34 int TenGigabitEthernet 1/1 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10...
Page 726
Dell# Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors.
Page 727
ip ospf cost • cost: The range is from 1 to 65535 (the default depends on the interface speed). • Change the time interval the router waits before declaring a neighbor dead. CONFIG-INTERFACE mode ip ospf dead-interval seconds • seconds: the range is from 1 to 65535 (the default is 40 seconds). The dead interval must be four times the hello interval.
Page 728
10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface TenGigabitEthernet 1/1 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.2.100...
Page 729
Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • grace period — the length of time the graceful restart process can last before OSPF terminates it.
Page 730
After you enable restart mode the router advertises the neighbor as fully adjacent during a restart. For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide.
Page 731
Example of Viewing OSPF Configuration after Redistributing Routes To view the current OSPF configuration, use the show running-config ospf command in EXEC mode or the show config command in ROUTER OSPF mode. Dell(conf-router_ospf)#show config router ospf 34 network 10.1.2.32 0.0.0.255 area 2.2.2.2 network 10.1.3.24 0.0.0.255 area 3.3.3.3...
Page 732
Troubleshooting OSPFv2 Use the information in this section to troubleshoot OSPFv2 operation on the switch. Be sure to check the following, as these questions represent typical issues that interrupt an OSPFv2 process. NOTE: The following tasks are not a comprehensive; they provide some examples of typical troubleshooting checks.
Page 733
OSPF packet information. • spf: view SPF information. • database-timers rate-limit: view the LSAs currently in the queue. Example of Viewing OSPF Configuration Dell#show run ospf router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 ipv6 router ospf 999 default-information originate always router-id 10.10.10.10...
Page 734
Basic OSPFv2 Router Topology The following illustration is a sample basic OSPFv2 topology. Figure 103. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 — Te 1/1 and 1/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 interface TenGigabitEthernet 1/1 ip address 10.1.11.1/24...
ip address 10.1.13.3/24 no shutdown interface TenGigabitEthernet 3/2 ip address 10.2.13.3/24 no shutdown OSPF Area 0 — Te 2/1 and 2/2 router ospf 22222 network 192.168.100.0/24 area 0 network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0 interface Loopback 20 ip address 192.168.100.20/24 no shutdown interface TenGigabitEthernet 2/1 ip address 10.2.21.2/24...
Page 736
Set the time interval between when the switch receives a topology change and starts a shortest path first (SPF) calculation. timers spf delay holdtime Example Dell#conf Dell(conf)#ipv6 router ospf 1 Dell(conf-ipv6-router_ospf)#timer spf 2 5 Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#show config ipv6 router ospf 1...
Page 737
NOTE: The OSPFv2 network area command enables OSPFv2 on multiple interfaces with the single command. Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3. • Assign the OSPFv3 process and an OSPFv3 area to this interface. CONF-INT-type slot/port mode ipv6 ospf process-id area area-id •...
Page 738
router-id {number} • number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id} • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Configuring Stub Areas To configure IPv6 stub areas, use the following command.
Page 739
Redistributing Routes You can add routes from other routing instances or protocols to the OSPFv3 process. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command.
Page 740
command. The grace period is the time that the OSPFv3 neighbors continue to advertise the restarting router as though it is fully adjacent. When you enable graceful restart (restarting role), an OSPFv3 restarting expects its OSPFv3 neighbors to help when it restarts by not advertising the broken link. When you enable the helper-reject role on an interface using the ipv6 ospf graceful-restart helper-reject command, you reconfigure OSPFv3 graceful restart to function in a restarting-only role.
Page 741
30.1.1.0/24 area 0 ipv6 router ospf 1 log-adjacency-changes graceful-restart grace-period 180 The following example shows the show ipv6 ospf database database-summary command. Dell#show ipv6 ospf database database-summary OSPFv3 Router with ID (200.1.1.1) (Process ID 1) Process 1 database summary Type Count/Status...
Page 742
IP header and before the next layer protocol header in Transport mode. It is possible to insert the ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
Page 743
OSPFv3 Authentication Using IPsec: Configuration Notes OSPFv3 authentication using IPsec is implemented according to the specifications in RFC 4552. • To use IPsec, configure an authentication (using AH) or encryption (using ESP) security policy on an interface or in an OSPFv3 area. Each security policy consists of a security policy index (SPI) and the key used to validate OSPFv3 packets.
Page 744
Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands. Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List for OSPFv3 (OSPF for IPv6)).
Page 745
ipv6 ospf encryption {null | ipsec spi number esp encryption-algorithm [key- encryption-type] key authentication-algorithm [key-authentication-type] key} • null: causes an encryption policy configured for the area to not be inherited on the interface. • ipsec spi number: is the security policy index (SPI) value. The range is from 256 to 4294967295. •...
Page 746
• area area-id: specifies the area for which OSPFv3 traffic is to be authenticated. For area-id, enter a number or an IPv6 prefix. • spi number: is the SPI value. The range is from 256 to 4294967295. • MD5 | SHA1: specifies the authentication type: message digest 5 (MD5) or Secure Hash Algorithm 1 (SHA-1).
Page 747
In the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted (shown in bold). The following example shows the show crypto ipsec policy command. Dell#show crypto ipsec policy Crypto IPSec client security policy data Policy name...
Page 748
Outbound ESP Cipher Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set : esp-128-aes esp-sha1-hmac The following example shows the show crypto ipsec sa ipv6 command. Dell#show crypto ipsec sa ipv6 Interface: TenGigabitEthernet 1/1 Link Local address: fe80::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 inbound ah sas...
outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3...
Set the time interval between when the switch receives a topology change and starts a shortest path first (SPF) calculation. timers spf delay holdtime Example Dell#conf Dell(conf)#ipv6 router ospf 1 Dell(conf-ipv6-router_ospf)#timer spf 2 5 Open Shortest Path First (OSPFv2 and OSPFv3)
The format is A:B:C::F/128. Bring up the interface. CONF-INT-type slot/port mode no shutdown Assigning Area ID on an Interface To assign the OSPFv3 process to an interface, use the following command. The ipv6 ospf area command enables OSPFv3 on an interface and places the interface in the specified area.
no ipv6 router ospf process-id • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Assigning OSPFv3 Process ID and Router ID to a To assign, disable, or reset OSPFv3 on a non-default VRF, use the following commands. •...
• Area ID: a number or IP address assigned when creating the area. You can represent the area ID as a number from 0 to 65536 if you assign a dotted decimal format rather than an IP address. Configuring Passive-Interface To suppress the interface’s participation on an OSPFv3 interface, use the following command.
Configuring a Default Route To generate a default external route into the OSPFv3 routing domain, configure the following parameters. To specify the information for the default route, use the following command. • Specify the information for the default route. CONF-IPV6-ROUTER-OSPF mode default-information originate [always [metric metric-value] [metric-type type- value]] [route-map map-name] Configure the following required and optional parameters:...
