1. Manuals
  2. Brands
  3. Dell Manuals
  4. Switch
  5. PowerConnect M6348
  6. Configuration manual

Dell PowerConnect M6348 Configuration Manual

Configuration guide
Hide thumbs Also See for PowerConnect M6348:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual, Cli Reference Manual
Enlarged version
Dell™ PowerConnect™
M6220/M6348/M8024 Switches

Configuration Guide

Model PCM6220/PCM6348/PCM8024
w w w . d e l l . c o m | s u p p o r t . d e l l . c o m

Advertisement

Table of Contents
loading

Related Manuals for Dell PowerConnect M6348

Summary of Contents for Dell PowerConnect M6348

  • Page 1: Configuration Guide

    Dell™ PowerConnect™ M6220/M6348/M8024 Switches Configuration Guide Model PCM6220/PCM6348/PCM8024 w w w . d e l l . c o m | s u p p o r t . d e l l . c o m...
  • Page 2 Trademarks used in this text: Dell, Dell OpenManage, the DELL logo, Inspiron, Dell Precision, Dimension, OptiPlex, PowerConnect, PowerApp, PowerVault, Axim, DellNet, and Latitude are trademarks of Dell Inc.; Microsoft, Windows, and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Procomm Plus is a registered trademark of Symantec Corporation or its affiliates in the U.S.

  • Page 3: Table Of Contents

    Contents About this Document ......Organization ........Additional Documentation .
  • Page 4 Switching Configuration ......Virtual LANs ........VLAN Configuration Example .
  • Page 5 CLI Examples ....... . Simple Switch Mode Supported CLI Commands .
  • Page 6 802.1x Network Access Control Examples ....802.1X Authentication and VLANs ..... . . Authenticated and Unauthenticated VLANs .
  • Page 7 Quality of Service ......Class of Service Queuing ......Ingress Port Configuration .

  • Page 9: About This Document

    This configuration guide provides examples of how to use the following switches in a typical network: • Dell™ PowerConnect™ M6220 • Dell PowerConnect M6348 • Dell PowerConnect M8024 It describes the advantages of specific functions the PowerConnect M6220/M6348/M8024 switches and provides and includes information about configuring those functions using the command line interface (CLI).

  • Page 10: Additional Documentation

    • from the command-line interface (CLI) for managing, monitoring, and configuring the switch. User’s Guide for your Dell PowerConnect switch describes the Web GUI. Many of the scenarios • described in this document can be fully configured using the Web interface. This guide also provides initial system setup and configuration instructions.

  • Page 11: System Configuration

    System Configuration This section provides configuration scenarios for the following features: • "Traceroute" on page 11 • "Configuration Scripting" on page 13 • "Outbound Telnet" on page 16 • "Simple Network Time Protocol (SNTP)" on page 17 • "Syslog" on page 19 •...

  • Page 12: Cli Example

    CLI Example The following shows an example of using the traceroute command to determine how many hops there are to the destination. The command output shows each IP address the packet passes through and how long it takes to get there. In this example, the packet takes 16 hops to reach its destination. console#traceroute ? Enter IP Address.

  • Page 13: Configuration Scripting

    Configuration Scripting Configuration scripting allows you to generate a text-formatted script file that shows the current system configuration. You can generate multiple scripts and upload and apply them to more than one switch. Overview Configuration scripting: • Provides scripts that can be uploaded from and downloaded to the system. •...
  • Page 14 Example #2: Viewing and Deleting Existing Scripts console#script list Configuration Script Name Size(Bytes) -------------------------------- ----------- abc.scr running-config startup-config test.scr 4 configuration script(s) found. 2046 Kbytes free. console#script delete test.scr Are you sure you want to delete the configuration script(s)? (y/n)y 1 configuration script(s) deleted.
  • Page 15 Example #5: Uploading a Configuration Script to the TFTP Server Use this command to upload a configuration script to the TFTP server. console#copy script abc.scr tftp://10.27.64.141/abc.scr Mode........... TFTP Set TFTP Server IP......10.27.64.141 TFTP Path......../ TFTP Filename........abc.scr Data Type........Config Script Source Filename........

  • Page 16: Outbound Telnet

    Example #7: Validating a Script console#script validate abc.scr ip address dhcp username "admin" password 16d7a4fca7442dda3ad93c9a726597e4 level 15 encrypted exit Configuration script 'abc.scr' validated. console#script apply abc.scr Are you sure you want to apply the configuration script? (y/n)y ip address dhcp username "admin"...

  • Page 17: Simple Network Time Protocol (Sntp)

    SNTP client implemented over UDP that listens on port 123 CLI Examples The following are examples of the commands used in the SNTP feature. Example #1: Viewing SNTP Options (Dell Routing)(Config) #sntp ? console(config)#sntp ? authenticate Require authentication for received Network Time Protocol (NTP) traffic from servers.
  • Page 18 Example #2: Configuring the SNTP Server console(config)#sntp server ? <ipaddress/domain-name> Enter SNTP server address or the domain name. console(config)#sntp server 192.168.10.25 ? Authentication key to use when sending packets to this peer. poll Enable/Disable SNTP server polling. priority Configure SNTP server priority. <cr>...

  • Page 19: Syslog

    Syslog Overview Syslog: • Allows you to store system messages and/or errors. • Can store to local files on the switch or a remote server running a syslog daemon. • Provides a method of collecting message logs from many systems. Interpreting Log Files Figure 2-1 describes the information that displays in log messages.
  • Page 20 SNMP Set Command Logging : disabled 0 Messages were not logged. Buffer Log: <189> JAN 01 03:57:58 10.27.65.86-1 TRAPMGR[216282304]: traputil.c(908) 31 %% Instance 0 has elected a new STP root: 8000:00ff:f2a3:8888 <189> JAN 01 03:57:58 10.27.65.86-1 TRAPMGR[216282304]: traputil.c(908) 32 %% Instance 0 has elected a new STP root: 8000:0002:bc00:7e2c <189>...

  • Page 21: Port Description

    error Error conditions info Informational messages notice Normal but significant conditions warning Warning conditions console(Config-logging)#level critical Port Description The Port Description feature lets you specify an alphanumeric interface identifier that can be used for SNMP network management. CLI Example Use the commands shown below for the Port Description feature. Example #1: Enter a Description for a Port This example specifies the name “Test”...

  • Page 22: Cli Example

    Configuring a storm-control level also enables that form of storm-control. Disabling a storm-control level (using the “no” version of the command) sets the storm-control level back to default value and disables that form of storm-control. Using the “no” version of the “storm-control” command (not stating a “level”) disables that form of storm-control but maintains the configured “level”...

