Page 1 Dell Configuration Guide for the S3048–ON System 9.11(2.5)
Page 2 A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.
Page 3: Table Of Contents
Contents 1 About this Guide............................33 Audience....................................33 Conventions..................................33 Related Documents................................. 33 2 Configuration Fundamentals........................34 Accessing the Command Line............................34 CLI Modes..................................34 Navigating CLI Modes............................... 36 The do Command................................39 Undoing Commands................................ 39 Obtaining Help..................................40 Entering and Editing Commands........................... 40 Command History................................41 Filtering show Command Outputs..........................41 Example of the grep Keyword...........................
Page 4 Upgrading Dell Networking OS............................57 Verify Software Images Before Installation........................57 Using HTTP for File Transfers............................58 4 Management............................... 60 Configuring Privilege Levels............................60 Creating a Custom Privilege Level..........................61 Removing a Command from EXEC Mode....................... 61 Moving a Command from EXEC Privilege Mode to EXEC Mode................ 61 Allowing Access to CONFIGURATION Mode Commands..................61...
Page 5 Allocating FP Blocks for VLAN Processes........................105 7 Access Control Lists (ACLs)........................107 IP Access Control Lists (ACLs).............................108 CAM Usage................................109 Implementing ACLs on Dell Networking OS......................109 Important Points to Remember............................111 Configuration Task List for Route Maps........................111 Configuring Match Routes............................113 Configuring Set Conditions............................
Page 6 Configure a Route Map for Route Redistribution....................115 Configure a Route Map for Route Tagging......................116 Continue Clause................................ 116 IP Fragment Handling..............................117 IP Fragments ACL Examples............................117 Layer 4 ACL Rules Examples............................117 Configure a Standard IP ACL............................118 Configuring a Standard IP ACL Filter........................119 Configure an Extended IP ACL.............................
Page 7 Multi-Exit Discriminators (MEDs)........................... 174 Origin..................................175 AS Path..................................176 Next Hop................................... 176 Multiprotocol BGP................................176 Implement BGP with Dell Networking OS........................177 Additional Path (Add-Path) Support........................177 Advertise IGP Cost as MED for Redistributed Routes..................177 Ignore Router-ID in Best-Path Calculation......................178 Four-Byte AS Numbers............................178 AS4 Number Representation..........................
Page 8 Changing MED Attributes............................203 Changing the LOCAL_PREFERENCE Attribute....................203 Configuring the local System or a Different System to be the Next Hop for BGP-Learned Routes.... 204 Changing the WEIGHT Attribute...........................205 Enabling Multipath..............................205 Filtering BGP Routes...............................205 Filtering BGP Routes Using Route Maps......................207 Filtering BGP Routes Using AS-PATH Information....................207 Configuring BGP Route Reflectors........................208 Aggregating Routes..............................209...
Page 9 Configure the System to be a DHCP Server......................245 Configuring the Server for Automatic Address Allocation..................246 Specifying a Default Gateway..........................247 Configure a Method of Hostname Resolution......................247 Using DNS for Address Resolution........................247 Using NetBIOS WINS for Address Resolution......................248 Creating Manual Binding Entries..........................248 Debugging the DHCP Server..........................
Page 10 15 Force10 Resilient Ring Protocol (FRRP)....................271 Protocol Overview................................271 Ring Status................................272 Multiple FRRP Rings..............................272 Important FRRP Points............................273 Important FRRP Concepts............................274 Implementing FRRP...............................275 FRRP Configuration...............................275 Creating the FRRP Group............................275 Configuring the Control VLAN..........................276 Configuring and Adding the Member VLANs....................... 277 Setting the FRRP Timers............................
Page 11 Software Component Health Monitoring......................291 System Health Monitoring............................291 Failure and Event Logging............................292 Hot-Lock Behavior.................................292 18 Internet Group Management Protocol (IGMP)..................293 IGMP Implementation Information..........................293 IGMP Protocol Overview..............................293 IGMP Version 2................................ 293 IGMP Version 3................................ 295 Configure IGMP................................298 Related Configuration Tasks...........................298 Viewing IGMP Enabled Interfaces..........................
Page 12 Enabling a Physical Interface............................319 Enabling Energy Efficient Ethernet..........................320 View EEE Information..............................320 Clear EEE Counters...............................325 Physical Interfaces.................................325 Configuration Task List for Physical Interfaces....................325 Overview of Layer Modes............................326 Configuring Layer 2 (Data Link) Mode........................326 Configuring Layer 2 (Interface) Mode........................327 Configuring Layer 3 (Network) Mode........................
Page 13 Important Points to Remember..........................346 Enabling Link Dampening............................346 Link Bundle Monitoring..............................347 Using Ethernet Pause Frames for Flow Control......................348 Enabling Pause Frames............................349 Configure the MTU Size on an Interface........................349 Port-Pipes..................................350 Auto-Negotiation on Ethernet Interfaces........................350 Setting the Speed of Ethernet Interfaces......................350 Set Auto-Negotiation Options..........................352 View Advanced Interface Information.........................352 Configuring the Interface Sampling Size......................
Page 14 Stateless Autoconfiguration............................377 IPv6 Headers................................377 IPv6 Header Fields..............................378 Extension Header Fields............................380 Addressing................................. 381 Implementing IPv6 with Dell Networking OS......................382 ICMPv6................................... 383 Path MTU Discovery..............................384 IPv6 Neighbor Discovery.............................. 384 IPv6 Neighbor Discovery of MTU Packets......................385 Configuration Task List for IPv6 RDNSS........................385 Configuring the IPv6 Recursive DNS Server.......................
Page 15 23 Intermediate System to Intermediate System...................397 IS-IS Protocol Overview..............................397 IS-IS Addressing................................397 Multi-Topology IS-IS..............................398 Transition Mode............................... 398 Interface Support..............................399 Adjacencies................................399 Graceful Restart................................399 Timers..................................399 Implementation Information............................399 Configuration Information.............................400 Configuration Tasks for IS-IS..........................401 Configuring the Distance of a Route........................408 Changing the IS-Type..............................
Page 16 Setting the Aging Time for Dynamic Entries......................435 Configuring a Static MAC Address........................436 Displaying the MAC Address Table........................436 MAC Learning Limit............................... 436 Setting the MAC Learning Limit..........................437 mac learning-limit Dynamic.............................437 mac learning-limit mac-address-sticky........................437 mac learning-limit station-move..........................438 mac learning-limit no-station-move........................438 Learning Limit Violation Actions..........................
Page 17 Debugging LLDP................................465 Relevant Management Objects........................... 466 27 Microsoft Network Load Balancing......................471 NLB Unicast Mode Scenario............................471 NLB Multicast Mode Scenario............................471 Limitations of the NLB Feature............................ 472 Microsoft Clustering..............................472 Enable and Disable VLAN Flooding ..........................472 Configuring a Switch for NLB ............................. 472 Enabling a Switch for Multicast NLB........................473 28 Multicast Source Discovery Protocol (MSDP)..................
Page 18 Enable Multiple Spanning Tree Globally........................499 Adding and Removing Interfaces..........................499 Creating Multiple Spanning Tree Instances........................ 500 Influencing MSTP Root Selection..........................501 Interoperate with Non-Dell Bridges..........................501 Changing the Region Name or Revision........................502 Modifying Global Parameters............................502 Modifying the Interface Parameters........................... 503 Configuring an EdgePort..............................
Page 19 Link-State Advertisements (LSAs)........................543 Router Priority and Cost............................544 OSPF with Dell Networking OS...........................545 Graceful Restart..............................546 Fast Convergence (OSPFv2, IPv4 Only)......................547 Multi-Process OSPFv2 with VRF.......................... 547 OSPF ACK Packing..............................547 Setting OSPF Adjacency with Cisco Routers...................... 547 Configuration Information.............................548 Configuration Task List for OSPFv2 (OSPF for IPv4)..................
Page 20 Displaying Remote-Port Mirroring Configurations....................607 Configuring the Sample Remote Port Mirroring....................607 Encapsulated Remote Port Monitoring........................610 ERPM Behavior on a typical Dell Networking OS ..................... 612 Decapsulation of ERPM packets at the Destination IP/ Analyzer..............612 Port Monitoring on VLT..............................613 VLT Non-fail over Scenario.............................
Page 21 38 Per-VLAN Spanning Tree Plus (PVST+)....................625 Protocol Overview.................................625 Implementation Information............................626 Configure Per-VLAN Spanning Tree Plus........................626 Related Configuration Tasks...........................626 Enabling PVST+................................626 Disabling PVST+................................627 Influencing PVST+ Root Selection..........................627 Modifying Global PVST+ Parameters..........................629 Modifying Interface PVST+ Parameters........................630 Configuring an EdgePort............................... 631 PVST+ in Multi-Vendor Networks..........................
Page 22 Sample configuration to mark non-ecn packets as “yellow” with single traffic class........662 Applying Layer 2 Match Criteria on a Layer 3 Interface....................663 Applying DSCP and VLAN Match Criteria on a Service Queue................664 Classifying Incoming Packets Using ECN and Color-Marking................. 665 Guidelines for Configuring ECN for Classifying and Color-Marking Packets............666 Sample configuration to mark non-ecn packets as “yellow”...
Page 23 Configuration Task List for AAA Accounting......................696 AAA Authentication...............................698 Configuration Task List for AAA Authentication....................699 Obscuring Passwords and Keys........................... 702 AAA Authorization................................. 702 Privilege Levels Overview............................702 Configuration Task List for Privilege Levels......................703 RADIUS....................................707 RADIUS Authentication............................707 Configuration Task List for RADIUS........................708 TACACS+..................................712 Configuration Task List for TACACS+........................
Page 24 Creating Access and Trunk Ports..........................741 Enable VLAN-Stacking for a VLAN........................742 Configuring the Protocol Type Value for the Outer VLAN Tag................742 Configuring Dell Networking OS Options for Trunk Ports.................. 742 Debugging VLAN Stacking............................. 743 VLAN Stacking in Multi-Vendor Networks......................744 VLAN Stacking Packet Drop Precedence........................748...
Page 25 Set up SNMP..................................767 Creating a Community.............................767 Setting Up User-Based Security (SNMPv3)......................767 Reading Managed Object Values..........................769 Writing Managed Object Values...........................769 Configuring Contact and Location Information using SNMP................... 770 Subscribing to Managed Object Value Updates using SNMP..................770 Enabling a Subset of SNMP Traps..........................771 Enabling an SNMP Agent to Notify Syslog Server Failure..................773 Copy Configuration Files Using SNMP........................774 Copying a Configuration File...........................775...
Page 26 Monitor Port-Channels..............................796 Enabling an SNMP Agent to Notify Syslog Server Failure..................797 Troubleshooting SNMP Operation..........................798 Transceiver Monitoring..............................798 48 Stacking..............................800 Stacking Overview................................ 800 Stack Management Roles............................800 Stack Master Election..............................801 Virtual IP..................................801 Failover Roles................................801 MAC Addressing on Stacks............................ 802 Stacking LAG................................
Page 27 Configuring a Source IP Address for NTP Packets.....................850 Configuring NTP Authentication........................... 850 Configuring a Custom-defined Period for NTP time Synchronization..............853 Dell Networking OS Time and Date..........................853 Configuration Task List ............................853 Setting the Time and Date for the Switch Software Clock................853 Setting the Timezone..............................854...
Page 28 Configuring a Tunnel..............................857 Configuring Tunnel Keepalive Settings........................858 Configuring a Tunnel Interface............................. 858 Configuring Tunnel Allow-Remote Decapsulation......................859 Configuring the Tunnel Source Anylocal........................859 54 Uplink Failure Detection (UFD).........................861 Feature Description................................ 861 How Uplink Failure Detection Works........................... 862 UFD and NIC Teaming..............................863 Important Points to Remember...........................
Page 29 Sample RSTP Configuration........................... 897 Configuring VLT............................... 898 PVST+ Configuration..............................908 Sample PVST+ Configuration..........................908 Peer Routing Configuration Example.......................... 909 Dell-1 Switch Configuration............................. 910 Dell-2 Switch Configuration............................ 914 R1 Configuration............................... 917 Access Switch A1 Configurations and Verification....................918 eVLT Configuration Example............................919 eVLT Configuration Step Examples........................919 PIM-Sparse Mode Configuration Example........................921...
Page 30 VLT Proxy Gateway Sample Topology........................950 VLT Domain Configuration............................951 Dell-1 VLT Configuration............................951 Dell-2 VLT Configuration............................952 Dell-3 VLT Configuration............................953 Dell-4 VLT Configuration............................954 59 Virtual Routing and Forwarding (VRF).....................955 VRF Overview................................955 VRF Configuration Notes............................. 956 DHCP..................................958 VRF Configuration................................. 958 Loading VRF CAM..............................
Page 31 Introduction to X.509v3 certification.........................1028 X.509v3 certificates...............................1028 Certificate authority (CA)............................1028 Certificate signing requests (CSR)........................1028 How certificates are requested..........................1028 Advantages of X.509v3 certificates........................1029 X.509v3 support in Dell Networking OS........................1029 Information about installing CA certificates....................... 1031 Installing CA certificate............................1031 Contents...
Page 32 Information about Creating Certificate Signing Requests (CSR)................1031 Creating Certificate Signing Requests (CSR).....................1032 Information about installing trusted certificates.......................1033 Installing trusted certificates..........................1033 Transport layer security (TLS)............................ 1033 Syslog over TLS..............................1034 Online Certificate Status Protocol (OSCP).......................1034 Configuring OCSP setting on CA......................... 1034 Configuring OCSP behavior..........................1035 Configuring Revocation Behavior.........................1035 Configuring OSCP responder preference......................
Page 33: About This Guide
This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. For complete information about all the CLI commands, see the Dell Command Line Reference Guide for your system.
Page 34: Configuration Fundamentals
In the Dell Networking OS, after you enter a command, the command is added to the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration, copy the running configuration to another location.
Page 35 Security chapter. The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information.
Page 36: Navigating Cli Modes
Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level.
Page 37 {ipv4 multicast | ipv6 unicast} (ROUTER BGP IPv4) Mode) Dell(conf-routerZ_bgpv6_af)# (for IPv6) ROUTER ISIS Dell(conf-router_isis)# router isis ISIS ADDRESS-FAMILY Dell(conf-router_isis-af_ipv6)# address-family ipv6 unicast (ROUTER ISIS Mode) ROUTER OSPF Dell(conf-router_ospf)# router ospf ROUTER OSPFV3 Dell(conf-ipv6router_ospf)# ipv6 router ospf Configuration Fundamentals...
Page 38 ECMP Dell(conf-ecmp-group-ecmp- ecmp-group group-id)# Dell(conf-mgmt-eis)# management egress-interface- selection FRRP Dell(conf-frrp-ring-id)# protocol frrp LLDP Dell(conf-lldp)# or Dell(conf-if protocol lldp (CONFIGURATION or —interface-lldp)# INTERFACE Modes) LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE Dell(config-line-console) or line console orline vty Dell(config-line-vty) MONITOR SESSION...
Page 39: The Do Command
You can enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, and so on.) without having to return to EXEC mode by preceding the EXEC mode command with the do command. The following example shows the output of the do command. Dell(conf)#do show system brief Stack MAC : 34:17:eb:f2:c2:c4...
Page 40: Obtaining Help
Enter ? after a partial keyword lists all of the keywords that begin with the specified letters. Dell(conf)#cl? class-map clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands.
Page 41: Command History
Dell(conf)#do show system brief | grep 0 not present NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks. Configuration Fundamentals...
Page 42: Multiple Users In Configuration Mode
Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode. A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the connection was established.
Page 43 % Warning: User "<username>" on line vty0 "10.11.130.2" is in configuration mode If either of these messages appears, Dell Networking recommends coordinating with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes.
Page 44: Getting Started
This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
Page 45: Console Access
Console Access The device has one RJ-45/RS-232 console port, an out-of-band (OOB) Ethernet port, and a micro USB-B console port. Serial Console The RJ-45/RS-232 console port is labeled on the upper right-hand side, as you face the I/O side of the chassis. Figure 1.
Page 46: Accessing The Cli Interface And Running Scripts Using Ssh
Table 2. Pin Assignments Between the Console and a DTE Terminal Server Console Port RJ-45 to RJ-45 Rollover RJ-45 to RJ-45 Rollover RJ-45 to DB-9 Adapter Terminal Server Device Cable Cable Signal RJ-45 Pinout RJ-45 Pinout DB-9 Pin Signal Accessing the CLI Interface and Running Scripts Using SSH In addition to the capability to access a device using a console connection or a Telnet session, you can also use SSH for secure, protected communication with the device.
Page 47: Default Configuration
Default Configuration Although a version of Dell Networking OS is pre-loaded onto the system, the system is not configured when you power up the system first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
Page 48: Configure A Management Route
DES encryption method. • enable secret is stored in the running/startup configuration using MD5 encryption method. • enable sha256-password is stored in the running/startup configuration using sha256-based encryption method (PBKDF2). Dell Networking recommends using the enable sha256-password password. Getting Started...
Page 49: Configuration File Management
To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location. • To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination syntax for a local file location. Table 3. Forming a copy Command...
Page 50: Mounting An Nfs File System
27952672 bytes successfully copied Example of Importing a File to the Local System core1#$//copy ftp://myusername:mypassword@10.10.10.10//Dell/ Dell-EF-8.2.1.0.bin flash:// Destination file name [Dell-EF-8.2.1.0.bin.bin]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands.
Page 51: Save The Running-Configuration
225 bytes successfully copied Dell# Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration. The commands in this section follow the same format as those commands in the Copy Files to and from the System section but use the filenames startup-configuration and running-configuration.
Page 52: Configure The Overload Bit For A Startup Scenario
For information about setting the router overload bit for a specific period of time after a switch reload is implemented, see the Intermediate System to Intermediate System (IS-IS) section in the Dell Command Line Reference Guide for your system. Viewing Files You can only view file information and content on local file systems.
Page 53: Compressing Configuration Files
1/10 int te 1/34 no ip address no ip address no ip address no ip address no ip address ip address 2.1.1.1/16 switchport shut shut shut shut shut shut Dell# show running-config Dell# show running-config compressed Getting Started...
Page 54 <snip> <snip> interface TenGigabitEthernet 1/1 interface TenGigabitEthernet 1/1 no ip address no ip address switchport switchport shutdown shutdown interface TenGigabitEthernet 1/2 Interface group TenGigabitEthernet 1/2 – 4 , TenGigabitEthernet 1/10 no ip address no ip address shutdown shutdown interface TenGigabitEthernet 1/3 interface TenGigabitEthernet 1/34 no ip address ip address 2.1.1.1/16...
Page 55 Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). Getting Started...
Page 56: Managing The File System
Managing the File System The Dell Networking system can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default but can be configured to store files elsewhere. To view file system information, use the following command.
Page 57: View Command History
To validate a software image: Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file displays next to the software image file on the iSupport page.
Page 58: Using Http For File Transfers
To copy a file on the USB device, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that HTTP server to use a specific routing table. You can use the ip http vrf command to inform the HTTP server to use a specific routing table.
Page 59 To enable an HTTP client to look up the VRF table corresponding to either management VRF or any nondefault VRF, use the ip http vrf command in CONFIGURATION mode. • Configure an HTTP client with a VRF that is used to connect to the HTTP server. CONFIGURATION MODE Dell(conf)#ip http vrf {management | <vrf-name>} Getting Started...
Page 60: Management
Management This chapter describes the different protocols or services used to manage the Dell Networking system. Topics: • Configuring Privilege Levels • Configuring Logging • Track Login Activity • Limit Concurrent Login Sessions • Enabling Secured CLI Mode • Log Messages in the Internal Buffer •...
Page 61: Creating A Custom Privilege Level
Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set. You can then customize privilege levels 2-14 by: • restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode •...
Page 62 CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level {command ||...|| command} Example of EXEC Privilege Commands Dell(conf)#do show run priv privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence...
Page 63: Applying A Privilege Level To A Username
When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: Management...
Page 64: Audit And Security Logs
• the internal buffer • console and terminal lines • any configured syslog servers To disable logging, use the following commands. • Disable all logging except on the console. CONFIGURATION mode no logging on • Disable logging to the logging buffer. CONFIGURATION mode no logging buffer •...
Page 65 May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security...
Page 66: Configuring Logging Format
• 1 – Displays syslog message format as described in RFC 5424, The SYSLOG Protocol Example of Configuring the Logging Message Format Dell(conf)#logging version ? <0-1> Select syslog version (default = 0) Dell(conf)#logging version 1 Display the Logging Buffer and the Logging Configuration To display the current contents of the logging buffer and the logging settings for the system, use the show logging command in EXEC privilege mode.
Page 67: Setting Up A Secure Connection To A Syslog Server
On the switch, enable the SSH server Dell(conf)#ip ssh server enable On the syslog server, create a reverse SSH tunnel from the syslog server to the Dell OS switch, using following syntax: ssh -R <remote port>:<syslog server>:<syslog server listen port> user@remote_host -nNf In the following example the syslog server IP address is 10.156.166.48 and the listening port is 5141.
Page 68: Sending System Messages To A Syslog Server
Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events. When you log in using the console or VTY line, the system displays the last successful login details of the current user and the number of unsuccessful login attempts since your last successful login to the system, and whether the current user’s permissions have changed since...
Page 69: Display Login Statistics
The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics command.
Page 70: Limit Concurrent Login Sessions
Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, auxiliary, and console lines. You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions.
Page 71: Configuring Concurrent Session Limit
Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this procedure: •...
Page 72: Enabling Secured Cli Mode
vty 1 10.14.1.97 vty 2 10.14.1.97 vty 3 10.14.1.97 Kill existing session? [line number/Enter to cancel]: Enabling Secured CLI Mode The secured CLI mode prevents the users from enhancing the permissions or promoting the privilege levels. • Enter the following command to enable the secured CLI mode: CONFIGURATION Mode secure-cli enable After entering the command, save the running-configuration.
Page 73: Sending System Messages To A Syslog Server
Sending System Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over UDP.
Page 74: Display The Logging Buffer And The Logging Configuration
CONFIGURATION mode logging buffered size NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. • Specify the number of messages that Dell Networking OS saves to its logging history table.
Page 75: Configuring A Unix Logging Facility Level
(UNIX to UNIX copy protocol) Example of the show running-config logging Command To view nondefault settings, use the show running-config logging command in EXEC mode. Dell#show running-config logging logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec...
Page 76: Synchronizing Log Messages
Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
Page 77: File Transfer Services
File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces.
Page 78: Configuring Ftp Client Parameters
The default is the internal flash directory. • Specify a user name for all FTP users and configure either a plain text or encrypted password. CONFIGURATION mode ftp-server username username password [encryption-type] password Configure the following optional and required parameters: •...
Page 79: Denying And Permitting Access To A Terminal Line
Denying and Permitting Access to a Terminal Line Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines. • Layer 3 ACLs deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny traffic.
Page 80: Configuring Login Authentication For Terminal Lines
You can use any combination of up to six authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication method, Dell Networking OS prompts the next method until all methods are exhausted, at which point the connection is terminated.
Page 81: Setting Timeout For Exec Privilege Mode
Setting Timeout for EXEC Privilege Mode EXEC timeout is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set timeout, use the following commands. • Set the number of minutes and seconds. The default is 10 minutes on the console and 30 minutes on VTY. Disable EXEC time out by setting the timeout period to 0.
Page 82: Lock Configuration Mode
Dell# Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message 2). You can set two types of lockst: auto and manual.
Page 83: Lbqa (Lpc Bus Quality Analyzer) Failure Detection Mode
If SupportAssist is enabled - it sends the event message to the global SupportAssist server immediately and there after once in two days, so Dell can assist in pro-actively notifying and assisting customers when this condition is hit. System Status LED changes to an alarm state, blinking amber for S3048–ON, S6100–ON and Z9100–ON, and solid amber for C9000.
Page 84 The following example shows how to reload the system: Dell# reload Proceed with reload [confirm yes/no]: yes The following example shows how to reload the system into Dell diagnostics mode: Dell#reload dell-diag Proceed with reload [confirm yes/no]: yes The following example shows how to reload the system into ONIE mode:...
Page 85 802.1X employs Extensible Authentication Protocol (EAP) to transfer a device’s credentials to an authentication server (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server.
Page 86: 802.1X
The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network. It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator. •...
Page 87: Port-Authentication Process
• Configuring Timeouts • Configuring Dynamic VLAN Assignment with Port Authentication • Guest and Authentication-Fail VLANs Port-Authentication Process The authentication process begins when the authenticator senses that a link status has changed from down to up: When the authenticator senses a link state change, it requests that the supplicant identify itself using an EAP Identity Request frame. The supplicant responds with its identity in an EAP Response Identity frame.
Page 88: Configuring 802.1X
• Configuring an Authentication-Fail VLAN Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
Page 89: Configuring Dot1X Profile
CONFIGURATION mode dot1x profile {profile-name} profile—name — Enter the dot1x profile name. The profile name length is limited to 32 characters. Example of Configuring and Displaying a dot1x Profile Dell(conf)#dot1x profile test Dell(conf-dot1x-profile)# Dell#show dot1x profile 802.1x profile information -----------------------------...
Page 90: Configuring Critical Vlan
Example of Static MAB and MAB Profile for an Interface Dell(conf-if-Te-2/1)#dot1x static-mab profile sample Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 21 switchport dot1x static-mab profile sample no shutdown Dell(conf-if-Te 2/1))#show dot1x interface TenGigabitEthernet 2/1 802.1x information on Te 2/1: ----------------------------- Dot1x Status: Enable Port Control: Auto...
Page 91 Dell#show dot1x interface tengigabitethernet 2/1 802.1x information on Te 2/1: ------------------------------------------------------ Dot1x Status: Enable Port Control: AUTO Port Auth Status: AUTHORIZD(MAC-AUTH-BYPASS) Critical VLAN Enable Critical VLAN id: Re-Authentication: Disable Untagged VLAN id: Guest VLAN: Enable Guest VLAN id:...
Page 92: Enabling 802.1X
Enabling 802.1X Enable 802.1X globally. Figure 7. 802.1X Enabled Enable 802.1X globally. CONFIGURATION mode dot1x authentication Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication Examples of Verifying that 802.1X is Enabled Globally and on an Interface Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from...
Page 93: Configuring Request Identity Re-Transmissions
In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication [output omitted] interface GigabitEthernet 2/1 no ip address dot1x authentication no shutdown Dell# To view 802.1X configuration information for an interface, use the show dot1x interface command.
Page 94: Configuring A Quiet Period After A Failed Authentication
EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-gi-2/1)#dot1x tx-period 90 Dell(conf-if-range-gi-2/1)#dot1x max-eap-req 10 Dell(conf-if-range-gi-2/1)#dot1x quiet-period 120 Dell#show dot1x interface GigabitEthernet 2/1 802.1x information on Gi 2/1: ----------------------------- Dot1x Status: Enable...
Page 95: Forcibly Authorizing Or Unauthorizing A Port
Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Gi-1/1)#dot1x port-control force-authorized Dell(conf-if-Gi-1/1)#show dot1x interface GigabitEthernet 1/1 802.1x information on Gi 1/1: ----------------------------- Dot1x Status:...
Page 96: Configuring Timeouts
Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-gi-1/1)#dot1x reauthentication interval 7200 Dell(conf-if-gi-1/1)#dot1x reauth-max 10 Dell(conf-if-gi-1/1)#do show dot1x interface GigabitEthernet 1/1 802.1x information on Gi 1/1: ----------------------------- Dot1x Status:...
Page 97: Configuring Dynamic Vlan Assignment With Port Authentication
Private-Group-ID The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.
Page 98: Guest And Authentication-Fail Vlans
Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data.
Page 99: Configuring A Guest Vlan
Example of Configuring Maximum Authentication Attempts Dell(conf-if-gi-2/1)#dot1x guest-vlan 200 Dell(conf-if-gi 2/1)#show config interface GigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-gi-2/1)# Dell(conf-if-gi-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-gi-2/1)#show config interface GigabitEthernet 2/1 switchport dot1x authentication 802.1X...
Page 100 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown Dell(conf-if-gi-2/1)# Example of Viewing Configured Authentication View your configuration using the show config command from INTERFACE mode, as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode.
Page 101: Access Control List (Acl) Vlan Groups And Content Addressable Memory (Cam)
Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This section describes the access control list (ACL) virtual local area network (VLAN) group, and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs To minimize the number of entries in CAM, enable and configure the ACL CAM feature.
Page 102: Guidelines For Configuring Acl Vlan Groups
• The ACL VLAN group is deleted and it does not contain VLAN members. • The ACL is applied or removed from a group and the ACL group does not contain a VLAN member. • The description of the ACL group is added or removed. Guidelines for Configuring ACL VLAN Groups Keep the following points in mind when you configure ACL VLAN groups: •...
Page 103: Configuring Fp Blocks For Vlan Parameters
{VLAN-range} Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name. CONFIGURATION (conf-acl-vl-grp) mode show acl-vlan-group {group name | detail} Dell#show acl-vlan-group detail Group Name : TestGroupSeventeenTwenty Egress IP Acl : SpecialAccessOnlyExpertsAllowed...