Page 756
Display the currently configured OSPFv3 parameters for graceful restart (shown in the following example). EXEC Privilege mode show ipv6 ospf database database-summary Examples of the Graceful Restart show Commands The following example shows the show run ospf command. Dell#show run ospf router ospf 1 router-id 200.1.1.1 log-adjacency-changes graceful-restart grace-period 180 network 20.1.1.0/24 area 0...
180 The following example shows the show ipv6 ospf database database-summary command. Dell#show ipv6 ospf database database-summary OSPFv3 Router with ID (200.1.1.1) (Process ID 1) Process 1 database summary Type Count/Status Oper Status Admin Status Area Bdr Rtr Status...
Page 758
IP header and before the next layer protocol header in Transport mode. It is possible to insert the ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
Page 759
• The configured authentication or encryption policy is applied to all OSPFv3 packets transmitted on the interface or in the area. The IPsec security associations (SAs) are the same on inbound and outbound traffic on an OSPFv3 interface. • There is no maximum AH or ESP header length because the headers have fields with variable lengths.
Page 760
• null: causes an authentication policy configured for the area to not be inherited on the interface. • ipsec spi number: the security policy index (SPI) value. The range is from 256 to 4294967295. • MD5 | SHA1: specifies the authentication type: Message Digest 5 (MD5) or Secure Hash Algorithm 1 (SHA-1).
Page 761
• authentication-algorithm: specifies the encryption authentication algorithm to use. The valid values are MD5 or SHA1. • key: specifies the text string used in authentication. All neighboring OSPFv3 routers must share key to exchange information. For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits (encrypted).
Page 762
no area area-id authentication ipsec spi number • Display the configuration of IPSec authentication policies on the router. show crypto ipsec policy Configuring IPsec Encryption for an OSPFv3 Area To configure, remove, or display IPsec encryption in an OSPFv3 area, use the following commands. Prerequisite: Before you enable IPsec encryption in an OSPFv3 area, first enable OSPFv3 globally on the router (refer to Configuration Task List for OSPFv3 (OSPF for...
Page 763
In the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted (shown in bold). The following example shows the show crypto ipsec policy command. Dell#show crypto ipsec policy Crypto IPSec client security policy data Policy name...
Page 764
Outbound ESP Cipher Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set : esp-128-aes esp-sha1-hmac The following example shows the show crypto ipsec sa ipv6 command. Dell#show crypto ipsec sa ipv6 Interface: TenGigabitEthernet 1/1 Link Local address: fe80::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 inbound ah sas...
transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 The system provides several tools to troubleshoot OSPFv3 operation on the switch. This section describes typical, OSPFv3 troubleshooting scenarios. NOTE: The following troubleshooting section is meant to be a comprehensive list, but only to provide some examples of typical troubleshooting checks.
Page 766
• For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port[/ subport] information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. • For a port channel interface, enter the keywords port-channel then a number. •...
Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look up an entry in a routing table. However, in some cases, there may be a need to forward the packet based on other criteria: size, source, protocol type, destination, and so on.
• If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: You can provide a tunnel ID for a redirect rule.
The Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Because the order of rules is important, ensure that you configure any necessary sequence numbers.
16 characters. To delete the redirect list, use the no ip redirect-list command. The following example creates a redirect list by the name of xyz. Dell(conf)#ip redirect-list ? WORD Redirect-list name (max 16 chars) Dell(conf)#ip redirect-list xyz Create a Rule for a Redirect-list To set the rules for the redirect list, use the following command.
Page 771
Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 ? Mask A.B.C.D or /nn Mask in dotted decimal or in slash format Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 ? Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 Dell(conf-redirect-list)#do show ip redirect-list IP redirect-list xyz: Defined as: seq 5 redirect 3.3.3.3 ip host 222.1.1.1 host 77.1.1.1...
20 redirect 10.1.1.3 ip 20.1.1.0/24 any Dell(conf-redirect-list)# NOTE: Starting with the Dell Networking OS version 9.4(0.0), the use of multiple recursive routes with the same source-address and destination-address combination in a redirect policy on an router. A recursive route is a route for which the immediate next-hop address is learned dynamically through a routing protocol and acquired through a route lookup in the routing table.
Page 773
Dell(conf-if-gi-1/1)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration, use the following commands.
Example: Showing CAM PBR Configuration Dell#show cam pbr stack-unit 1 port-set 0 TCP Flag: Bit 5 - URG, Bit 4 - ACK, Bit 3 - PSH, Bit 2 - RST, Bit 1 - SYN, Bit...
Page 775
examples to your CLI. Make the necessary changes to support your own IP addresses, interfaces, names, and so on. The Redirect-List GOLD defined in this example creates the following rules: • description Route Gold traffic to the DS3 • seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any “ Redirect to next-hop router IP 10.99.99.254 any traffic originating in 192.168.1.0/24”...
The SPT-Threshold is zero, which means that the last-hop designated router (DR) joins the shortest path tree (SPT) to the source after receiving the first multicast packet. • Dell Networking OS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. •...
Prune message. Dell Networking OS Behavior: When the router creates an SPT to the source, there are then two paths between the receiver and the source, the SPT and the RPT. Until the router can prune itself from the RPT, the receiver receives duplicate multicast packets which may cause disruption.
immediately upon arrival. The arrival of the (S,G) packet confirms for PIM that the SPT is created, and that it can prune itself from the shared tree. Important Point to Remember If you use a Loopback interface with a /32 mask as the RP, you must enable PIM Sparse-mode on the interface.
Examples of Viewing PIM-SM Information To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface Ver/ Query Mode Count Intvl Prio 165.87.34.5 Te 1/10 v2/S 165.87.34.5...
10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf)#ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer To display the expiry time configuration, use the show running-configuration pim command from EXEC Privilege mode. Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree;...
226.1.1.1 165.87.50.5 To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configuring a Designated Router Multiple PIM-SM routers might be connected to a single local area network (LAN) segment.
ip pim dr-priority priority-value • Change the interval at which a router sends hello messages. INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs).
IGMPv3. Because receivers subscribe to a source and group, the RP and shared tree is unnecessary; only SPTs are used. On Dell Networking systems, it is possible to use PIM-SM with IGMPv3 to achieve the same result, but PIM-SSM eliminates the unnecessary protocol overhead.
Important Points to Remember • The default SSM range is 232/8 always. Applying an SSM range does not overwrite the default range. Both the default range and SSM range are effective even when the default range is not added to the SSM ACL.
Then, specify the multicast source. • When an SSM map is in place and Dell Networking OS cannot find any matching access lists for a group, it continues to create (*,G) entries because there is an implicit deny for unspecified groups in the ACL.