  • Page 23: 10Gbase-T Plug-In Module Configuration

    10GBASE-T Plug-in Module Configuration NOTE: This feature is applicable to the PowerConnect M6220 and M8024 switches only. The PowerConnect M6220 and M8024 switches provide two 10-Gigabit module slots that support plug- in modules: • The M6220 supports CX-4, SFP+, XFP, and 10GBASE-T modules. The 10GBASE-T may only be used on bay 2.
  • Page 24 Use the following command to display the current status of low-power mode on an interface (see the Admin State column): console#show interfaces configuration Port Type Duplex Speed MDIX Admin Mode State ----- ------------------------------ ------ ------- ---- ---- --------- 1/xg1 10G - Level Unknown Auto Auto...

  • Page 25: Switching Configuration

    Switching Configuration This section provides configuration scenarios for the following features: • "Virtual LANs" on page 25 • "IGMP Snooping" on page 32 • "IGMP Snooping Querier" on page 33 • "Link Aggregation/Port Channels" on page 35 • "Port Mirroring" on page 38 •...

  • Page 26: Vlan Configuration Example

    • The IP-subnet Based VLAN feature lets you map IP addresses to VLANs by specifying a source IP address, network mask, and the desired VLAN ID. • The MAC-based VLAN feature let packets originating from end stations become part of a VLAN according to source MAC address.
  • Page 27 Example #1: Create Two VLANs Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank. console(config)#vlan database console(config-vlan)#vlan 2 console(config-vlan)#vlan 3 console(config-vlan)#exit Example #2: Assign Ports to VLAN2 This sequence shows how to assign ports to VLAN2, specify that frames will always be transmitted tagged from all member ports, and that untagged frames will be rejected on receipt.
  • Page 28 Example #4: Assign VLAN3 as the Default VLAN This example shows how to assign VLAN 3 as the default VLAN for port 1/g18. console(config)#interface ethernet 1/g18 console(config-if-1/g18)#switchport general pvid 3 Example #5: Assign IP Addresses to VLAN 2 In order for the VLAN to function as a routing interface, you must enable routing on the VLAN and on the switch.

  • Page 29: Web Interface

    Web Interface Use the following screens to perform the same configuration using the Web Interface: • Switching > VLAN > Membership. To create VLANs and specify port participation. Switching > VLAN > Port Settings. To specify the PVID and mode for the port. •...

  • Page 30: Protocol-Based Vlans

    Example #4: Viewing IP Subnet and MAC-Based VLAN Associations console#show vlan association mac MAC Address VLAN ID ----------------- ------- 00FF.F2A3.8886 console#show vlan association subnet IP Subnet IP Mask VLAN ID ---------------- ---------------- ------- 192.168.25.0 255.255.255.0 192.168.1.11 255.255.255.255 Protocol-Based VLANs The software supports protocol-based VLANs, where only packets are bridged based on their layer 3 protocol.

  • Page 31: Private Edge Vlans

    Private Edge VLANs Use the Private Edge VLAN feature to prevent ports on the switch from forwarding traffic to each other even if they are on the same VLAN. • Protected ports cannot forward traffic to other protected ports in the same group, even if they have the same VLAN membership.

  • Page 32: Igmp Snooping

    IGMP Snooping This section describes the Internet Group Management Protocol (IGMP) Snooping feature. IGMP Snooping enables the switch to monitor IGMP transactions between hosts and routers. It can help conserve bandwidth by allowing the switch to forward IP multicast traffic only to connected hosts that request multicast traffic.

  • Page 33: Igmp Snooping Querier

    Example #3: Show IGMP Snooping Information for an Interface console#show ip igmp snooping interface ethernet 1/g17 Slot/Port........1/g17 Global IGMP Snooping Admin Mode....Enabled IGMP Snooping Admin Mode....... Enabled Fast Leave Mode........ Disabled Group Membership Interval...... 260 Max Response Time......10 Multicast Router Present Expiration Time..
  • Page 34 console(config)#ip igmp snooping querier query-interval 100 console(config)#ip igmp snooping querier timer expiry 100 Example #3: Show IGMP Snooping Querier Information console#show ip igmp snooping querier Global IGMP Snooping querier status ----------------------------------- IGMP Snooping Querier Mode..... Enable Querier Address........ 10.10.10.33 IGMP Version........2 Querier Query Interval......

  • Page 35: Link Aggregation/Port Channels

    Example #5: Show IGMP Snooping Querier Information for VLAN 10 console#show ip igmp snooping querier vlan 10 Vlan 10 IGMP Snooping querier status ---------------------------------------------- IGMP Snooping Querier Vlan Mode....Enable Querier Election Participate Mode....Enable Querier Vlan Address......10.10.11.40 Operational State......Querier Operational version......
  • Page 36 Figure 3-2. LAG/Port-channel Example Network Diagram Server Subnet Port 1/g18 Port 1/0/3 Port 1/g17 LAG_1 LAG_10 Port 1/0/2 LAG_1 LAG_10 Layer 3 Switch Port 1/g20 Port 1/g19 Port 1/0/8 Port 1/0/9 LAG_2 LAG_2 LAG_20 LAG_20 Layer 2 Switch Subnet 2 Subnet 3 Example 1: Create Names for Two Port-Channels console#configure...
  • Page 37 console(config)#interface ethernet 1/g18 console(config-if-1/g18)#channel-group 1 mode auto console(config-if-1/g18)#exit console(config)#interface ethernet 1/g19 console(config-if-1/g19)#channel-group 2 mode auto console(config-if-1/g19)#exit console(config)#interface ethernet 1/g20 console(config-if-1/g20)#channel-group 2 mode auto console(config-if-1/g20)#exit console(config)#exit Example 3: Show the Port Channels This command shows 48 LAGs; for brevity, this example shows only 20. console#show interfaces port-channel Channel Ports...

  • Page 38: Web Interface Configuration: Lags/Port-Channels

    Web Interface Configuration: LAGs/Port-channels To perform the same configuration using the Graphical User Interface, click Switching > Link Aggregation > LAG Membership in the navigation tree. Port Mirroring This section describes the Port Mirroring feature, which can serve as a diagnostic tool, debugging tool, or means of fending off attacks.

  • Page 39: Port Security

    Port Security This section describes the Port Security feature. Overview Port Security: • Allows for limiting the number of MAC addresses on a given port. • Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted.

  • Page 40: Link Layer Discovery Protocol

    discard Discard frames with unlearned source addresses. Configure the maximum addresses that can be learned on the port. trap Sends SNMP Traps, and specifies the minimum time between consecutive traps. console(config-if-1/g18)#port security Example #2: Show Port Security console#show ports security ? addresses Addresses.
  • Page 41 <interval-seconds> Range <5 - 3600> seconds. console(config)#lldp notification-interval 1000 console(config)#lldp timers ? hold The interval multiplier to set local LLDP data TTL. interval The interval in seconds to transmit local LLDP data. reinit The delay before re-initialization. <cr> Press enter to execute the command. console(config)#lldp timers hold 8 reinit 5 console(config)#exit Example #2: Set Interface LLDP Parameters...

  • Page 42: Denial Of Service Attack Protection

    Protects against the exploitation of a number of vulnerabilities which would make the host or network unstable • Compliant with Nessus. Dell tested the switch software with Nessus version 2.0.10. Nessus is a widely- used vulnerability assessment tool. • PowerConnect M6220/M6348/M8024 switch software provides a number of features that help a network administrator protect networks against DoS attacks.