Page 104: Viewing Cam Usage
EXEC Privilege mode Dell#show cam-usage switch Stackunit|Portpipe| CAM Partition | Total CAM Used CAM |Available CAM ========|========|=================|============|============|============= | IN-L2 ACL 1536 1536 | OUT-L2 ACL Codes: * - cam usage is above 90%. Viewing CAM Usage View the amount of CAM space available, used, and remaining in each partition (including IPv4Flow and Layer 2 ACL sub- partitions) using the show cam-usage command in EXEC Privilege mode.
Page 105: Allocating Fp Blocks For Vlan Processes
| OUT-L2 ACL | OUT-L3 ACL | OUT-V6 ACL Codes: * - cam usage is above 90%. The following output displays CAM space usage for Layer 2 ACLs: Dell#show cam-usage switch Stackunit|Portpipe| CAM Partition | Total CAM Used CAM |Available CAM...
Page 106 To reset the number of FP blocks to the default, use the no version of these commands. By default, zero groups are allocated for the ACL in VCAP. ACL VLAN groups or CAM optimization is not enabled by default. You must also allocate the slices for CAM optimization. To display the number of FP blocks that is allocated for the different VLAN services, use the show cam-acl-vlan command.
Page 107: Access Control Lists (Acls)
Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer An ACL is essentially a filter containing some criteria to match (examine IP, transmission control protocol [TCP], or user datagram protocol [UDP] packets) and an action to take (permit or deny).
Page 108: Ip Access Control Lists (Acls)
When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created. The sequence numbers are listed in the display output of the show config and show ip accounting access-list commands.
Page 109: Cam Usage
The status column indicates whether you can enable the policy. Example of the Command test cam-usage Dell#test cam-usage service-policy input asd stack-unit 1 port-set 0 Stack-unit|Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status -------------------------------------------------------------------------- IPv4Flow|...
Page 110 In cases where class-maps with overlapping ACL rules are applied to different queues, use the order keyword to specify the order in which you want to apply ACL rules. The order can range from 0 to 254. Dell Networking OS writes to the CAM ACL rules with lower-order numbers (order numbers closer to 0) before rules with higher-order numbers so that packets are matched as you intended.
Page 111: Important Points To Remember
Dell(conf-policy-map-in)#service-queue 4 class-map cmap2 Dell(conf-policy-map-in)#exit Dell(conf)#interface gigabitethernet 10/1 Dell(conf-if-gi-10/1)#service-policy input pmap Important Points to Remember • For route-maps with more than one match clause: • Two or more match clauses within the same route-map sequence have the same match commands (though the values are different), matching a packet against these clauses is a logical OR operation.
Page 112 You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. Dell Networking OS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, such as redistribute, traffic passes through all instances of that route map until a match is found.
Page 113: Configuring Match Routes
In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement. If there is a match anywhere, the route is permitted.
Page 114: Configuring Set Conditions
• For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. • Match destination routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip address prefix-list-name • Match destination routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 address prefix-list-name •...
Page 115: Configure A Route Map For Route Redistribution
Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins. The metric value is the most common attribute that is changed to properly redistribute other routes into a routing protocol.
Page 116: Configure A Route Map For Route Tagging
Route maps add to that redistribution capability by allowing you to match specific routes and set or change more attributes when redistributing those routes. In the following example, the redistribute command calls the route map static ospf to redistribute only certain static routes into OSPF.
Page 117: Ip Fragment Handling
For IP ACL, Dell Networking OS always applies implicit deny. You do not have to configure it. • For IP ACL, Dell Networking OS applies implicit permit for second and subsequent fragment just prior to the implicit deny. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments.
Page 118: Configure A Standard Ip Acl
To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
Page 119: Configuring A Standard Ip Acl Filter
Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of five.
Page 120: Configure An Extended Ip Acl
To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. The following examples shows how to view a standard ACL filter sequence for an interface. Dell#show ip accounting access example interface gig 4/12 Extended IP access list example...
Page 121: Configuring Filters Without A Sequence Number
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five.
Page 122: Configure Layer 2 And Layer 3 Acls
If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When Dell Networking OS switches the packets, first the L3 ACL filters them, then the L2 ACL filters them.
Page 123: Assign An Ip Acl To An Interface
To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show running- config command in EXEC mode. Example of Viewing ACLs Applied to an Interface Dell(conf-if)#show conf interface GigabitEthernet 1/1 ip address 10.2.1.100 255.255.255.0...
Page 124: Counting Acl Hits
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface gigabitethernet 1/1 Dell(conf-if-gi1/1)#ip access-group abcd in Dell(conf-if-gi1/1)#show config gigabitethernet 1/1 no ip address...
Page 125: Applying Egress Layer 3 Acls (Control-Plane)
To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface GigabitEthernet 1/1 Dell(conf-if-gi-1/1)#ip access-group abcd out Dell(conf-if-gi-1/1)#show config GigabitEthernet 1/1 no ip address...
Page 126: Ip Prefix Lists
(permit or deny) to process routes. The filters are processed in sequence so that if a route prefix does not match the criterion in the first filter, the second filter (if configured) is applied. When the route prefix matches a filter, Dell Networking OS drops or forwards the packet based on the filter’s designated action.
Page 127 To delete a filter, use the no seq sequence-number command in PREFIX LIST mode.If you are creating a standard prefix list with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The Dell Networking OS assigns filters in multiples of five.
Page 128 (0 to 32). Example of Creating a Filter with Dell Networking OS-Assigned Sequence Numbers The example shows a prefix list in which the sequence numbers were assigned by the software. The filters were assigned sequence numbers based on the order in which they were configured (for example, the first filter was given the lowest sequence number).
Page 129 Dell(conf-router_rip)#show config router rip distribute-list prefix juba out network 10.0.0.0 Dell(conf-router_rip)#router ospf 34 Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode.
Page 130: Acl Resequencing
Example of Viewing Configured Prefix Lists (ROUTER OSPF mode) To view the configuration, use the show config command in ROUTER OSPF mode, or the show running-config ospf command in EXEC mode. Dell(conf-router_ospf)#show config router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1...
Page 131 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1...
Page 132: Route Maps
ACL rule, a set of specific ACL rules translate to a set of FP entries. You can enable logging separately for each of these FP entries, which relate to each of the ACL entries configured in an ACL. Dell Networking OS saves a table that maps each ACL entry that matches the ACL name on the received packet, sequence number of the rule, and the interface index in the database.
Page 133: Guidelines For Configuring Acl Logging
• For IP packets that contain the transport layer protocol as Transmission Control Protocol (TCP) or User Datagram Protocol (UDP), the ACL name, sequence number, ACL action (permit or deny), source and destination MAC addresses, source and destination IP addresses, and the source and destination ports (Layer 4 parameters) are also recorded. If the packet contains an unidentified EtherType or transport layer protocol, the values for these parameters are saved as Unknown in the log message.
Page 134: Flow-Based Monitoring
If you apply the monitor ACL to an interface, the Dell Networking OS mirrors the ingress traffic with an implicit deny applied at the end of the ACL. If you apply the ACL to the monitor section context, the Dell Networking OS mirrors the ingress and known unicast egress traffic with an implicit permit applied at the end of the ACL.
Page 135 The show monitor session session-id command displays the Type field in the output, which indicates whether a particular session is enabled for flow-monitoring. Example Output of the show Command Dell# show monitor session 1 SessID Source Destination...
Page 136: Enabling Flow-Based Monitoring
Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define access-list rules that include the keyword monitor. Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor. CONFIGURATION mode ip access-list...
Page 137 Gi 1/1 Gi 1/2 Flow Access Control Lists (ACLs)
Page 138: Bidirectional Forwarding Detection (Bfd)
BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, BFD agents maintain sessions that reside on the line card, which frees resources on the route processor.
Page 139: Bfd Packet Format
The poll and final bits are used during the handshake and in Demand mode (refer to Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Bidirectional Forwarding Detection (BFD)
Page 140: Bfd Sessions
Authentication Type, An optional method for authenticating control packets. Authentication NOTE: Dell Networking OS does not currently support the BFD authentication function. Length, Authentication Data Two important parameters are calculated using the values contained in the control packet. Transmit Interval Transmit interval is the agreed-upon rate at which a system sends control packets.
Page 141: Bfd Three-Way Handshake
Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up. State...
Page 142 Figure 10. BFD Three-Way Handshake State Changes Bidirectional Forwarding Detection (BFD)
Page 143: Session State Changes
Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4.
Page 144: Configure Bfd For Physical Ports
R1(conf)# Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role (active). Dell Networking recommends maintaining the default values. To view session parameters, use the show bfd neighbors detail command. Bidirectional Forwarding Detection (BFD)
Page 145: Configure Bfd For Static Routes
Example of Viewing Session Parameters R1(conf-if-gi-4/24)#bfd interval 100 min_rx 100 multiplier 4 role passive R1(conf-if-gi-4/24)#do show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 2.2.2.1 Local MAC Addr: 00:01:e8:09:c3:e5 Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:06:95:a2 Int: GigabitEthernet 4/24 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 4...
Page 146 Configuring BFD for static routes is a three-step process: Enable BFD globally. Configure static routes on both routers on the system (either local or remote). Configure an IP route to connect BFD on the static routes using the ip route bfd command. Related Configuration Tasks •...
Page 147 When you establish a BFD session using the ip route bfd command, all the next-hop neighbors in the static route become part of the BFD session. Starting with Dell Networking OS release 9.11.0.0, you can enable BFD sessions on specific next-hop neighbors. You can specify the next-hop neighbors to be part of a BFD session by including them in a prefix-list.
Page 148: Configure Bfd For Ospf
• Change parameters for all static route sessions. CONFIGURATION mode ip route bfd [prefix-list prefix-list-name] interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information Disabling BFD for Static Routes...
Page 149 Establishing Sessions with OSPF Neighbors for the Default VRF BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 13.
Page 150 INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS...
Page 151: Configure Bfd For Ospfv3
To view the established sessions, use the show bfd neighbors command. The following example shows the show bfd vrf neighbors command output for default VRF. Dell#show bfd neighbors - Active session role Ad Dn - Admin Down...
Page 152 102 ip vrf forwarding vrf vrf1 ipv6 ospf bfd all-neighbors The following example shows the show bfd vrf neighbors command output for nondefault VRF: Dell#show bfd vrf vrf1 neighbors - Active session role Ad Dn - Admin Down...
Page 153 Vl 102 * fe80::2a0:c9ff:fe00:2 fe80::3617:98ff:fe34:12 Vl 103 Dell# Changing OSPFv3 Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: desired tx interval, required min rx interval, detection multiplier, and system role. Configure these parameters for all OSPFv3 sessions or all OSPFv3 sessions on a particular interface. If you change a parameter globally, the change affects all OSPFv3 neighbors sessions.
Page 154: Configure Bfd For Is-Is
Configure BFD for IS-IS When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager on the RPM. BFD sessions are then established with all neighboring interfaces participating in IS-IS. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the IS-IS protocol that a link state change occurred.
Page 155 • Establish sessions with all IS-IS neighbors. ROUTER-ISIS mode bfd all-neighbors • Establish sessions with IS-IS neighbors on a single interface. INTERFACE mode isis bfd all-neighbors Example of Verifying Sessions with IS-IS Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows that IS-IS BFD sessions are enabled.
Page 156: Configure Bfd For Bgp
ROUTER-ISIS mode no bfd all-neighbors • Disable BFD sessions with IS-IS neighbors on a single interface. INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence.
Page 157 Figure 15. Establishing Sessions with BGP Neighbors The sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command). • By establishing a BFD session with a specified BGP neighbor (the neighbor {ip-address | peer-group-name} bfd command) BFD packets originating from a router are assigned to the highest priority egress queue to minimize transmission delays.
Page 158 CONFIGURATION mode router bgp as-number Add a BGP neighbor or peer group in a remote AS. CONFIG-ROUTERBGP mode neighbor {ip-address | peer-group name} remote-as as-number Enable the BGP neighbor. CONFIG-ROUTERBGP mode neighbor {ip-address | peer-group-name} no shutdown Configure parameters for a BFD session established with all neighbors discovered by BGP. OR Establish a BFD session with a specified BGP neighbor or peer group using the default BFD session parameters.
Page 159 • Explicitly enabled (the neighbor ip-address bfd command) • Explicitly disabled (the neighbor ip-address bfd disable command) • Inherited (neither explicitly enabled or disabled) according to the current BFD configuration of the peer group. For information about BGP peer groups, refer to Configure Peer Groups.
Page 160 Ad Dn - Admin Down - BGP - CLI - ISIS - OSPF - Static Route (RTM) - MPLS - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 1.1.1.3 1.1.1.2 Gi 6/1 * 2.2.2.3 2.2.2.2 Gi 6/2 * 3.3.3.3 3.3.3.2 Gi 6/3 The following example shows viewing BFD neighbors with full detail.
Page 161 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 4 The following example shows viewing configured BFD counters. R2# show bfd counters bgp Interface GigabitEthernet 6/1 Protocol BGP Messages: Registration De-registration : 4 Init Down Admin Down...
Page 162: Configure Bfd For Vrrp
BGP neighbor is 2.2.2.2, remote AS 1, external link BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 Last read 00:00:30, last write 00:00:30 Hold time is 180, keepalive interval is 60 seconds Received 8 messages, 0 in queue 1 opens, 0 notifications, 0 updates 7 keepalives, 0 route refresh requests Sent 9 messages, 0 in queue...
Page 163 Configuring BFD for VRRP is a three-step process: Enable BFD globally. Refer to Enabling BFD Globally. Establish VRRP BFD sessions with all VRRP-participating neighbors. On the master router, establish a VRRP BFD sessions with the backup routers. Refer to Establishing Sessions with All VRRP Neighbors.
Page 164 Examples of Viewing VRRP Sessions To view the established sessions, use the show bfd neighbors command. The bold line shows that VRRP BFD sessions are enabled. Dell(conf-if-gi-4/25)#vrrp bfd all-neighbors Dell(conf-if-gi-4/25)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI...
Page 165: Configuring Protocol Liveness
vrrp bfd neighbor ip-address interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the example in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors command example in Displaying BFD for BGP Information.
Page 166 Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command. R1(conf-if-gi-4/24)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Gi 4/24 (diag: 0) 00:54:38 : Sent packet for session with neighbor 2.2.2.2 on Gi 4/24 TX packet dump: Version:1, Diag code:0, State:Down, Poll bit:0, Final bit:0, Demand bit:0 myDiscrim:4, yourDiscrim:0, minTx:1000000, minRx:1000000, multiplier:3, minEchoRx:0...
Page 167: Border Gateway Protocol Ipv4 (Bgpv4)
Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). The primary function of the BGP is to exchange network reachability information with other BGP systems.
Page 168 IBGP provides routers inside the AS with the knowledge to reach routers external to the AS. EBGP routers exchange information with other EBGP routers as well as IBGP routers to maintain connectivity and accessibility. Figure 17. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network.
Page 169: Sessions And Peers
Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor.
Page 170: Peer Groups
State Description Idle BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. Connect In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not successful, BGP resets the ConnectRetry timer and transitions to the Active state when the timer expires.
Page 171: Bgp Attributes
Figure 19. BGP Router Rules Router B receives an advertisement from Router A through eBGP. Because the route is learned through eBGP, Router B advertises it to all its iBGP peers: Routers C and D. Router C receives the advertisement but does not advertise it to any peer because its only other peer is Router D, an iBGP peer, and Router D has already learned it through iBGP from Router B.
Page 172 In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Page 173: Weight
In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Page 174: Multi-Exit Discriminators (Meds)
Figure 21. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria.
Page 175: Origin
BGP. In Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold). The lower case letter (i) indicates an origin code of IGP (shown in bold).
Page 176: As Path
Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address...
Page 177: Implement Bgp With Dell Networking Os
BGP. Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones.
Page 178: Ignore Router-Id In Best-Path Calculation
Configure 4-byte AS numbers with the four-octet-support command. AS4 Number Representation Dell Networking OS supports multiple representations of 4-byte AS numbers: asplain, asdot+, and asdot. NOTE: The ASDOT and ASDOT+ representations are supported only with the 4-Byte AS numbers feature. If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported.
Page 179 65526 and the AS number 65546 appears as 1.10. Dynamic AS Number Notation Application Dell Networking OS applies the ASN notation type change dynamically to the running-config statements. When you apply or change an notation, the type selected is reflected immediately in the running-configuration and the show commands (refer to the following two examples).
Page 180: As Number Migration
Dell(conf-router_bgp)#sho conf router bgp 100 neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress.
Page 181: Bgp4 Management Information Base (Mib)
• To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5.
Page 182: Configuration Information
To enable the BGP process and begin exchanging information, assign an AS number and use commands in ROUTER BGP mode to configure a BGP neighbor. By default, BGP is disabled. By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare- med command is not enabled). NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled.
Page 183: Enabling Bgp
Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer.
Page 184 NOTE: Use it only if you support 4-Byte AS numbers or if you support AS4 number representation. If you are supporting 4-Byte ASNs, enable this command. Disable 4-Byte support and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured.
Page 185 Active For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID.
Page 186: Configuring As4 Number Representations
Connections established 0; dropped 0 Last reset never No active TCP connection Dell# The following example shows verifying the BGP configuration using the show running-config bgp command.. Dell#show running-config bgp router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24...
Page 187 • Enable ASPLAIN AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asplain NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot •...
Page 188: Configuring Peer Groups
Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy.
Page 189 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes...
Page 190: Configuring Bgp Fast Fall-Over
To verify that you enabled fast fall-over on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fall- over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors Border Gateway Protocol IPv4 (BGPv4)
Page 191 Local host: 200.200.200.200, Local port: 65519 Foreign host: 100.100.100.100, Foreign port: 179 Dell# To verify that fast fall-over is enabled on a peer-group, use the show ip bgp peer-group command (shown in bold). Dell#sh ip bgp peer-group Peer-group test fall-over enabled BGP version 4...
Page 192: Configuring Passive Peering
If you enable passive peering for the peer group, the software does not send an OPEN message, but it responds to an OPEN message. When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor.
Page 193: Allowing An As Number To Appear In Its Own As Path
• No Prepend: specifies that local AS values are not prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number.
Page 194: Enabling Graceful Restart
Speeds convergence by advertising a special update packet known as an end-of-RIB marker. This marker indicates the peer has been updated with all routes in the local RIB. If you configure your system to do so, Dell Networking OS can perform the following actions during a hot failover: •...
Page 195: Enabling Neighbor Graceful Restart
This option provides support for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 196 If you assign an non-existent or empty AS-PATH ACL, the software allows all routes. Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode. Dell#show ip bgp paths Total 30655 Paths Address...
Page 197: Regular Expressions As Filters
For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in Dell Networking OS. Regular...
Page 198: Redistributing Routes
Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in Dell(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 filter-list 1 in neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#ex...
Page 199: Enabling Additional Paths
One attribute you can manipulate is the COMMUNITY attribute. This attribute is an optional attribute that is defined for a group of destinations. In Dell Networking OS, you can assign a COMMUNITY attribute to BGP routers by using an IP community list. After you create an IP community list, you can apply routing decisions to all routers meeting the criteria in the IP community list.
Page 200: Configuring An Ip Extended Community List
Example of the show ip community-lists Command To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20...
Page 201: Filtering Routes With Community Lists
704:666 deny 705:666 deny 14551:666 Dell# Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group.
Page 202: Manipulating The Community Attribute
In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, Dell Networking OS does not send the COMMUNITY attribute. To send the COMMUNITY attribute to BGP neighbors, use the following command.
Page 203: Changing Med Attributes
--More-- Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands. •...
Page 204: Configuring The Local System Or A Different System To Be The Next Hop For Bgp-Learned Routes
• Change the LOCAL_PREF value. CONFIG-ROUTER-BGP mode bgp default local-preference value • value: the range is from 0 to 4294967295. The default is 100. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running- config bgp command in EXEC Privilege mode.
Page 205: Changing The Weight Attribute
By default, the software allows one path to a destination. You can enable multipath to allow up to 64 parallel paths to a destination. not using multipath and add path simultaneously in a route reflector. NOTE: Dell Networking recommends To allow more than one path, use the following command. The show ip bgp network command includes multipath information for that network.
Page 206 You can create inbound and outbound policies. Each of the commands used for filtering has in and out parameters that you must apply. In Dell Networking OS, the order of preference varies depending on whether the attributes are applied for inbound updates or outbound updates.
Page 207: Filtering Bgp Routes Using Route Maps
• If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes. For example, you could have the following filter as the last filter in your prefix list permit 0.0.0.0/0 le 32).
Page 208: Configuring Bgp Route Reflectors
{ip-address | peer-group-name} route-reflector-client When you enable a route reflector, Dell Networking OS automatically enables route reflection to all clients. To disable route reflection between all clients in this reflector, use the no bgp client-to-client reflection command in CONFIGURATION ROUTER BGP mode.
Page 209: Aggregating Routes
EXEC Privilege mode. Aggregating Routes Dell Networking OS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active.
Page 210: Enabling Route Flap Dampening
(a numeric value) for routes that flap. When that penalty value reaches a configured limit, the route is not advertised, even if the route is up. In Dell Networking OS, that penalty value is 1024. As time passes and the route does not flap, the penalty value decrements or is decayed.
Page 211 By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival. You can change the path selection method to non-deterministic, that is, paths are compared in the order in which they arrived (starting with the most recent).
Page 212: Changing Bgp Timers
25069 780266 20 00:38:50 102759 Dell> To view which routes are dampened (non-active), use the show ip bgp dampened-routes command in EXEC Privilege mode. Changing BGP Timers To configure BGP timers, use either or both of the following commands. Timer values configured with the neighbor timers command override the timer values configured with the timers bgp command.
Page 213: Enabling Or Disabling Bgp Neighbors
The example enables inbound soft reconfiguration for the neighbor 10.108.1.1. All updates received from this neighbor are stored unmodified, regardless of the inbound policy. When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates. Dell>router bgp 100 neighbor 10.108.1.1 remote-as 200 neighbor 10.108.1.1 soft-reconfiguration inbound Enabling or disabling BGP neighbors You can enable or disable all the configured BGP neighbors using the shutdown all command in ROUTER BGP mode.
Page 214: Shutdown All
In ROUTER BGP mode, enter the following command: ROUTER BGP Mode shutdown all You can use the no shutdown all command in the ROUTER BGP mode to re-enable all the BGP interface. You can also enable or disable BGP neighbors corresponding to the IPv4 unicast or multicast groups and the IPv6 unicast groups. To enable or disable BGP neighbors corresponding to the IPv4 unicast groups: Enter the router bgp mode using the following command: CONFIGURATION Mode...
Page 215: Route Map Continue
The routes associated with multicast routing are used by the protocol independent multicast (PIM) to build data distribution trees. Dell Networking OS MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per peer/peer-group. The default is IPv4 Unicast routes.
Page 216: Configure Ipv6 Nh Automatically For Ipv6 Prefix Advertised Over Ipv4 Neighbor
If the peer has not been activated in any AFI/SAFI, the peer remains in Idle state. Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 217: Storing Last And Bad Pdus
Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is the one that causes a notification to be issued.
Page 218: Capturing Pdus
To change the maximum buffer size, use the capture bgp-pdu max-buffer-size command. To view the captured PDUs, use the show capture bgp-pdu neighbor command. Dell#show capture bgp-pdu neighbor 20.20.20.2 Incoming packet capture enabled for BGP neighbor 20.20.20.2 Available buffer size 40958758, 26 packet(s) captured using 680 bytes...
Page 219: Pdu Counters
313511 0 00:12:46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the show ip bgp neighbor command. Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions.
Page 220 Figure 24. Sample Configurations Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int gi 1/21 R1(conf-if-gi-1/21)#ip address 10.0.1.21/24 R1(conf-if-gi-1/21)#no shutdown R1(conf-if-gi-1/21)#show config interface GigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown...
Page 221 R1(conf-router_bgp)#neighbor 192.168.128.2 update-source loop 0 R1(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R1(conf-router_bgp)#neighbor 192.168.128.3 no shut R1(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 R1(conf-router_bgp)#show config router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192 168 128 3 no shutdown Example of Enabling BGP (Router 2)
Page 222 R3(conf-if-gi-3/11)#no shutdown R3(conf-if-gi-3/11)#show config interface GigabitEthernet 3/11 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int gi 3/21 R3(conf-if-gi-3/21)#ip address 10.0.2.3/24 R3(conf-if-gi-3/21)#no shutdown R3(conf-if-gi-3/21)#show config interface GigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown R3(conf-if-gi-3/21)# R3(conf-if-gi-3/21)#router bgp 100 R3(conf-router_bgp)#show config router bgp 100 R3(conf-router_bgp)#network 192.168.128.0/24 R3(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R3(conf-router_bgp)#neighbor 192.168.128.1 no shut R3(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0...
Page 223 CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 2;...
Page 224 2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.1 99 140 136 2 0 (0) 00:11:24 1 192.168.128.3 100 138 140 2 0 (0) 00:18:31 1 Example of Enabling Peer Groups (Router 3) R3#conf...
Page 225 BGP version 4, remote router ID 192.168.128.3 BGP state ESTABLISHED, in this state for 00:18:51 Last read 00:00:45, last write 00:00:44 Hold time is 180, keepalive interval is 60 seconds Received 138 messages, 0 in queue 7 opens, 2 notifications, 7 updates 122 keepalives, 0 route refresh requests Sent 140 messages, 0 in queue Border Gateway Protocol IPv4 (BGPv4)
Page 226: Content Addressable Memory (Cam)
Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies.
Page 227 512 CAM entries. Select 1 to configure 256 entries. Select 2 to configure 1024 entries. Even though you can perform CAM carving to allocate the maximum number of NLB entries, Dell Networking recommends you to use a maximum of 64 NLB ARP entries.
Page 228: Test Cam Usage
The Status column in the command output indicates whether or not you can enable the policy. Example of the test cam-usage Command Dell#test cam-usage service-policy input test-cam-usage stack-unit 2 po 0 Stack-Unit| Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status ------------------------------------------------------------------------------------...
Page 229 If you change the cam-acl setting from CONFIGURATION mode, the output of this command does not reflect any changes until you save the running-configuration and reload the chassis. The default values for the show cam-acl command are: Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes)
Page 230: View Cam Usage
Verify that you have configured a CAM profile that allocates 24 K entries to the IPv4 system flow region. Allocate more entries in the IPv4Flow region to QoS. Dell Networking OS supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service-policy command provides this test framework. For more information, refer to Pre-Calculating Available QoS CAM Space.
Page 231: Control Plane Policing (Copp)
Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Page 232: Configure Control Plane Policing
Figure 26. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The system can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied. This happens because queue-based rate limiting is applied first.
Page 233: Configuring Copp For Protocols
CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. Configuring CoPP for Protocols This section lists the commands necessary to create and enable the service-policies for CoPP. For complete information about creating ACLs and QoS rules, refer to Access Control Lists (ACLs) Quality of Service...
Page 234 Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit The following example shows creating the QoS input policy. Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos...
Page 235: Configuring Copp For Cpu Queues
Examples of Configuring CoPP for CPU Queues The following example shows creating the QoS policy. Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit The following example shows assigning the QoS policy to the queues.
Page 236: Copp For Ospfv3 Packets
Other 4 CMIC queues will carry the L2/L3 well-known protocol streams. However there are about 20 well known protocol streams that have to share these 4 CMIC queues. Before 9.4.(0.0)Dell Networking OS used only 8 queues most of the queues are shared to multiple protocols.
Page 237 As part of enhancements, CPU queues are increased from 8 to 12 on CPU port. However, the front-end port and the backplane ports support only 8 queues. As a result, when packets are transmitted to the local CPU, the CPU uses Q0-Q11 queues. The control packets that are tunneled to the master unit are isolated from the data queues and the control queues in the backplane links.
Page 238 Catch-All Entry for IPv6 Packets Dell Networking OS currently supports configuration of IPv6 subnets greater than /64 mask length, but the agent writes it to the default LPM table where the key length is 64 bits. The device supports table to store up to 256 subnets of maximum of /128 mask lengths. This can be enabled and agent can be modified to update the /128 table for mask lengths greater than /64.
Page 239: Configuring Copp For Ospfv3
Create a QoS input policy for the router and assign the policing. CONFIGURATION mode Dell(conf)#qos-policy-input ospfv3_rate cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 1500 16 peak 1500 16 Create a QoS class map to differentiate the control-plane traffic and assign to the ACL. CONFIGURATION mode...
Page 240 Viewing Queue Rates Example of Viewing Queue Rates Dell#show cpu-queue rate cp Service-Queue Rate (PPS) -------------- ----------- 1300 2000 1100 Dell# Example of Viewing Queue Mapping To view the queue mapping for each configured protocol, use the show ip protocol-queue-mapping command.
Page 241 Dell# Control Plane Policing (CoPP)
Page 242: Dynamic Host Configuration Protocol (Dhcp)
Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the network and it reclaims IP addresses that are no longer in use to prevent address exhaustion.
Page 243 The following table lists common DHCP options. Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Option 6 Server Specifies the domain name servers (DNSs) that are available to the client.
Page 244: Assign An Ip Address Using Dhcp
Option Number and Description User Port Stacking Option 230 Set the stacking option variable to provide DHCP server stack-port detail when the DHCP offer is set. Option 255 Signals the last option in the DHCP packet. Assign an IP Address using DHCP The following section describes DHCP and the client in a network.