Page 789
Member Ports: Te 1/1 239.0.0.1 Vlan 400 INCLUDE 00:00:10 Never 10.11.4.2 R1(conf)#show ip igmp ssm-map Interface Vlan 101 Group 226.0.0.0 Uptime 10:40:31 Expires Never Router mode IGMPv2 Last reporter 110.0.101.22 Group SSM Mapped source list Source address Expires 110.1.1.250 00:02:08 172.16.84.250 00:02:08 R1(conf)#do show ip igmp ssm-map 239.0.0.2...
Page 790
Expires Never Router mode IGMPv2-Compat Last reporter 10.11.3.2 Last reporter mode IGMPv2 Last report received Join Group source list Source address Uptime Expires 10.11.5.2 00:00:01 Never Interface Vlan 400 Group 239.0.0.1 Uptime 00:00:05 Expires Never Router mode INCLUDE Last reporter 10.11.4.2 Last reporter mode INCLUDE...
• In general, a monitoring port should have no ip address and no shutdown as the only configuration; Dell Networking OS permits a limited set of commands for monitoring ports. You can display these commands using the ? command. A monitoring port also may not be a member of a VLAN.
Te 2/5 both Port Dell(conf-mon-sess-5)# Dell(conf)#mon ses 300 Dell(conf-mon-sess-300)#source tengig 1/17 destination tengig 1/4 direction tx % Error: Exceeding max MG ports for this MD port pipe. Dell(conf-mon-sess-300)# Dell(conf-mon-sess-300)#source tengig 1/17 destination tengig 1/1 direction tx Dell(conf-mon-sess-300)#do show mon session...
Page 793
Figure 104. Port Monitoring Configurations Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs.
MD port and monitored packets on the MG port. Dell Networking OS Behavior: The platform continues to mirror outgoing traffic even after an MD participating in spanning tree protocol (STP) transitions from the forwarding to blocking.
Dell(conf)#monitor session 1 Dell(conf-mon-sess-1)#source vl 40 dest ten 1/3 dir rx Dell(conf-mon-sess-1)#flow-based enable Dell(conf-mon-sess-1)#exit Dell(conf)#do show monitor session SessID Source Destination Mode Source IP Dest IP ------ ------ ----------- ---- --------- -------- Te 1/1 Te 1/2 Port Po 10 Te 1/2...
Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define in access-list rules that include the keyword monitor. For port monitoring, Dell Networking OS only considers traffic matching rules with the keyword monitor. CONFIGURATION mode ip access-list...
10.11.1.254/24 ip access-group testflow in shutdown Dell(conf-if-te-1/1)#exit Dell(conf)#do show ip accounting access-list testflow Extended Ingress IP access list testflow on TenGigabitEthernet 1/1 Total cam count 4 seq 5 permit icmp any any monitor count bytes (0 packets 0 bytes) seq 10 permit ip 102.1.1.0/24 any monitor count bytes (0 packets 0 bytes)
The reserved VLANs transport the mirrored traffic in sessions (blue pipes) to the destination analyzers in the local network. Two destination sessions are shown: one for the reserved VLAN that transports orange-circle traffic; one for the reserved VLAN that transports green-circle traffic. Figure 106.
Page 799
• Mirrored traffic is transported across the network using 802.1Q-in-802.1Q tunneling. The source address, destination address and original VLAN ID of the mirrored packet are preserved with the tagged VLAN header. Untagged source packets are tagged with the reserve VLAN ID. •...
Port-channel 10 destination remote-vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode. Dell(conf)#do show monitor session SessID Source Destination...
Configuring the sample Source Remote Port Mirroring Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#mode remote-port-mirroring Dell(conf-if-vl-10)#tagged te 1/4 Dell(conf-if-vl-10)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source te 1/5 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Dell(conf-mon-sess-1)#exit Dell(conf)#inte vlan 100 Dell(conf-if-vl-100)#tagged te 1/7 Dell(conf-if-vl-100)#exit Dell(conf)#interface vlan 20...
Page 802
Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/28-29 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir both Dell(conf-mon-sess-3)#no disable Dell(conf-mon-sess-3)# Dell(conf-mon-sess-3)#exit Dell(conf)#end Dell# Dell#show monitor session SessID Source...
Page 803
Port-channel 2 mac access-group mac2 out no shutdown Create Source RPM session as follows (port-channel 1 and port-channel 2 are LACP). Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source port-channel 1 destination remote-vlan 10 dir Dell(conf-mon-sess-1)#no disable Port Monitoring...
NOTE: When configuring ERPM, follow these guidelines • The Dell Networking OS supports ERPM source session only. Encapsulated packets terminate at the destination IP address or at the analyzer. • You can configure up to four ERPM source sessions on switch.
Page 805
The next example shows the configuration of an ERPM session in which VLAN 11 is monitored as the source interface and a MAC ACL filters the monitored ingress traffic. Dell(conf)#mac access-list standard flow Dell(config-std-macl)#seq 5 permit 00:00:0a:00:00:0b count monitor Port Monitoring...
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported.
GRE header ends. Basically all the bits after 0x88BE need to be removed from the packet and sent out through another interface. • This script erpm.zip is available for download at the following location: http://en.community.dell.com/techcenter/networking/m/force10_networking_scripts/20438882.aspx • Unzip the erpm.zip and copy the erpm.py file to the Linux server. •...
Page 808
<Egress interface> : Specify another interface on the Linux server via which the decapsulation packets can Egress. In case there is only one interface, the ingress interface itself can be specified as Egress and the analyzer can listen in the tx direction. Port Monitoring...
Dell Networking OS Command Line Reference Guide. Private VLANs extend the Dell Networking OS security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN). A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair.
• A community VLAN can only contain ports configured as host. • Isolated VLAN — a type of secondary VLAN in a primary VLAN: • Ports in an isolated VLAN cannot talk directly to each other. • Ports in an isolated VLAN can only communicate with promiscuous ports in the primary VLAN. •...
NOTE: The outputs of the show arp and show vlan commands provide PVLAN data. For more information, refer to the Dell Networking OS Command Line Reference Guide. Configuration Task List The following sections contain the procedures that configure a private VLAN.
“regular” ports (ports not configured as PVLAN ports) to PVLANs. The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)#interface TenGigabitEthernet 2/1 Dell(conf-if-te-2/1)#switchport mode private-vlan promiscuous Dell(conf)#interface TenGigabitEthernet 2/2 Dell(conf-if-te-2/2)#switchport mode private-vlan host Dell(conf)#interface TenGigabitEthernet 2/3 Dell(conf-if-te-2/3)#switchport mode private-vlan trunk...
Creating a Primary VLAN A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a mapping to secondary VLANs, which comprise community VLANs and isolated VLANs.
NOTE: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the same VLAN, the packet is NOT dropped. Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN. The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary VLAN.
Page 815
PVLAN member VLANs (primary, community, and isolated VLANs). Dell#conf Dell(conf)# interface vlan 10 Dell(conf-vlan-10)# private-vlan mode primary Dell(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 Dell(conf-vlan-10)# untagged Te 2/1 Dell(conf-vlan-10)# tagged Te 2/3 Dell(conf)# interface vlan 101 Dell(conf-vlan-101)# private-vlan mode community...
Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 108. Sample Private VLAN Topology The following configuration is based on the example diagram for the Z9500: • Te 1/1 and Te 1/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000. •...
Display the type and status of the configured PVLAN interfaces. show interfaces private-vlan [interface interface] This command is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. •...
Page 818
The following examples show the results of using this command without the command options on the C300 and S50V switches in the topology diagram previously shown. • Display the primary-secondary VLAN mapping. The following example shows the output from the S50V. show vlan private-vlan mapping This command is specific to the PVLAN feature.
Page 819
no ip address switchport switchport mode private-vlan host no shutdown interface TenGigabitEthernet 1/6 no ip address switchport switchport mode private-vlan host no shutdown interface TenGigabitEthernet 1/25 no ip address switchport switchport mode private-vlan trunk no shutdown interface Vlan 4000 private-vlan mode primary private-vlan mapping secondary-vlan 4001-4003 no ip address tagged TenGigabitEthernet 1/3,25...
Per-VLAN Spanning Tree Plus (PVST Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview PVST+ is a variation of spanning tree —...
Figure 109. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 67. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d...
• The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multivendor network, verify that the costs are values you intended.
Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode.
Influencing PVST+ Root Selection As shown in the previous per-VLAN spanning tree illustration, all VLANs use the same forwarding topology because R2 is elected the root, and all TenGigabitEthernet ports have the same cost. The following per-VLAN spanning tree illustration changes the bridge priority of each bridge so that a different forwarding topology is generated for each VLAN.
vlan bridge-priority The range is from 0 to 61440. The default is 32768. Example of the show spanning-tree pvst vlan Command To display the PVST+ forwarding topology, use the show spanning-tree pvst [vlan vlan-id] command from EXEC Privilege mode. Dell_E600(conf)#do show spanning-tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15...
• Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter.
The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multi-vendor network, verify that the costs are values you intended.
PVST+ to avoid potential misconfigurations. If you enable PVST+ on the Dell Networking switch in this network, P1 and P2 receive BPDUs from each other. Ordinarily, the Bridge ID in the frame matches the Root ID, a loop is detected, and the rules of convergence require that P2 move to blocking state because it has the lowest port ID.
Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.73f7...
Page 830
interface TenGigabitEthernet 1/32 no ip address switchport no shutdown protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface Vlan 100 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 1/22,32...
Page 831
interface TenGigabitEthernet 3/22 no ip address switchport no shutdown interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown protocol spanning-tree pvst no disable...
This chapter describes how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 69. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features Feature Direction...
Page 833
Feature Direction Configure a Scheduler to Queue Egress Specify WRED Drop Precedence Egress Create Policy Maps Ingress + Egress Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress...
Page 834
Feature Direction Create WRED Profiles Egress Figure 112. Dell Networking QoS Architecture Topics: • Implementation Information • Port-Based QoS Configurations • Policy-Based QoS Configurations • DSCP Color Maps • Enabling QoS Rate Adjustment • Enabling Strict-Priority Queueing • Weighted Random Early Detection •...
Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value.
Dell(conf-if-te-1/1)#end Honoring dot1p Priorities on Ingress Traffic By default, Dell Networking OS does not honor dot1p priorities on ingress traffic. You can configure this feature on physical interfaces and port-channels, but you cannot configure it on individual interfaces in a port channel.
Dell Networking OS Behavior: Rate shaping is effectively rate limiting because of its smaller buffer size. Rate shaping on tagged ports is slightly greater than the configured rate and rate shaping on untagged ports is slightly less than configured rate.
Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them.
Page 839
CLASS MAP mode match {ip | ipv6 | ip-any} After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. Link the class-map to a queue.
Page 840
Determining the Order in Which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities). For example, as described in the previous example, class-map cmap2 is matched against ingress packets before cmap1.
Page 841
To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. In the following example, traffic is classified in two Queues, 1 and 2.
Packets value shown in the show qos statistics command is reset. NOTE: To avoid issues misconfiguration causes, Dell Networking recommends configuring either DCBX or Egress QoS features, but not both simultaneously. If you enable both DCBX and Egress QoS at the same time, the DCBX configuration is applied and unexpected behavior occurs on the Egress QoS.
Page 843
Creating an Input QoS Policy To create an input QoS policy, use the following steps. Create a Layer 3 input QoS policy. CONFIGURATION mode qos-policy-input Create a Layer 2 input QoS policy by specifying the keyword layer2 after the qos-policy-input command.
Page 844
When you assign a percentage to one queue, note that this change also affects the amount of bandwidth that is allocated to other queues. Therefore, whenever you are allocating bandwidth to one queue, Dell Networking recommends evaluating your bandwidth requirements for all other queues as well.
<number> qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP values.
Page 846
Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature. The following table specifies the queue to which the classified traffic is sent based on the dot1p value.
Page 847
You cannot apply an input Layer 2 QoS policy on an interface you also configure with vlan-stack access. • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior detects when an ACL exists in the CAM rather than writing it to the CAM multiple times.
Page 848
• Apply an input policy map to an interface. INTERFACE mode service-policy input Specify the keyword layer2 if the policy map you are applying a Layer 2 policy map. Creating Output Policy Maps Create an output policy map. CONFIGURATION mode policy-map-output After you create an output policy map, do one or more of the following: Applying an Output QoS Policy to a Queue...
DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configuration. This sections consists of the following topics: • Creating a DSCP Color Map • Displaying Color Maps • Display Color Map Configuration Creating a DSCP Color Map You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the...
20,30 Dscp-color-map mapTWO yellow 16,55 Display a specific DSCP color map. Dell# show qos dscp-color-map mapTWO Dscp-color-map mapTWO yellow 16,55 Displaying a DSCP Color Policy Configuration To display the DSCP color policy configuration for one or all interfaces, use the show qos dscp-color- policy {summary [interface] | detail {interface}} command in EXEC mode.
Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations.
The default is disabled. The range is from 1 to 31. Enabling Strict-Priority Queueing In strict-priority queuing, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast queue, using the strict-priority command. •...
Figure 114. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 75. Pre-Defined WRED Profiles Default Profile Name Minimum Threshold Maximum Threshold Maximum Drop Rate wred_drop wred_teng_y 4671 wred_teng_g 4671 wred_fortyg_y...
Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it. DSCP is a 6–bit field. Dell Networking uses the first three bits (LSB) of this field (DP) to determine the drop precedence.
Space Before Dell Networking OS version 7.3.1, there was no way to measure the number of CAM entries a policy- map would consume (the number of CAM entries that a rule uses is not predictable; from 1 to 16 entries might be used per rule depending upon its complexity).
• Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 | port pipe Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status...
them when the threshold value is exceeded. If you configure ECN for WRED, devices employ ECN to mark the packets and reduce the rate of sending packets in a congested network. In a best-effort network topology, data packets are transmitted in a manner in which latency or throughput is not maintained to be at an effective level.
• When WRED is configured on the global service-pool (regardless of whether ECN on global service- pool is configured), and one or more queues are enabled with both WRED and ECN, ECN marking takes effect. The packets are ECN marked up to shared- buffer limits as determined by the shared-ratio for that global service-pool.
Classifying and Color-Marking Packets Keep the following points in mind while configuring the marking and mapping of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: • • •...
Consider the example where there are no different traffic classes that is all the packets are egressing on the default ‘queue0’. Dell Networking OS can be configured as below to mark the non-ecn packets as yellow packets. ip access-list standard ecn_0...
Page 861
As a part of this feature, the 2-bit ECN field of the IPv4 packet will also be available to be configured as one of the match qualifier. This way the entire 8-bit ToS field of the IPv4 header shall be used to classify traffic. The Dell Networking OS Release 9.3(0.0) supports the following QOS actions in the ingress policy based QOS:...
• • You can now use the ‘ecn’ match qualifier along with the above TCP flag for classification. The following combination of match qualifiers is acceptable to be configured for the Dell Networking OS software through L3 ACL command: •...
Page 863
The above requirement can be achieved using either of the two approaches. Approach without explicit ECN match qualifiers for ECN packets: ip access-list standard dscp_50 seq 5 permit any dscp 50 ip access-list standard dscp_40 seq 5 permit any dscp 40 ip access-list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ip access-list standard dscp_40_non_ecn...
Dell(conf)# policy-map-input l2p layer2 Apply the Layer 2 policy on a Layer 3 interface. INTERFACE mode Dell(conf-if-fo-1/4)# service-policy input l2p layer2 Applying DSCP and VLAN Match Criteria on a Service Queue You can configure Layer 3 class maps which contain both a Layer 3 Differentiated Services Code Point (DSCP) and IP VLAN IDs as match criteria to filter incoming packets on a service queue on the switch.
CONFIGURATION mode Dell(conf)#policy-map-input pp_policmap Create a service queue to associate the class map and QoS policy map. POLICY-MAP mode Dell(conf-policy-map-in)#service-queue 0 class-map pp_classmap qos-policy pp_qospolicy Classifying Incoming Packets Using ECN and Color-Marking Explicit Congestion Notification (ECN) is a capability that enhances WRED by marking the packets instead of causing WRED to drop them when the threshold value is exceeded.
Page 866
As a part of this feature, the 2-bit ECN field of the IPv4 packet will also be available to be configured as one of the match qualifier. This way the entire 8-bit ToS field of the IPv4 header shall be used to classify traffic. The Dell Networking OS Release 9.3(0.0) supports the following QOS actions in the ingress policy based QOS:...
Page 867
• • You can now use the ‘ecn’ match qualifier along with the above TCP flag for classification. The following combination of match qualifiers is acceptable to be configured for the Dell Networking OS software through L3 ACL command: •...
Consider the example where there are no different traffic classes that is all the packets are egressing on the default ‘queue0’. Dell Networking OS can be configured as below to mark the non-ecn packets as yellow packets. ip access-list standard ecn_0...
seq 5 permit any ecn 0 class-map match-any ecn_0_cmap match ip access-group ecn_0 set-color yellow policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map “ecn_0_pmap” will mark all the packets with ‘ecn == 0’ as yellow packets on queue0 (default queue). Sample configuration to mark non-ecn packets as “yellow”...
Enable the buffer statistics tracking utility and enter the Buffer Statistics Snapshot configuration mode. CONFIGURATION mode Dell(conf)#buffer-stats-snapshot Dell(conf)#no disable Enable this utility to be able to configure the parameters for buffer statistics tracking. By default, buffer statistics tracking is disabled.
Page 871
<id> buffer-stats-snapshot unit <id> resource x EXEC/EXEC Privilege mode Dell#show hardware stack-unit 1 buffer-stats-snapshot unit 3 resource interface all queue mcast 3 Unit 1 unit: 3 port: 1 (interface Fo 1/144) ---------------------------------------...
Page 872
{ id | all } | queue { ucast{id | all}{ mcast {id | all} | all} to view buffer statistics tracking resource information for a specific interface. EXEC/EXEC Privilege mode Dell# show hardware buffer-stats-snapshot resource interface fortyGigE 0/0 queue all Unit 0 unit: 0 port: 1 (interface Fo 0/0)
Routing Information Protocol (RIP) The Routing Information Protocol (RIP) tracks distances or hop counts to nearby routers when establishing network connections and is based on a distance-vector algorithm. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections.
RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9. Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces.
After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode.
Page 876
RIP updates from other sources. To control the source of RIP route information, use the following commands. • Define a specific router to exchange RIP information between it and the Dell Networking system. Routing Information Protocol (RIP)
Page 877
A prefix list is applied to incoming or outgoing routes. Those routes must meet the conditions of the prefix list; if not, Dell Networking OS drops the route. Prefix lists are globally applied on all interfaces running RIP. Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process.
Page 878
Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send version or the ip rip receive version commands in INTERFACE mode.
Page 879
Dell(conf-if)#ip rip receive version 2 The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold).
Page 880
Default routes are not enabled in RIP unless specified. Use the default-information originate command in ROUTER RIP mode to generate a default route into RIP. In Dell Networking OS, default routes received in RIP updates from other routes are advertised if you configure the default-information originate command.
Enable debugging of RIP. Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function. Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command.
Page 882
• Configuring RIPv2 on Core 2 • Core 2 RIP Output • RIP Configuration on Core 3 • Core 3 RIP Output • RIP Configuration Summary Figure 115. RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-te-2/3)# Core2(conf-if-te-2/3)#router rip...
Page 884
10.200.10.0 10.11.20.0 10.11.10.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.1 00:00:12 Distance: (default is 120) Core2# RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0...
Page 885
The following command shows the show ip routes command to view the RIP setup on Core 3. Core3#show ip routes Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1,...
Page 886
RIP Configuration Summary Examples of Viewing RIP Configuration on Core 2 and Core 3 The following example shows viewing the RIP configuration on Core 2. interface TenGigabitEthernet 2/1 ip address 10.11.10.1/24 no shutdown interface TenGigabitEthernet 2/3 ip address 10.11.20.2/24 no shutdown interface TenGigabitEthernet 2/4 ip address 10.200.10.1/24 no shutdown...
RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment.
Device Down — When a device goes down, all sampled data is lost. But the RMON configurations are saved in the configuration file. The sampling process continues after the chassis returns to operation. • Platform Adaptation — RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode.
RMON event command. Possible events include a log entry or an SNMP trap. If the 1.3.6.1.2.1.2.2.1.20.1 value changes to 0 (falling-threshold 0), the alarm is reset and can be triggered again. Dell(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 1 owner nms1...