  • Page 43: Cli Examples

    The following table describes the dos-control keywords. Table 3-1. DoS Control Keyword Meaning firstfrag Enabling First Fragment DoS prevention causes the switch to drop packets that have a TCP header smaller then the configured Min TCP Hdr Size. icmp ICMP DoS prevention causes the switch to drop ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMP Pkt Size.

  • Page 44: Dhcp Snooping

    DHCP Snooping Dynamic Host Configuration Protocol (DHCP) Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server to: • Filter harmful DHCP messages • Build a bindings database of (MAC address, IP address, VLAN ID, port) authorized tuples. DHCP snooping is disabled globally and on all VLANs by default.
  • Page 45 snooping removes bindings in response to DECLINE, RELEASE, and NACK messages. DHCP Snooping application ignores the ACK messages as reply to the DHCP Inform messages received on trusted ports. The administrator can also enter static bindings into the binding database. The DHCP binding database resides on a configured external server or locally in flash depending upon the user configuration.

  • Page 46: Cli Examples

    DHCP snooping can be configured on switching VLANs and routing VLANs. When a DHCP packet is received on a routing VLAN, the DHCP snooping application applies its filtering rules and updates the bindings database. If a client message passes filtering rules, the message is placed into the software forwarding path where it may be processed by the DHCP relay agent or forwarded as an IP packet.
  • Page 47 Example #7 Configure an interface as DHCP snooping trusted console(config-if-1/g1)#ip dhcp snooping trust console(config-if-1/g1)#exit Example #8 Configure rate limiting on an interface console(config-if-1/g1)#ip dhcp snooping limit rate 50 burst interval 1 console(config-if-1/g1)#exit Example #9 Configure a DHCP snooping static binding entry console(config)#ip dhcp snooping binding 00:01:02:03:04:05 vlan 1 10.131.11.1 interface 1/g2 console(config)#exit Example #10 Show DHCP Snooping configuration on VLANs and Ports...
  • Page 48 1/g17 1/g18 1/g19 1/g20 1/g21 1/g22 1/g23 1/g24 1/xg3 1/xg4 --More-- or (q)uit console# Example #12 Show DHCP Snooping database configurations console#show ip dhcp snooping database agent url: local write-delay: console# Example #13 Show DHCP Snooping binding entries Total number of bindings: MAC Address IP Address VLAN...
  • Page 49 1/g1 1/g2 1/g3 1/g4 1/g5 1/g6 1/g7 1/g8 1/g9 1/g10 1/g11 1/g12 1/g13 1/g14 1/g15 1/g16 1/g17 1/g18 --More-- or (q)uit 1/g19 1/g20 1/g21 1/g22 1/g23 1/g24 1/xg3 1/xg4 ch10 --More-- or (q)uit console# Switching Configuration...
  • Page 50 Example #15 Show DHCP Snooping Per Port Statistics console#show ip dhcp snooping statistics Interface MAC Verify Client Ifc DHCP Server Failures Mismatch Msgs Rec'd ----------- ---------- ---------- ----------- 1/g2 1/g3 1/g4 1/g5 1/g6 1/g7 1/g8 1/g9 1/g10 1/g11 1/g12 1/g13 1/g14 1/g15 1/g16...

  • Page 51: Port Aggregator

    The Port Aggregator feature is only available when the switch is operating in Simple mode, which is disabled by default. From the Dell CLI Setup Wizard, you can select the operational mode as "Simple mode" or "Normal mode". In addition, users with privilege level 15 can change the mode via the CLI/Web/SNMP user interfaces.
  • Page 52 Figure 3-4. Default Aggregator Groups on Standalone Switch (Blade) The default Port Aggregator Group mapping is shown in Table 3-2. Table 3-2. Default Port Aggregator Group Mapping Aggregator Member Internal Ports Member Uplink (External) Ports Group Group 1 1/xg1,1/xg2,1/xg3,1/xg4, 1/xg5, 1/xg6, 1/xg7, 1/xg17, 1/xg18, 1/xg19, 1/xg20 1/xg8, 1/xg9, 1/xg10, 1/xg11, 1/xg12, 1/xg13, 1/xg14, 1/xg15, 1/xg16...

  • Page 53: Simple Mode Operation

    To prevent traffic from different groups being seen by other groups, a VLAN is reserved for each Aggregator Group by default. This VLAN reservation per group is not configurable; however you can configure each group to participate in more than one user-created (unreserved) VLAN. VLANs 4086 to 4093 are reserved for each Aggregator Group, starting from 4086 for Group 1.

  • Page 54: Cli Examples

    • Operational mode is set to Normal mode on resetting the configuration to Factory defaults from the software boot menu. The switch will boot up in this mode unless you select a different mode from the setup wizard. • The switch can be changed between Normal and Simple Mode without a reboot. •...
  • Page 55 console(config)#mode simple Switching modes will immediately clear the configuration. Are you sure you want to continue? (y/n) To select Normal mode as the operational mode, use the no form of mode simple command. console(config)#no mode simple Example #2: Enter Port Aggregator Mode Use the port-aggregator group <GroupId>...
  • Page 56 Example #6: Set Group LACP Mode to Dynamic Use the lacp auto command to set the LACP (Link Aggregation) mode to dynamic for that Aggregator Group. This means that when more than one uplink port is in the Group, those uplink ports will be enabled automatically with LACP .
  • Page 57 Example #10: Show Group VLAN Table Use the show vlan [port-aggregator group < GroupId >] command to show the VLAN table for a [port-aggregator group <Group Id> particular aggregator group. is an optional parameter in the command and, if not specified, shows all the MAC entries in all the Groups. console#show vlan port-aggregator group 2 Aggregator Group: 2 VLAN...
  • Page 58 Example #11: Show Group Configuration Summary Use the show port-aggregator group summary [< GroupId >] command to show the parameters <Group Id> configured on the aggregator group. is an optional parameter in the command and, if not specified, the command shows all the configured parameters for all the Groups. console#show port-aggregator group summary 2 Group VLANs...

  • Page 59: Simple Switch Mode Supported Cli Commands

    Simple Switch Mode Supported CLI Commands Commands that were available in Interface mode of Normal switch mode are now available in Simple mode and can execute on a Port Aggregator group. For example, to apply any of the following commands on an aggregator group 1, enter the port configuration mode for that group: console(config)#port-aggregator group 1 console(config-aggregator-1)#...
  • Page 60 • Dot1x feature commands: aaa authentication dot1x aaa authorization network default radius dot1x max-req dot1x port-control dot1x re-authenticate dot1x re-authentication dot1x system-auth-control dot1x timeout quiet-period dot1x timeout re-authperiod dot1x timeout server-timeout dot1x timeout supp-timeout dot1x timeout tx-period show dot1x show dot1x statistics show dot1x users •...
  • Page 61 • Port Channel Commands: show interfaces port-channel show statistics port-channel • Radius commands: auth-port deadtime priority radius-server deadtime radius-server host radius-server key radius-server retransmit radius-server source-ip radius-server timeout retransmit show radius-servers source-ip timeout usage • SNMP Commands: show snmp show snmp engineID show snmp groups show snmp views snmp-server community...
  • Page 62 user-key • System Management Commands: asset-tag hostname member movemanagement ping reload set description show sessions show supported switchtype show switch show system show system id show system power show users show version switch priority switch renumber telnet traceroute traceroute {ipaddress|hostname} •...