Page 245: Implementation Information
ACLs to an interface which has IP source address validation. If you configure IP source address validation on a member port of a virtual local area network (VLAN) and then to apply an access list to the VLAN, Dell Networking OS displays the first line in the following message.
Page 246: Configuring The Server For Automatic Address Allocation
After an IP address is leased to a client, only that client may release the address. Dell Networking OS performs a IP + MAC source address validation to ensure that no client can release another clients address. This validation is a default behavior and is separate from IP+MAC source address validation.
Page 247: Specifying A Default Gateway
DHCP <POOL> default-router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Using DNS for Address Resolution A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses.
Page 248: Using Netbios Wins For Address Resolution
NOTE: Dell Networking OS does not prevent you from using a network IP as a host IP; be sure to not use a network IP as a host Create an address pool.
Page 249: Using Dhcp Clear Commands
DHCP servers on the subnet, the client does not receive a response to its request and therefore cannot access the network. You can configure an interface on the Dell Networking system to relay the DHCP messages to a specific DHCP server using the ip helper-address dhcp-address command from INTERFACE mode, as shown in the following illustration. Specify multiple DHCP servers by using the ip helper-address dhcp-address command multiple times.
Page 250 Figure 29. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int gigabitethernet 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24 Broadcast address is 10.11.0.255 Address determined by user input...
Page 251: Configure The System To Be A Dhcp Client
Layer 3 mode and pre-configured with no shutdown and no ip address. For this reason, you cannot enter configuration commands to set up the switch. To interrupt a BMP process, prevent a loop from occurring, and apply the Dell Networking OS image and startup configuration stored in the local flash, enter the stop bmp command from the console.
Page 252: Dhcp Client On A Management Interface
To manually configure a static IP address on an interface, use the ip address command. A prompt displays to release an existing dynamically acquired IP address. If you confirm, the ability to receive a DHCP server-assigned IP address is removed. To enable acquiring a dynamic IP address from a DHCP server on an interface configured with a static IP address, use the ip address dhcp command.
Page 253: Dhcp Client Operation With Other Features
DHCP Client Operation with Other Features The DHCP client operates with other Dell Networking OS features, as the following describes. Stacking The DHCP client daemon runs only on the master unit and handles all DHCP packet transactions. It periodically synchronizes the lease file with the standby unit.
Page 254: Configure The System For User Port Stacking (Option 230)
• An entry in the DHCP snooping table is not added for a DHCP client interface. DHCP Server A switch can operate as a DHCP client and a DHCP server. DHCP client interfaces cannot acquire a dynamic IP address from the DHCP server running on the switch.
Page 255: Dhcp Snooping
• track the number of address requests per relay agent. Restricting the number of addresses available per relay agent can harden a server against address exhaustion attacks. • associate client MAC addresses with a relay agent to prevent offering an IP address to a client spoofing the same MAC address on a different relay agent.
Page 256: Enabling Dhcp Snooping
Enabling DHCP Snooping To enable DHCP snooping, use the following commands. Enable DHCP snooping globally. CONFIGURATION mode ip dhcp snooping Specify ports connected to DHCP servers as trusted. INTERFACE mode INTERFACE PORT EXTENDER mode ip dhcp snooping trust Enable DHCP snooping on a VLAN. CONFIGURATION mode ip dhcp snooping vlan name Enabling IPv6 DHCP Snooping...
Page 257 Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command.
Page 258: Drop Dhcp Packets On Snooped Vlans Only
Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic IPv6 Address...
Page 259: Dynamic Arp Inspection
================================================================ 10.1.1.251 00:00:4d:57:f2:50 172800 Vl 10 Gi 1/2 10.1.1.252 00:00:4d:57:e6:f6 172800 Vl 10 Gi 1/1 10.1.1.253 00:00:4d:57:f8:e8 172740 Vl 10 Gi 1/3 10.1.1.254 00:00:4d:69:e8:f2 172740 Vl 10 Gi 1/5 Total number of Entries in the table : 4 Dynamic ARP Inspection Dynamic address resolution protocol (ARP) inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding table.
Page 260: Configuring Dynamic Arp Inspection
Validate ARP frames against the DHCP snooping binding table. INTERFACE VLAN mode arp inspection Examples of Viewing the ARP Information To view entries in the ARP database, use the show arp inspection database command. Dell#show arp inspection database Protocol Address Age(min) Hardware Address Interface VLAN...
Page 261: Source Address Validation
Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 15. Three Types of Source Address Validation Source Address Validation Description IP Source Address Validation Prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP binding table.
Page 262: Dhcp Mac Source Address Validation
INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface. To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-address- validation [interface] command in EXEC Privilege mode.
Page 263: Viewing The Number Of Sav Dropped Packets
The following output of the show ip dhcp snooping source-address-validation discard-counters interface interface command displays the number of SAV dropped packets on a particular interface. Dell>show ip dhcp snooping source-address-validation discard-counters interface GigabitEthernet deny access-list on GigabitEthernet 1/1 Total cam count 2...
Page 264: Equal Cost Multi-Path (Ecmp)
0 lag checksum 0 nh-ecmp checksum 0 Dell Networking OS Behavior: In the Dell Networking OS versions prior to 8.2.1.2, the ExaScale default hash-algorithm is 0. Beginning with Dell Networking OS version 8.2.1.2, the default hash-algorithm is 24.
Page 265: Configuring The Hash Algorithm Seed
This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops. Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same.
Page 266: Managing Ecmp Group Paths
Enable ECMP group path management. CONFIGURATION mode. ip ecmp-group path-fallback Example of the ip ecmp-group maximum-paths Command Dell(conf)#ip ecmp-group maximum-paths 3 User configuration has been changed. Save the configuration and reload to take effect Dell(conf)# Creating an ECMP Group Bundle Within each ECMP group, you can specify an interface.
Page 267 You can configure ecmp-group with id 2 for link bundle monitoring. This ecmp-group is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Dell(conf-ecmp-group-5)#show config ecmp-group 5...
Page 268: Fips Cryptography
This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. NOTE: The Dell Networking OS uses an embedded FIPS 140-2-validated cryptography module (Certificate #1747) running on NetBSD 5.1 per FIPS 140-2 Implementation Guidance section G.5 guidelines. NOTE: Only the following features use the embedded FIPS 140-2-validated cryptography module: •...
Page 269: Enabling Fips Mode
(deleting all the per-session encryption key information), actually enables/tests FIPS mode, generates new host-keys, and re- enables the SSH server (assuming it was enabled before enabling FIPS). For more information, refer to the SSH Server and SCP Commands section in the Security chapter of the Dell Networking OS Command Line Reference Guide.
Page 270: Disabling Fips Mode
Examples of the show fips status and show system Commands The following example shows the show fips status command. Dell#show fips status FIPS Mode : Enabled for the system using the show system command. The following example shows the show system command.
Page 271: Force10 Resilient Ring Protocol (Frrp)
Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) and may require 4 to 5 seconds to reconverge.
Page 272: Ring Status
The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node. Ring Status The ring failure notification and the ring status checks provide two ways to ensure the ring remains up and active in the event of a switch or port failure.
Page 273: Important Frrp Points
Member VLAN Spanning Two Rings Connected by One Switch A member VLAN can span two rings interconnected by a common switch, in a figure-eight style topology. A switch can act as a Master node for one FRRP group and a Transit for another FRRP group, or it can be a Transit node for both rings. In the following example, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring.
Page 274: Important Frrp Concepts
• One Master node per ring — all other nodes are Transit. • Each node has two member interfaces — primary and secondary. • There is no limit to the number of nodes on a ring. • Master node ring port states — blocking, pre-forwarding, forwarding, and disabled. •...
Page 275: Implementing Frrp
FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP.
Page 276: Configuring The Control Vlan
Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to Layer Be sure to follow these guidelines: •...
Page 277: Configuring And Adding The Member Vlans
CONFIG-FRRP mode. no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to the Layer 2 chapter.
Page 278: Setting The Frrp Timers
no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. • Enter the desired intervals for Hello-Interval or Dead-Interval times. CONFIG-FRRP mode. timer {hello-interval|dead-interval} milliseconds • Hello-Interval: the range is from 50 to 2000, in increments of 50 (default is 500).
Page 279: Troubleshooting Frrp
show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be Members of the same control VLAN. •...
Page 280: Frrp Support On Vlt
no shutdown interface Vlan 101 no ip address tagged GigabitEthernet 2/14,31 no shutdown interface Vlan 201 no ip address tagged GigabitEthernet 2/14,31 no shutdown protocol frrp 101 interface primary GigabitEthernet 2/14 secondary GigabitEthernet 2/31 control-vlan 101 member-vlan 201 mode transit no disable Example of R3 TRANSIT interface GigabitEthernet 3/14...
Page 281: Example Scenario
Figure 31. FRRP Ring Connecting VLT Devices You can also configure an FRRP ring where both the VLT peers are connected to the FRRP ring and the VLTi acts as the primary interface for the FRRP Master and transit nodes. This active-active FRRP configuration blocks the FRRP ring on a per VLAN or VLAN group basis enabling the configuration to spawn across different set of VLANs.
Page 282: Important Points To Remember
• Dell Networking OS does not support coexistence of xSTP and FRRP configurations. Meaning, if there is any active FRRP ring in the system, then you cannot enable xSTP in the system globally or at the interface level. Similarly, if xSTP is enabled, then you cannot configure FRRP in the system.
Page 283: Garp Vlan Registration Protocol (Gvrp)
If spanning tree and GVRP are both required, implement the rapid spanning tree protocol (RSTP). The device does not support enabling GVRP and MSTP at the same time. Dell(conf)#protocol spanning-tree pvst Dell(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST.
Page 284: Configure Gvrp
• Configure GVRP Registration • Configure a GARP Timer • RPM Redundancy Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, GVRP is configured on VLAN trunk ports.
Page 285: Enabling Gvrp Globally
To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command.
Page 286: Configure A Garp Timer
GARP devices can re-register all relevant attribute information. The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The Dell Networking OS default is 10000ms.
Page 287 • RPM Synchronization GARP VLAN Registration Protocol (GVRP)
Page 288: High Availability (Ha)
Hot-Lock Behavior Component Redundancy Dell Networking systems eliminate single points of failure by providing dedicated or load-balanced redundancy for each component. Automatic and Manual Stack Unit Failover Stack unit failover is the process of the standby unit becoming a management unit.
Page 289: Synchronization Between Management And Standby Units
Data between the Management and Standby units is synchronized immediately after bootup. After the Management and Standby units have done an initial full synchronization (block sync), Dell Networking OS only updates changed data (incremental sync). The data that is synchronized consists of configuration data, operational data, state and status, and statistics depending on the Dell Networking OS version.
Page 290: Specifying An Auto-Failover Limit
Specifying an Auto-Failover Limit When a non-recoverable fatal error is detected, an automatic failover occurs. However, Dell Networking OS is configured to auto-failover only three times within any 60 minute period and you cannot change that. Disabling Auto-Reboot To disable auto-reboot, use the following command.
Page 291: Hitless Behavior
If any health checks on the stack unit fail, the Dell Networking OS fails over to standby stack unit. If any health checks on a line card fail, Dell Networking OS resets the card to bring it back to the correct state.
Page 292: Failure And Event Logging
Event messages provide system administrators diagnostics and auditing information. Dell Networking OS sends event messages to the internal buffer, all terminal lines, the console, and optionally to a syslog server. For more information about event messages and configurable options, refer to Management.
Page 293: Internet Group Management Protocol (Igmp)
IGMP Implementation Information • Dell Networking Operating System (OS) supports IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet.
Page 294: Leaving A Multicast Group
leaves a multicast group by sending an IGMP message to its IGMP Querier. The querier is the router that surveys a subnet for multicast receivers and processes survey responses to populate the multicast routing table. IGMP messages are encapsulated in IP packets, as shown in the following illustration. Figure 34.
Page 295: Igmp Version 3
Any remaining hosts respond to the query according to the delay timer mechanism (refer to Adjusting Query and Response Timers). If no hosts respond (because there are none remaining in the group), the querier waits a specified period and sends another query. If it still receives no response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet.
Page 296 Figure 36. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
Page 297 Figure 37. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
Page 298: Configure Igmp
Figure 38. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. Enable multicast routing using the ip multicast-routing command. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP Version •...
Page 299: Viewing Igmp Enabled Interfaces
Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3.
Page 300: Show Ip Igmp Groups
EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell#show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode Uptime Expires Last Reporter 225.1.1.1 GigabitEthernet 1/1 IGMPV2...
Page 301: Preventing A Host From Joining A Group
Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, the Dell Networking OS clears the multicast routing table and re-learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists.
Page 302 Figure 39. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 17. Preventing a Host from Joining a Group — Description Location Description 1/21 • Interface GigabitEthernet 1/21 •...
Page 303 Location Description • no shutdown • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface GigabitEthernet 2/31 •...
Page 304: Enabling Igmp Immediate-Leave
If IGMP snooping is enabled on a PIM-enabled VLAN interface, data packets using the router as an Layer 2 hop may be dropped. To avoid this scenario, Dell Networking recommends that users enable IGMP snooping on server-facing end-point VLANs only.
Page 305: Removing A Group-Port Association
• Specifying a Port as Connected to a Multicast Router • Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell(conf)#ip igmp snooping enable Dell(conf)#do show running-config igmp ip igmp snooping enable Dell(conf)# Removing a Group-Port Association To configure or view the remove a group-port association feature, use the following commands.
Page 306: Specifying A Port As Connected To A Multicast Router
Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN, use the following commands. • Statically specify a port in a VLAN as connected to a multicast router. INTERFACE VLAN mode ip igmp snooping mrouter •...
Page 307: Fast Convergence After Mstp Topology Changes
Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
Page 308: Enabling And Disabling Management Egress Interface Selection
Table 18. Association Between Applications and Port Numbers Application Name Port Number Client Server Supported Supported Sflow-Collector 6343 Supported SNMP 162 for SNMP Traps (client), Supported 161 for SNMP MIB response (server) Supported Supported 20/21 Supported Supported Syslog Supported Telnet Supported Supported TFTP...
Page 309: Handling Of Management Route Configuration
When the feature is enabled using the management egress-interface-selection command, the following events are performed: • The CLI prompt changes to the EIS mode. • In this mode, you can run the application and no application commands • Applications can be configured or unconfigured as management applications using the application or no application command.
Page 310: Handling Of Switch-Initiated Traffic
Handling of Switch-Initiated Traffic When the control processor (CP) initiates a control packet, the following processing occurs: • TCP/UDP port number is extracted from the sockaddr structure in the in_selectsrc call which is called as part of the connect system call or in the ip_output function.
Page 311: Handling Of Transit Traffic (Traffic Separation)
EIS routing table fails, ip2 is the source IP and the front-panel port is used to reach the destination. The fallback route between the management and data networks is used in such a case. At any given time, end users can access Dell Networking OS applications using either ip1 or ip2.
Page 312: Behavior Of Various Applications For Switch-Initiated Traffic
Traffic type / Switch initiated traffic Switch-destined traffic Transit Traffic Application type only. No change in the existing port is down or the route lookup fails, packets behavior. are dropped • EIS is enabled implies that EIS feature is enabled and the application might or might not be configured as a management application •...
Page 313: Behavior Of Various Applications For Switch-Destined Traffic
Table 20. Behavior of Various Applications for Switch-Initiated Traffic Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled EIS Behavior Default Behavior EIS Behavior Default Behavior EIS Behavior Default Behavior radius EIS Behavior Default Behavior Sflow-collector Default Behavior Snmp (SNMP Mib response and SNMP EIS Behavior Default Behavior...
Page 314: Interworking Of Eis With Various Applications
To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address. All IGMP control packets and IP multicast data traffic originating from receivers is forwarded to multicast router interfaces.
Page 315 • Designate an interface as a multicast router interface. ip igmp snooping mrouter interface Internet Group Management Protocol (IGMP)
Page 316: Interfaces
Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 1 Gigabit Ethernet and 10 Gigabit Ethernet interfaces. Basic Interface Configuration • Interface Types • View Basic Interface Information •...
Page 317: Interface Types
• VLAN Interfaces • Loopback Interfaces • Null Interfaces • Port Channel Interfaces • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Configuring wavelength for 10–Gigabit SFP+ optics • Link Dampening • Link Bundle Monitoring •...
Page 318 NOTE: To end output from the system, such as the output from the show interfaces command, enter CTRL+C and Dell Networking OS returns to the command prompt. NOTE: The CLI output may be incorrectly displayed as 0 (zero) for the Rx/Tx power values. To obtain the correct power information, perform a simple network management protocol (SNMP) query.
Page 319: Resetting An Interface To Its Factory Default State
8 mac learning-limit 10 no-station-move no shutdown Reset an interface to its factory default state. CONFIGURATION mode default interface interface-type] Dell(conf)#default interface gigabitethernet 1/5 Verify the configuration. INTERFACE mode show config Dell(conf-if-gi-1/5)#show config interface GigabitEthernet 1/5 no ip address shutdown All the applied configurations are removed and the interface is set to the factory default state.
Page 320: Enabling Energy Efficient Ethernet
You can enable EEE only on one Gigabit and ten Gigabit native or optional module copper ports. To enable EEE, use the eee command. INTERFACE mode Dell(conf)# interface gigabitethernet 1/1 Dell(conf-if-gi-1/1)# eee To disable EEE, use the no eee command. INTERFACE mode...
Page 321 Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 3d17h51m The following example shows the status of EEE on a specific interface. S3048–ON Dell#show interfaces gigabitethernet 1/1 eee Interface EEE Status Speed Duplex...
Page 322 S3048–ON Dell#show interfaces gigabitethernet 1/1 eee statistics Port TxLPIEventCount TxLPIDuration RxLPIEventCount RxLPIDuration Gi 1/1 The following example shows the hardware counters on a specified interface. Dell#show hardware counters interface gigabitethernet 10/1 unit: 0 port: 1 (interface Gi 10/1) Description Value...
Page 323 TX - EEE LPI Event Counter TX - EEE LPI Duration Counter <<Output Truncated>> The following example shows the hardware counters on specified stack unit. Dell#show hardware stack-unit 10 unit 0 counters unit: 0 port: 1 (interface Gi 10/1) Description Value...
Page 324 RX - Control Frame Counter RX - Pause Control Frame Counter RX - Oversized Frame Counter RX - Jabber Frame Counter RX - VLAN Tag Frame Counter RX - Double VLAN Tag Frame Counter RX - RUNT Frame Counter RX - Fragment Counter RX - VLAN Tagged Packets RX - Ingress Dropped Packet RX - MTU Check Error Frame Counter...
Page 325: Clear Eee Counters
Examples of the clear counters eee Command When you use this command, confirm that you want Dell Networking OS to clear the EEE counters. Dell# clear counters eee Clear eee counters on all Copper Ports [confirm] y...
Page 326: Overview Of Layer Modes
Clearing Interface Counters Overview of Layer Modes On all systems running Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode. Table 23. Layer Modes...
Page 327: Configuring Layer 2 (Interface) Mode
Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Gi 1/2. Dell(conf-if)# To determine the configuration of an interface, use the show config command in INTERFACE mode or the various show interface commands in EXEC mode.
Page 328: Egress Interface Selection (Eis)
View Basic Interface Information. To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode. Dell>show ip interface vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49.1/24 Broadcast address is 1.1.49.255...
Page 329: Management Interfaces
You can configure this interface using the CLI, but the configuration options on this interface are limited. You cannot configure Gateway addresses and IP addresses if it appears in the main routing table of Dell Networking OS. In addition, proxy ARP is not supported on this interface.
Page 330: Configuring A Management Interface On An Ethernet Port
• must not match the virtual IP address and must not be in the same subnet as the virtual IP. Dell#show interfaces managementethernet 1/1 ManagementEthernet 1/1 is up, line protocol is up Hardware is DellForce10Eth, address is 00:01:e8:a0:bf:f3...
Page 331: Vlan Interfaces
You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol.
Page 332: Loopback Interfaces
INTERFACE mode ip address ip-address mask [secondary] • ip-address mask: enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). • secondary: the IP address is the interface’s backup IP address. You can configure up to eight secondary IP addresses. Example of a Configuration for a VLAN Participating in an OSPF Process interface Vlan 10 ip address 1.1.1.2/24...
Page 333: Port Channel Interfaces
(LAG) or port channel. A LAG is “a group of links that appear to a MAC client as if they were a single link” according to IEEE 802.3ad. In Dell Networking OS, a LAG is referred to as a port channel interface.
Page 334: Interfaces In Port Channels
10000 Mbps are kept up, and all other interfaces that are not set to 10G speed or auto negotiate are disabled. Dell Networking OS brings up the interfaces that are set to auto negotiate so that their speed is identical to the speed of the first channel member in the port channel.
Page 335: Adding A Physical Interface To A Port Channel
The physical interfaces in a port channel can be on any line card in the chassis, but must be the same physical type. NOTE: Port channels can contain a mix of Ethernet interfaces, but Dell Networking OS disables the interfaces that are not the same speed of the first channel member in the port channel (refer to 10/100/1000 Mbps Interfaces in Port Channels).
Page 336: Reassigning An Interface To A New Port Channel
Dell> When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief command indicates the primary port.
Page 337: Configuring The Minimum Oper Up Links In A Port Channel
The following example shows moving an interface from port channel 4 to port channel 3. Dell(conf-if-po-4)#show config interface Port-channel 4 no ip address channel-member GigabitEthernet 1/8 no shutdown Dell(conf-if-po-4)#no chann gi 1/8 Dell(conf-if-po-4)#int port 3 Dell(conf-if-po-3)#channel gi 1/8 Dell(conf-if-po-3)#sho conf interface Port-channel 3 no ip address...
Page 338 EXEC mode Dell(conf)# interface gigabitethernet 1/1 Dell(conf-if-gi-1/1)#switchport Dell(conf-if-gi-1/1)# vlan tagged 2-5,100,4010 Dell#show interfaces switchport gi 1/1 Codes: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Trunk, H - VSN tagged...
Page 339: Assigning An Ip Address To A Port Channel
Dell Networking OS allows you to modify the hashing algorithms used for flows and for fragments. The load-balance and hash-algorithm commands are available for modifying the distribution algorithms.
Page 340 | hg-seed seed-value stack-unit | lag {checksum | crc | xor} [number] nh-ecmp {checksum | crc | xor}[number] stack—unit number ip-sa-mask value ip-da-mask value | seed seed-value } For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide.
Page 341: Bulk Configuration
Bulk Configuration Bulk configuration allows you to determine if interfaces are present for physical interfaces or configured for logical interfaces. Interface Range An interface range is a set of interfaces to which other commands may be applied and may be created if there is at least one valid interface within the range.
Page 342 The following is an example showing how duplicate entries are omitted from the interface-range prompt. Example of the Interface-Range Prompt for Duplicate Interfaces Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)#interface range gigabitethernet 1/1 - 1/23 , gigabitethernet 1/1 - 1/23 ,...
Page 343: Defining Interface Range Macros
The following example shows how to use commas to add VLAN and port-channel interfaces to the range. Example of Adding VLAN and Port-Channel Interface Ranges Dell(config-if-range-gi-1/1-1/2)# interface range Vlan 2 – 100 , Port 1 – 25 Dell(config-if-range-gi-1/1-1/2-vl-2-100-po-1-25)# no shutdown Defining Interface Range Macros You can define an interface-range macro to automatically select a range of interfaces for configuration.
Page 344: Maintenance Using Tdr
Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs. TDR sends a signal onto the physical cable and examines the reflection of the signal that returns.
Page 345: Configuring Wavelength For 10-Gigabit Sfp+ Optics
NOTE: TDR is an intrusive test. Do not run TDR on a link that is up and passing traffic. To test and display TDR results, use the following commands. To test for cable faults on the TenGigabitEthernet cable. EXEC Privilege mode tdr-cable-test tengigabitethernet slot/port Between two ports, do not start the test on both ends of the cable.
Page 346: Important Points To Remember
To view a dampening summary for the entire system, use the show interfaces dampening summary command from EXEC Privilege mode. Dell# show interfaces dampening summary 20 interfaces are configured with dampening. 3 interfaces are currently suppressed. Following interfaces are currently suppressed:...
Page 347: Link Bundle Monitoring
The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, Dell Networking OS divides the packet into fragments no bigger than the size set in the ip mtu command.
Page 348: Using Ethernet Pause Frames For Flow Control
Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it.
Page 349: Enabling Pause Frames
For example, for VLAN packets, if the IP MTU is 1400, the Link MTU must be no less than 1422: 1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The following table lists the various Layer 2 overheads found in the Dell Networking OS and the number of bytes. Table 24. Layer 2 Overhead...
Page 350: Port-Pipes
Port-Pipes A port pipe is a Dell Networking-specific term for the hardware packet-processing elements that handle network traffic to and from a set of front-end I/O ports. The physical, front-end I/O ports are referred to as a port-set. In the command-line interface, a port pipe is entered as port-set port-pipe-number.
Page 351 Example of the show interfaces status Command to View Link Status NOTE: The show interfaces status command displays link status, but not administrative status. For both link and administrative status, use the show ip interface command. Dell#show interfaces status Port Description Status Speed Duplex Vlan Gi 1/1...
Page 352: Set Auto-Negotiation Options
Force port to slave mode Dell(conf-if-gi-1/1-autoneg)# For details about the speed, , and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. NOTE: While using 10GBASE-T, auto-negotiation is enabled on the external PHY by default, and auto-negotiation should be enabled on the peer for the link to come up.
Page 353: Configuring The Interface Sampling Size
Dell#show ip interface stack-unit 1 configured Dell#show ip interface tengigabitEthernet 1 configured Dell#show ip interface br configured Dell#show ip interface br stack-unit 1 configured Dell#show ip interface br tengigabitEthernet 1 configured Dell#show running-config interfaces configured Dell#show running-config interface tengigabitEthernet 1 configured In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information.
Page 354: Configuring The Traffic Sampling Size Globally
The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100. Dell#configure terminal Dell(Conf)#rate-interval 150 DELL#show interface TenGigabitEthernet 10/0 TenGigabitEthernet 10/0 is up, line protocol is up Interfaces...
Page 355 1534517 packets/sec, 30.00% of line-rate Output 100.00 Mbits/sec, 4636111 packets/sec, 10.00% of line-rate Time since last interface status change: 01:07:44 Dell#show int po 20 Port-channel 20 is up, line protocol is up Hardware address is 4c:76:25:f4:ab:02, Current address is 4c:76:25:f4:ab:02 Interface index is 1258301440...
Page 356: Dynamic Counters
Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, Dell Networking OS automatically turns on counting when you enable the application, and is turned off when you disable the application. NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance.
Page 357 Example of the clear counters Command When you enter this command, confirm that you want Dell Networking OS to clear the interface counters for that interface. Dell#clear counters gi 1/1 Clear counters on GigabitEthernet 1/1 [confirm] Dell# Interfaces...
Page 358: Internet Protocol Security (Ipsec)
Internet Protocol Security (IPSec) Internet protocol security (IPSec) is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel. •...
Page 359 crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXform-set session-key inbound esp 256 auth <key> encrypt <key> session-key outbound esp 257 auth <key> encrypt <key> match 0 tcp a::1 /128 0 a::2 /128 23 match 1 tcp a::1 /128 23 a::2 /128 0 match 2 tcp a::1 /128 0 a::2 /128 21 match 3 tcp a::1 /128 21 a::2 /128 0 match 4 tcp 1.1.1.1 /32 0 1.1.1.2 /32 23...
Page 360: Ipv4 Routing
IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature...
Page 361: Ip Addresses
NOTE: Even though Dell Networking OS listens to all ports, you can only use the ports starting from 35001 for IPv4 traffic. Ports starting from 0 to 35000 are reserved for internal use and you cannot use them for IPv4 traffic.
Page 362: Configuring Static Routes
Example the show config Command To view the configuration, use the show config command in INTERFACE mode or use the show ip interface command in EXEC privilege mode, as shown in the second example. Dell(conf-if)#show conf interface GigabitEthernet 1/1 ip address 10.11.1.1/24...
Page 363: Configure Static Routes For The Management Interface
Dell Networking OS installs a next hop that is on the directly connected subnet of current IP address on the interface. Dell Networking OS also installs a next hop that is not on the directly connected subnet but which recursively resolves to a next hop on the interface's configured subnet.
Page 364: Ipv4 Path Mtu Discovery Overview
IPv4 Path MTU Discovery Overview The size of the packet that can be sent across each hop in the network path without being fragmented is called the path maximum transmission unit (PMTU). This value might vary for the same route between two devices, mainly over a public network, depending on the network load and speed, and it is not a consistent value.
Page 365: Configuring The Duration To Establish A Tcp Connection
Dell>show ip tcp reduced-syn-ack-wait Enabling Directed Broadcast By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive directed broadcasts, use the following command.
Page 366: Enabling Dynamic Resolution Of Host Names
If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches the host table first to resolve the partial domain.
Page 367: Configuring Dns With Traceroute
Configure this command up to six times to specify a list of possible domain names. Dell Networking OS searches the domain names in the order they were configured until a match is found or the list is exhausted.