This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode.
Page 891
The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john, both the sampling interval and the number of buckets use their respective defaults. Dell(conf-if-mgmt)#rmon collection history controlEntry 20 owner john Remote Monitoring (RMON)
(STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 78. Spanning Tree Variations Dell Networking OS Supports...
Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs.
To disable RSTP globally for all Layer 2 interfaces, enter the disable command from PROTOCOL SPANNING TREE RSTP mode. To verify that RSTP is enabled, use the show config command from PROTOCOL SPANNING TREE RSTP mode. The bold line indicates that RSTP is enabled. Dell(conf-rstp)#show config protocol spanning-tree rstp Rapid Spanning Tree Protocol (RSTP)
Page 895
If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4...
Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.378, designated path cost 0 Number of transitions to forwarding state 1 BPDU : sent 121, received 2 The port is not in the Edge port mode Port 379 (TenGigabitEthernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4...
Max-age — the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. NOTE: Dell Networking recommends that only experienced network administrators change the Rapid Spanning Tree group parameters. Poorly planned modification of the RSTP parameters can negatively affect network performance.
Change the hello-time parameter. PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. •...
A console message appears when a new root bridge has been assigned. The following example example shows the console message after the bridge-priority command is used to make R2 the root bridge (shown in bold). Dell(conf-rstp)#bridge-priority 4096 04:27:59: %RPM0-P:RP2 %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge ID: 4096:0001.e80b.88bd Old Root: 32768:0001.e801.cbb4 New Root: 4096:0001.e80b.88bd...
To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE mode. In the following example, the bold line indicates that the interface is in EdgePort mode. Dell(conf-if-te-2/1)#show config...
PROTOCOL RSTP mode hello-time milli-second interval The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e811.2233...
Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide. Software-Defined Networking (SDN)
Security This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Topics: • AAA Accounting •...
Page 904
Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null Username Sessions When you activate AAA accounting, the Dell Networking OS software issues accounting records for all users on the system, including users whose username string is NULL because of protocol translation.
Page 905
Dell(config-line-vty)# accounting exec execAcct Monitoring AAA Accounting Dell Networking OS does not support periodic interim accounting because the periodic command can cause heavy congestion when many users are logged in to the network. No specific show command exists for TACACS+ accounting.
If the first method list does not respond or returns an error, Dell Networking OS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, Dell Networking OS does not apply the next method list.
Page 907
To configure an authentication method and method list, use the following commands. Dell Networking OS Behavior: If you use a method list on the console port in which RADIUS or TACACS is the last authentication method, and the server is not reachable, Dell Networking OS allows access even though the username and password credentials cannot be verified.
Page 908
To get enable authentication from the RADIUS server and use TACACS as a backup, issue the following commands. The following example shows enabling authentication from the RADIUS server. Dell(config)# aaa authentication enable default radius tacacs Radius and TACACS server has to be properly setup for this. Dell(config)# radius-server host x.x.x.x key <some-password>...
SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable$. • RADIUS — When using RADIUS authentication, the Dell OS sends an authentication packet with the following: Username: $enab15$ Password: <password-entered-by-user>...
In Dell Networking OS, you can configure a privilege level for users who need limited access to the system. Every command in Dell Networking OS is assigned a privilege level of 0, 1, or 15. You can configure up to 16 privilege levels in Dell Networking OS.
Page 911
Enabling and Disabling Privilege Levels (optional) For a complete listing of all commands related to Dell Networking OS privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can assign a specific username to limit user access to the system.
Page 912
EXEC Privilege mode. In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered Dell Networking OS, you can enter the enable 15 command to access and configure all CLIs. Configuring Custom Privilege Levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels.
Page 913
0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • command: an Dell Networking OS CLI keyword (up to five keywords allowed). • reset: return the command to its default privilege mode.
Page 914
• Set a user’s security level. EXEC Privilege mode enable or enable privilege-level If you do not enter a privilege level, Dell Networking OS sets it to 15 by default. • Move to a lower privilege level. EXEC Privilege mode...
This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to the RADIUS server and requests authentication of the user and password. The RADIUS server returns one of the following responses: •...
Idle Time Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values (configured or default) is used.
Page 917
• Monitoring RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication.
Page 918
To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If you configure multiple RADIUS server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. When Dell Networking OS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response.
7 to encrypt the password. Enter 0 to keep the password as plain text. • key: enter a string. The key can be up to 42 characters long. You cannot use spaces in the key. • Configure the number of times Dell Networking OS retransmits RADIUS requests. CONFIGURATION mode radius-server retransmit retries •...
TACACS+ Remote Authentication • Specifying a TACACS+ Server Host For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the TACACS hosts specified.
To view the configuration, use the show config in LINE mode or the show running-config tacacs+ command in EXEC Privilege mode. If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method.
Example of Connecting with a TACACS+ Server Host To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple times. If you configure multiple TACACS+ server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured.
Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use authentication. SSH is enabled by default.
Dell Networking OS SCP, which is a remote file copy program that works with SSH. NOTE: The Windows-based WinSCP client software is not supported for secure copying between a PC and a Dell Networking OS-based system. Unix-based SCP client software is supported.
Page 925
: display the client public keys used in host-based authentication. • show ip ssh rsa-authentication : display the authorized-keys for the RSA authentication. Dell#copy scp: flash: Address or name of remote host []: 10.10.10.1 Port number of the server [22]: 99 Source file name []: test.cfg...
Examples The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes. Dell(conf)#ip ssh rekey volume 4096...
When FIPS is enabled, the default is diffie-hellman-group14-sha1. Example of Configuring a Key Exchange Algorithm The following example shows you how to configure a key exchange algorithm. Dell(conf)# ip ssh server kex diffie-hellman-group-exchange-sha1 diffie-hellman- group14-sha1 Configuring the HMAC Algorithm for the SSH...
Secure Shell (SSH) is enabled by default using the SSH Password Authentication method. Enabling SSH Authentication by Password Authenticate an SSH client by prompting for a password when attempting to connect to the Dell Networking system. This setup is the simplest method of authentication and uses SSH version 1.
Page 929
The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version 2. On the SSH client (Unix machine), generate an RSA key, as shown in the following example. Copy the public key id_rsa.pub to the Dell Networking system. Disable password authentication if enabled. CONFIGURATION mode no ip ssh password-authentication enable Enable RSA authentication in SSH.
Page 930
Create a list of IP addresses and usernames that are permitted to SSH in a file called rhosts. Refer to the second example. Copy the file shosts and rhosts to the Dell Networking system. Disable password authentication and RSA authentication, if configured...
No username set for this term. Enable host-based authentication on the server (Dell Networking system) and the client (Unix machine). The following message appears if you attempt to log in via SSH and host-based is disabled on the client. In this case, verify that host-based authentication is set to “Yes”...