  • Page 63: Sflow

    ip https port ip https server key-generate location organization-unit show crypto certificate mycertificate show ip http show ip https state sFlow This section describes the sFlow feature. sFlow is the industry standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources.

  • Page 64: Sflow Agents

    • sFlow collector can receive data from multiple switches, providing a real-time synchronized view of the whole network. • The Collector can analyze traffic patterns based on protocols found in the headers (e.g., TCP/IP, IPX, Ethernet, AppleTalk…). This alleviates the need for a layer 2 switch to decode and understand all protocols.

  • Page 65: Cli Examples

    Counter Sampling The primary objective of Counter Sampling is to efficiently, periodically export counters associated with Data Sources. A maximum Sampling Interval is assigned to each sFlow instance associated with a Data Source. Counter Sampling is accomplished as follows: • sFlow Agents keep a list of counter sources being sampled.
  • Page 66 Example #5: Show sFlow sampling for receiver index 1 console#show sflow 1 sampling Sampler Receiver Packet Max Header Data Source Index Sampling Rate Size ----------- ------- ------------- ---------- 1/g1 1500 1/g2 1500 1/g3 1500 1/g4 1500 1/g5 1500 1/g6 1500 1/g7 1500 1/g8...

  • Page 67: Routing Configuration

    Routing Configuration This section describes configuration scenarios and instructions for the following routing features: • "VLAN Routing" on page 67 • "Virtual Router Redundancy Protocol" on page 70 • "Proxy Address Resolution Protocol (ARP)" on page 73 • "OSPF" on page 74 •...
  • Page 68 Figure 4-1. VLAN Routing Example Network Diagram Layer 3 Switch Physical Port 1/xg2 Physical Port 1/xg3 VLAN 10: 192.150.3.1 VLAN 10: 192.150.4.1 Physical Port 1/xg1 Layer 2 Switch Layer 2 Switch VLAN 10 VLAN 20 Example 1: Create Two VLANs The following code sequence shows an example of creating two VLANs with egress frame tagging enabled.
  • Page 69 console(config-if-1/g2)#exit console#configure console(config)#interface ethernet 1/g3 console(config-if-1/g3)#switchport mode general console(config-if-1/g3)#switchport general allowed vlan add 20 console(config-if-1/g3)#switchport general pvid 20 console(config-if-1/g3)#exit Example 3: Set Up VLAN Routing for the VLANs and Assign an IP Address The following code sequence shows how to enable routing for the VLANs and how to configure the IP addresses and subnet masks for the virtual router ports.: console#configure console(config)#interface vlan 10...

  • Page 70: Using The Web Interface To Configure Vlan Routing

    Using the Web Interface to Configure VLAN Routing Use the following screens to perform the same configuration using the Web Interface: • Switching > VLAN > VLAN Membership. To create the VLANs and specify port participation. Switching > VLAN > Port Settings. To set the PVID and VLAN type. •...
  • Page 71 Figure 4-2. VRRP Example Network Configuration Layer 3 Switch acting as Router 2 Layer 3 Switch acting VLAN 60 Port 1/0/4 as Router 1 192.150.4.1 Virtual Router ID 20 Virtual Addr. 192.150.2.1 VLAN 50 Port 1/0/2 192.150.2.1 Virtual Router ID 20 Virtual Addr.
  • Page 72 Assign virtual router IDs to the port that will participate in the protocol: console(config)#interface vlan 50 console(config-if-vlan50)#ip vrrp 20 Specify the IP address that the virtual router function will recognize. The priority default is 255. console(config-if-vlan50)#ip vrrp 20 ip 192.150.2.1 Enable VRRP on the port: console(config-if-vlan50)#ip vrrp 20 mode console(config-if-vlan50)#exit...

  • Page 73: Using The Web Interface To Configure Vrrp

    Enable VRRP on the port. console(config-if-vlan60)#ip vrrp 20 mode console(config-if-vlan60)#exit Using the Web Interface to Configure VRRP Use the following screens to perform the same configuration using the Graphical User Interface: Routing > IP > Configuration. To enable routing for the switch. •...

  • Page 74: Ospf

    Primary IP Address......192.150.2.1/255.255.255.0 Routing Mode........Enable Administrative Mode......Enable Forward Net Directed Broadcasts....Disable Proxy ARP........Enable Local Proxy ARP........ Disable Active State........Inactive Link Speed Data Rate......10 Half MAC Address........00FF.F2A3.888A Encapsulation Type......Ethernet IP MTU......... 1500 OSPF Larger networks typically use the Open Shortest Path First (OSPF) protocol instead of RIP .
  • Page 75 Area 0 OSPF backbone as 0.0.1.0). The area identified as 0.0.0.0 is referred to as and is considered the All other OSPF areas in the network must connect to Area 0 directly or through a virtual link. The backbone area is responsible for distributing routing information between non-backbone areas. virtual link can be used to connect an area to Area 0 when a direct link is not possible.