Page 368: Configuration Tasks For Arp
For more information about Proxy ARP, refer to RFC 925, Multi-LAN Address Resolution, and RFC 1027, Using ARP to Implement Transparent Subnet Gateways. Configuration Tasks for ARP For a complete listing of all ARP-related commands, refer to the Dell Networking OS Command Line Reference Guide. Configuration tasks for ARP include: •...
Page 369: Clearing Arp Cache
Gratuitous ARP can mean an ARP request or reply. In the context of ARP learning via gratuitous ARP on Dell Networking OS, the gratuitous ARP is a request. A gratuitous ARP request is an ARP request that is not needed according to the ARP specification, but one that hosts may send to: •...
Page 370: Configuring Arp Retries
Figure 40. ARP Learning via ARP Request Beginning with Dell Networking OS version 8.3.1.0, when you enable ARP learning via gratuitous ARP, the system installs a new ARP entry, or updates an existing entry for all received ARP requests. Figure 41. ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable ARP learning via gratuitous ARP, the system does not look up the target IP.
Page 371: Icmp
IP address of packets to match those addresses. Configure UDP Helper To configure Dell Networking OS to direct UDP broadcast, enable UDP helper and specify the UDP ports for which traffic is forwarded. See Enabling UDP Helper...
Page 372: Important Points To Remember
To enable UDP helper, use the following command. • Enable UPD helper. ip udp-helper udp-ports Example of Enabling UDP Helper and Using the UDP Helper show Command Dell(conf-if-gi-1/1)#ip udp-helper udp-port 1000 Dell(conf-if-gi-1/1)#show config interface GigabitEthernet 1/1 ip address 2.1.1.1/24 ip udp-helper udp-port 1000...
Page 373: Configurations Using Udp Helper
UDP Helper with No Configured Broadcast Addresses UDP Helper with Broadcast-All Addresses When the destination IP address of an incoming packet is the IP broadcast address, Dell Networking OS rewrites the address to match the configured broadcast address. In the following illustration: Packet 1 is dropped at ingress if you did not configure UDP helper address.
Page 374: Udp Helper With Subnet Broadcast Addresses
Figure 42. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching interface. In the following illustration, Packet 1 has the destination IP address 1.1.1.255, which matches the subnet broadcast address of VLAN 101.
Page 375: Udp Helper With No Configured Broadcast Addresses
To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Gi 5/1 with IP DA (0xffffffff) will be sent on Gi 5/2 Gi 5/3 Vlan 3 01:44:54: Pkt rcvd on Gi 7/1 is handed over for DHCP processing.
Page 376: Ipv6 Routing
IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
Page 377: Extended Address Space
Router Solicitations (RS). By default, RA response messages are sent when an RS message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised so the neighbor can use this information to auto-configure its address. However, received ND messages are not used to create an IPv6 address.
Page 378: Ipv6 Header Fields
• Flow Label (20 bits) • Payload Length (16 bits) • Next Header (8 bits) • Hop Limit (8 bits) • Source Address (128 bits) • Destination Address (128 bits) IPv6 provides for extension headers. Extension headers are used only if necessary. There can be no extension headers, one extension header or more than one extension header in an IPv6 packet.
Page 379 Next Header (8 bits) The Next Header field identifies the next header’s type. If an Extension header is used, this field contains the type of Extension header (as shown in the following table). If the next header is a transmission control protocol (TCP) or user datagram protocol (UDP) header, the value in this field is the same as for IPv4.
Page 380: Extension Header Fields
Source Address (128 bits) The Source Address field contains the IPv6 address for the packet originator. Destination Address (128 bits) The Destination Address field contains the intended recipient’s IPv6 address. This can be either the ultimate destination or the address of the next hop router.
Page 381: Addressing
Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet’s Source IP Address identifying the unknown option type. Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet’s Source IP Address only if the Destination IP Address is not a multicast address.
Page 382: Implementing Ipv6 With Dell Networking Os
Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform. The sections following the table give greater detail about the feature.
Page 383: Icmpv6
ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 4443.
Page 384: Path Mtu Discovery
Informational messages provide diagnostic functions and additional host functions, such as Neighbor Discovery and Multicast Listener Discovery. These messages also include Echo Request and Echo Reply messages. The Dell Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages.
Page 385: Ipv6 Neighbor Discovery Of Mtu Packets
With ARP, each node broadcasts ARP requests on the entire link. This approach causes unnecessary processing by uninterested nodes. With NDP, each node sends a request only to the intended destination via a multicast address with the unicast address used as the last 24 bits.
Page 386: Debugging Ipv6 Rdnss Information Sent To The Host
Dell(conf-if-gi-1/1)#do debug ipv6 nd gigabitethernet 1/1 ICMPv6 Neighbor Discovery packet debugging is on for gigabitethernet 1/1 Dell(conf-if-gi-1/1)#00:13:02 : : cp-ICMPV6-ND: Sending RA on Gi 1/1 current hop limit=64, flags: M-, O-, router lifetime=1800 sec, reachable time=0 ms, retransmit time=0 ms...
Page 387: Displaying Ipv6 Rdnss Information
Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. IPv6 Routing...
Page 388: Configuration Tasks For Ipv6
Configuration Tasks for IPv6 The following are configuration tasks for the IPv6 protocol. • Adjusting Your CAM-Profile • Assigning an IPv6 Address to an Interface • Assigning a Static IPv6 Route • Configuring Telnet with IPv6 • SNMP over IPv6 •...
Page 389: Assigning An Ipv6 Address To An Interface
Assigning an IPv6 Address to an Interface Essentially, IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully. To assign an IPv6 address to an interface, use the ipv6 address command.
Page 390: Configuring Telnet With Ipv6
Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router.
Page 391: Displaying An Ipv6 Interface Information
• For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Example of the show ipv6 interface Command Dell#show ipv6 int ManagementEthernet 1/1 ManagementEthernet 1/1 is up, line protocol is up IPV6 is enabled Stateless address autoconfiguration is enabled...
Page 392 To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command. Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0...
Page 393: Showing The Running-Configuration For An Interface
For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For the Management interface on the stack-unit, enter the keyword ManagementEthernet then the slot/port information. Example of the show running-config interface Command Dell#show run int gigabitethernet 2/2 interface GigabitEthernet 2/2 no ip address ipv6 address 3:4:5:6::8/24...
Page 394: Configuring Ipv6 Ra Guard
The following example shows how to disable the ND timer. Dell(conf-if-fo-1/1/1)#ipv6 nd disable-reachable-timer Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted router advertisement guard messages that arrive at the network device platform.
Page 395: Configuring Ipv6 Ra Guard On An Interface
The retransmission time range is from 100 to 4,294,967,295 milliseconds. Display the configurations applied on the RA guard policy mode. POLICY LIST CONFIGURATION mode show config Example of the show config Command Dell(conf-ra_guard_policy_list)#show config ipv6 nd ra-guard policy test device-role router hop-limit maximum 251 mtu 1350...
Page 396: Monitoring Ipv6 Ra Guard
[interface slot/port | count value] The count range is from 1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, see the Dell Networking OS Command Line Reference Guide. IPv6 Routing...
Page 397: Intermediate System To Intermediate System
Intermediate System to Intermediate System The intermediate system to intermediate system (IS-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. Topics: • IS-IS Protocol Overview • IS-IS Addressing • Multi-Topology IS-IS •...
Page 398: Multi-Topology Is-Is
• area address — within your routing domain or area, each area must have a unique area value. The first byte is called the authority and format indicator (AFI). • system address — the router’s MAC address. • N-selector — this is always 0. The following illustration is an example of the ISO-style address to show the address format IS-IS uses.
Page 399: Interface Support
Interface Support MT IS-IS is supported on physical Ethernet interfaces, physical synchronous optical network technologies (SONET) interfaces, port- channel interfaces (static and dynamic using LACP), and virtual local area network (VLAN) interfaces. Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement MT extensions. If a local router does not participate in certain MTs, it does not advertise those MT IDs in its IS-IS hellos (IIHs) and so does not include that neighbor within its LSPs.
Page 400: Configuration Information
By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing;...
Page 401: Configuration Tasks For Is-Is
Configuration Tasks for IS-IS The following describes the configuration tasks for IS-IS. • Enabling IS-IS • Configure Multi-Topology IS-IS (MT IS-IS) • Configuring IS-IS Graceful Restart • Changing LSP Attributes • Configuring the IS-IS Metric Style • Configuring IS-IS Cost •...
Page 402 The default IS type is level-1-2. To change the IS type to Level 1 only or Level 2 only, use the is-type command in ROUTER ISIS mode. To view the IS-IS configuration, enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 403 IS-IS: LSP checksum errors received : 0 IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: •...
Page 404 Implement a wide metric-style globally. ROUTER ISIS AF IPV6 mode isis ipv6 metric metric-value [level-1 | level-2 | level-1-2] To configure wide or wide transition metric style, the cost can be between 0 and 16,777,215. Configuring IS-IS Graceful Restart To enable IS-IS graceful restart globally, use the following commands. Additionally, you can implement optional commands to enable the graceful restart settings.
Page 405 Example of the show isis interface Command To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode. Dell#show isis interface GigabitEthernet 1/34 GigabitEthernet 1/34 is up, line protocol is up MTU 1497, Encapsulation SAP...
Page 406 Example of Viewing IS-IS Configuration (ROUTER ISIS Mode) To view the configuration, use the show config command in ROUTER ISIS mode or the show running-config isis command in EXEC Privilege mode. Dell#show running-config isis router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00...
Page 407 If you configure narrow, transition, or narrow transition metric style, the cost can be a number between 0 and 63. If you configure wide or wide transition metric style, the cost can be a number between 0 and 16,777,215. Dell Networking OS supports five different metric styles: narrow, wide, transition, narrow transition, and wide transition.
Page 408: Configuring The Distance Of A Route
Accept wide metrics: none Dell# Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with IS-IS enabled, you can assign a cost or metric that is used in the link state calculation.
Page 409: Changing The Is-Type
The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level. To view the Link State databases, use the show isis database command. Dell#show isis database IS-IS Level-1 Link State Database...
Page 410 Another method of controlling routing information is to filter the information through a prefix list. Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS.
Page 411: Redistributing Ipv4 Routes
• Apply a configured prefix list to all incoming IPv6 IS-IS routes. ROUTER ISIS-AF IPV6 mode distribute-list prefix-list-name in [interface] Enter the type of interface and the interface information: • For a 1-GigabitEthernet interface, enter the keyword GigabitEthernet then the slot/port information. •...
Page 412: Redistributing Ipv6 Routes
ROUTER ISIS mode redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: • process-id the range is from 1 to 65535. • level-1, level-1-2, or level-2: assign all redistributed routes to a level.
Page 413: Configuring Authentication Passwords
Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system.
Page 414: Debugging Is-Is
Enter the type of interface and slot/port information to view IS-IS information on that interface only. Dell Networking OS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
Page 415: Is-Is Metric Styles
The following sections provide additional information about the IS-IS metric styles. • Configuring the IS-IS Metric Style • Configure Metric Values Dell Networking OS supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) •...
Page 416 Table 28. Metric Value When the Metric Style Changes Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide narrow default value (10) if the original value is greater than 63. A message is sent to the console. wide transition truncated value (the truncated value appears in the LSP only).
Page 417: Leaks From One Level To Another
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value commands and is used if you change back to transition metric style. Moving to transition and then to another metric style produces different results. Table 29. Metric Value when the Metric Style Changes Multiple Times Beginning Metric Style Next Metric Style Resulting Metric Value...
Page 418: Sample Configurations
Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of the following three different methods: • Congruent Topology — You must configure both IPv4 and IPv6 addresses on the interface. Enable the ip router isis and ipv6 router isis commands on the interface.
Page 419 GigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-gi-3/17)# Dell (conf-router_isis)#show config router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf-router_isis)# Dell (conf-if-gi-3/17)#show config interface GigabitEthernet 3/17...
Page 420: Link Aggregation Control Protocol (Lacp)
Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards.
Page 421: Lacp Modes
LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state.
Page 422: Lacp Configuration Tasks
Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface Gigabitethernet 3/15 Dell(conf-if-gi-3/15)#no shutdown Dell(conf-if-gi-3/15)#port-channel-protocol lacp Dell(conf-if-gi-3/15-lacp)#port-channel 32 mode active Dell(conf)#interface Gigabitethernet 3/16 Dell(conf-if-gi-3/16)#no shutdown Dell(conf-if-gi-3/16)#port-channel-protocol lacp Dell(conf-if-gi-3/16-lacp)#port-channel 32 mode active Link Aggregation Control Protocol (LACP)
Page 423: Setting The Lacp Long Timeout
Dell(conf)#interface Gigabitethernet 4/15 Dell(conf-if-gi-4/15)#no shutdown Dell(conf-if-gi-4/15)#port-channel-protocol lacp Dell(conf-if-gi-4/15-lacp)#port-channel 32 mode active Dell(conf)#interface Gigabitethernet 4/16 Dell(conf-if-gi-4/16)#no shutdown Dell(conf-if-gi-4/16)#port-channel-protocol lacp Dell(conf-if-gi-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing static channel-member configuration in LAG 32.
Page 424: Shared Lag State Tracking
Figure 50. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking. To achieve this functionality, you must group LAG 1 and LAG 2 into a single entity, called a failover group.
Page 425 Example of LAGs in the Same Failover Group Dell#config Dell(conf)#port-channel failover-group Dell(conf-po-failover-grp)#group 1 port-channel 1 port-channel 2 To view the failover group configuration, use the show running-configuration po-failover-group command. Dell#show running-config po-failover-group port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group.
Page 426: Important Points About Shared Lag State Tracking
Important Points about Shared LAG State Tracking The following is more information about shared LAG state tracking. • This feature is available for static and dynamic LAGs. • Only a LAG can be a member of a failover group. • You can configure shared LAG state tracking on one side of a link or on both sides.
Page 427 Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface Index is 109101113 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode full duplex, Slave Flowcontrol rx on tx on ARP type: ARPA, ARP Timeout 04:00:00...
Page 428 Figure 53. Inspecting the LAG Configuration Link Aggregation Control Protocol (LACP)
Page 429 Figure 54. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP)
Page 430 Figure 55. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/31)#shutdown Alpha(conf-if-gi-2/31)#port-channel-protocol lacp Alpha(conf-if-gi-2/31-lacp)#port-channel 10 mode active Alpha(conf-if-gi-2/31-lacp)#no shut Alpha(conf-if-gi-2/31)#show config interface GigabitEthernet 2/31 no ip address port-channel-protocol LACP port-channel 10 mode active...
Page 431 Summary of the LAG Configuration on Bravo Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config interface Port-channel 10 no ip address switchport no shutdown Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/21)#port-channel-protocol lacp Bravo(conf-if-gi-3/21-lacp)#port-channel 10 mode active Bravo(conf-if-gi-3/21-lacp)#no shut Bravo(conf-if-gi-3/21)#end interface GigabitEthernet 3/21...
Page 432 Figure 56. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP)
Page 433 Figure 57. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP)
Page 434 Figure 58. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection.
Page 435: Layer 2
Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries •...
Page 436: Configuring A Static Mac Address
Recovering from Learning Limit and Station Move Violations Dell Networking OS Behavior: When configuring the MAC learning limit on a port or VLAN, the configuration is accepted (becomes part of running-config and show mac learning-limit interface) before the system verifies that sufficient CAM space exists. If...
Page 437: Setting The Mac Learning Limit
Entries created before this option is set are not affected. Dell Networking OS Behavior: If you do not configure the dynamic option, the system does not detect station moves in which a MAC address learned from a MAC-limited port is learned on another port on the same system.
Page 438: Mac Learning-Limit Station-Move
EXEC Privilege mode show mac learning-limit Dell Networking OS Behavior: The systems do not generate a station-move violation log entry for physical interfaces or port-channels when you configure mac learning-limit or when you configure mac learning-limit station-move-violation log. Dell Networking OS detects a station-move violation only when you configure mac learning-limit dynamic and logs the violation only when you configure the mac learning-limit station-move-violation log, as shown in the following example.
Page 439: Setting Station Move Violation Actions
Setting Station Move Violation Actions no-station-move is the default behavior. You can configure the system to take an action if a station move occurs using one the following options with the mac learning-limit command. To display a list of interfaces configured with MAC learning limit or station move violation actions, use the following commands. •...
Page 440: Disabling Mac Address Learning On The System
ARP is resolved (in the previous example, this location is Port 0/5 of the switch). To ensure that the MAC address is disassociated with one port and reassociated with another port in the ARP table, the no mac-address-table station-move refresh-arp command should not be configured on the Dell Networking switch at the time that NIC teaming is being configured on the server. Layer 2...
Page 441: Configure Redundant Pairs
Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces.
Page 442 Figure 61. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command. Initially, the primary interface is active and transmits traffic and the backup interface remains down. If the primary fails for any reason, the backup transitions to an active Up state.
Page 443: Important Points About Configuring Redundant Pairs
GigabitEthernet 3/42 no shutdown interface GigabitEthernet 3/42 no ip address switchport no shutdown Dell(conf-if-range-Gi-3/41-42)# Dell(conf-if-range-Gi-3/41-42)#do show ip int brief | find 3/41 GigabitEthernet 3/41 unassigned YES Manual up GigabitEthernet 3/42 unassigned NO Manual up down [output omitted]...
Page 444: Far-End Failure Detection
Port-channel 2 Standby Port-channel 1 Active Dell# Dell(conf-if-po-1)#switchport backup interface gigabitethernet 1/2 Apr 9 00:16:29: %STKUNIT0-M:CP %IFMGR-5-L2BKUP_WARN: Do not run any Layer2 protocols on Po 1 and Gi 1/2 Dell(conf-if-po-1)# Far-End Failure Detection Far-end failure detection (FEFD) is a protocol that senses remote data link errors in a network. FEFD responds by sending a unidirectional report that triggers an echoed response after a specified time interval.
Page 445: Fefd State Changes
You can enable FEFD globally or on a per-interface basis. Interface FEFD configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. • FEFD is not supported on Fibre Channel and copper Ethernet ports.
Page 446: Configuring Fefd
Gi 1/3 Normal 3 Admin Shutdown Gi 1/4 Normal 3 Admin Shutdown Dell#show run fefd fefd-global mode normal fefd-global interval 3 Enabling FEFD on an Interface To enable, change, or disable FEFD on an interface, use the following commands. •...
Page 447: Debugging Fefd
Dell(conf-if-gi-1/1)#shutdown 2w1d22h: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Gi 1/1 Dell(conf-if-gi-1/1)#2w1d22h : FEFD state on Gi 1/1 changed from ANY to Unknown 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Gi 1/1 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Gi 4/1...
Page 448 2w1d22h: %RPM0-P:CP %IFMGR-5-INACTIVE: Changed Vlan interface state to inactive: Vl 1 2w1d22h : FEFD state on Gi 4/1 changed from Bi-directional to Unknown Dell#debug fefd packets Dell#2w1d22h : FEFD packet sent via interface Gi 1/1 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Gi 1/1)
Page 449: Link Layer Discovery Protocol (Lldp)
Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Page 450: Optional Tlvs
Organizationally Specific TLVs. Figure 64. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs A management TLV is an optional TLVs sub-type. This kind of TLV contains essential management information about the sender.
Page 451 Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs.
Page 452: Tia-1057 (Lldp-Med) Overview
• LLDP-MED Network Connectivity Device — any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: •...
Page 453 Inventory Management TLVs Implementation of this set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. Dell Networking OS does not currently support these TLVs. Inventory — Hardware Revision Indicates the hardware revision of the LLDP-MED device.
Page 454 • The possible values of the LLDP-MED device type are shown in the following. The Dell Networking system is a network connectivity device, which is Type 4. When you enable LLDP-MED in Dell Networking OS (using the advertise med command), the system begins transmitting this TLV.
Page 455 An integer represents the application type (the Type integer shown in the following table), which indicates a device function for which a unique network policy is defined. An individual LLDP-MED network policy TLV is generated for each application type that you specify with the Dell Networking OS CLI (Advertising TLVs).
Page 456: Configure Lldp
Advertise the extended power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • Power Type — there are two possible power types: power source entity (PSE) or power device (PD). The Dell Networking system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification.
Page 457: Lldp Compatibility
LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuration Negate a command or set its defaults show Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface gigabitethernet 1/3 Dell(conf-if-gi-1/3)#protocol lldp Dell(conf-if-gi-1/3-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol on this interface...
Page 458: Disabling And Undoing Lldp
Disabling and Undoing LLDP To disable or undo LLDP, use the following command. • Disable LLDP globally or for an interface. disable To undo an LLDP configuration, precede the relevant command with the keyword no. Enabling LLDP on Management Ports LLDP on management ports is enabled by default.
Page 459 To advertise TLVs, use the following commands. Enter LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp Advertise one or more TLVs. PROTOCOL LLDP mode advertise {dcbx-appln-tlv | dcbx-tlv | dot3-tlv | interface-port-desc | management-tlv | med } Include the keyword for each TLV you want to advertise. •...
Page 460: Viewing The Lldp Configuration
Dell(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description hello 10 no disable Dell(conf-lldp)# Dell(conf-lldp)#exit Dell(conf)#interface gigabitethernet 1/31 Dell(conf-if-gi-1/31)#show config interface GigabitEthernet 1/31 no ip address switchport no shutdown Dell(conf-if-gi-1/31)#protocol lldp Dell(conf-if-gi-1/31-lldp)#show config protocol lldp...
Page 461: Examples Of Viewing Information Advertised By Neighbors
Examples of Viewing Information Advertised by Neighbors Example of Viewing Brief Information Advertised by Neighbors DellEMC(conf-if-gi-1/3-lldp)#end Dell (conf-if-gi-1/3)#do show lldp neighbors Loc PortID Rem Host Name Rem Port Id Rem Chassis Id -------------------------------------------------------------------- Gi 1/1 GigabitEthernet 1/5 00:01:e8:05:40:46 Gi 1/2...
Page 462: Configuring Lldpdu Intervals
----------------------------------------------------------------------- Remote Chassis ID Subtype: Mac address (4) Remote Chassis ID: 00:00:00:00:00:01 Remote Port Subtype: Interface name (5) Remote Port ID: TenGigabitEthernEt 0/38 Local Port ID: GigabitEthernet 1/3 Locally assigned remote Neighbor Index: 1 Remote TTL: Information valid for next 107 seconds Time since last information change of this neighbor: 00:00:13 ---------------------------------------------------------------------------...
Page 463: Configuring Lldp Notification Interval
advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Configuring LLDP Notification Interval This implementation has been introduced to adhere to the IEEE 802.1AB standard. This implementation allows a user to configure the LLDP notification interval between 5 (default) and 3600 seconds.
Page 464: Configuring The Time To Live Value
Rx only Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Configuring the Time to Live Value...
Page 465: Debugging Lldp
Debugging LLDP You can view the TLVs that your system is sending and receiving. To view the TLVs, use the following commands. • View a readable version of the TLVs. debug lldp brief • View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU, including unrecognized TLVs. debug lldp detail To stop viewing the LLDP TLVs sent and received by the system, use the no debug lldp command.
Page 466: Relevant Management Objects
23:22:40 : TLV: UNKNOWN TLV, Type: 9 Len: 4, Value: Dell 23:22:40 : TLV: UNKNOWN TLV, Type: 10 Len: 4, Value: Dell 23:22:40 : TLV: UNKNOWN TLV, Type: 11 Len: 4, Value: Dell 23:22:40 : TLV: UNKNOWN TLV, Type: 12 Len: 4, Value: Dell...
Page 467 MIB Object LLDP Variable LLDP MIB Object Description Category statsTLVsUnrecognizedTotal lldpStatsRxPortTLVsUnrecognizedTot Total number of all TLVs the local agent does not recognize. Table 39. LLDP System MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object Chassis ID chassis ID subtype Local lldpLocChassisIdSubtype...
Page 468 TLV Type TLV Name TLV Variable System LLDP MIB Object Local lldpLocManAddrOID Remote lldpRemManAddrOID Table 40. LLDP 802.1 Organizationally specific TLV MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object Port-VLAN ID PVID Local lldpXdot1LocPortVlanId Remote lldpXdot1RemPortVlanId Port and Protocol VLAN ID port and protocol VLAN Local...
Page 469 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Remote lldpXMedRemMediaPolicyA ppType Unknown Policy Flag Local lldpXMedLocMediaPolicyUn known Remote lldpXMedLocMediaPolicyUn known Tagged Flag Local lldpXMedLocMediaPolicyTa gged Remote lldpXMedLocMediaPolicyTa gged VLAN ID Local lldpXMedLocMediaPolicyVl anID Remote lldpXMedRemMediaPolicyV lanID L2 Priority Local lldpXMedLocMediaPolicyPri ority...
Page 470 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object lldpXMedLocXPoEPSEPort PDPriority lldpXMedRemXPoEPSEPo Remote werPriority lldpXMedRemXPoEPDPow erPriority lldpXMedLocXPoEPSEPort Power Value Local PowerAv lldpXMedLocXPoEPDPowe rReq lldpXMedRemXPoEPSEPo Remote werAv lldpXMedRemXPoEPDPow erReq Link Layer Discovery Protocol (LLDP)
Page 471: Microsoft Network Load Balancing
Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
Page 472: Limitations Of The Nlb Feature
ARP request is sent to a server cluster, either the active server or all the servers send a reply, depending on the cluster configuration. If the active server sends a reply, the Dell switch learns the active server’s MAC address. If all servers reply, the switch registers only the last received ARP reply and the switch learns one server’s actual MAC address;...
Page 473: Enabling A Switch For Multicast Nlb
NOTE: When you use the mac-address-table static multicast-mac-address command in a VLT setup, Dell Networking OS recommends to add VLTi as one of the egress interfaces along with other cluster facing interfaces. Microsoft Network Load Balancing...
Page 474: Multicast Source Discovery Protocol (Msdp)
Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Page 475: Anycast Rp
RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 72.
Page 476: Implementation Information
New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell Networking OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446. Configure Multicast Source Discovery Protocol Configuring MSDP is a four-step process.
Page 477 Figure 73. Configuring Interfaces for MSDP Multicast Source Discovery Protocol (MSDP)
Page 478 Figure 74. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP)
Page 479 Figure 75. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP)
Page 480: Enable Msdp
Figure 76. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. Enable MSDP. CONFIGURATION mode ip multicast-msdp Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 Multicast Source Discovery Protocol (MSDP)
Page 481: Manage The Source-Active Cache
Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking OS caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the reverse path forwarding (RPF) and policy check.
Page 482: Clearing The Source-Active Cache
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries.
Page 483 Figure 77. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP)
Page 484 Figure 78. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP)
Page 485: Specifying Source-Active Messages
If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check. Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50...
Page 486: Limiting The Source-Active Messages From A Peer
24.0.50.2 200.0.0.50 10.0.50.2 00:13:49 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 00:13:49 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 10.0.50.2 Rpf-Fail 00:33:18 229.0.50.65...
Page 487: Preventing Msdp From Caching A Remote Source
R1_E600(conf)#do show ip msdp sa-cache R1_E600(conf)#do show ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands.
Page 488: Logging Changes In Peership States
Example of Verifying the System is not Advertising Local Sources In the following example, R1 stops advertising source 10.11.4.2. Because it is already in the SA cache of R3, the entry remains there until it expires. [Router 1] R1(conf)#do show run msdp ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter...
Page 489: Clearing Peer Statistics
Output (S,G) filter: none [Router 1] R1(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command.
Page 490: Msdp With Anycast Rp
03:17:10 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:17:27 : MSDP-0: Peer 192.168.0.3, sent Source Active msg Input (S,G) filter: none Output (S,G) filter: none MSDP with Anycast RP Anycast RP uses MSDP with PIM-SM to allow more than one active group to use RP mapping. PIM-SM allows only active groups to use RP mapping, which has several implications: •...
Page 491: Configuring Anycast Rp
Figure 80. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address.
Page 492: Reducing Source-Active Message Flooding
Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect-source. CONFIGURATION mode ip msdp peer Advertise the network of each of the unique Loopback addresses throughout the network. ROUTER OSPF mode network Reducing Source-Active Message Flooding RPs flood source-active messages to all of their peers away from the RP.
Page 493 interface Loopback 1 ip address 192.168.0.11/32 no shutdown router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.11/32 area 0 ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.22 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.22 ip msdp originator-id Loopback 1! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4...
Page 494: Msdp Sample Configurations
The following example shows an R3 configuration for MSDP with Anycast RP. ip multicast-routing interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown router ospf 1...
Page 495 interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 MSDP Sample Configuration: R2 Running-Config ip multicast-routing interface GigabitEthernet 2/1...
Page 496 ip address 10.11.6.34/24 no shutdown interface ManagementEthernet 1/1 ip address 10.11.80.3/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100...
Page 497: Multiple Spanning Tree Protocol (Mstp)
Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
Page 498: Spanning Tree Variations
Implementation Information MSTP is implemented as follows in Dell Networking OS: • The Dell Networking OS MSTP implementation is based on IEEE 802.1Q-2003 and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP.
Page 499: Related Configuration Tasks
• Creating Multiple Spanning Tree Instances • Adding and Removing Interfaces • Influencing MSTP Root Selection • Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters •...
Page 500: Creating Multiple Spanning Tree Instances
All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID...
Page 501: Influencing Mstp Root Selection
For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for the name and revision number must match on all Dell Networking OS devices. If there are non-Dell devices that participate in MSTP, ensure these values match on all devices.