Dell(conf)#no ip telnet server enable VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 80. VTY Access Authentication Method...
Dell Networking OS can assign different access classes to different users by username. Until users attempt to log in, Dell Networking OS does not know if they will be assigned a VTY line. This means that incoming users always see a login prompt even if you have excluded them from the VTY line with a deny-all access class.
VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address. To apply a MAC ACL on a VTY line, use the same access-class command as IP ACLs.
When you enable role-based only AAA authorization using the aaa authorization role-only command in Configuration mode, the Dell Networking OS checks to ensure that you do not lock yourself out and that the user authentication is available for all terminal lines.
Page 936
The authentication method list should be in the same order as the authorization method list. For example, if you configure the authentication method list in the following order (TACACS+, local), Dell Networking recommends that authorization method list is configured in the same order (TACACS+, local).
System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles. The system defined user roles are as follows: •...
Page 938
(secadmin) permissions. Create a new user role, myrole and inherit security administrator permissions. Dell(conf)#userrole myrole inherit secadmin Verify that the user role, myrole, has inherited the security administrator permissions. The output highlighted in bold indicates that the user role has successfully inherited the security administrator permissions.
Page 939
Note that the netadmin role is not listed in the Role access: secadmin,sysadmin, which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin show users Dell#show role mode exec show users Role access: secadmin,sysadmin Example: Allow Security Administrator to Configure Spanning Tree The following example allows the security administrator (secadmin) to configure the spanning tree protocol.
Page 940
10-Gigabit Ethernet interfaces. Dell(conf)#role configure addrole secadmin ? LINE Initial keywords of the command to modify Dell(conf)#role configure addrole secadmin interface tengigabitethernet Dell(conf)#show role mode configure interface Role access: netadmin, secadmin, sysadmin Example: Verify that the Security Administrator Can Access Interface Mode The following example shows that the secadmin role can now access Interface mode (highlighted in bold).
CONFIGURATION mode. Example The following example creates a user name that is authenticated based on a user role. Dell (conf) #username john password 0 password role secadmin The following example deletes a user role. NOTE:...
Page 942
To configure AAA authentication, use the aaa authentication command in CONFIGURATION mode. aaa authentication login {method-list-name | default} method [… method4] Configure AAA Authorization for Roles Authorization services determine if the user has permission to use a command in the CLI. Users with only privilege levels can use commands in privilege-or-role mode (the default) provided their privilege level is the same or greater than the privilege level of those commands.
Page 943
: attribute sep value “attribute” and “value” are an attribute-value (AV) pair defined in the Dell Network OS TACACS+ specification, and “sep” is “=”. These attributes allow the full set of features available for TACACS+ authorization and are authorized with the same attributes for RADIUS.
The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl=<number> where number is a value between 0 and 15. Force10-avpair= ”shell:priv-lvl=15“ Example for Creating a AVP Pair for System Defined or User-Defined Role The following section shows you how to create an AV pair to allow a user to login from a network access server to have access to commands based on the user’s role.
The following example applies the accounting default method to the user role secadmin (security administrator). Dell(conf-vty-0)# accounting commands role secadmin default Displaying Active Accounting Sessions for Roles To display active accounting sessions for each user role, use the show accounting command in EXEC mode.
Page 946
Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line...
Service Provider Bridging Service provider bridging provides the ability to add a second VLAN ID tag in an Ethernet frame and is referred to as VLAN stacking in the Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q —...
To switch traffic, add these interfaces to a non-default VLAN- Stack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN. • You cannot ping across the trunk port link if one or both of the systems is an S4048–ON.
Enabling VLAN-Stacking for a VLAN. Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Dell Networking OS Options for Trunk Ports • Debugging VLAN Stacking • VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands.
The default is 9100. To display the S-Tag TPID for a VLAN, use the show running-config command from EXEC privilege mode. Dell Networking OS displays the S-Tag TPID only if it is a non-default value. Service Provider Bridging...
Configuring Dell Networking OS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic. You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port.
While 802.1Q requires that the inner tag TPID is 0x8100, it does not require a specific value for the outer tag TPID. Systems may use any 2-byte value; Dell Networking OS uses 0x9100 (shown in the following) while non-Dell Networking systems might use a different value.
Page 953
TPID, as shown in the following illustration. Dell Networking OS Versions 8.2.1.0 and later differentiate between 0x9100 and 0x91XY, also shown in the following illustration. You can configure the first 8 bits of the TPID using the vlan-stack protocol-type command.
Page 954
Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Figure 118. Single and Double-Tag TPID Match Service Provider Bridging...
Page 955
Figure 119. Single and Double-Tag First-byte TPID Match Service Provider Bridging...
Page 956
Figure 120. Single and Double-Tag TPID Mismatch The following table details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with the S-Series. Service Provider Bridging...
Table 81. Behaviors for Mismatched TPID Network Incoming System TPID Match Type Pre-Version Version 8.2.1.0+ Position Packet TPID 8.2.1.0 Ingress Access untagged 0xUVWX — switch to default switch to default Point VLAN VLAN single-tag 0xUVWX single-tag switch to default switch to default (0x8100) mismatch VLAN...
By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an Dell Networking OS drop precedence. Precedence can have one of three colors.
{green | yellow} {0 | 1} Example of Viewing DEI-Marking Configuration To display the DEI-marking configuration, use the show interface dei-mark [interface slot/ port[/subport] ] in EXEC Privilege mode. Dell#show interface dei-mark Default CFI/DEI Marking: 0 Interface Drop precedence CFI/DEI --------------------------------...
1:8 expansion in these content addressable memory (CAM) tables. Dell Networking OS Behavior: For Option A shown in the previous illustration, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence.
class-map match-any a layer2 match mac access-group a mac access-list standard a seq 5 permit any qos-policy-input 3 layer2 rate-police 40 Likewise, in the following configuration, packets with dot1p priority 0–3 are marked as dot1p 7 in the outer tag and queued to Queue 3. Rate policing is according to qos-policy-input 3. All other packets will have outer dot1p 0 and hence are queued to Queue 1.
reload Map C-Tag dot1p values to a S-Tag dot1p value. INTERFACE mode vlan-stack dot1p-mapping c-tag-dot1p values sp-tag-dot1p value Separate C-Tag values by commas. Dashed ranges are permitted. Dynamic Mode CoS overrides any Layer 2 QoS configuration in case of conflicts. NOTE: Because dot1p-mapping marks and queues packets, the only remaining applicable QoS configuration is rate metering.
Page 963
MAC address rewritten to the original MAC address and forwarded to the opposing network region (shown in the following illustration). Dell Networking OS Behavior: In Dell Networking OS versions prior to 8.2.1.0, the MAC address that Dell Networking systems use to overwrite the Bridge Group Address on ingress was non-configurable. The value of the L2PT MAC address was the Dell Networking-unique MAC address, 01-01-e8-00-00-00.