  • Page 76: Cli Examples

    External routes are those imported into OSPF from other routing protocol or processes. OSPF computes the path cost differently for external type 1 and external type 2 routes. The cost of an external type 1 route is the cost advertised in the external LSA plus the path cost from the calculating router to the ASBR.
  • Page 77 IPv4 (OSPFv2) IPv6 (OSPFv3) Enable routing and assign IP for VLANs 70, 80 and 90. config config interface vlan 70 interface vlan 70 routing routing ip address 192.150.2.2 255.255.255.0 ipv6 enable exit exit interface vlan 80 interface vlan 80 routing routing ip address 192.130.3.1 255.255.255.0 ipv6 address 2002::1/64...
  • Page 78 IPv4 (OSPFv2) IPv6 (OSPFv3) config config interface vlan 70 interface vlan 70 ip ospf area 0.0.0.0 ipv6 ospf ip ospf priority 128 ipv6 ospf areaid 0.0.0.0 ip ospf cost 32 ipv6 ospf priority 128 exit ipv6 ospf cost 32 exit interface vlan 80 ip ospf area 0.0.0.2 interface vlan 80...
  • Page 79 Figure 4-4. OSPF Configuration—Stub Area and NSSA Area Area 2 (0.0.0.2) IR (5.3.0.0) 10.1.101.1 3000:1:101::/64 Area 0 (0.0.0.0) Router 1 (1.1.1.1) 10.1.2.1 10.3.100.3 3000:1:2::/64 10.1.2.2 Backbone Router (3.3.3.3) 3000:3:100:: ASBR (5.1.0.0) 3000:2:3:: 10.1.2.2 10.2.3.3 3000:1:2:: 3000:2:3:: Router 2 (2.2.2.2) 10.2.3.3 3000:2:3:: Virtual Link 10.2.4.2...
  • Page 80 ipv6 address 3000:3:100::/64 eui64 ip ospf area 0.0.0.0 ipv6 ospf exit • Define an OSPF router: ipv6 router ospf router-id 3.3.3.3 exit router ospf router-id 3.3.3.3 exit exit Configure Router B: Router B is a ABR that connects Area 0 to Areas 1 and 2. •...
  • Page 81 ipv6 address 3000:2:4::/64 eui64 ipv6 ospf ipv6 ospf areaid 2 exit • For IPv4: Define an OSPF router. Define Area 1 as a stub. Enable OSPF for IPv4 on VLANs 10, 5, and 17 by globally defining the range of IP addresses associated with each interface, and then associating those ranges with Areas 1, 0, and 17, respectively.
  • Page 82 Figure 4-5. OSPF Configuration—Virtual Link Area 2 (0.0.0.2) IR (5.3.0.0) 10.1.101.1 Area 0 (0.0.0.0) - backbone VLAN 11 3000:1:101::/64 VLAN 10 Router C - ABR (5.5.5.5) VLAN 5 10.1.2.1/24 10.2.3.3/24 Router A - backbone 3000:1:2::/64 VLAN 7 3000:2:3::/64 (3.3.3.3) 10.1.2.2/24 3000:1:2::/64 eui64 Router B - ABR (4.4.4.4) 10.2.3.2...
  • Page 83 Configure Router B: Router B is a ABR that directly connects Area 0 to Area 1. In addition to the configuration steps described in the previous example, we define a virtual link that traverses Area 1 to Router C (5.5.5.5). (console)#configure ipv6 unicast-routing ip routing...

  • Page 84: Routing Information Protocol

    ipv6 ospf ipv6 ospf areaid 1 exit interface vlan 11 routing ip address 10.1.101.1 255.255.255.0 ipv6 address 3000:1:101::/64 eui64 ipv6 ospf ipv6 ospf areaid 2 exit ipv6 router ospf router-id 5.5.5.5 area 0.0.0.1 virtual-link 4.4.4.4 exit router ospf router-id 5.5.5.5 area 0.0.0.1 virtual-link 4.4.4.4 network 10.1.2.0 0.0.0.255 area 0.0.0.1 network 10.1.101.0 0.0.0.255 area 0.0.0.2...

  • Page 85: Cli Examples

    The PowerConnect M6220/M6348/M8024 switches support both versions of RIP . You may configure a given port: • To receive packets in either or both formats • To transmit packets formatted for RIP-1 or RIP-2 or to send RIP-2 packets to the RIP-1 broadcast address •...
  • Page 86 Example #2: Enable Routing for Ports The following command sequence enables routing and assigns IP addresses for VLAN 2 and VLAN 3. console#config interface vlan 2 routing ip address 192.150.2.2 255.255.255.0 exit interface vlan 3 routing ip address 192.130.3.1 255.255.255.0 exit exit Example #3.

  • Page 87: Using The Web Interface To Configure Rip

    Using the Web Interface to Configure RIP Use the following screens to perform the same configuration using the Graphical User Interface: • Routing > IP > Configuration> To enable routing for the switch. Routing > IP > Interface Configuration > To configure the VLAN routing interfaces. •...
  • Page 88 Example 1: Configure Administrative Preferences The following commands configure the administrative preference for the RIP and OSPF: console#Config router rip distance rip 130 exit For OSPF, an additional parameter identifies the type of OSPF route that the preference value applies to: router ospf distance ospf ? external...

  • Page 89: Using Equal Cost Multipath

    Using Equal Cost Multipath The equal cost multipath (ECMP) feature allows a router to use more than one next hop to forward packets to a given destination prefix. It can be used to promote a more optimal use of network resources and bandwidth.

  • Page 90: Loopback Interfaces

    Routing protocols can also be configured to compute ECMP routes. For example, referring to Figure 4-8, if OSPF were configured in on both links connecting Router A and Router B, and if Router B advertised its connection to 20.0.0.0/8, then Router A could compute an OSPF route to 20.0.0.0/8 with next hops of 10.1.1.2 and 10.1.2.2.
  • Page 91 Loopbacks are typically used for device management purposes. A client can use the loopback interface to communicate with the router through various services such as telnet and SSH. The address on a loopback behaves identically to any of the local addresses of the router in terms of the processing of incoming packets.

  • Page 92: Ip Helper

    IP Helper The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a particular IP address. This allows applications to reach servers on non-local subnets. This is possible even when the application is designed to assume a server is always on a local subnet or when the application uses broadcast packets to reach the server (with the limited broadcast address 255.255.255.255, or a network directed broadcast address).

  • Page 93: Cli Examples

    Certain pre-existing configurable DHCP relay options do not apply to relay of other protocols. These options are unchanged. The user may optionally set a maximum hop count or minimum wait time using the bootpdhcprelay maxhopcount and bootpdhcprelay minwaittime commands. The relay agent relays DHCP packets in both directions. It relays broadcast packets from the client to one or more DHCP servers, and relays packets to the client that the DHCP server unicasts back to the relay agent.
  • Page 94 Example 2: Configure IP Helper Globally (DHCP) To relay DHCP packets received on any interface to two DHCP servers (10.1.1.1 and 10.1.2.1), use the following commands: console (config)#ip helper-address 10.1.1.1 dhcp console (config)#ip helper-address 10.1.2.1 dhcp Example 3: Enable IP Helper Globally (UDP) To relay UDP packets received on any interface for all default ports (Table 2) to the server at 20.1.1.1, use the following commands: console (config)#ip helper-address 20.1.1.1...
  • Page 95 Example 7: Show IP Helper Configurations The following command shows IP Helper configurations: console#show ip helper-address IP helper is enabled Interface UDP Port Discard Hit Count Server Address --------------- ----------- -------- ---------- --------------- vlan 100 dhcp 10.100.1.254 vlan 101 10.100.2.254 dhcp 10.200.1.254 Example 8: Show IP Helper Statistics...
  • Page 96 Routing Configuration...

  • Page 97: Device Security

    Device Security This section describes configuration scenarios for the following features: • "802.1x Network Access Control" on page 97 • "802.1X Authentication and VLANs" on page 100 • "802.1x MAC Authentication Bypass (MAB)" on page 103 • "Authentication Server Filter Assignment" on page 105 •...