Page 502: Changing The Region Name Or Revision
Max-hops — the maximum number of hops a BPDU can travel before a receiving switch discards it. NOTE: Dell Networking recommends that only experienced network administrators change MSTP parameters. Poorly planned modification of MSTP parameters can negatively affect network performance.
Page 503: Modifying The Interface Parameters
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. Change the max-age parameter. PROTOCOL MSTP mode max-age seconds The range is from 6 to 40.
Page 504: Configuring An Edgeport
To enable EdgePort on an interface, use the following command. • Enable EdgePort on an interface. INTERFACE mode spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: Multiple Spanning Tree Protocol (MSTP)
Page 505: Flush Mac Addresses After A Topology Change
Dell(conf-if-gi-3/11)# Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes. However, you may activate the flushing mechanism defined by 802.1Q-2003 using the tc-flush-standard command, which flushes MAC addresses after every topology change notification.
Page 506: Router 1 Running-Configurationrouter 2 Running-Configurationrouter 3 Running-Configurationsftos Example Running-Configuration
Figure 82. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. Assign Layer-2 interfaces to the MSTP topology. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
Page 507 interface Vlan 300 no ip address tagged GigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. Assign Layer-2 interfaces to the MSTP topology. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
Page 508 MSTI 2 VLAN 200,300 (Step 2) interface GigabitEthernet 3/11 no ip address switchport no shutdown interface GigabitEthernet 3/21 no ip address switchport no shutdown (Step 3) interface Vlan 100 no ip address tagged GigabitEthernet 3/11,21 no shutdown interface Vlan 200 no ip address tagged GigabitEthernet 3/11,21 no shutdown...
Page 509: Debugging And Verifying Mstp Configurations
Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp protocol spanning-tree mstp name Tahiti...
Page 510 Dell# 4w0d4h : MSTP: Sending BPDU on Gi 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x6e CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 Regional Bridge Id: 32768:0001.e806.953e, CIST Port Id: 128:470 Msg Age: 0, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver3 Len: 96 Name: Tahiti, Rev: 123, Int Root Path Cost: 0 Rem Hops: 20, Bridge Id: 32768:0001.e806.953e...
Page 511: Multicast Features
Because protocol control traffic in the Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, the Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic.
Page 512: Multicast Policies
IGMP and MLD to resume. • If you decrease the limit after it is reached, the Dell Networking OS does not clear the existing sessions. Entries are cleared after a timeout (you may also clear entries using the clear ip mroute command).
Page 513 Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, the Dell Networking OS clears the multicast routing table and re-learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists.
Page 514 Figure 83. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 44. Preventing a Host from Joining a Group — Description Location Description 1/21 • Interface GigabitEthernet 1/21 •...
Page 515 Location Description • no shutdown • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface GigabitEthernet 2/31 •...
Page 516 Preventing a PIM Router from Forming an Adjacency To prevent a router from participating in PIM (for example, to configure stub multicast routing), use the following command. • Prevent a router from participating in PIM. INTERFACE mode ip pim neighbor-filter Preventing a Source from Registering with the RP To prevent the PIM source DR from sending register packets to route processor (RP) for the specified multicast source and group, use the following command.
Page 517 Figure 84. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 45. Preventing a Source from Transmitting to a Group — Description Location Description 1/21 • Interface GigabitEthernet 1/21 •...
Page 518 Location Description • no shutdown • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface GigabitEthernet 2/31 •...
Page 519: Understanding Multicast Traceroute (Mtrace)
To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
Page 520: Important Points To Remember
MTRACE Transit — when a Dell Networking system is an intermediate router between the source and destination in an MTRACE query, Dell Networking OS computes the RPF neighbor for the source, fills in the request, and forwards the request to the RPF neighbor.
Page 521: Supported Error Codes
• Source Network/Mask — source mask Example of the mtrace Command to View the Network Path The following is an example of tracing a multicast route. R1>mtrace 103.103.103.3 1.1.1.1 226.0.0.3 Type Ctrl-C to abort. Querying reverse path for source 103.103.103.3 to destination 1.1.1.1 via group 226.0.0.3 From source (?) to destination (?) ----------------------------------------------------------------- |Hop|...
Page 522: Mtrace Scenarios
The response data block filled in by the last-hop router contains a Forwarding code field. Forwarding code can be added at any node and is not restricted to the last hop router. This field is used to record error codes before forwarding the response to the next neighbor in the path towards the source.
Page 523 Scenario Output 103.103.103.3 --> Source -------------------------------------------------------------- ---- R1>mtrace 103.103.103.3 1.1.1.1 226.0.0.3 You can issue the mtrace command Type Ctrl-C to abort. specifying the source multicast tree and multicast group without specifying the Querying reverse path for source 103.103.103.3 via group destination.
Page 524 Scenario Output 103.103.103.0/24 2.2.2.1 103.103.103.0/24 103.103.103.3 --> Source -------------------------------------------------------------- ---- R1>mtrace 3.3.3.3 1.1.1.1 226.0.0.3 You can issue the mtrace command by Type Ctrl-C to abort. providing the source and multicast information. However, if the multicast group Querying reverse path for source 3.3.3.3 to destination is a shared group (*,G), then mtrace traces 1.1.1.1 via group 226.0.0.3 From source (?) to destination (?)
Page 525 Scenario Output 10.10.10.1 No route default -------------------------------------------------------------- ---- R1>mtrace 6.6.6.6 4.4.4.5 If a multicast tree is not formed due to a Type Ctrl-C to abort. configuration issue (for example, PIM is not enabled on one of the interfaces on the Querying reverse path for source 6.6.6.6 to destination path), you can invoke a weak mtrace to 4.4.4.5 via RPF...
Page 526 Scenario Output 2.2.2.1 99.99.0.0/16 * * * * -------------------------------------------------------------- ---- R1>mtrace 99.99.99.99 1.1.1.1 If there is no response for mtrace even after Type Ctrl-C to abort. switching to expanded hop search, the command displays an error message. Querying reverse path for source 99.99.99.99 to destination 1.1.1.1 via RPF From source (?) to destination (?) * * * * switching to hop-by-hop:...
Page 527 Scenario Output -------------------------------------------------------------- scenario, a corresponding error message is displayed. |Hop| OIF IP |Proto| Forwarding Code |Source Network/ Mask| -------------------------------------------------------------- 4.4.4.5 --> Destination 4.4.4.4 6.6.6.0/24 20.20.20.2 6.6.6.0/24 10.10.10.1 Wrong interface 6.6.6.0/24 -------------------------------------------------------------- ---- R1>mtrace 6.6.6.6 4.4.4.5 Type Ctrl-C to abort. Querying reverse path for source 6.6.6.6 to destination 4.4.4.5 via RPF From source (?) to destination (?)
Page 528: Object Tracking
IPv4 or IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking OS client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes.
Page 529: Track Layer 2 Interfaces
Figure 85. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. •...
Page 530: Track Ipv4 And Ipv6 Routes
For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. • The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes. •...
Page 531: Set Tracking Delays
Track Layer 3 Interfaces • Track an IPv4/IPv6 Route For a complete listing of all commands related to object tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that tracks the line-protocol state of a Layer 2 interface and monitors its operational status (UP or DOWN).
Page 532: Tracking A Layer 3 Interface
The text string can be up to 80 characters. (Optional) Display the tracking configuration and the tracked object’s status. EXEC Privilege mode show track object-id Example of Configuring Object Tracking Dell(conf)#track 100 interface gigabitethernet 1/1 line-protocol Dell(conf-track-100)#delay up 20 Dell(conf-track-100)#description San Jose data center Dell(conf-track-100)#end Dell#show track 100...
Page 533 Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface The following is an example of configuring object tracking for an IPv4 interface: Dell(conf)#track 101 interface gigabitethernet 1/2 ip routing Dell(conf-track-101)#delay up 20 Dell(conf-track-101)#description NYC metro...
Page 534: Track An Ipv4/Ipv6 Route
For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. • The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes.
Page 535 Dell(conf-track-104)#delay up 20 down 10 Dell(conf-track-104)#end Dell#show track 104 Track 104 IP route 10.0.0.0/8 reachability Reachability is Down (route not in route table) 2 changes, last change 00:02:49 Tracked by: Dell#configure Dell(conf)#track 4 ip route 3.1.1.0/24 reachability vrf vrf1 Object Tracking...
Page 536 The following example configures object tracking on the reachability of an IPv6 route: Dell(conf)#track 105 ipv6 route 1234::/64 reachability Dell(conf-track-105)#delay down 5 Dell(conf-track-105)#description Headquarters Dell(conf-track-105)#end Dell#show track 105 Track 105 IPv6 route 1234::/64 reachability Description: Headquarters Reachability is Down (route not in route table)
Page 537: Displaying Tracked Objects
Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv4 route: Dell(conf)#track 6 ip route 2.1.1.0/24 metric threshold Dell(conf-track-6)#delay down 20 Dell(conf-track-6)#delay up 20 Dell(conf-track-6)#description track ip route metric...
Page 538 IP Route Resolution ISIS OSPF IPv6 Route Resolution ISIS Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is GigabitEthernet 1/4...
Page 539: Open Shortest Path First (Ospfv2 And Ospfv3)
Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS).
Page 540: Area Types
Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers. An area within the AS may not see the details of another area’s topology.
Page 541: Networks And Neighbors
Each router has a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router’s IP address reflect each other.
Page 542 Figure 87. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example.
Page 543: Designated And Backup Designated Routers
OSPF routers on the network segment are listening on. These router designations are not the same ad the router IDs described earlier. The DRs and BDRs are configurable in Dell Networking OS. If you do not define DR or BDR, the system assigns them. OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR.
Page 544: Router Priority And Cost
• Type 7: External LSA — Routers in an NSSA do not receive external LSAs from ABRs, but are allowed to send external routing information for redistribution. They use Type 7 LSAs to tell the ABRs about these external routes, which the ABR then translates to Type 5 external LSAs and floods as normal to the rest of the OSPF network.
Page 545: Ospf With Dell Networking Os
OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF. OSPFv2 and OSPFv3 can co-exist but you must configure them individually. Dell Networking OS supports stub areas, totally stub (no summary) and not so stubby areas (NSSAs) and supports the following LSAs, as described earlier.
Page 546: Graceful Restart
When the restarting router completes its restart, it flushes the Type 9 and 11 LSAs, notifying its neighbors that the restart is complete. This notification happens before the grace period expires. Dell Networking routers support the following OSPF graceful restart functionality: •...
Page 547: Fast Convergence (Ospfv2, Ipv4 Only)
In Dell Networking OS, the OSPF dead interval value is, by default, set to 40 seconds, and is independent of the OSPF hello interval. Configuring a hello interval does not change the dead interval in Dell Networking OS. In contrast, the OSPF dead interval on a Cisco router is, by default, four times as long as the hello interval.
Page 548: Configuration Information
In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell (conf-if-gi-2/2)#ip ospf dead-interval 20 Dell (conf-if-gi-2/2)#do show ip os int gigabitethernet 1/3 GigabitEthernet 2/2 is up, line protocol is up Internet Address 20.0.0.1/24, Area 0 Process ID 10, Router ID 1.1.1.2, Network Type BROADCAST, Cost: 1...
Page 549: Router Ospf
Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#end Dell# For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback). By default, OSPF, similar to all routing protocols, is disabled.
Page 550 In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described.
Page 551 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out to all physical interfaces assigned an IP address that is a subset of a network on which OSPF is enabled.
Page 552 Loopback interfaces also help the OSPF process. OSPF picks the highest interface address as the router-id and a Loopback interface address has a higher precedence than other interface addresses. Example of Viewing OSPF Status on a Loopback Interface Dell#show ip ospf 1 int GigabitEthernet 1/23 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.2, Network Type BROADCAST, Cost: 1...
Page 553 Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID Router Network S-Net S-ASBR Type-7 Subtotal 2.2.2.2...
Page 554 When disabled, the parameter is set at 0. NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support. Examples of the fast-converge Command In the following examples, Convergence Level shows the fast-converge parameter setting and Min LSA origination shows the LSA parameters (shown in bold).
Page 555 Dell# Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors.
Page 556 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface GigabitEthernet 1/1 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.2.100...
Page 557 Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • grace period — the length of time the graceful restart process can last before OSPF terminates it.
Page 558 After you enable restart mode the router advertises the neighbor as fully adjacent during a restart. For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to the following.
Page 559 Example of Viewing OSPF Configuration after Redistributing Routes To view the current OSPF configuration, use the show running-config ospf command in EXEC mode or the show config command in ROUTER OSPF mode. Dell(conf-router_ospf)#show config router ospf 34 network 10.1.2.32 0.0.0.255 area 2.2.2.2 network 10.1.3.24 0.0.0.255 area 3.3.3.3...
Page 560: Show Ip Ospf Database
• Have you enabled OSPF globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the interfaces configured for Layer 3 correctly? • Is the router in the correct area type? • Have the routes been included in the OSPF database? •...
Page 561 Example of Viewing OSPF Configuration Dell#show run ospf router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 ipv6 router ospf 999 default-information originate always router-id 10.10.10.10 Dell# Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations.
Page 562: Configuration Task List For Ospfv3 (Ospf For Ipv6)
interface Loopback 10 ip address 192.168.100.100/24 no shutdown OSPF Area 0 — Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 interface Loopback 30 ip address 192.168.100.100/24 no shutdown interface GigabitEthernet 3/1 ip address 10.1.13.3/24 no shutdown interface GigabitEthernet 3/2...
Page 563: Enabling Ipv6 Unicast Routing
To set the interval time between the reception of topology changes and calculation of SPF in milli seconds, use the timers spf delay holdtime msec command. Example Dell#conf Dell(conf)#ipv6 router ospf 1 Dell(conf-ipv6-router_ospf)#timer spf 2 5 msec Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#show config ipv6 router ospf 1 timers spf 2 5 msec...
Page 564: Assigning Ipv6 Addresses On An Interface
Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands. Assign an IPv6 address to the interface. CONF-INT-type slot/port mode ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits; separate each group by a colon (:). The format is A:B:C::F/128.
Page 565: Assigning Ospfv3 Process Id And Router Id To A Vrf
• number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Assigning OSPFv3 Process ID and Router ID to a VRF To assign, disable, or reset OSPFv3 on a non-default VRF, use the following commands.
Page 566: Configuring Passive-Interface
• Area ID: a number or IP address assigned when creating the area. You can represent the area ID as a number from 0 to 65536 if you assign a dotted decimal format rather than an IP address. Configuring Passive-Interface To suppress the interface’s participation on an OSPFv3 interface, use the following command.
Page 567: Enabling Ospfv3 Graceful Restart
CONF-IPV6-ROUTER-OSPF mode default-information originate [always [metric metric-value] [metric-type type-value]] [route- map map-name] Configure the following required and optional parameters: • always: indicate that default route information is always advertised. • metric metric-value: The range is from 0 to 4294967295. • metric-type metric-type: enter 1 for OSPFv3 external route type 1 OR 2 for OSPFv3 external route type 2.
Page 568 30.1.1.0/24 area 0 ipv6 router ospf 1 log-adjacency-changes graceful-restart grace-period 180 The following example shows the show ipv6 ospf database database-summary command. Dell#show ipv6 ospf database database-summary OSPFv3 Router with ID (200.1.1.1) (Process ID 1) Process 1 database summary Type Count/Status...
Page 569: Ospfv3 Authentication Using Ipsec
ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
Page 570 You decide the set of IPsec protocols that are employed for authentication and encryption and the ways in which they are employed. When you correctly implement and deploy IPsec, it does not adversely affect users or hosts. AH and ESP are designed to be cryptographic algorithm-independent.
Page 571 • Enable IPsec authentication for OSPFv3 packets on an IPv6-based interface. INTERFACE mode ipv6 ospf authentication {null | ipsec spi number {MD5 | SHA1} [key-encryption-type] key} • null: causes an authentication policy configured for the area to not be inherited on the interface. •...
Page 572 • key-authentication-type: (optional) specifies if the authentication key is encrypted. The valid values are 0 or 7. • Remove an IPsec encryption policy from an interface. no ipv6 ospf encryption ipsec spi number • Remove null encryption on an interface to allow the interface to inherit the encryption policy configured for the OSPFv3 area. no ipv6 ospf encryption null •...
Page 573 NOTE: When you configure encryption using the area encryption command, you enable both IPsec encryption and authentication. However, when you enable authentication on an area using the area authentication command, you do not enable encryption at the same time. If you have enabled IPsec authentication in an OSPFv3 area using the area authentication command, you cannot use the area encryption command in the area at the same time.
Page 574 Outbound ESP Cipher Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set : esp-128-aes esp-sha1-hmac The following example shows the show crypto ipsec sa ipv6 command. Dell#show crypto ipsec sa ipv6 Interface: GigabitEthernet 1/1 Link Local address: fe80::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 inbound ah sas...
Page 575: Troubleshooting Ospfv3
STATUS : ACTIVE inbound esp sas outbound esp sas Interface: GigabitEthernet 1/2 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas...
Page 576 show ipv6 route [vrf vrf-name] summary • View the summary information for the OSPFv3 database. EXEC Privilege mode show ipv6 ospf [vrf vrf-name] database • View the configuration of OSPFv3 neighbors. EXEC Privilege mode show ipv6 ospf [vrf vrf-name] neighbor •...
Page 577: Policy-Based Routing (Pbr)
Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look up an entry in a routing table.
Page 578: Implementing Pbr
• If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: You can provide a tunnel ID for a redirect rule.
Page 579: Create A Redirect List
The Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Because the order of rules is important, ensure that you configure any necessary sequence numbers.
Page 580 Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 ? Mask A.B.C.D or /nn Mask in dotted decimal or in slash format Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 ? Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 Dell(conf-redirect-list)#do show ip redirect-list IP redirect-list xyz: Defined as: seq 5 redirect 3.3.3.3 ip host 222.1.1.1 host 77.1.1.1...
Page 581: Apply A Redirect-List To An Interface Using A Redirect-Group
Dell(conf-redirect-list)# NOTE: Starting with the Dell Networking OS version 9.4(0.0), the use of multiple recursive routes with the same source-address and destination-address combination in a redirect policy on an router. A recursive route is a route for which the immediate next-hop address is learned dynamically through a routing protocol and acquired through a route lookup in the routing table.
Page 582 In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration, use the following commands.
Page 583: Sample Configuration
Example: Showing CAM PBR Configuration Dell#show cam pbr stack-unit 1 port-set 0 TCP Flag: Bit 5 - URG, Bit 4 - ACK, Bit 3 - PSH, Bit 2 - RST, Bit 1 - SYN, Bit 0 - FIN...
Page 584: Create The Redirect-List Goldassign Redirect-List Gold To Interface 2/11View Redirect-List Gold
Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 tcp any any Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp any host 144.144.144.144 Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the Status of the Track Objects (Up/Down):...
Page 585 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp any any Dell(conf-redirect-list)#redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp any any...
Page 586 Dell(conf-if-te-2/28)#exit Dell(conf)#end Verify the Applied Redirect Rules: Dell#show ip redirect-list explicit_tunnel IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144, Track 1 [up], Next-...
Page 587: Pim Sparse-Mode (Pim-Sm)
The SPT-Threshold is zero, which means that the last-hop designated router (DR) joins the shortest path tree (SPT) to the source after receiving the first multicast packet. • Dell Networking OS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. •...
Page 588: Refuse Multicast Traffic
SPT to the source with a Prune message. Dell Networking OS Behavior: When the router creates an SPT to the source, there are then two paths between the receiver and the source, the SPT and the RPT. Until the router can prune itself from the RPT, the receiver receives duplicate multicast packets which may cause disruption.
Page 589: Related Configuration Tasks
Enable PIM-Sparse mode. INTERFACE mode ip pim sparse-mode Examples of Viewing PIM-SM Information To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface Ver/ Query Mode...
Page 590: Configuring S,G Expiry Timers
5 permit ip 10.1.2.0/24 225.1.1.0/24 seq 10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf)#ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer To display the expiry time configuration, use the show running-configuration pim command from EXEC Privilege mode. PIM Sparse-Mode (PIM-SM)
Page 591: Configuring A Static Rendezvous Point
226.1.1.1 165.87.50.5 To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configuring a Designated Router Multiple PIM-SM routers might be connected to a single local area network (LAN) segment.
Page 592: Creating Multicast Boundaries And Domains
• Change the interval at which a router sends hello messages. INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs).
Page 593: Pim Source-Specific Mode (Pim-Ssm)
SPT. PIM-SSM uses IGMPv3. Because receivers subscribe to a source and group, the RP and shared tree is unnecessary; only SPTs are used. On Dell Networking systems, it is possible to use PIM-SM with IGMPv3 to achieve the same result, but PIM-SSM eliminates the unnecessary protocol overhead.
Page 594: Configure Pim-Ssm
Then, specify the multicast source. • When an SSM map is in place and Dell Networking OS cannot find any matching access lists for a group, it continues to create (*,G) entries because there is an implicit deny for unspecified groups in the ACL.
Page 595: Configuring Pim-Ssm With Igmpv2
To display the source to which a group is mapped, use the show ip igmp ssm-map [group] command. If you use the group option, the command displays the group-to-source mapping even if the group is not currently in the IGMP group table. If you do not specify the group option, the display is a list of groups currently in the IGMP group table that has a group-to-source mapping.
Page 596: Electing An Rp Using The Bsr Mechanism
When you configure an RP candidate, its advertisement is sent to the entire multicast address range and the group-to-RP mapping is advertised for the entire range of multicast address. Starting with Dell Networking OS 9.11.0.0, you can configure an RP candidate for a specified range of multicast group address.
Page 597 ip pim [vrf vrf-name] rp-Candidate interface [priority] [acl-name] The specified acl-list is associated to the rp-candidate. NOTE: You can create the ACL list of multicast prefix using the ip access-list standard command. PIM Source-Specific Mode (PIM-SSM)
Page 598: Port Monitoring
• In general, a monitoring port should have no ip address and no shutdown as the only configuration; Dell Networking OS permits a limited set of commands for monitoring ports. You can display these commands using the ? command. A monitoring port also may not be a member of a VLAN.
Page 599: Port Monitoring
Gi 2/5 both Port Dell(conf-mon-sess-5)# Dell(conf)#mon ses 300 Dell(conf-mon-sess-300)#source gig 1/17 destination gig 1/4 direction tx % Error: Exceeding max MG ports for this MD port pipe. Dell(conf-mon-sess-300)# Dell(conf-mon-sess-300)#source gig 1/17 destination gig 1/1 direction tx Dell(conf-mon-sess-300)#do show mon session...
Page 600 Figure 90. Port Monitoring Configurations Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs.
Page 601: Configuring Port Monitoring
This behavior might result in a difference between the number of egress packets on the MD port and monitored packets on the MG port. Dell Networking OS Behavior: The platform continues to mirror outgoing traffic even after an MD participating in spanning tree protocol (STP) transitions from the forwarding to blocking.
Page 602: Configuring Monitor Multicast Queue
Figure 91. Port Monitoring Example Configuring Monitor Multicast Queue To configure monitor QoS multicast queue ID, use the following commands. Configure monitor QoS multicast queue ID. CONFIGURATION mode monitor multicast-queue queue-id Dell(conf)#monitor multicast-queue 7 Verify information about monitor configurations. EXEC mode Port Monitoring...
Page 603: Enabling Flow-Based Monitoring
Specify the source and destination port and direction of traffic. MONITOR SESSION mode source source—port destination destination-port direction rx Define IP access-list rules that include the monitor keyword. For port monitoring, Dell Networking OS only considers traffic matching rules with the monitor keyword. CONFIGURATION mode...
Page 604: Remote Port Mirroring
Dell(conf-if-gi-1/1)#exit Dell(conf)#do show ip accounting access-list testflow Extended Ingress IP access list testflow on GigabitEthernet 1/1 Total cam count 4 seq 5 permit icmp any any 53 monitor 53 count bytes (0 packets 0 bytes) seq 10 permit ip 102.1.1.0/24 any monitor 53 count bytes (0 packets 0 bytes)
Page 605: Configuring Remote Port Mirroring
Figure 92. Remote Port Mirroring Configuring Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches).
Page 606 • The L3 interface configuration should be blocked for RPM VLAN. • The member port of the reserved VLAN should have MTU and IPMTU value as MAX+4 (to hold the VLAN tag parameter). • To associate with source session, the reserved VLAN can have at max of only 4 member ports. •...
Page 607: Displaying Remote-Port Mirroring Configurations
Port-channel 10 destination remote-vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode. Dell(conf)#do show monitor session SessID Source Destination...
Page 608 Configuring the sample Source Remote Port Mirroring Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#mode remote-port-mirroring Dell(conf-if-vl-10)#tagged gi 1/4 Dell(conf-if-vl-10)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source gi 1/5 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Dell(conf-mon-sess-1)#exit Dell(conf)#inte vlan 100 Dell(conf-if-vl-100)#tagged gi 1/7 Dell(conf-if-vl-100)#exit Dell(conf)#interface vlan 20...
Page 609 Dell(conf-if-vl-20)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged gi 1/3 Dell(conf-if-vl-30)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source remote-vlan 10 dest gi 1/4 Dell(conf-mon-sess-1)#exit Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source remote-vlan 20 destination gi 1/5 Dell(conf-mon-sess-2)#tagged destination gi 0/4 Dell(conf-mon-sess-2)#exit Dell(conf)#monitor session 3 type rpm...
Page 610: Encapsulated Remote Port Monitoring
NOTE: When configuring ERPM, follow these guidelines • The Dell Networking OS supports ERPM source session only. Encapsulated packets terminate at the destination IP address or at the analyzer. • You can configure up to four ERPM source sessions on switch.
Page 611 The following example shows an ERPM configuration: Dell(conf)#monitor session 0 type erpm Dell(conf-mon-sess-0)#source gigabitethernet 1/9 direction rx Dell(conf-mon-sess-0)#source port-channel 1 direction tx Dell(conf-mon-sess-0)#erpm source-ip 1.1.1.1 dest-ip 7.1.1.2 gre-protocol 111 Dell(conf-mon-sess-0)#no disable Dell(conf)#monitor session 1 type erpm Dell(conf-mon-sess-1)#source vlan 11 direction rx Dell(conf-mon-sess-1)#erpm source-ip 5.1.1.1 dest-ip 3.1.1.2 gre-protocol 139...
Page 612: Erpm Behavior On A Typical Dell Networking Os
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported.
Page 613: Port Monitoring On Vlt
RPM or ERPM monitoring between two VLT peers. As VLT devices are seen as a single device in the network, when a fail over occurs, the source or destination port on one of the VLT peers becomes inactive causing the monitoring session to fail. As a result, Dell Networking OS does not allow local Port mirroring based monitoring to be configured between VLT peers.
Page 614: Vlt Fail-Over Scenario
VLTi link is added as an implicit member of the RPM vlan. As a result, the mirrored traffic also reaches the peer VLT device effecting VLTi link's bandwidth usage. To mitigate this issue, the L2 VLT egress mask drops the duplicate packets that egress out of the VLT port. If the LAG status of the peer VLT device is OPER-UP, then the other VLT peer blocks the transmission of packets received through VLTi to its port or LAG.
Page 615 Scenario RPM Restriction Recommended Solution is connected through the VLT device, but not directly to the VLT device. Mirroring Orphan Ports across VLT Devices No restrictions apply to the RPM session. None. — In this scenario, an orphan port on the The following example shows the primary VLT device is mirrored to another configuration on the primary VLT...
Page 616: Private Vlans (Pvlan)
Private VLANs (PVLAN) The private VLAN (PVLAN) feature is supported on Dell Networking OS. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide.
Page 617: Using The Private Vlan Commands
• A switch can have one or more primary VLANs, and it can have none. • A primary VLAN has one or more secondary VLANs. • A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. •...
Page 618: Configuration Task List
Secondary VLANs are Layer 2 VLANs, so even if they are operationally down while primary VLANs are operationally up, Layer 3 traffic is still transmitted across secondary VLANs. Dell NOTE: The outputs of the show arp and show vlan commands provide PVLAN data. For more information, refer to the Networking OS Command Line Reference Guide .
Page 619: Creating A Primary Vlan
(ports not configured as PVLAN ports) to PVLANs. The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)#interface GigabitEthernet 2/1 Dell(conf-if-gi-2/1)#switchport mode private-vlan promiscuous Dell(conf)#interface GigabitEthernet 2/2 Dell(conf-if-gi-2/2)#switchport mode private-vlan host Dell(conf)#interface GigabitEthernet 2/3...
Page 620: Creating A Community Vlan
You can enter interfaces in numeric or in range format, either comma-delimited (slot/port,port,port) or hyphenated (slot/ port-port). You can only add promiscuous ports or PVLAN trunk ports to the PVLAN (no host or regular ports). (OPTIONAL) Assign an IP address to the VLAN. INTERFACE VLAN mode ip address ip address (OPTIONAL) Enable/disable Layer 3 communication between secondary VLANs.
Page 621 The following example shows the use of the PVLAN commands that are used in VLAN INTERFACE mode to configure the PVLAN member VLANs (primary, community, and isolated VLANs). Dell#conf Dell(conf)# interface vlan 10 Dell(conf-vlan-10)# private-vlan mode primary Dell(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 Dell(conf-vlan-10)# untagged Gi 2/1 Dell(conf-vlan-10)# tagged Gi 2/3 Dell(conf)# interface vlan 101 Dell(conf-vlan-101)# private-vlan mode community...