Page 964
Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge.
Figure 123. VLAN Stacking with L2PT Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. • No protocol packets are tunneled when you enable VLAN stacking. • L2PT requires the default CAM profile. Service Provider Bridging...
Specifying a Destination MAC Address for BPDUs By default, Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command.
For details about this command, refer to Allocation. Save the running-config to the startup-config. EXEC Privilege mode copy running-config startup-config Reload the system. EXEC Privilege mode reload Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting.
Page 968
Provider backbone bridging through IEEE 802.1ad eliminates the need for tunneling BPDUs with L2PT and increases the reliability of provider bridge networks as the network core need only learn the MAC addresses of core switches, as opposed to all MAC addresses received from attached customer devices. •...
Enabling Extended sFlow Overview The Dell Networking Operating System (OS) supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high-speed networks with many switches and routers.
Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe. If you do not enable sFlow on any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe’s lowest sampling rate.
Confirm that extended information packing is enabled. show sflow Examples of Verifying Extended sFlow The bold line shows that extended sFlow settings are enabled on all three types. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768...
View the maximum header size of a packet. show running-config sflow Example of the show sflow command when the sflow max-header-size extended is configured globally Dell(conf-if-te-1/10)#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768...
Show Commands Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Globally • Displaying Show sFlow on an Interface • Displaying Show sFlow on a Line Card Displaying Show sFlow Global To view sFlow statistics, use the following command.
Display sFlow configuration information and statistics on a specific interface. EXEC mode show sflow interface interface-name Examples of the sFlow show Commands The following example shows the show sflow interface command. Dell#show sflow interface tengigabitethernet 1/1 Te 1/1 sFlow type :Ingress Configured sampling rate...
Display sFlow configuration information and statistics on the specified interface. EXEC mode show sflow stack—unit slot-number Example of Viewing sFlow Configuration (Line Card) Dell#show sflow Stack-unit 1 Stack-unit 1 Samples rcvd from h/w Total UDP packets exported UDP packets exported via RPM...
• interval value: in seconds. The range is from 15 to 86400 seconds. The default is 20 seconds. Back-Off Mechanism If the sampling rate for an interface is set to a very low value, the CPU can get overloaded with flow samples under high-traffic conditions.
• To export extended-gateway data, BGP must learn the IP destination address. • If the IP destination address is not learned via BGP the Dell Networking system does not export extended-gateway data. • If the IP source address is learned via IGP, srcAS and srcPeerAS are zero.
Page 978
Exported src_as and connected/IGP src_peer_as are zero because there is no AS information for IGP. — — Prior to Dell static/ Networking OS connected/IGP Exported Exported version 7.8.1.0, extended gateway data is not exported because IP DA is not learned via BGP.
NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including all Get and a limited number of Set operations (such as set vlan and copy cmd).
The following describes SNMP implementation information. • Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901, and SNMP version 3 as defined by RFC 2571. •...
The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these configurations use SNMP version 2c.
User ACLs override group ACLs. Set up SNMP As previously stated, Dell Networking OS supports SNMP version 1 and version 2 that are community-based security models. The primary difference between the two versions is that version 2 supports two additional protocol operations (informs operation and snmpgetbulk query) and one additional object (counter64 object).
Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message. You must specify whether members of the community may only retrieve values (read), or retrieve and alter values (read-write).
You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable objects using the snmpwalk command.
You may use up to 55 characters. The default is None. • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmp-server location text You may use up to 55 characters.
Subscribing to Managed Object Value Updates using SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system.
PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command.
Page 989
envmon temperature MINOR_TEMP: Minor alarm: chassis temperature MINOR_TEMP_CLR: Minor alarm cleared: chassis temperature normal (%s %d temperature is within threshold of %dC) MAJOR_TEMP: Major alarm: chassis temperature high (%s temperature reaches or exceeds threshold of %dC) MAJOR_TEMP_CLR: Major alarm cleared: chassis temperature lower (%s %d temperature is within threshold of %dC) envmon fan FAN_TRAY_BAD: Major alarm: fantray %d is missing or down...
SNMP OID <oid> %RPM0-P:CP %SNMP-4-RMON_FALLING_THRESHOLD: STACKUNIT0 falling threshold alarm from SNMP OID <oid> %RPM0-P:CP %SNMP-4-RMON_HC_RISING_THRESHOLD: STACKUNIT0 high-capacity rising threshold alarm from SNMP OID <oid> Enabling an SNMP Agent to Notify Syslog Server Failure You can configure a network device to send an SNMP trap if an audit processing failure occurs due to loss of connectivity with the syslog server.
• copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses. The examples in this section use IPv4 addresses;...
Page 992
• filename. copySourceFileType is set to running- config or startup- config, copySrcFileName is not required. 1 = Dell Networking OS copyDestFileType Specifies the type of file file 1.3.6.1.4.1.6027.3.5.1.1.1.1. to copy to. 2 = running-config • copySourceFileType...
CONFIGURATION mode snmp-server community community-name rw Copy the f10-copy-config.mib MIB from the Dell iSupport web page to the server to which you are copying the configuration file. On the server, use the snmpset command as shown in the following example.
• -m: View the MIB files for the SNMP command. • -r: Number of retries using the option • -t: View the timeout. • -v: View the SNMP version (either 1, 2, 2d, or 3). The following examples show the snmpset command to copy a configuration. These examples assume that: •...
Examples of Copying Configuration Files from a UNIX Machine The following example shows how to copy configuration files from a UNIX machine using the object name. > snmpset -c public -v 2c -m ./f10-copy-config.mib 10.11.131.162 copySrcFileType.7 copyDestFileType.7 i 2 FTOS-COPY-CONFIG-MIB::copySrcFileType.7 = INTEGER: runningConfig(3) FTOS-COPY-CONFIG-MIB::copyDestFileType.7 = INTEGER: startupConfig(2) The following example shows how to copy configuration files from a UNIX machine using OID.
/home/myfilename copyServerAddress.4 a 11.11.11.11 Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP.
MIB Object Values Description 3 = failed copyTimeStarted Time value Specifies the point in the 1.3.6.1.4.1.6027.3.5.1.1.1.1. up-time clock that the copy operation started. copyTimeCompleted Time value Specifies the point in the 1.3.6.1.4.1.6027.3.5.1.1.1.1. up-time clock that the copy operation completed. 1 = bad filename copyFailCause Specifies the reason the 1.3.6.1.4.1.6027.3.5.1.1.1.1.
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory.
MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files generated by the system. The chSysSwCoresTable contains the list of software core files generated by the system. The following table lists the related MIB objects.
"My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.1107787786 = STRING: "My VLAN" [Dell system output] Dell#show int vlan 10 Vlan 10 is down, line protocol is down Vlan alias name is: My VLAN Address is 00:01:e8:cc:cc:ce, Current address is 00:01:e8:cc:cc:ce Interface index is 1107787786...