  • Page 98: 802.1X Network Access Control Examples

    Completion of an authentication exchange requires all three roles. The PowerConnect M6220/M6348/M8024 switches support the authenticator role only, in which the PAE is responsible for communicating with the supplicant. The authenticator PAE is also responsible for submitting information received from the supplicant to the authentication server in order for the credentials to be checked, which determines the authorization state of the port.
  • Page 99 IP address Type Port TimeOut Retran. DeadTime Source IP Prio. Usage ------------- ----- ----- ------- ------- -------- ------------- ----- ----- 10.27.5.157 Auth 1812 Global Global Global 10.27.65.13 Global values Configured Authentication Servers : 1 Configured Accounting Servers : 0 Named Authentication Server Groups : 1 Named Accounting Server Groups : 0 Timeout : 3 Retransmit : 3...

  • Page 100: 802.1X Authentication And Vlans

    Administrative Mode....Enabled Port Admin Oper Reauth Reauth Mode Mode Control Period ------- ------------------ ------------ -------- ---------- 1/g8 mac-based Unauthorized FALSE 3600 Quiet Period........60 Transmit Period........ 30 Maximum Requests....... 2 Max Users........3 VLAN Assigned........10 Supplicant Timeout......30 Server Timeout (secs)......30 Logical Supplicant AuthPAE...

  • Page 101: Guest Vlan

    Much of the configuration to assign hosts to a particular VLAN takes place on the RADIUS server or 802.1X authenticator. If you use an external RADIUS server to manage VLANs, you configure the server to use Tunnel attributes in Access-Accept messages in order to inform the switch about the selected VLAN.
  • Page 102 Example #1: Allow the Switch to Accept RADIUS-Assigned VLANs The RADIUS server can place a port in a particular VLAN based on the result of the authentication. The command in this example allows the switch to accept VLAN assignment by the RADIUS server. NOTE: The feature is available in release 2.1 and later.

  • Page 103: Mac Authentication Bypass (Mab)

    802.1x MAC Authentication Bypass (MAB) MAB is a supplemental authentication mechanism that allows 802.1x unaware clients, such as printers and fax machines, to authenticate to the network using the client MAC address as an identifier. The known and allowable MAC address and corresponding access rights of the client must be pre-populated in the authentication server.

  • Page 104: Cli Examples

    Figure 5-2. MAB Operation — Authentications Based on MAC Address in Database CLI Examples Example 1: Enable/Disable MAB To enable/disable MAB on interface 1/5, use the following commands: console(config-if-1/g5)#dot1x mac-auth-bypass console(config-if-1/g5)#no dot1x mac-auth-bypass Device Security...

  • Page 105: Authentication Server Filter Assignment

    Example 2: Show MAB Configuration To show the MAB configuration for interface 1/5, use the following command: console#show dot1x ethernet 1/g5 Administrative Mode....Enabled Port Admin Oper Reauth Reauth Mode Mode Control Period ------- ------------------ ------------ -------- ---------- 1/g5 mac-based Authorized TRUE Quiet Period........

  • Page 106: Access Control Lists (Acls)

    Filter-id = “internet_access” 3 The DiffServ policy specified in the attribute must already be configured on the switch, and the policy names must be identical. For information about configuring a DiffServ policy, see "Differentiated Services" on page 137. The section, "Example #1: DiffServ Inbound Configuration" on page 138," describes how to configure a policy named internet_access.

  • Page 107: Mac Acls

    Limitations The following limitations apply to ingress and egress ACLs. • Maximum of 100 ACLs. • Maximum rules per ACL is 127. • You can configure mirror or redirect attributes for a given ACL rule, but not both. • The PowerConnect M6220/M6348/M8024 switches support a limited number of counter resources, so it may not be possible to log every ACL rule.

  • Page 108: Ip Acls

    IP ACLs IP ACLs classify for Layers 3 and 4. Each ACL is a set of up to ten rules applied to inbound traffic. Each rule specifies whether the contents of a given field should be used to permit or deny access to the network, and may apply to one or more of the following fields within a packet: •...
  • Page 109 Figure 5-3. IP ACL Example Network Diagram Example #1: Create an ACL and Define an ACL Rule This command creates an ACL named list1 and configures a rule for the ACL. After the mask has been applied, it permits packets carrying TCP traffic that matches the specified Source IP address, and sends these packets to the specified Destination IP address.

  • Page 110: Mac Acl Cli Examples

    Example #2: Define the Second Rule for ACL 179 Define the rule to set similar conditions for UDP traffic as for TCP traffic. console(config)#access-list list1 permit udp 192.168.77.0 0.0.0.255 192.168.77.3 0.0.0.255 console(config)#exit Example #3: Apply the Rule to Outbound (Egress) Traffic on Port 1/g2 Only traffic matching the criteria will be accepted.
  • Page 111 Configure logging for this access list rule. mirror Configure the packet mirroring attribute. redirect Configure the packet redirection attribute. vlan Configure a match condition based on a VLAN ID. <0x0600-0xffff> Enter a four-digit hexadecimal number in the range of 0x0600 to 0xffff to specify a custom Ethertype value. <cr>...
  • Page 112 Example #7: Setup an ACL with Permit Action console# Config console(config)#mac access-list extended mac2 console(config-mac-access-list)#permit ? Configure a match condition for all the source MAC addresses in the Source MAC Address field. <srcmac> Enter a MAC Address. console(config-mac-access-list)#permit any ? Configure a match condition for all the destination MAC addresses in the Destination MAC Address field.

  • Page 113: Radius

    MAC ACL Name: mac1 Rule Number: 1 Action......... deny Destination MAC Address......00:11:22:33:44:55 Destination MAC Mask......00:00:00:00:FF:FF Log..........TRUE RADIUS Making use of a single database of accessible information—as in an Authentication Server—can greatly simplify the authentication and management of users in a large network. One such type of Authentication Server supports the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
  • Page 114 Example #1: Basic RADIUS Server Configuration This example configures two RADIUS servers at 10.10.10.10 and 11.11.11.11. Each server has a unique secret1 secret2 shared secret key. The shared secrets are configured to be respectively. The server at 10.10.10.10 is configured as the primary server. The process creates a new authentication list, called radiusList, which uses RADIUS as the primary authentication method, and local authentication as a backup method in the event that the RADIUS server cannot be contacted.

  • Page 115: Tacacs

    console(config)#aaa authentication dot1x default radius Example #2: Set the NAS-IP Address for the RADIUS Server The NAS-IP address attribute identifies the IP Address of the network authentication server (NAS) that is requesting authentication of the user. The address should be unique to the NAS within the scope of the RADIUS server.

  • Page 116: Tacacs+ Configuration Example

    TACACS+ Configuration Example This example configures two TACACS+ servers at 10.10.10.10 and 11.11.11.11. Each server has a unique shared secret key. The server at 10.10.10.10 has a default priority of 0, the highest priority, while the other server has a priority of 2. The process creates a new authentication list, called tacacsList, which uses TACACS+ to authenticate, and uses local authentication as a backup method.

  • Page 117: Captive Portal

    console(config)#priority 2 console(config)#exit console(config)#aaa authentication login tacacsList tacacs local Captive Portal Overview Captive Portal feature is a software implementation that allows client access only on user verification. Verification can be configured to allow access for guest and authenticated users. Users must be validated against a database of authorized captive portal users locally or through a radius client.