Page 622: Private Vlan Configuration Example
Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 94. Sample Private VLAN Topology The following configuration is based on the example diagram for the Z9500: • Te 1/1 and Te 1/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000. •...
Page 623: Inspecting The Private Vlan Configuration
[interface interface] This command is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. • Display the configured PVLANs or interfaces that are part of a PVLAN.
Page 624 The following example shows using the show vlan private-vlan mapping command. S50-1#show vlan private-vlan mapping Private Vlan: Primary : 4000 Isolated : 4003 Community : 4001 NOTE: In the following example, notice the addition of the PVLAN codes – P, I, and C – in the left column. The following example shows viewing the VLAN status.
Page 625: Per-Vlan Spanning Tree Plus (Pvst+)
For more information about spanning tree, refer to the Spanning Tree Protocol (STP) chapter. Figure 95. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Per-VLAN Spanning Tree Plus (PVST+)
Page 626: Implementation Information
• The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multivendor network, verify that the costs are values you intended.
Page 627: Disabling Pvst
no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode.
Page 628 Figure 96. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority.
Page 629: Modifying Global Pvst+ Parameters
• Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter.
Page 630: Modifying Interface Pvst+ Parameters
The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multi-vendor network, verify that the costs are values you intended.
Page 631: Configuring An Edgeport
There is no data loop in this scenario; however, you can employ PVST+ to avoid potential misconfigurations. If you enable PVST+ on the Dell Networking switch in this network, P1 and P2 receive BPDUs from each other. Ordinarily, the Bridge ID in the frame matches the Root ID, a loop is detected, and the rules of convergence require that P2 move to blocking state because it has the lowest port ID.
Page 632: Pvst+ Sample Configurations
Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.73f7...
Page 633 no ip address tagged GigabitEthernet 1/22,32 no shutdown interface Vlan 300 no ip address tagged GigabitEthernet 1/22,32 no shutdown protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configuration (R2) interface GigabitEthernet 2/12 no ip address switchport no shutdown interface GigabitEthernet 2/32 no ip address...
Page 634 protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096 Per-VLAN Spanning Tree Plus (PVST+)
Page 635: Quality Of Service (Qos)
This chapter describes how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 54. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features Feature...
Page 636 Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict-Priority Queueing Egress Weighted Random Early Detection Create WRED Profiles Egress Figure 98. Dell Networking QoS Architecture Topics: Quality of Service (QoS)
Page 637: Implementation Information
Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value. You cannot assign a dot1p value to an individual interface in a port-channel.
Page 638: Honoring Dot1P Priorities On Ingress Traffic
Honoring dot1p Priorities on Ingress Traffic By default, Dell Networking OS does not honor dot1p priorities on ingress traffic. You can configure this feature on physical interfaces and port-channels, but you cannot configure it on individual interfaces in a port channel.
Page 639: Configuring Port-Based Rate Policing
Dell Networking OS Behavior: Rate shaping is effectively rate limiting because of its smaller buffer size. Rate shaping on tagged ports is slightly greater than the configured rate and rate shaping on untagged ports is slightly less than configured rate.
Page 640: Policy-Based Qos Configurations
QoS Policy mode rate-shape Example of rate shape Command Dell#configure terminal Dell(conf)#interface gigabitethernet 1/1 Dell(conf-if-gi-1/1)#rate shape 500 50 Dell(conf-if-gi-1/1)#end Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 99. Constructing Policy-Based QoS Configurations...
Page 641: Classify Traffic
Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them.
Page 642 4. In cases such as these, where class-maps with overlapping ACL rules are applied to different queues, use the keyword order. Dell Networking OS writes to the CAM ACL rules with lower order numbers (order numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended.
Page 643 To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. In the following example, traffic is classified in two Queues, 1 and 2.
Page 644: Create A Qos Policy
NOTE: To avoid issues misconfiguration causes, Dell Networking recommends configuring either DCBX or Egress QoS features, but not both simultaneously. If you enable both DCBX and Egress QoS at the same time, the DCBX configuration is applied and unexpected behavior occurs on the Egress QoS.
Page 645 Setting a dot1p Value for Egress Packets To set a dot1p value for egress packets, use the following command. • Set a dscp or dot1p value for egress packets. QOS-POLICY-IN mode set mac-dot1p Creating an Output QoS Policy To create an output QoS policy, use the following commands. Create an output QoS policy.
Page 646: Create Policy Maps
When you assign a percentage to one queue, note that this change also affects the amount of bandwidth that is allocated to other queues. Therefore, whenever you are allocating bandwidth to one queue, Dell Networking recommends evaluating your bandwidth requirements for all other queues as well.
Page 647 Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP values. When you configure trust DSCP, the matched packets and matched bytes counters are not incremented in the show qos statistics.
Page 648 Table 58. Default dot1p to Queue Mapping dot1p Queue ID Table 59. Default dot1p to Queue Mapping dot1p Queue ID The dot1p value is also honored for frames on the default VLAN. For more information, refer to Priority-Tagged Frames on the Default VLAN.
Page 649 • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior detects when an ACL exists in the CAM rather than writing it to the CAM multiple times.
Page 650: Dscp Color Maps
Specifying an Aggregate QoS Policy To specify an aggregate QoS policy, use the following command. • Specify an aggregate QoS policy. POLICY-MAP-OUT mode policy-aggregate Applying an Output Policy Map to an Interface To apply an output policy map to an interface, use the following command. •...
Page 651: Displaying Dscp Color Maps
20,30 Dscp-color-map mapTWO yellow 16,55 Display a specific DSCP color map. Dell# show qos dscp-color-map mapTWO Dscp-color-map mapTWO yellow 16,55 Displaying a DSCP Color Policy Configuration To display the DSCP color policy configuration for one or all interfaces, use the show qos dscp-color-policy {summary [interface] | detail {interface}} command in EXEC mode.
Page 652: Enabling Qos Rate Adjustment
Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations.
Page 653: Enabling Strict-Priority Queueing
Enabling Strict-Priority Queueing In strict-priority queuing, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast queue, using the strict-priority command. • Policy-based per-queue rate shaping is not supported on the queue configured for strict-priority queuing. To use queue-based rate- shaping as well as strict-priority queuing at the same time on a queue, use the Scheduler Strict feature as described in Scheduler Strict .
Page 654: Creating Wred Profiles
Figure 100. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 60. Pre-Defined WRED Profiles Default Profile Name Minimum Threshold Maximum Threshold Maximum Drop Rate wred_drop wred_teng_y 4671 wred_teng_g 4671 wred_fortyg_y...
Page 655: Applying A Wred Profile To Traffic
After you create a WRED profile, you must specify to which traffic Dell Networking OS should apply the profile. Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it.
Page 656: Displaying Egress-Queue Statistics
Pre-Calculating Available QoS CAM Space Before Dell Networking OS version 7.3.1, there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable; from 1 to 16 entries might be used per rule depending upon its complexity).
Page 657: Configuring Weights And Ecn For Wred
• Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 | port pipe Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status...
Page 658: Global Service Pools With Wred And Ecn Settings
Global Service Pools With WRED and ECN Settings Support for global service pools is now available. You can configure global service pools that are shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. Two service pools are used– one for loss-based queues and the other for lossless (priority-based flow control (PFC)) queues.
Page 659: Configuring Wred And Ecn Attributes
Guidelines for Configuring ECN for Classifying and Color-Marking Packets Keep the following points in mind while configuring the marking and mapping of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: • • •...
Page 660: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Multiple Traffic Class
• Because this functionality forcibly marks all the packets matching the specific match criteria as ‘yellow’, Dell Networking OS does not support Policer based coloring and this feature concurrently. • If single rate two color policer is configured along with this feature, then by default all packets less than PIR would be considered as “Green”...
Page 661 • • You can now use the ‘ecn’ match qualifier along with the above TCP flag for classification. The following combination of match qualifiers is acceptable to be configured for the Dell Networking OS software through L3 ACL command: •...
Page 662: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Single Traffic Class
By default, all packets are considered as ‘green’ (without the rate-policer and trust-diffserve configuration) and hence support would be provided to mark the packets as ‘yellow’ alone will be provided. By default Dell Networking OS drops all the ‘RED’ or ‘violate’ packets. The following combination of marking actions to be specified match sequence of the class-map command: •...
Page 663: Applying Layer 2 Match Criteria On A Layer 3 Interface
Configure a Layer 2 QoS policy with Layer 2 (Dot1p or source MAC-based) match criteria. CONFIGURATION mode Dell(conf)# policy-map-input l2p layer2 Apply the Layer 2 policy on a Layer 3 interface. INTERFACE mode Dell(conf-if-fo-1/4)# service-policy input l2p layer2 Quality of Service (QoS)
Page 664: Applying Dscp And Vlan Match Criteria On A Service Queue
Configure the DSCP value to be set on matched packets. QOS-POLICY-IN mode Dell(conf-qos-policy-in)#set ip-dscp 5 Create an input policy map. CONFIGURATION mode Dell(conf)#policy-map-input pp_policmap Create a service queue to associate the class map and QoS policy map. POLICY-MAP mode Dell(conf-policy-map-in)#service-queue 0 class-map pp_classmap qos-policy pp_qospolicy Quality of Service (QoS)
Page 665: Classifying Incoming Packets Using Ecn And Color-Marking
‘DSCP’ qualifier is positioned in the current ACL commands. Dell Networking OS supports the capability to contain DSCP and ECN classifiers simultaneously for the same ACL entry. You can use the ecn keyword with the ip access-list standard, ip access-list extended, seq, and permit commands for standard and extended IPv4 ACLs to match incoming packets with the specified ECN values.
Page 666: Guidelines For Configuring Ecn For Classifying And Color-Marking Packets
• • You can now use the ‘ecn’ match qualifier along with the above TCP flag for classification. The following combination of match qualifiers is acceptable to be configured for the Dell Networking OS software through L3 ACL command: •...
Page 667: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Multiple Traffic Class
In the existing software, ECE/CWR TCP flag qualifiers are not supported. • Because this functionality forcibly marks all the packets matching the specific match criteria as ‘yellow’, Dell Networking OS does not support Policer based coloring and this feature concurrently.
Page 668 seq 5 permit any dscp 40 ip access-list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ip access-list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class-map match-any class_dscp_40 match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40 class-map match-any class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50...
Page 669: Routing Information Protocol (Rip)
Routing Information Protocol (RIP) The Routing Information Protocol (RIP) tracks distances or hop counts to nearby routers when establishing network connections and is based on a distance-vector algorithm. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter.
Page 670: Implementation Information
Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the defaults for RIP in Dell Networking OS.
Page 671 After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode.
Page 672 Those routes must meet the conditions of the prefix list; if not, Dell Networking OS drops the route. Prefix lists are globally applied on all interfaces running RIP. Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process.
Page 673 Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send version or the ip rip receive version commands in INTERFACE mode.
Page 674 The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold). Dell#show ip protocols...
Page 675 Default routes are not enabled in RIP unless specified. Use the default-information originate command in ROUTER RIP mode to generate a default route into RIP. In Dell Networking OS, default routes received in RIP updates from other routes are advertised if you configure the default-information originate command.
Page 676: Rip Configuration Example
Enable debugging of RIP. Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function. Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command.
Page 677 Figure 101. RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-gi-2/3)# Core2(conf-if-gi-2/3)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config router rip...
Page 678 The following example shows the show ip route command to show the RIP setup on Core 2. Core2#show ip route Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1,...
Page 679 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.0 Core3(conf-router_rip)#show config router rip network 10.0.0.0 network 192.168.1.0 network 192.168.2.0 version 2 Core3(conf-router_rip)# Core 3 RIP Output The examples in this section show the core 2 RIP output. • To display Core 3 RIP database, use the show ip rip database command. •...
Page 680 The following example shows the show ip protocols command to show the RIP configuration activity on Core 3. Core3#show ip protocols Routing Protocol is "RIP" Sending updates every 30 seconds, next due in 6 Invalid after 180 seconds, hold down 180, flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in effect Outgoing filter for all interfaces is...
Page 681 interface GigabitEthernet 3/2 ip address 10.11.20.1/24 no shutdown interface GigabitEthernet 3/4 ip address 192.168.1.1/24 no shutdown interface GigabitEthernet 3/5 ip address 192.168.2.1/24 no shutdown router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.168.1.0 network 192.168.2.0 Routing Information Protocol (RIP)
Page 682: Remote Monitoring (Rmon)
RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment.
Page 683: Setting The Rmon Alarm
1, which is configured with the RMON event command. Possible events include a log entry or an SNMP trap. If the 1.3.6.1.2.1.2.2.1.20.1 value changes to 0 (falling-threshold 0), the alarm is reset and can be triggered again. Dell(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 1 owner nms1 Configuring an RMON Event To add an event in the RMON event table, use the rmon event command in GLOBAL CONFIGURATION mode.
Page 684: Configuring Rmon Collection Statistics
The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode.
Page 685 The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john, both the sampling interval and the number of buckets use their respective defaults. Dell(conf-if-mgmt)#rmon collection history controlEntry 20 owner john Remote Monitoring (RMON)
Page 686: Rapid Spanning Tree Protocol (Rstp)
STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 63. Spanning Tree Variations Dell Networking OS Supports...
Page 687: Rstp And Vlt
Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs.
Page 688: Enabling Rapid Spanning Tree Protocol Globally
To disable RSTP globally for all Layer 2 interfaces, enter the disable command from PROTOCOL SPANNING TREE RSTP mode. To verify that RSTP is enabled, use the show config command from PROTOCOL SPANNING TREE RSTP mode. The bold line indicates that RSTP is enabled. Dell(conf-rstp)#show config protocol spanning-tree rstp no disable...
Page 689 To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4...
Page 690: Adding And Removing Interfaces
Max-age — the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. NOTE: Dell Networking recommends that only experienced network administrators change the Rapid Spanning Tree group parameters. Poorly planned modification of the RSTP parameters can negatively affect network performance. Rapid Spanning Tree Protocol (RSTP)
Page 691 Change the hello-time parameter. PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. •...
Page 692: Enabling Snmp Traps For Root Elections And Topology Changes
Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps, use the following command. • Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Modifying Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port priority values. •...
Page 693: Configuring An Edgeport
To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE mode. In the following example, the bold line indicates that the interface is in EdgePort mode. Dell(conf-if-gi-2/1)#show config...
Page 694: Configuring Fast Hellos For Link State Detection
PROTOCOL RSTP mode hello-time milli-second interval The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e811.2233...
Page 695: Software-Defined Networking (Sdn)
Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide. Software-Defined Networking (SDN)
Page 696: Security
Security This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Topics: • AAA Accounting •...
Page 697 Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null Username Sessions When you activate AAA accounting, the Dell Networking OS software issues accounting records for all users on the system, including users whose username string is NULL because of protocol translation.
Page 698: Aaa Authentication
Dell Networking uses local usernames/passwords (stored on the Dell Networking system) or AAA for login authentication. With AAA, you can specify the security protocol or mechanism for different login methods and different users. In Dell Networking OS, AAA uses a list of authentication methods, called method lists, to define the types of authentication and the sequence in which they are applied.
Page 699: Configuration Task List For Aaa Authentication
If the first method list does not respond or returns an error, Dell Networking OS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, Dell Networking OS does not apply the next method list.
Page 700 To view the configuration, use the show config command in LINE mode or the show running-config in EXEC Privilege mode. NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH).
Page 701 Using AAA authentication, the switch acts as a RADIUS or TACACS+ client to send authentication requests to a TACACS+ or RADIUS server. • TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable$. •...
Page 702: Obscuring Passwords And Keys
Limiting access to the system is one method of protecting the system and your network. However, at times, you might need to allow others access to the router and you can limit that access to a subset of commands. In Dell Networking OS, you can configure a privilege level for users who need limited access to the system.
Page 703: Configuration Task List For Privilege Levels
Enabling and Disabling Privilege Levels (optional) For a complete listing of all commands related to Dell Networking OS privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can assign a specific username to limit user access to the system.
Page 704 Configuring the Enable Password Command To configure Dell Networking OS, use the enable command to enter EXEC Privilege level 15. After entering the command, Dell Networking OS requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a privilege level. You can always change a password for any privilege level.
Page 705 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • command: an Dell Networking OS CLI keyword (up to five keywords allowed). • reset: return the command to its default privilege mode.
Page 706 8. In EXEC Privilege mode, john can access only the commands listed. In CONFIGURATION mode, john can access only the snmp- server commands. apollo% telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'. Login: john Password: Dell#show priv Current privilege level is 8 Dell#? configure Configuring from terminal disable Turn off privileged commands enable...
Page 707: Radius
For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aaa authentication login command.
Page 708: Configuration Task List For Radius
Idle Time Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values (configured or default) is used.
Page 709 • Monitoring RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication.
Page 710 To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If you configure multiple RADIUS server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. When Dell Networking OS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response.
Page 711: Monitoring Radius
Microsoft Challenge-Handshake Authentication Protocol Support for RADIUS Authentication Dell Networking OS supports Microsoft Challenge-Handshake Authentication Protocol (MS-CHAPv2) with RADIUS authentication. RADIUS is used to authenticate Telnet, SSH, console, REST, and OMI access to the switch based on the AAA configuration. By default, the RADIUS client in the switch uses PAP (Password Authentication Protocol) for sending the login credentials to the RADIUS server.
Page 712: Tacacs
TACACS+ Remote Authentication • Specifying a TACACS+ Server Host For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the TACACS hosts specified.
Page 713: Tacacs+ Remote Authentication
TACACS server key. The fallback would not occur if the authentication failure is due to invalid credentials. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method. In the following example, the TACACS+ is incorrect, but the user is still authenticated by the secondary method.
Page 714 To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple times. If you configure multiple TACACS+ server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. To view the TACACS+ configuration, use the show running-config tacacs+ command in EXEC Privilege mode.
Page 715: Command Authorization
Enabling SCP and SSH Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use authentication. SSH is enabled by default.
Page 716: Using Scp With Ssh To Copy A Software Image
Specifying an SSH Version The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 Dell(conf)#do show ip ssh SSH server : enabled.
Page 717: Removing The Rsa Host Keys And Zeroizing Storage
Examples The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes. Dell(conf)#ip ssh rekey volume 4096...
Page 718: Configuring The Ssh Server Key Exchange Algorithm
When FIPS is enabled, the default is diffie-hellman-group14-sha1. Example of Configuring a Key Exchange Algorithm The following example shows you how to configure a key exchange algorithm. Dell(conf)# ip ssh server kex diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 Configuring the HMAC Algorithm for the SSH Server To configure the HMAC algorithm for the SSH server, use the ip ssh server mac hmac-algorithm command in CONFIGURATION mode.
Page 719: Configuring The Hmac Algorithm For The Ssh Client
Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm list. Dell(conf)# ip ssh server mac hmac-sha1-96 Configuring the HMAC Algorithm for the SSH Client To configure the HMAC algorithm for the SSH client, use the ip ssh mac hmac-algorithm command in CONFIGURATION mode.
Page 720: Configuring The Ssh Client Cipher List
Secure Shell (SSH) is enabled by default using the SSH Password Authentication method. Enabling SSH Authentication by Password Authenticate an SSH client by prompting for a password when attempting to connect to the Dell Networking system. This setup is the simplest method of authentication and uses SSH version 1.
Page 721 The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version 2. On the SSH client (Unix machine), generate an RSA key, as shown in the following example. Copy the public key id_rsa.pub to the Dell Networking system. Disable password authentication if enabled.
Page 722 Create a list of IP addresses and usernames that are permitted to SSH in a file called rhosts. Refer to the second example. Copy the file shosts and rhosts to the Dell Networking system. Disable password authentication and RSA authentication, if configured...
Page 723: Troubleshooting Ssh
Dell(conf)#ip telnet server enable Dell(conf)#no ip telnet server enable VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 65. VTY Access...
Page 724: Vty Line Local Authentication And Authorization
Dell Networking OS retrieves the access class from the VTY line. The Dell Networking OS takes the access class from the VTY line and applies it to ALL users. Dell Networking OS does not need to know the identity of the incoming user and can immediately apply the access class. If the authentication method is RADIUS, TACACS+, or line, and you have configured an access class for the VTY line, Dell Networking OS immediately applies it.
Page 725: Vty Mac-Sa Filter Support
(same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address.
Page 726: Overview Of Rbac
Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user can enter and the actions the user can perform.
Page 727 To enable role-based only AAA authorization, enter the following command in Configuration mode: Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles.
Page 728: User Roles
Example of Creating a User Role The configuration in the following example creates a new user role, myrole, which inherits the security administrator (secadmin) permissions. Create a new user role, myrole and inherit security administrator permissions. Dell(conf)#userrole myrole inherit secadmin Security...
Page 729 Note that the netadmin role is not listed in the Role access: secadmin,sysadmin, which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin show users Dell#show role mode exec show users...
Page 730 Dell(conf)#role configure addrole secadmin ? LINE Initial keywords of the command to modify Dell(conf)#role configure addrole secadmin interface tengigabitethernet Dell(conf)#show role mode configure interface Role access: netadmin, secadmin, sysadmin Example: Verify that the Security Administrator Can Access Interface Mode The following example shows that the secadmin role can now access Interface mode (highlighted in bold).
Page 731: Aaa Authentication And Authorization For Roles
CONFIGURATION mode. Example The following example creates a user name that is authenticated based on a user role. Dell (conf) #username john password 0 password role secadmin The following example deletes a user role. NOTE: If you already have a user ID that exists with a privilege level, you can add the user role to username that has a privilege Dell (conf) #no username john The following example adds a user, to the secadmin user role.
Page 732 Configure AAA Authorization for Roles Authorization services determine if the user has permission to use a command in the CLI. Users with only privilege levels can use commands in privilege-or-role mode (the default) provided their privilege level is the same or greater than the privilege level of those commands.
Page 733 For RBAC and privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled “Force10-avpair”. The value is a string in the following format: protocol : attribute sep value “attribute”...
Page 734: Role Accounting
The following example shows you how to configure AAA accounting to monitor commands executed by the users who have a secadmin user role. Dell(conf)#aaa accounting command role secadmin default start-stop tacacs+ Applying an Accounting Method to a Role To apply an accounting method list to a role executed by a user with that user role, use the accounting command in LINE mode.
Page 735 Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line...
Page 736: Two Factor Authentication (2Fa)
To configure challenge response authentication for SSHv2, perform the following steps: Enable challenge response authentication for SSHv2. CONFIGURATION mode ip ssh challenge-response-authentication enable View the configuration. EXEC mode show ip ssh Dell# show ip ssh SSH server : enabled. SSH server version : v2. SSH server vrf : default.
Page 737: Sms-Otp Mechanism
You can configure the Dell Networking OS to drop ICMP reply messages. When you configure the drop icmp command, the system drops the ICMP reply messages from the front end and management interfaces. By default, the Dell Networking OS responds to all the ICMP messages.
Page 738 Information reply (16) Address mask request (17) Address mask reply (18) NOTE: The Dell Networking OS does not suppress the ICMP message type echo request (8). Table 67. Suppressed ICMPv6 message types ICMPv6 message types Destination unreachable (1) Time exceeded (3)
Page 739: Service Provider Bridging
Service Provider Bridging Service provider bridging provides the ability to add a second VLAN ID tag in an Ethernet frame and is referred to as VLAN stacking in the Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks.
Page 740: Important Points To Remember
To switch traffic, add these interfaces to a non-default VLAN-Stack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN. • You cannot ping across the trunk port link if one or both of the systems is an S3048–ON.
Page 741: Creating Access And Trunk Ports
Enabling VLAN-Stacking for a VLAN. Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Dell Networking OS Options for Trunk Ports • Debugging VLAN Stacking • VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands.
Page 742: Enable Vlan-Stacking For A Vlan
The default is 9100. To display the S-Tag TPID for a VLAN, use the show running-config command from EXEC privilege mode. Dell Networking OS displays the S-Tag TPID only if it is a non-default value. Configuring Dell Networking OS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic.
Page 743: Debugging Vlan Stacking
T — 802.1Q trunk port • U — 802.1Q access port • NU — Native VLAN (untagged) Dell# debug member vlan 603 vlan id : 603 ports : Gi 2/4 (MT), Gi 3/1(MU), Gi 3/25(MT), Gi 3/26(MT), Gi 3/27(MU) Service Provider Bridging...
Page 744: Vlan Stacking In Multi-Vendor Networks
While 802.1Q requires that the inner tag TPID is 0x8100, it does not require a specific value for the outer tag TPID. Systems may use any 2- byte value; Dell Networking OS uses 0x9100 (shown in the following) while non-Dell Networking systems might use a different value.
Page 745 Figure 104. Single and Double-Tag TPID Match Service Provider Bridging...
Page 746 Figure 105. Single and Double-Tag First-byte TPID Match Service Provider Bridging...
Page 747 Figure 106. Single and Double-Tag TPID Mismatch The following table details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with the S-Series. Table 68. Behaviors for Mismatched TPID Network Position Incoming Packet System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.0+ TPID Ingress Access Point untagged...
Page 748: Vlan Stacking Packet Drop Precedence
Network Position Incoming Packet System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.0+ TPID Core untagged 0xUVWX — switch to default switch to default VLAN VLAN double-tag 0xUVWX 0xUVWX double-tag match switch to VLAN switch to VLAN 0xUVYZ double-tag first-byte switch to VLAN switch to default match VLAN...
Page 749: Honoring The Incoming Dei Value
Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an Dell Networking OS drop precedence. Precedence can have one of three colors. Precedence Description Green High-priority packets that are the least preferred to be dropped.
Page 750: Dynamic Mode Cos For Vlan Stacking
(CAM) tables. Dell Networking OS Behavior: For Option A shown in the previous illustration, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence.
Page 751: Mapping C-Tag To S-Tag Dot1P Values
Likewise, in the following configuration, packets with dot1p priority 0–3 are marked as dot1p 7 in the outer tag and queued to Queue 3. Rate policing is according to qos-policy-input 3. All other packets will have outer dot1p 0 and hence are queued to Queue 1. They are therefore policed according to qos-policy-input 1.
Page 752: Layer 2 Protocol Tunneling
Layer 2 Protocol Tunneling Spanning tree bridge protocol data units (BPDUs) use a reserved destination MAC address called the bridge group address, which is 01-80- C2-00-00-00. Only spanning-tree bridges on the local area network (LAN) recognize this address and process the BPDU. When you use VLAN stacking to connect physically separate regions of a network, BPDUs attempting to traverse the intermediate network might be consumed and later dropped because the intermediate network itself might be using spanning tree (shown in the following illustration).
Page 753: Implementation Information
Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge.
Page 754: Enabling Layer 2 Protocol Tunneling
Specifying a Destination MAC Address for BPDUs By default, Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command.
Page 755: Debugging Layer 2 Protocol Tunneling
Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. •...
Page 756: Sflow
Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe.
Page 757: Important Points To Remember
• Dell Networking OS exports all sFlow packets to the collector. A small sampling rate can equate to many exported packets. A backoff mechanism is automatically applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect.
Page 758: Enabling And Disabling Sflow On An Interface
Gi 1/1: configured rate 16384, actual rate 16384 Dell# If you did not enable any extended information, the show output displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 20...
Page 759: Sflow Show Commands
Show Commands Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Globally • Displaying Show sFlow on an Interface • Displaying Show sFlow on a Line Card Displaying Show sFlow Global To view sFlow statistics, use the following command.
Page 760: Displaying Show Sflow On An Interface
Display sFlow configuration information and statistics on a specific interface. EXEC mode show sflow interface interface-name Examples of the sFlow show Commands The following example shows the show sflow interface command. Dell#show sflow interface gigabitethernet 1/1 Gi 1/1 sFlow type :Ingress Configured sampling rate...
Page 761: Configuring Specify Collectors
Example of Viewing sFlow Configuration (Line Card) Dell#show sflow Stack-unit 1 Stack-unit 1 Samples rcvd from h/w Total UDP packets exported UDP packets exported via RPM UDP packets dropped Configuring Specify Collectors The sflow collector command allows identification of sFlow collectors to which sFlow datagrams are forwarded.
Page 762: Sflow On Lag Ports
Confirm that extended information packing is enabled. show sflow Examples of Verifying Extended sFlow The bold line shows that extended sFlow settings are enabled on all three types. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768...
Page 763: Important Points To Remember
To export extended-gateway data, BGP must learn the IP destination address. • If the IP destination address is not learned via BGP the Dell Networking system does not export extended-gateway data. • If the IP source address is learned via IGP, srcAS and srcPeerAS are zero.
Page 764: Simple Network Management Protocol (Snmp)
The Simple Network Management Protocol (SNMP) is designed to manage devices on IP networks by monitoring device operation, which might require administrator intervention. NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including Get and a limited number of Set operations (such as set vlan and copy cmd). Topics: •...
Page 765: Protocol Overview
The following describes SNMP implementation information. • Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901, and SNMP version 3 as defined by RFC 2571. •...
Page 766: Configuration Task List For Snmp
The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these configurations use SNMP version 2c.
Page 767: Important Points To Remember
Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message. You must specify whether members of the community may only retrieve values (read), or retrieve and alter values (read-write).