  • Page 118: Captive Portal Configuration, Status And Statistics

    There are three states for clients connecting to the Captive Portal interface: • Unknown State • Unauthenticated State • Authenticated State In the unknown state, the CP doesn't redirect HTTP/S traffic to the switch, but queries the switch to determine whether the client is authenticated or unauthenticated. In the Unauthenticated state, the CP directs the HTTP/S traffic to the switch to allow the client to authenticate with the switch.
  • Page 119 When using Local authentication, the administrator provides user identities for Captive Portal by adding unique user names and passwords to the Local User Database. This configuration is global to the captive portal component and can contain up to 128 user entries (a RADIUS server should be used if more users are required).
  • Page 120 Client Authentication Logout Request The administrator can configure and enable 'user logout'. This feature allows the authenticated client to deauthenticate from the network. In response to the request, the authenticated user is removed from the connection status tables. If the client logout request feature is not enabled, or the user does not specifically request logout, the connection status remains authenticiated until Captive Portal deauthenticates (session timeout, idle time, etc.).

  • Page 121: Captive Portal Status

    Captive Portal Configuration Management In order to provide text-based compatibility, Captive Portal converts the binary image data to text (and vice versa) through special CLI commands that are only issued for script files. Although the data is shown in ASCII, it not for the end user (it is intended to be read by the text-based configuration). The following data types (and conversions) are implemented by the associated CLI commands for Captive Portal: •...

  • Page 122: Captive Portal Statistics

    The size of the table has a limit of 1024 entries. If the list becomes full, new table entries are rejected and a trap is sent for every rejected client. Captive Portal Statistics Client session statistics are available for both guest and authenticated users.Client statistics are used to enforce the idle timeout and other limits configured for the user and captive portal instance.
  • Page 123 Example 5: Show Captive Portal To show the status of Captive Portal, use the following command: console#show captive-portal Administrative Mode....... Enabled Operational Status......Enabled Disable Reason......Administrator Disabled Captive Portal IP Address....1.2.3.4 Example 6: Show Captive Portal Instances To show the status of all Captive Portal instances in the system, use the following command: console#show captive-portal status Additional HTTP Port......
  • Page 124 Max Input Octets (bytes)....... 0 Max Output Octets (bytes)...... 0 Max Total Octets (bytes)....... 0 To create a local user, use the following command: console(Config-CP)#user 1 name user1 console(config-CP)#user 1 password Enter password (8 to 64 characters): ******** Re-enter password: ******** console(Config-CP)#user 1 session-timeout 14400 To verify the creation of a local user, use the following command: console#show captive-portal user...
  • Page 125 CP ID.......... 1 CP Name........Default Client Client MAC Address IP Address Interface Interface Description ----------------- --------------- --------- -------------------------- 00:12:79:BF:94:7A 192.168.1.10 1/g18 Slot: 1 Port: 18 Gigabit - Level This command shows a statistics for the above client #show captive-portal client 00:12:79:BF:94:7A statistics Client MAC Address......
  • Page 126 Device Security...

  • Page 127: Ipv6

    IPv6 This section includes the following subsections: • "Overview" on page 127 • "Interface Configuration" on page 127 • "DHCPv6" on page 130 Overview There are many conceptual similarities between IPv4 and IPv6 network operation. Addresses still have a network prefix portion (subnet) and a device interface specific portion (host). While the length of the network portion is still variable, most users have standardized on using a network prefix length of 64 bits.

  • Page 128: Cli Example

    While optional in IPv4, router advertisement is mandatory in IPv6. Router advertisements specify the network prefix(es) on a link which can be used by receiving hosts, in conjunction with an EUI64 identifier, to auto configure a host’s address. Routers have their network prefixes configured and may use EUI64 or manually configured interface IDs.
  • Page 129 ipv6 router ospf router-id 1.1.1.1 exit interface vlan 15 routing ip address 20.20.20.1 255.255.255.0 ip ospf area 0.0.0.0 exit interface vlan 2 routing ipv6 enable ipv6 address 2020:1::1/64 ipv6 ospf ipv6 ospf network point-to-point exit interface tunnel 0 ipv6 address 2001::1/64 tunnel mode ipv6ip tunnel source 20.20.20.1 tunnel destination 10.10.10.1...

  • Page 130: Dhcpv6

    ip address 10.10.10.1 255.255.255.0 ip ospf area 0.0.0.0 exit interface vlan 2 routing ipv6 enable ipv6 address 2020:2::2/64 ipv6 ospf ipv6 ospf network point-to-point exit interface tunnel 0 ipv6 address 2001::2/64 tunnel mode ipv6ip tunnel source 10.10.10.1 tunnel destination 20.20.20.1 ipv6 ospf ipv6 ospf network point-to-point exit...

  • Page 131: Cli Examples

    causes DHCPv6 clients to send the DHCPv6 “Information Request” message in response. A DHCPv6 server then responds by providing only networking definitions such as DNS domain name and server definitions, NTP server definitions, and/or SIP definitions. RFC 3315 also describes DHCPv6 Relay Agent interactions, which are very much like DHCPv4 Relay Agents.

  • Page 132: Dhcpv6 Pool Configuration

    DHCPv6 pool configuration: console# config ipv6 dhcp pool testpool domain-name dell.com dns-server 2001::1 exit exit Per-interface DHCPv6 configuration: console#config interface vlan 15 ipv6 dhcp server testpool preference 10 exit exit IPv6...

  • Page 133: Quality Of Service

    Quality of Service This section includes the following subsections: • "Class of Service Queuing" on page 133 • "Differentiated Services" on page 137 Class of Service Queuing The Class of Service (CoS) feature lets you give preferential treatment to certain types of traffic over others.

  • Page 134: Egress Port Configuration-Traffic Shaping

    CoS Mapping Table for Trusted Ports Mapping is from the designated field values on trusted ports’ incoming packets to a traffic class priority (actually a CoS traffic queue). The trusted port field-to-traffic class configuration entries form the Mapping Table the switch uses to direct ingress packets from trusted ports to egress queues. Egress Port Configuration—Traffic Shaping For unit/slot/port interfaces, you can specify the shaping rate for the port (in Kbps), which is an upper limit of the transmission bandwidth used.
  • Page 135 Figure 7-1. CoS Mapping and Queue Configuration Ingress Port 1/g10 packet A Port 1/0/10 UserPri=3 mode='trust dot1p' 802.1p->COS Q Map packet B UserPri=7 packet C (untagged) packet D UserPri=6 port default priority->traffic class Egress Forward via Port 1/0/8 switch fabric to Port 1x/g8 egress Port 1/0/8 strict...
  • Page 136 Figure 7-2. CoS1/g Configuration Example System Diagram Port 1/g10 Port 1/g8 Port 1/0/10 Port 1/0/8 Server You will configure the ingress interface uniquely for all cos-queue and VLAN parameters. console#config interface ethernet 1/g10 classofservice trust dot1p classofservice dot1p-mapping 6 3 vlan priority 2 exit interface ethernet 1/g8...

  • Page 137: Differentiated Services

    Differentiated Services Differentiated Services (DiffServ) is one technique for implementing Quality of Service (QoS) policies. Using DiffServ in your network allows you to directly configure the relevant parameters on the switches and routers rather than using a resource reservation protocol.This section explains how to configure the switch to identify which traffic class a packet belongs to, and how it should be handled to provide the desired quality of service.

  • Page 138: Cli Example

    Service – Assigns a policy to an interface for inbound traffic. • CLI Example This example shows how a network administrator can provide equal access to the Internet (or other external network) to different departments within a company. Each of four departments has its own Class B subnet that is allocated 25% of the available bandwidth on the port accessing the Internet.
  • Page 139 exit class-map match-all marketing_dept match srcip 172.16.20.0 255.255.255.0 exit class-map match-all test_dept match srcip 172.16.30.0 255.255.255.0 exit class-map match-all development_dept match srcip 172.16.40.0 255.255.255.0 exit Create a DiffServ policy for inbound traffic named internet_access, adding the previously created department classes as instances within this policy. This policy uses the assign-queue attribute to put each department's traffic on a different egress queue.

  • Page 140: Diffserv For Voip Configuration Example

    exit Set the CoS queue configuration for the (presumed) egress interface 1/g5 such that each of queues 1, 2, 3 and 4 get a minimum guaranteed bandwidth of 25%. All queues for this interface use weighted round robin scheduling by default. The DiffServ inbound policy designates that these queues are to be used for the departmental traffic through the assign-queue attribute.
  • Page 141 Figure 7-4. DiffServ VoIP Example Network Diagram Quality of Service...
  • Page 142 Example #2: Configuring DiffServ VoIP Support Enter Global Config mode. Set queue 6 on all ports to use strict priority mode. This queue shall be used for all VoIP packets. Activate DiffServ for the switch. console#config cos-queue strict 6 diffserv Create a DiffServ classifier named class_voip and define a single match criterion to detect UDP packets.

  • Page 143: Multicast

    Multicast Overview IP Multicasting enables a network host (or multiple hosts) to send an IP datagram to multiple destinations simultaneously. The initiating host sends each multicast datagram only once to a destination multicast group address, and multicast routers forward the datagram only to hosts who are members of the multicast group.

  • Page 144: Igmp Configuration

    IGMP Configuration The Internet Group Management Protocol (IGMP) is used by IPv4 hosts to send requests to join (or leave) multicast groups so that they receive (or discontinue receiving) packets sent to those groups. In IPv4 multicast networks, multicast routers are configured with IGMP so that they can receive join and leave request from directly-connected hosts.

  • Page 145: Cli Examples

    CLI Examples The CLI component of the Dell switch allows the end users to configure the network device and to view device settings and statistics using a serial interface or telnet session.

  • Page 146: Dvmrp

    • Use the following command to display interface parameters when IGMP Proxy is enabled: console#show ip igmp-proxy interface • Use this command to display information about multicast groups that IGMP proxy reported. It displays a table of entries with the following as the fields of each column. console#show ip igmp-proxy groups •...

  • Page 147: Cli Example

    CLI Example The following example configures two DVMRP interfaces. First, this example configures an OSPF router and globally enables IP routing and IP multicast. IGMP is globally enabled so that this router can manage group membership information for its directly-connected hosts (IGMP may not be required when there are no directly connected hosts).

  • Page 148: Pim

    Protocol Independent Multicast (PIM) is a standard multicast routing protocol that provides scalable inter-domain multicast routing across the Internet, independent of the mechanisms provided by any particular unicast routing protocol. PIM has two types: • PIM-Dense Mode (PIM-DM) • PIM-Sparse Mode (PIM-SM) PIM-SM PIM-SM is used to efficiently route multicast traffic to multicast groups that may span wide area networks where bandwidth is a constraint.

  • Page 149: Pim-Dm

    Example: PIM-SM The following example configures PIM-SM for IPv4 on a router. First, configure an OSPF router and globally enable IP routing, multicast, IGMP , and PIM-SM. Next, configure a PIM-SM rendezvous point with an IP address and group range. The IP address will serve as an RP for the range of potential multicast groups specified in the group range.
  • Page 150 To minimize the repeated flooding of datagrams and subsequent pruning associated with a particular source-group (S,G) pair, PIM-DM uses a State Refresh message. This message is sent by the router(s) directly connected to the source and is propagated throughout the network. When received by a router on its RPF interface, the State Refresh message causes an existing prune state to be refreshed.

  • Page 151: Utility

    Utility This section describes the Auto Config commands. Auto Config Overview Auto Config is a software feature that automatically configures a switch when the device is initialized and no configuration file is found on the switch. Auto Config is accomplished in three phases: 1 Assignment (configuration) of an IP address for the device 2 Assignment of a TFTP server...
  • Page 152 After an IP address is assigned to the switch, if a hostname is not already assigned, Auto Config issues a DNS request for the corresponding hostname. This hostname is also displayed as the CLI prompt (as in response to the hostname command). Assignment of TFTP Server The following information is also processed, and may be returned by a BOOTP or DHCP server: •...
  • Page 153 The default network configuration file should have IP address to hostname mappings using the command ip host <hostname> <address>. If the default network configuration file does not contain the switch's IP address, the switch uses DNS to attempt to resolve its hostname. A sample fp-net.cfg file follows: config ip host switch_to_setup 192.168.1.10...
  • Page 154 Table 9-2. TFTP Request Types TFTP Server Address Available Host-specific Router Config TFTP Request Method Filename Available Issue a unicast request for the host-specific router config file to the TFTP server Issue a unicast request for a default network or router config file to the TFTP server Issue a broadcast request for the host-specific router config file to any available TFTP server...
  • Page 155 A file is not automatically deleted after it is downloaded. The file does not take effect upon a reboot unless an administrator opts to save config (the saved configuration takes effect upon reboot). If the user does not opt to save config, the Auto Config process occurs again on a subsequent reboot. This may result in one of the previously downloaded files being overwritten.
  • Page 156 Other Functions CLI Scripting CLI scripting can apply config files. It can be used to manage (view, validate, delete) downloaded config files, query Auto Config status, and to stop or restart the feature. Logging A message is logged for each of the following events: •...

  • Page 157: Cli Examples

    Stacking The downloaded configuration file is not distributed across a stack. When an administrator saves configuration, the config file is distributed across a stack. CLI Examples Example 1: Show Auto Config Process To display the current status of the Auto Config process, use the following command: console#show boot Config Download via DHCP: enabled...
  • Page 158 Example 2: Enable Auto Config To start or stop Auto Config on the switch, use the following commands: console#boot host dhcp console#no boot host dhcp Utility...

This manual is also suitable for:

Poweredge m520Poweredge m820Powerconnect m6220Powerconnect m8024

Table of Contents