Page 768 Use the SNMPv3 authNoPriv Security Level noauth Use the SNMPv3 noAuthNoPriv Security Level priv Use the SNMPv3 authPriv Security Level Dell(conf)#snmp-server host 1.1.1.1 traps {oid tree} version 3 noauth ? WORD SNMPv3 user name Simple Network Management Protocol (SNMP)
Page 769: Reading Managed Object Values
You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address.
Page 770: Configuring Contact And Location Information Using Snmp
You may use up to 55 characters. The default is None. • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmp-server location text You may use up to 55 characters.
Page 771: Enabling A Subset Of Snmp Traps
PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command.
Page 772 RPM_DOWN: RPM 0 down - card removed HOT_FAILOVER: RPM Failover Completed SFM_DISCOVERY: Found SFM 1 SFM_REMOVE: Removed SFM 1 MAJOR_SFM: Major alarm: Switch fabric down MAJOR_SFM_CLR: Major alarm cleared: Switch fabric up MINOR_SFM: MInor alarm: No working standby SFM MINOR_SFM_CLR: Minor alarm cleared: Working standby SFM present TASK SUSPENDED: SUSPENDED - svce:%d - inst:%d - task:%s RPM0-P:CP %CHMGR-2-CARD_PARITY_ERR ABNORMAL_TASK_TERMINATION: CRASH - task:%s %s...
Page 773: Enabling An Snmp Agent To Notify Syslog Server Failure
Level 7 VLAN 1000 entity Enable entity change traps Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1487406) 4:07:54.06, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 4 Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1488564) 4:08:05.64, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 5 Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1489064) 4:08:10.64, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 6 Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1489568)
Page 774: Copy Configuration Files Using Snmp
• copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses. The examples in this section use IPv4 addresses; however, you can substitute IPv6 addresses for the IPv4 addresses in all of the examples.
Page 775: Copying A Configuration File
Object Values Description • If copySourceFileType is set to running-config or startup- config, copySrcFileName is not required. 1 = Dell Networking OS file copyDestFileType .1.3.6.1.4.1.6027.3.5.1.1.1.1.5 Specifies the type of file to copy 2 = running-config • If copySourceFileType is 3 = startup-config...
Page 776: Copying Configuration Files Via Snmp
Copy the f10-copy-config.mib MIB from the Dell iSupport web page to the server to which you are copying the configuration file. On the server, use the snmpset command as shown in the following example. snmpset -v snmp-version -c community-name -m mib_path/f10-copy-config.mib force10system-ip- address mib-object.index {i | a | s} object-value...
Page 777: Copying The Startup-Config Files To The Running-Config
Copying the Startup-Config Files to the Running-Config To copy the startup-config to the running-config from a UNIX machine, use the following command. • Copy the startup-config to the running-config from a UNIX machine. snmpset -c private -v 2c force10system-ip-address copySrcFileType.index i 3 copyDestFileType.index i 2 Examples of Copying Configuration Files from a UNIX Machine The following example shows how to copy configuration files from a UNIX machine using the object name.
Page 778: Copy A Binary File To The Startup-Configuration
11.11.11.11 Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP.
Page 779: Obtaining A Value For Mib Objects
MIB Support for Power Monitoring Dell Networking provides MIB objects to display the information for Power Monitoring. The OIDs specific to Power Monitoring are appended to the DellITaMIbs. There are three separate DellITaMIbs available to display the current input power, average input power and...
Page 780: Mib Support To Display The Available Memory Size On Flash
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory.
Page 781: Mib Support To Display The Software Core Files Generated By The System
Generated by the System Dell Networking provides MIB objects to display the software core files generated by the system. The chSysSwCoresTable contains the list of software core files generated by the system. The following table lists the related MIB objects.
Page 782: Snmp Support For Wred Green/Yellow/Red Drop Counters
SNMP Support for WRED Green/Yellow/Red Drop Counters Dell Networking provides MIB objects to display the information for WRED Green (Green Drops)/Yellow (Yellow Drops)/Red (Out of Profile show qos statistics wred-profile . The following Drops) Drop Counters. These statistics can also be obtained by using the CLI command: table lists the related MIB objects, OID and description for the same: Table 78.
Page 783: Mib Support To Display The Available Partitions On Flash
MIB Support to Display the Available Partitions on Flash Dell Networking provides MIB objects to display the information of various partitions such as /flash, /tmp, /usr/pkg, and /f10/ConfD. The dellNetFlashStorageTable table contains the list of all partitions on disk. The following table lists the related MIB objects: Table 79.
Page 784: Mib Support To Display Egress Queue Statistics
.1.3.6.1.4.1.6027.3.26.1.4.8.1.6.5 = STRING: "/f10/phonehome" MIB Support to Display Egress Queue Statistics Dell Networking OS provides MIB objects to display the information of the packets transmitted or dropped per unicast or multicast egress queue. The following table lists the related MIB objects: Table 80.
Page 785 snmpwalk -c public -v 2c 10.16.151.191 1.3.6.1.4.1.6027.3.9 SNMPv2-SMI::enterprises.6027.3.9.1.1.1.2.1.1 = Counter64: 79 SNMPv2-SMI::enterprises.6027.3.9.1.1.1.2.1.2 = Counter64: 1 SNMPv2-SMI::enterprises.6027.3.9.1.3.0 = Gauge32: 18 SNMPv2-SMI::enterprises.6027.3.9.1.4.0 = Gauge32: 1 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.8.1.1.4.10.1.1.0.24.0.0.0.0 = INTEGER: 2098693 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.8.1.1.4.10.1.1.1.32.1.4.10.1.1.1.1.4.10.1.1.1 = INTEGER: 2098693 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.8.1.1.4.10.1.1.2.32.1.4.127.0.0.1.1.4.127.0.0.1 = INTEGER: 0 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.8.1.1.4.20.1.1.0.24.0.0.0.0 = INTEGER: 1258296320 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.8.1.1.4.20.1.1.1.32.1.4.20.1.1.1.1.4.20.1.1.1 = INTEGER: 1258296320 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.8.1.1.4.20.1.1.2.32.1.4.127.0.0.1.1.4.127.0.0.1 = INTEGER: 0...
Page 786 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.90.90.90.2.32.1.4.90.90.90.2.1.4.90.90.90.2 = Hex-STRING: 00 00 DA FE 04 0B SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.100.100.100.0.24.1.4.10.1.1.1.1.4.10.1.1.1 = Hex-STRING: 4C 76 25 F4 AB 02 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.100.100.100.0.24.1.4.20.1.1.1.1.4.20.1.1.1 = Hex-STRING: 4C 76 25 F4 AB 02 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.100.100.100.0.24.1.4.30.1.1.1.1.4.30.1.1.1 = Hex-STRING: 4C 76 25 F4 AB 02 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.10.1.1.4.10.1.1.0.24.0.0.0.0 = STRING: "CP" SNMPv2-SMI::enterprises.6027.3.9.1.5.1.10.1.1.4.10.1.1.1.32.1.4.10.1.1.1.1.4.10.1.1.1 = STRING: "Fo 1/4/1"...
Page 787: Mib Support For Entaliasmappingtable
MIB Support for entAliasMappingTable Dell Networking provides a method to map the physical interface to its corresponding ifindex value. The entAliasMappingTable table contains zero or more rows, representing the logical entity mapping and physical component to external MIB identifiers. The following table lists the related MIB objects: Table 82.
Page 788: Mib Support For Lag
MIB Support for LAG Dell Networking provides a method to retrieve the configured LACP information (Actor and Partner). Actor (local interface) is to designate the parameters and flags pertaining to the sending node, while the term Partner (remote interface) is to designate the sending node’s view of its peer parameters and flags.
Page 789: Viewing The Lag Mib
MIB Support to Display LLDP TLVs Dell Networking provides MIB objects to display the information about an incoming LLDP TLVs advertised by neighbors. The lldpRemUnknownTLVTable contains the information about an incoming LLDP TLVs that is not recognized by the receiving LLDP neighbors.
Page 790: Viewing The Details Of Lldp Tlvs
MIB Support for LLDP Notification Interval Dell Networking provides objects for controlling the transmission of LLDP notification messages. The following table lists the related MIB objects: Table 85. MIB Objects for LLDP Notification Interval MIB Object Description lldpNotificationInterval 1.0.8802.1.1.2.1.1.5...
Page 791: Manage Vlans Using Snmp
MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto Displaying the Ports in a VLAN Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command. Examples of Viewing VLAN Ports Using SNMP The following example shows viewing the VLAN interface index number using SNMP.
Page 792: Add Tagged And Untagged Ports To A Vlan
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 The table that the Dell Networking system sends in response to the snmpget request is a table that contains hexadecimal (hex) pairs, each pair representing a group of eight ports.
Page 793: Managing Overload On Startup
• To add a tagged port to a VLAN, write the port to the dot1qVlanStaticEgressPorts object. • To add an untagged port to a VLAN, write the port to the dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts objects. NOTE: Whether adding a tagged or untagged port, specify values for both dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts.
Page 794: Enabling And Disabling A Port Using Snmp
Create an SNMP community on the Dell system. CONFIGURATION mode snmp-server community From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. EXEC Privilege mode show interface Or, from the management system, use the snmpwwalk command to identify the interface index.
Page 795: Deriving Interface Indices
SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.4.1000.0.1.232.6.149.172.1 = INTEGER: 1 Deriving Interface Indices The Dell Networking OS assigns an interface index to each (configured and unconfigured) physical and logical interface, and displays it in the output of the show interface command. The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface.
Page 796: Monitor Port-Channels
The system image can also be retrieved by performing an SNMP walk on the following OID: MIB Object is chSysSwModuleTable and the OID is 1.3.6.1.4.1.6027.3.10.1.2.8. Dell#show interfaces gigabitethernet 1/21 GigabitEthernet 1/21 is down, line protocol is down Hardware is DellEth, address is f8:b1:56:82:de:70...
Page 797: Enabling An Snmp Agent To Notify Syslog Server Failure
SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.3.1107755009.1 = INTEGER: 2 (Tagged 1 or Untagged 2) dot3aCommonAggFdbStatus SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.4.1107755009.1 = INTEGER: 1 << Status active, 2 – status inactive Example of Viewing Status of Learned MAC Addresses If we learn MAC addresses for the LAG, status is shown for those as well. dot3aCurAggVlanId SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.1.1.0.0.0.0.0.1.1 = INTEGER: 1 dot3aCurAggMacAddr...
Page 798: Troubleshooting Snmp Operation
Oct 21 05:26:04: dv-fedgov-s4810-6: %EVL-6-REACHABLE:Syslog server 10.11.226.121 (port: 9140) is reachable Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior. • When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the output for echo replies may be incorrectly displayed.
Page 799 Example of SNMP Output for Transceiver Monitoring Dell $ snmpwalk -v1 -c public 10.16.150.210 1.3.6.1.4.1.6027.3.11.1.3.1.1 | grep 2106373 SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.1.2113540 = STRING: "stack-unit-1 fixedmodule-5 port-1" SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.2.2113540 = STRING: "Te 1/5/1" SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.3.2113540 = INTEGER: 1 SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.4.2113540 = STRING: "10GBASE-SR" SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.5.2113540 = STRING: "FINISAR CORP."...
Page 800: Stacking
Stacking Using the Dell Networking OS stacking feature, you can interconnect multiple switch units with stacking ports or front end user ports. The stack becomes manageable as a single switch through the stack management unit. The system accepts Unit ID numbers from 1 to 6 and it supports stacking up to six units.
Page 801: Stack Master Election
The virtual IP address is used to log in to the current master unit of the stack. Both IPv4 and IPv6 addresses are supported as virtual IPs. Use the following command to configure a virtual IP: Dell(conf)#virtual-ip {ip-address | ipv6–address | dhcp} Failover Roles If the stack master fails (for example, is powered off), it is removed from the stack topology.
Page 802: Mac Addressing On Stacks
Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports ------------------------------------------------------------------------------------ Management online S3048-ON S3048-ON 9.8(0.0P2) Member not present Member not present Member not present Member not present Member not present Standalone#show system | grep priority...
Page 803: Stacking Lag
Stacking LAG When multiple links are used between stack units, Dell Networking OS automatically bundles them in a stacking LAG to provide aggregated throughput and redundancy. The stacking LAG is established automatically and transparently by Dell Networking OS (without user configuration) after peering is detected and behaves as follows: •...
Page 804: High Availability On Stacks
In such an event, or when the master unit is removed, the standby unit becomes the stack manager and Dell Networking OS elects a new standby unit. Dell Networking OS resets the failed master unit: after online, it becomes a member unit; the remaining members remain online.
Page 805: Management Access On Stacks
STP: no block sync done SPAN: no block sync done Dell# Management Access on Stacks You can access the stack via the console port or VTY line. • Console access — You may access the stack through the console port of the master unit (stack manager) only. Similar to a standby RPM, the console port of the standby unit does not provide management capability;...
Page 806: Stacking Installation Tasks
• Stacking on the device is accomplished through 10G SFP+ front-end user ports on the chassis. • All stack units must have the same version of Dell Networking OS. Stacking Installation Tasks The following are the stacking installation tasks. •...
Page 807 When a unit is added to a stack, the management unit performs a system check on the new unit to ensure the hardware type is compatible. A similar check is performed on the Dell Networking OS version. Syslog messages are generated by the management unit: •...
Page 808: Show Version
EXEC Privilege mode reload Dell Networking OS automatically assigns a number to the new unit and adds it as member switch in the stack. The new unit synchronizes its running and startup configurations with the stack. After the units are reloaded, the system reboots. The units come up in a stack after the reboot completes.
Page 809 When the stack-group configuration is complete, the system prints a syslog for reload. Dell#configure Dell(conf)#stack-unit 4 stack-group 0 Dell(conf)#02:39:12: %STKUNIT4-M:CP %IFMGR-6-STACK_PORTS_ADDED: Ports Te 4/49 have been configured as stacking ports. Please save and reload for config to take effect Dell(conf)#stack-unit 4 stack-group 1...
Page 810: Add Units To An Existing Stack
If you add a unit that has a stack number that conflicts with the stack, the stack assigns the first available stack number. • If the stack has a provision for the stack-number that will be assigned to the new unit, the provision must match the unit type, or Dell Networking OS generates a type mismatch error.
Page 811 Connect the new unit to the stack using stacking cables. Example of Adding a Stack Unit with a Conflicting Stack Number (Before and After) The following example shows adding a stack unit with a conflicting stack number (before). Dell#show system brief Stack MAC : 00:01:e8:8a:df:e6 Reload Type : normal-reload...
Page 812: Split A Stack
EXEC Privilege mode reload Dell Networking OS automatically assigns a number to the new unit and adds it as member switch in the stack. The new unit synchronizes its running and startup configurations with the stack. If a standalone switch already has stack groups configured.
Page 813: Stacking Configuration Tasks
If one of the new stacks receives only the master unit, that unit remains the stack manager, and Dell Networking OS elects a new standby management unit. • If one of the new stacks receives only the standby unit, it becomes the master unit of the new stack, and Dell Networking OS elects a new standby unit. •...
Page 814: Displaying Information About A Stack
Unit 3 -- Unit Type : Management Unit Status : online Next Boot : online Required Type : S3048-ON - 52-port GE/TE (SG-ON) Current Type : S3048-ON - 52-port GE/TE (SG-ON) Master priority Hardware Rev : 0.0 Num Ports : 52...
Page 815: Influencing Management Unit Selection On A Stack
Influencing Management Unit Selection on a Stack Stack priority is the system variable that Dell Networking OS uses to determine which units in the stack are the master and standby management units. If multiple units tie for highest priority, the unit with the highest MAC address prevails.
Page 816: Managing Redundancy On A Stack
• Influence the selection of the stack management units. CONFIGURATION mode stack-unit unit-number priority priority-value The unit with the numerically highest priority is elected the master management unit, and the unit with the second highest priority is the standby unit. The range is from 1 to 14.
Page 817: Verify A Stack Configuration
Unit 3 -- Unit Type : Management Unit Status : online Next Boot : online Required Type : S3048-ON - 52-port GE/TE (SG-ON) Current Type : S3048-ON - 52-port GE/TE (SG-ON) Master priority Hardware Rev : 0.0 Num Ports : 52...
Page 818: Remove Units Or Front End Ports From A Stack
If you remove a unit in the middle of the daisy chain stack, the stack is split into multiple parts and each forms a new stack according to the stacking algorithm described throughout this chapter. Examples of Removing a Stack Member (Before and After) The following example shows removing a stack member (before). Dell#show system brief Stacking...
Page 819: Removing Front End Port Stacking
NOTE: Each unit in the stack has a stack number that is either assigned by you or Dell Networking OS. To manually renumber stack members, use the stack-unit old-unit-number renumber new-unit-number command. Renumbering stack members causes the entire stack to reload.
Page 820: Recover From Stack Link Flaps
Error: Please check the stack cable/module and power-cycle the stack. Recover from a Card Problem State on a Stack If a unit added to a stack has a different Dell Networking OS version, the unit does not come online and Dell Networking OS cites a card problem error.
Page 821 -- Power Supplies -- Unit Bay Status Type FanStatus ------------------------------------ down down absent absent -- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed -------------------------------------------- 9360 9360 9600 9360 6720 6720 6960 6720 Speed in RPM stack-1# Stacking...
Page 822: Storm Control
Layer 2 and Layer 3 traffic. Dell Networking OS Behavior: The minimum number of packets per second (PPS) that storm control can limit on the device is two. To view the storm control broadcast configuration show storm-control broadcast | multicast | unknown-unicast | pfc-llfc[interface] command.
Page 823: Configuring Storm Control From Configuration Mode
• Configure storm control. INTERFACE mode • Configure the packets per second of broadcast traffic allowed on an interface (ingress only). INTERFACE mode storm-control broadcast packets_per_second in • Configure the packets per second of multicast traffic allowed on C-Series or S-Series interface (ingress only) network only. INTERFACE mode storm-control multicast packets_per_second in •...
Page 824: Spanning Tree Protocol (Stp)
Layer 2 loops, which can occur in a network due to poor network design and without enabling protocols like xSTP, can cause unnecessarily high switch CPU utilization and memory consumption. Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 90. Dell Networking OS Supported Spanning Tree Protocols...
Page 825: Configure Spanning Tree
• The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time.
Page 826: Configuring Interfaces For Layer 2 Mode
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 112. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. If the interface has been assigned an IP address, remove it.
Page 827: Enabling Spanning Tree Protocol Globally
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-gi-1/1)#show config interface GigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-gi-1/1)# Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally;...
Page 828 The port is not in the portfast mode To confirm that a port is participating in Spanning Tree, use the show spanning-tree 0 brief command from EXEC privilege mode. Dell#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462...
Page 829: Adding An Interface To The Spanning Tree Group
STP. NOTE: Dell Networking recommends that only experienced network administrators change the spanning tree parameters. Poorly planned modification of the spanning tree parameters can negatively affect network performance. The following table displays the default values for STP.
Page 830: Modifying Interface Stp Parameters
• Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology). PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally.
Page 831: Prevent Network Disruptions With Bpdu Guard
Disabled state when receiving the BPDU, the physical interface remains up and spanning-tree will only drop packets after a BPDU violation. The following example shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Networking system is configured with Portfast.
Page 832 Figure 114. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU.
Page 833: Selecting Stp Root
Dell(conf-if-gi-1/7)#do show ip interface brief gigabitEthernet 1/7 Interface IP-Address OK Method Status Protocol GigabitEthernet 1/7 unassigned YES Manual up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge.
Page 834: Configuring Root Guard
Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
Page 835: Enabling Snmp Traps For Root Elections And Topology Changes
• Configure all spanning tree types to be hitless. CONFIGURATION mode redundancy protocol xstp Example of Configuring all Spanning Tree Types to be Hitless Dell(conf)#redundancy protocol xstp Dell#show running-config redundancy redundancy protocol xstp Dell# STP Loop Guard The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault.
Page 836 lower left), Switch C does not receive BPDUs from Switch B. When the max-age timer expires, the STP port on Switch C becomes unblocked and transitions to Forwarding state. A loop is created as both Switch A and Switch C transmit traffic to Switch B. As shown in the following illustration (STP topology 2, upper right), a loop can also be created if the forwarding port on Switch B becomes busy and does not forward BPDUs within the configured forward-delay time.
Page 837: Configuring Loop Guard
Configuring Loop Guard Enable STP loop guard on a per-port or per-port channel basis. The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface. • Loop guard is supported on a port or port-channel in any spanning tree mode: •...
Page 838 Example of Viewing STP Guard Configuration Dell#show spanning-tree 0 guard Interface Name Instance Sts Guard type --------- -------- --------- ---------- Gi 1/1 INCON(Root) Rootguard Gi 1/2 Loopguard Gi 1/3 EDS (Shut) Bpduguard Spanning Tree Protocol (STP)
Page 839: Supportassist
SupportAssist requires Dell Networking OS 9.9(0.0) and SmartScripts 9.7 or later to be installed on the Dell Networking device. For more information on SmartScripts, see Dell Networking Open Automation guide.
Page 840: Configuring Supportassist Using A Configuration Wizard
Dell end user license agreement, available at: www.dell.com/aeula, you agree to allow Dell to provide remote monitoring services of your IT environment and you give Dell the right to collect the Collected Data in accordance with Dells Privacy Policy, available at: www.dell.com/privacypolicycountryspecific,...
Page 841 If you are downloading SupportAssist on behalf of a company or other legal entity, you are further certifying to Dell that you have appropriate authority to provide this consent on behalf of that entity. If you do not consent to the collection, transmission and/or use of the Collected Data, you may not download, install or otherwise use SupportAssist.
Page 842: Configuring Supportassist Activity
{full-transfer | core-transfer} start now Dell#support-assist activity full-transfer start now Dell#support-assist activity core-transfer start now Configuring SupportAssist Activity SupportAssist Activity mode allows you to configure and view the action-manifest file for a specific activity. To configure SupportAssist activity, use the following commands.
Page 843: Configuring Supportassist Company
Configure the address information for the company. SUPPORTASSIST COMPANY mode [no] address [city company-city] [{province | region | state} name] [country company-country] [{postalcode | zipcode] company-code] Dell(conf-supportassist-cmpy-test)#address city MyCity state MyState country MyCountry Dell(conf-supportassist-cmpy-test)# Configure the street address information for the company. SUPPORTASSIST COMPANY mode [no] street-address {address1}[address2]…[address8]...
Page 844: Configuring Supportassist Person
Configure the time frame for contacting the person. SUPPORTASSIST PERSON mode [no] time-zone zone +-HH:MM[start-time HH:MM] [end-time HH:MM] Dell(conf-supportassist-pers-john_doe)#time-zone zone +01:24 start-time 12:00 end-time 23:00 Dell(conf-supportassist-pers-john_doe)# Configuring SupportAssist Server SupportAssist Server mode allows you to configure server name and the means of reaching the server. By default, a SupportAssist server URL has been configured on the device.
Page 845: Viewing Supportassist Configuration
SUPPORTASSIST SERVER mode [no] proxy-ip-address {ipv4-address | ipv6-address}port port-number [ username userid password [encryption-type] password ] Dell(conf-supportassist-serv-default)#proxy-ip-address 10.0.0.1 port 1024 username test password 0 test1 Dell(conf-supportassist-serv-default)# Enable communication with the SupportAssist server. SUPPORTASSIST SERVER mode [no] enable Dell(conf-supportassist-serv-default)#enable Dell(conf-supportassist-serv-default)# Configure the URL to reach the SupportAssist remote server.
Page 846 Dell end user license agreement, available at: www.dell.com/aeula, you agree to allow Dell to provide remote monitoring services of your IT environment and you give Dell the right to collect the Collected Data in accordance with Dells Privacy Policy, available at: www.dell.com/privacypolicycountryspecific, in order to enable the performance of all of the various functions of SupportAssist during your entitlement to receive related repair services from Dell,.
Page 847: System Time And Date
System time and date settings and the network time protocol (NTP) are supported on Dell Networking OS. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings.
Page 848: Protocol Overview
Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP host with which to synchronize and serve as a client to the NTP host.
Page 849: Enabling Ntp
NTP is disabled by default. To enable NTP, specify an NTP server to which the Dell Networking system synchronizes. To specify multiple servers, enter the command multiple times. You may specify an unlimited number of servers at the expense of CPU resources.
Page 850: Disabling Ntp On An Interface
Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, Dell Networking OS drops any NTP packets sent to that interface. To disable NTP on an interface, use the following command.
Page 851 CONFIGURATION mode ntp authenticate Set an authentication key. CONFIGURATION mode ntp authentication-key number md5 key Configure the following parameters: • number: the range is from 1 to 4294967295. This number must be the same as the number in the ntp trusted-key command.
Page 852 Filter dispersion — the error in calculating the minimum delay from a set of sample data from a peer. To view the NTP configuration, use the show running-config ntp command in EXEC privilege mode. The following example shows an encrypted authentication key (in bold). All keys are encrypted. Dell#show running ntp ntp authenticate ntp authentication-key 345 md5 5A60910F3D211F02 ntp server 11.1.1.1 version 3...
Page 853: Configuring A Custom-Defined Period For Ntp Time Synchronization
The range for threshold-value is from 0 to 999. Dell(conf)#ntp offset-threshold 9 Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings.
Page 854: Setting The Timezone
Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis.
Page 855: Setting Recurring Daylight Saving Time
60 minutes. Example of the clock summer-time Command Dell(conf)#clock summer-time pacific date Mar 14 2009 00:00 Nov 7 2009 00:00 Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar 14 2009;Summer time ends 00:00:00 pacific Sat Nov 7 2009"...
Page 856 Examples of the clock summer-time recurring Command The following example shows the clock summer-time recurring command. Dell(conf)#clock summer-time pacific recurring Mar 14 2009 00:00 Nov 7 2009 00:00 ? Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar 14 2009;Summer time ends 00:00:00 pacific Sat Nov 7 2009"...
Page 857: Tunneling
If the tunnel mode is IPv6 or IPIP, you can use either an IPv6 address or an IPv4 address for the logical address of the tunnel, but in IPv6IP mode, the logical address must be an IPv6 address. The following sample configuration shows a tunnel configured in IPv6 mode (carries IPv6 and IPv4 traffic). Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#tunnel source 30.1.1.1 Dell(conf-if-tu-1)#tunnel destination 50.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#ip address 1.1.1.1/24...
Page 858: Configuring Tunnel Keepalive Settings
Dell(conf-if-tu-1)#ipv6 address 1abd::1/64 Dell(conf-if-tu-1)#ip address 1.1.1.1/24 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#tunnel keepalive 1.1.1.2 attempts 4 interval 6 Dell(conf-if-tu-1)#show config interface Tunnel 1 ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel destination 40.1.1.2 tunnel source 40.1.1.1 tunnel keepalive 1.1.1.2 attempts 4 interval 6...
Page 859: Configuring Tunnel Allow-Remote Decapsulation
The following sample configuration shows how to use the interface tunnel configuration commands. Dell(conf-if-gi-1/1)#show config interface GigabitEthernet 1/1 ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered gigabitethernet 1/1 Dell(conf-if-tu-1)#ipv6 unnumbered gigabitethernet 1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config interface Tunnel 1...
Page 860 interface Tunnel 1 ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel source anylocal tunnel allow-remote 40.1.1.2 tunnel mode ipip decapsulate-any no shutdown Tunneling...
Page 861: Uplink Failure Detection (Ufd)
Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. Feature Description A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connectivity, downstream devices also lose their connectivity.
Page 862: How Uplink Failure Detection Works
Figure 119. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
Page 863: Ufd And Nic Teaming
Figure 120. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the upstream port bandwidth to the downstream port bandwidth in the same uplink-state group.
Page 864: Configuring Uplink Failure Detection
• If one of the upstream interfaces in an uplink-state group goes down, either a user-configurable set of downstream ports or all the downstream ports in the group are put in an Operationally Down state with an UFD Disabled error. The order in which downstream ports are disabled is from the lowest numbered port to the highest.
Page 865: Clearing A Ufd-Disabled Interface
(Optional) Enable auto-recovery so that UFD-disabled downstream ports in the uplink-state group come up when a disabled upstream port in the group comes back up. UPLINK-STATE-GROUP mode downstream auto-recover The default is auto-recovery of UFD-disabled downstream ports is enabled. To disable auto-recovery, use the no downstream auto-recover command. (Optional) Enter a text description of the uplink-state group.
Page 866: Displaying Uplink Failure Detection
3/50 02:36:43: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Te 3/51 02:36:43: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 3/49 02:36:43: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 3/50 02:36:43: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 3/51 02:37:29: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Gi 1/7 02:37:29: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Gi 1/7 02:37:29 : UFD: Group:3, UplinkState: DOWN...
Page 867 Status: Enabled, Up Uplink State Group: 7 Status: Enabled, Up Uplink State Group: 16 Status: Disabled, Up Dell# show uplink-state-group 16 Uplink State Group: 16 Status: Disabled, Up Dell#show uplink-state-group detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled...
Page 868: Sample Configuration: Uplink Failure Detection
Dell(conf)# uplink-state-group 3 00:08:11: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed uplink state group Admin state to up: Group 3 Dell(conf-uplink-state-group-3)# downstream gigabitethernet 1/1-2,5,9,11-12 Dell(conf-uplink-state-group-3)# downstream disable links 2 Dell(conf-uplink-state-group-3)# upstream gigabitethernet 1/3-4 00:10:00: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Gi 1/1...
Page 869 Dell# 00:13:06: %STKUNIT0-M:CP %SYS-5-CONFIG_I: Configured from console by console Dell# show running-config uplink-state-group uplink-state-group 3 description Testing UFD feature downstream disable links 2 downstream GigabitEthernet 1/1-2,5,9,11-12 upstream GigabitEthernet 1/3-4 Dell# show uplink-state-group 3 Uplink State Group: 3 Status: Enabled, Up...
Page 870: Upgrade Procedures
Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes.
Page 871: Virtual Lans (Vlans)
Bulk Configuration in the Interfaces chapter. • VLAN Stacking in the Service Provider Bridging chapter. For a complete listing of all commands related to Dell Networking OS VLANs, refer to these Dell Networking OS Command Reference Guide chapters: • Interfaces •...
Page 872: Default Vlan
T Gi 1/1 Port-Based VLANs Port-based VLANs are a broadcast domain defined by different ports or interfaces. In Dell Networking OS, a port-based VLAN can contain interfaces from different line cards within the chassis. Dell Networking OS supports 4094 port-based VLANs.
Page 873: Vlans And Port Tagging
Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination and source MAC addresses. That information is preserved as the frame moves through the network. The following example shows the structure of a frame with a tag header.
Page 874: Assigning Interfaces To A Vlan
(T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use the following commands.
Page 875: Moving Untagged Interfaces
Inactive Active Po1(So 0/0-1) Gi 1/1 Active Po1(So 0/0-1) Gi 1/2 Dell#config Dell(conf)#interface vlan 4 Dell(conf-if-vlan)#tagged po 1 Dell(conf-if-vlan)#show conf interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs...
Page 876: Assigning An Ip Address To A Vlan
You cannot assign an IP address to the Default VLAN (VLAN 1). To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command. In Dell Networking OS, you can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic. For more information, refer to Bulk Configuration.
Page 877: Enabling Null Vlan As The Default Vlan
This presents a vulnerability because both interfaces are initially placed in the native VLAN, VLAN 1, and for that period customers are able to access each other's networks. Dell Networking OS has a Null VLAN to eliminate this vulnerability. When you enable the Null VLAN, all ports are placed into it by default, so even if you activate the physical ports of multiple customers, no traffic is allowed to traverse the links until each port is place in another VLAN.
Page 878: Virtual Link Trunking (Vlt)
Virtual Link Trunking (VLT) Virtual link trunking (VLT) allows physical links between two Dell switches to appear as a single virtual link to the network core or other switches such as Edge, Access, or top-of-rack (ToR). As a result, the two physical switches appear as a single switch to the connected devices.
Page 879 Figure 123. VLT providing multipath VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology. To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol. After VLT is established, you may use rapid spanning tree protocol (RSTP) to prevent loops from forming with new links that are incorrectly connected and outside the VLT domain.
Page 880 Agility in VM Migration under VLT domain. CAUTION: Dell Networking does not recommend enabling Stacking and VLT simultaneously. If you enable both features at the same time, unexpected behavior may occur. As shown in the following example, VLT presents a single logical Layer 2 domain from the perspective of attached devices that have a virtual link trunk terminating on separate chassis in the VLT domain.
Page 881: Vlt Terminology
End devices (such as switches, servers, and so on) connected to a VLT domain consider the two VLT peers as a single logical switch. • Although VLT does not require spanning tree protocols, Dell Networking recommends enabling RSTP before configuring VLT to avoid possible loops from forming due to incorrect configuration.
Page 882: Layer-2 Traffic In Vlt Domains
Layer-2 Traffic in VLT Domains In a VLT domain, the MAC address of any host connected to the VLT peers is synchronized between the VLT nodes. In the following example, VLAN 10 is spanned across three VLT domains. Figure 125. Layer-2 Traffic in VLT Domains If Host 1 from a VLT domain sends a frame to Host 2 in another VLT domain, the frame can use any link shown to reach Host 2.
Page 883: Interspersed Vlans
Interspersed VLANs In Dell Networking OS, the same VLAN across many racks can be extended by configuring layer-3 VLANs across the VLT nodes and the ToR switches. Spanning the VLANs in an eVLT architecture could interconnect and aggregate multiple racks with the same VLAN. With routed VLT, you can configure a VLAN as layer 3 in a VLT domain and as layer 2 VLAN in all other VLT domains.
Page 884: Enhanced Vlt
Figure 126. VLT on Core Switches The aggregation layer is mostly in the L2/L3 switching/routing layer. For better resiliency in the aggregation, Dell Networking recommends running the internal gateway protocol (IGP) on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system.
Page 885: Configure Virtual Link Trunking
PVST Configuration. • Dell Networking strongly recommends that the VLTi (VLT interconnect) be a static LAG and that you disable LACP on the VLTi. • Ensure that the spanning tree root bridge is at the Aggregation layer. Refer to RSTP and VLT for guidelines to avoid traffic loss, if you enable RSTP on the VLT device.
Page 886: Configuration Notes
VLT port-channel link between the VLT peer connected to the source and ToR is down, traffic is duplicated due to route inconsistency between peers. To avoid this scenario, Dell Networking recommends configuring both the source and the receiver on a spanned VLT VLAN.
Page 887 • If the size of the MTU for VLTi members is less than 1496 bytes, MAC addresses may not synchronize between VLT peers. Dell Networking does not recommend using an MTU size lower than the default of 1554 bytes for VLTi members.
Page 888 Enable Layer 3 VLAN connectivity VLT peers by configuring a VLAN network interface for the same VLAN on both switches. • Dell Networking does not recommend enabling peer-routing if the CAM is full. To enable peer-routing, a minimum of two local DA spaces for wild-card functionality are required.
Page 889: Primary And Secondary Vlt Peers
• VRRP elects the router with the highest priority as the master in the VRRP group. To ensure VRRP operation in a VLT domain, configure VRRP group priority on each VLT peer so that a peer is either the master or backup for all VRRP groups configured on its interfaces.
Page 890: Vlt Bandwidth Monitoring
• Configure any ports at the edge of the spanning tree’s operating domain as edge ports, which are directly connected to end stations or server racks. Disable RSTP on ports connected directly to Layer 3-only routers not running STP or configure them as edge ports. •...
Page 891: Vlt Port Delayed Restoration
VLT Port Delayed Restoration When a VLT node boots up, if the VLT ports have been previously saved in the start-up configuration, they are not immediately enabled. To ensure MAC and ARP entries from the VLT per node are downloaded to the newly enabled VLT node, the system allows time for the VLT ports on the new node to be enabled and begin receiving traffic.
Page 892 Figure 128. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches.
Page 893: Vlt Routing
Each VLT peer runs its own PIM protocol independently of other VLT peers. To ensure the PIM protocol states or multicast routing information base (MRIB) on the VLT peers are synced, if the incoming interface (IIF) and outgoing interface (OIF) are Spanned, the multicast route table is synced between the VLT peers.
Page 894 Figure 129. Packets without peer routing enabled If you enable peer routing, a VLT node acts as a proxy gateway for its connected VLT peer as shown in the image below. Even though the gateway address of the packet is different, Peer-1 routes the packet to its destination on behalf of Peer-2 to avoid sub-optimal routing. Figure 130.
Page 895 • You can reduce the number of VLTi port channel members based on your specific design. With peer routing, you need not configure VRRP for the participating VLANs. As both VLT nodes act as a gateway for its peer, irrespective of the gateway IP address, the traffic flows upstream without any latency.
Page 896: Non-Vlt Arp Sync
The advantages of syncing the multicast routes between VLT peers are: • VLT resiliency — After a VLT link or peer failure, if the traffic hashes to the VLT peer, the traffic continues to be routed using multicast until the PIM protocol detects the failure and adjusts the multicast distribution tree. •...
Page 897: Rstp Configuration
Run RSTP on both VLT peer switches. The primary VLT peer controls the RSTP states, such as forwarding and blocking, on both the primary and secondary peers. Dell Networking recommends configuring the primary VLT peer as the RSTP primary root device and configuring the secondary VLT peer as the RSTP secondary root device.
Page 898: Configuring Vlt
Configuring VLT To configure VLT, use the following procedure. Prerequisites: Before you begin, make sure that both VLT peer switches are running the same Dell Networking OS version and are configured for RSTP as described in the RSTP Configuration section. For VRRP operation, ensure that you configure VRRP groups and L3 routing on each VLT...
Page 899 Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: • For a 1-GigabitEthernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. Ensure that the port channel is active.
Page 900 VLT DOMAIN CONFIGURATION mode primary-priority value The priority values are from 1 to 65535. The default is 32768. If the primary peer fails, the secondary peer (with the higher priority) takes the primary role. If the primary peer (with the lower priority) later comes back online, it is assigned the secondary role (there is no preemption).
Page 901 Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. (Optional) When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch.
Page 902 Connecting a VLT Domain to an Attached Access Device (Switch or Server) To connect a VLT domain to an attached access device, use the following commands. On a VLT peer switch: To connect to an attached device, configure the same port channel ID number on each peer switch in the VLT domain.
Page 903 You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. When you create a VLT domain on a switch, Dell Networking OS automatically creates a VLT-system MAC address used for internal system operations.
Page 904 When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch. To explicitly configure the default values on each peer switch, use the following command.
Page 905 NOTE: To benefit from the protocol negotiations, Dell Networking recommends configuring VLTs used as facing hosts/ switches with LACP. Ensure both peers use the same port channel ID. Configure the peer-link port-channel in the VLT domains of each peer unit.
Page 906 Example of Configuring VLT In the following sample VLT configuration steps, VLT peer 1 is Dell-2, VLT peer 2 is Dell-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers.
Page 907 In the Top of Rack unit, configure LACP in the physical ports (shown for VLT peer 1 only. Repeat steps for VLT peer 2. The bold vlt- peer-lag port-channel 2 indicates that port-channel 2 is the port-channel id configured in VLT peer 2). Dell-2#show running-config interface gigabitethernet 1/4 interface GigabitEthernet 1/4...
Page 908: Pvst+ Configuration
Secondary peer does not control the VLT-LAGs. Dell Networking recommends configuring the primary VLT peer as the primary root device for all the configured PVST+ Instances and configuring the secondary VLT peer as the secondary root device for all the configured PVST+ Instances.
Page 909: Peer Routing Configuration Example
Dell-1 is configured as the VLT primary. • As the Router ID of Dell-1 is the highest in the topology (highest loopback address of 172.17.1.1), Dell-1 is the OSPF Designated Router. • As the Router ID of Dell-2 is the second highest in the topology (172.16.1.1), Dell-2 is the OSPF Backup Designated Router.
Page 910: Dell-1 Switch Configuration
Figure 131. Peer Routing Configuration Example Dell-1 Switch Configuration In the following output, RSTP is enabled with a bridge priority of 0. This ensures that Dell-1 becomes the root bridge. Dell#1#show run | find protocol protocol spanning-tree pvst no disable vlan 1,20,800,900 bridge-priority 0 The following output shows the existing VLANs.
Page 911 Used_for_VLT_Keepalive ip address 10.10.10.1/24 no shutdown (The management interfaces are part of a default VRF and are isolated from the switch’s data plane.) In Dell-1, te 0/0 and te 0/1 are used for VLTi. Dell#1#sh run int te0/0 interface TenGigabitEthernet 0/0...
Page 912 2 no shutdown Vlan 20 is used in Dell-1, Dell-2, and R1 to form OSPF adjacency. When OSPF is converged, the routing tables in all devices are synchronized. Dell#1#sh run int vlan 20 interface Vlan 20 description OSPF PEERING VLAN ip address 192.168.20.1/29...
Page 913 While the passive-interface default command prevents all interfaces from establishing an OSPF neighborship, the no passive-interface vlan 20 command enables the interface for VLAN 20, the OSPF peering VLAN, to establish OSPF adjacencies. The following output displays that Dell-1 forms neighborship with Dell-2 and R1. Dell#1#show ip ospf neighbor...
Page 914: Dell-2 Switch Configuration
00001A The above output shows that the 90:b1:1c:f4:2c:bd MAC address belongs to Dell-1. The 90:b1:1c:f4:29:f3 MAC address belongs to Dell-2. Also note that these MAC addresses are marked with LOCAL_DA. This means, these are the local destination MAC addresses used by hosts when routing is required.
Page 915 2 no shutdown Vlan 20 is used in Dell-1, Dell-2, and R1 to form OSPF adjacency. When OSPF is converged, the routing tables in all devices are synchronized. Dell-2#sh run int vlan 20 interface Vlan 20 description OSPF PEERING VLAN ip address 192.168.20.2/29...
Page 916 The peer-routing command enables peer routing between VLT peers in VLT domain 1. The IP address configured with the backup- destination command is the management IP address of the VLT peer (Dell-1). A priority value of 55000 makes Dell-2 as the secondary VLT peer.
Page 917: R1 Configuration
Vl 20 172.15.1.1 FULL/DROTHER 00:00:33 192.168.20.3 Vl 20 The following output displays the routes learned using OSPF. Dell-2 also learns the routes to the loopback addresses on R1 through OSPF. Dell-2#show ip route ospf Destination Gateway Dist/Metric Last Change -----------...
Page 918: Access Switch A1 Configurations And Verification
3.3.3.0 0.0.0.255 area 0 network 4.4.4.0 0.0.0.255 area 0 (The above subnets correspond to loopback interfaces lo2, lo3 and lo4. These three loopback interfaces are advertised to the VLT pair, Dell#1 and Dell#2) network 172.15.1.0 0.0.0.255 area 0 network 192.168.20.0 0.0.0.7 area 0...
Page 919: Evlt Configuration Example
Dell#2’s MAC address as the destination address in the Ethernet frame’s header When A1 sends a packet to R1, the VLT peers act as the default gateway for each other. If the packet reaches Dell-1, irrespective of the default gateway used, Dell-1 routes the packet to R1.
Page 920 Domain_1_Peer1(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer1(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 1. Domain_1_Peer1(conf)#interface range gigabitethernet 1/16 - 1/17 Domain_1_Peer1(conf-if-range-gi-1/16-17)# port-channel-protocol LACP Domain_1_Peer1(conf-if-range-gi-1/16-17)# port-channel 100 mode active Domain_1_Peer1(conf-if-range-gi-1/16-17)# no shutdown Next, configure the VLT domain and VLTi on Peer 2. Domain_1_Peer2#configure Domain_1_Peer2(conf)#interface port-channel 1 Domain_1_Peer2(conf-if-po-1)# channel-member GigabitEthernet 1/8-1/9...
Page 921: Pim-Sparse Mode Configuration Example
Domain_1_Peer4#no shutdown Domain_2_Peer4(conf)#vlt domain 200 Domain_2_Peer4(conf-vlt-domain)# peer-link port-channel 1 Domain_2_Peer4(conf-vlt-domain)# back-up destination 10.18.130.12 Domain_2_Peer4(conf-vlt-domain)# system-mac mac-address 00:0b:00:0b:00:0b Domain_2_Peer4(conf-vlt-domain)# peer-routing Domain_2_Peer4(conf-vlt-domain)# unit-id 1 Configure eVLT on Peer 4. Domain_2_Peer4(conf)#interface port-channel 100 Domain_2_Peer4(conf-if-po-100)# switchport Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4. Domain_2_Peer4(conf)#interface range gigabitethernet 1/31 - 1/32 Domain_2_Peer4(conf-if-range-gi-1/31-32)# port-channel-protocol LACP Domain_2_Peer4(conf-if-range-gi-1/31-32)# port-channel 100 mode active...
Page 922: Verifying A Vlt Configuration
Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode show vlt backup-link •...
Page 923 HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: 34998 HeartBeat Messages Sent: 1030 HeartBeat Messages Received: 1014 The following example shows the show vlt brief command. Dell#show vlt brief VLT Domain Brief ------------------ Domain ID Role : Secondary Role Priority : 32768...
Page 924 VLT Role ---------- VLT Role: Secondary System MAC address: 00:01:e8:8a:df:bc System Role Priority: 32768 Local System MAC address: 00:01:e8:8a:df:e6 Local System Role Priority: 32768 The following example shows the show running-config vlt command. Dell_VLTpeer1# show running-config vlt vlt domain 30 peer-link port-channel 60 back-up destination 10.11.200.18 Dell_VLTpeer2# show running-config vlt...
Page 925: Additional Vlt Sample Configurations
Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e88a.dff8 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e88a.dff8 We are the root Configured hello time 2, max age 20, forward delay 15 Interface Designated Name...
Page 926 NUM Status Description Q Ports Active U Po110(Te 1/51) T Po100(Te 1/49,50) Configuring Virtual Link Trunking (VLT Peer 2) Enable VLT and create a VLT domain with a backup-link VLT interconnect (VLTi). Dell_VLTpeer2(conf)#vlt domain 999 Dell_VLTpeer2(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer2(conf-vlt-domain)#back-up destination 10.11.206.23 Dell_VLTpeer2(conf-vlt-domain)#exit Configure the backup link.
Page 927: Troubleshooting Vlt
Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 92. Troubleshooting VLT Description Behavior at Peer Up...
Page 928: Reconfiguring Stacked Switches As Vlt
Description Behavior at Peer Up Behavior During Run Time Action to Take information, refer to the Release Notes for this release. VLT LAG ID is not configured on A syslog error message is A syslog error message is Verify the VLT LAG ID is one VLT peer generated.
Page 929: Association Of Vlti As A Member Of A Pvlan
Keep the following points in mind when you configure VLT nodes in a PVLAN: • Configure the VLTi link to be in trunk mode. Do not configure the VLTi link to be in access or promiscuous mode. • You can configure a VLT LAG or port channel to be in trunk, access, or promiscuous port modes when you include the VLT LAG in a PVLAN.
Page 930: Pvlan Operations When One Vlt Peer Is Down
PVLAN Operations When One VLT Peer is Down When a VLT port moves to the Admin or Operationally Down state on only one of the VLT nodes, the VLT Lag is still considered to be up. All the PVLAN MAC entries that correspond to the operationally down VLT LAG are maintained as synchronized entries in the device. These MAC entries are removed when the peer VLT LAG also becomes inactive or a change in PVLAN configuration occurs.
Page 931 Table 93. VLAN Membership and MAC Synchronization With VLT Nodes in PVLAN VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Synchronization Peer1 Peer2 Peer1 Peer2 Trunk Trunk Primary Primary Trunk Trunk Primary Normal Trunk Trunk Normal Normal Promiscuous Trunk Primary...
Page 932: Configuring A Vlt Vlan Or Lag In A Pvlan
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Synchronization Peer1 Peer2 Peer1 Peer2 - Primary VLAN Y - Primary VLAN X Promiscuous Access Primary Secondary Trunk Access Primary/Normal Secondary Configuring a VLT VLAN or LAG in a PVLAN You can configure the VLT peers or nodes in a private VLAN (PVLAN).
Page 933: Associating The Vlt Lag Or Vlt Vlan In A Pvlan
Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number (Optional) To configure a VLT LAG, enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down.
Page 934: Proxy Arp Capability On Vlt Peer Nodes
• Specified with this command even before they have been created. • Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for the other router in a VLT domain.
Page 935: Vlt Nodes As Rendezvous Points For Multicast Resiliency
When a VLT node detects peer up, it does not perform proxy ARP for the peer IP addresses. IP address synchronization occurs again between the VLT peers. Proxy ARP is enabled only if you enable peer routing on both the VLT peers. If you disable peer routing by using the no peer- routingcommand in VLT DOMAIN node, a notification is sent to the VLT peer to disable the proxy ARP.
Page 936 Configure the VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown...
Page 937 Dell#show running-config interface port-channel 20 interface Port-channel 20 no ip address switchport vlan-stack trunk vlt-peer-lag port-channel 20 no shutdown Dell# Configure the VLAN as a VLAN-Stack VLAN and add the VLT LAG as Members to the VLAN Dell(conf)#interface vlan 50...
Page 938 Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 interface Port-channel 20...
Page 939: Ipv6 Peer Routing In Vlt Domains Overview
IPv6 Peer Routing in VLT Domains Overview VLT enables the physical links between two devices that are called VLT nodes or peers, and within a VLT domain, to be considered as a single logical link to external devices that are connected using LAG bundles to both the VLT peers. This capability enables redundancy without the implementation of Spanning tree protocol (STP), thereby providing a loop-free network with optimal bandwidth utilization.
Page 940: Synchronization Of Ipv6 Nd Entries In A Non-Vlt Domain
Synchronization of IPv6 ND Entries in a Non-VLT Domain Layer 3 VLT provides a higher resiliency at the Layer 3 forwarding level. Routed VLT allows you to replace VRRP with routed VLT to route the traffic from Layer 2 access nodes. With ND synchronization, both the VLT nodes perform Layer 3 forwarding on behalf of each other. Synchronization of NDPM entries learned on non-VLT interfaces between the non-VLT nodes.
Page 941: Sample Configuration Of Ipv6 Peer Routing In A Vlt Domain
Figure 133. Sample Configuration of IPv6 Peer Routing in a VLT Domain Sample Configuration of IPv6 Peer Routing in a VLT Domain Consider a sample scenario as shown in the following figure in which two VLT nodes, Unit1 and Unit2, are connected in a VLT domain using an ICL or VLTi link.
Page 942 Figure 134. Sample Configuration of IPv6 Peer Routing in a VLT Domain Neighbor Solicitation from VLT Hosts Consider a case in which NS for VLT node1 IP reaches VLT node1 on the VLT interface and NS for VLT node1 IP reaches VLT node2 due to LAG level hashing in the ToR.
Page 943 Consider a situation in which NA for VLT node1 reaches VLT node1 on a non-VLT interface and NA for VLT node1 reaches VLT node2 on a non-VLT interface. When VLT node1 receives NA on a VLT interface, it learns the Host MAC address on the received interface. This learned neighbor entry is synchronized to VLT node2 as it is learned on ICL.
Page 944 Non-VLT host to Non-VLT host traffic flow When VLT node receives traffic from non-VLT host intended to the non-VLT host, it does neighbor entry lookup and routes traffic over ICL interface. If traffic reaches wrong VLT peer, it routes the traffic over ICL. Router Solicitation When VLT node receives router Solicitation on VLT interface/non-VLT interface it consumes the packets and will send RA back on the received interface.
Page 945: Vlt Proxy Gateway
The virtual link trucking (VLT) proxy gateway feature allows a VLT domain to locally terminate and route L3 packets that are destined to a Layer 3 (L3) end point in another VLT domain. Enable the VLT proxy gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide. Topics: •...
Page 946: Guidelines For Enabling The Vlt Proxy Gateway
Figure 135. Sample Configuration for a VLT Proxy Gateway Guidelines for Enabling the VLT Proxy Gateway Keep the following points in mind when you enable a VLT proxy gateway: • Proxy gateway is supported only for VLT; for example, across a VLT domain. •...
Page 947: Enable Vlt Proxy Gateway
TLV. • Dell Networking devices not configured with VLT proxy gateway process standard TLVs and ignore TLVs configured with VLT proxy gateway. The LLDP organizational TLV passes local destination MAC address information to peer VLT domain devices so they can act as a proxy gateway.
Page 948 • You must configure the interface proxy gateway LLDP to enable or disable a proxy-gateway LLDP TLV on specific interfaces. • The interface is typically a VLT port-channel that connects to a remote VLT domain. • The new proxy gateway TLV is carried on the physical links under the port channel only. •...
Page 949: Lldp Vlt Proxy Gateway In A Square Vlt Topology
C and D (VLT domain 1) and C1 and D1 (VLT domain 2). This behavior is applicable only in the LLDP configuration and not required in the static configuration. Sample Configuration Dell(conf-vlt-domain)#proxy-gateway lldp Dell(conf-vlt-domain-pxy-gw-lldp)#vlt-peer-mac transmit • Assume the inter-chassis link (ICL) between C1 and D1 is shutdown and if D1 is the secondary VLT, one half of the inter DC link goes down.
Page 950: Configuring A Static Vlt Proxy Gateway
VLT domains [C and D in VLT domain 1 and C1 and D1 in VLT domain 2]. Sample Configuration LLDP Method Dell(conf-vlt-domain)#proxy-gateway ll Dell(conf-vlt-domain-pxy-gw-lldp)#peer-domain-link port-channel 1 exclude-vlan 10 Sample Configuration Static Method Dell(conf-vlt-domain)#proxy-gateway static Dell(conf-vlt-domain-pxy-gw-static)#remote-mac-address <xx:xx:xx:xx:xx:xx> exclude-vlan 10 •...
Page 951: Vlt Domain Configuration
VLT Domain Configuration Dell-1 and Dell-2 constitute VLT domain 120. Dell-3 and Dell-4 constitute VLT domain 110. These two VLT domains are connected using a VLT LAG P0 50. To know how to configure the interfaces in VLT domains, see the Configuring VLT section.
Page 952: Dell-2 Vlt Configuration
1 router-id 4.4.4.4 network 10.10.100.0/30 area 0 network 10.10.101.0/30 area 0 The following output shows that Dell-2 and VLT domain 110 form OSPF neighborship with Dell-1. Dell-1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface Area 2.2.2.2...
Page 953: Dell-3 Vlt Configuration
! proxy-gateway static remote-mac-address 00:01:e8:d8:93:07 remote-mac-address 00:01:e8:d8:93:e5 These MAC addresses are the system L2 interface addresses for each switch at the remote site, Dell-1 and Dell-2. interface TenGigabitEthernet 0/8 description "To Dell-1 10Gb" no ip address interface TenGigabitEthernet 0/9 description "To Dell-1 10Gb"...
Page 954: Dell-4 Vlt Configuration
! proxy-gateway static remote-mac-address 00:01:e8:d8:93:07 remote-mac-address 00:01:e8:d8:93:e5 These MAC addresses are the system L2 interface addresses for each switch at the remote site, Dell-1 and Dell-2. interface Vlan 102 description ospf peering vlan to DELL-3 ip address 10.10.102.2/30 ip ospf network point-to-point no shutdown The following is the OSPF configuration on Dell-4.
Page 955: Virtual Routing And Forwarding (Vrf)
Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist within the same router at the same time.
Page 956: Vrf Configuration Notes
VRF supports route redistribution between routing protocols (including static routes) only when the routes are within the same VRF. Dell Networking OS uses both the VRF name and VRF ID to manage VRF instances. The VRF name and VRF ID number are assigned using the ip vrf command.
Page 957 If the next-hop IP in a static route VRF statement is VRRP IP of another VRF, this static route does not get installed on the VRRP master. VRF supports some routing protocols only on the default VRF (default-vrf) instance. Table 1 displays the software features supported in VRF and whether they are supported on all VRF instances or only the default VRF.
Page 958: Dhcp
Feature/Capability Support Status for Default VRF Support Status for Non-default VRF OSPFv3 IS-IS Multicast DHCP DHCP requests are not forwarded across VRF instances. The DHCP client and server must be on the same VRF instance. VRF Configuration The VRF configuration tasks are: Enabling VRF in Configuration Mode Creating a Non-Default VRF Assign an Interface to a VRF...
Page 959: Assigning An Interface To A Vrf
Assigning an Interface to a VRF You must enter the ip vrf forwarding command before you configure the IP address or any other setting on an interface. NOTE: You can configure an IP address or subnet on a physical or VLAN interface that overlaps the same IP address or subnet configured on another interface only if the interfaces are assigned to different VRFs.
Page 960: Assigning An Ospf Process To A Vrf Instance
show ip vrf [vrf-name] Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. See the Open Shortest Path First (OSPFv2) chapter for complete OSPF configuration information. Assign an OSPF process to a VRF instance . Return to CONFIGURATION mode to enable the OSPF process. The OSPF Process ID is the identifying number assigned to the OSPF process, and the Router ID is the IP address associated with the OSPF process.
Page 961: Configuring Management Vrf
Task Command Syntax Command Mode 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 43, Gratuitous ARP sent: 0 Virtual MAC address: 00:00:5e:00:01:0a Virtual IP address: 10.1.1.100 Authentication: (none) Configuring Management VRF You can assign a management interface to a management VRF.
Page 962: Configuring A Static Route
Configuring a Static Route • Configure a static route that points to a management interface. CONFIGURATION management route ip-address mask managementethernet ormanagement route ipv6-address prefix- length managementethernet You can also have the management route to point to a front-end port in case of the management VRF. For example: management route 2::/64 gigabitethernet 1/1 .
Page 963 Figure 140. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface GigabitEthernet 3/1 no ip address switchport no shutdown interface GigabitEthernet 1/1 ip vrf forwarding blue ip address 10.0.0.1/24...
Page 964 ip vrf forwarding green ip address 30.0.0.1/24 no shutdown interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged GigabitEthernet 3/1 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged GigabitEthernet 3/1 no shutdown interface Vlan 256 ip vrf forwarding green ip address 3.0.0.1/24 tagged GigabitEthernet 3/1...
Page 965 Gi 1/1, Vl 128 orange Gi 1/2, Vl 192 green Gi 1/3, Vl 256 Dell#show ip ospf 1 neighbor Neighbor ID State Dead Time Address Interface Area 1.0.0.2 FULL/DR 00:00:32 1.0.0.2 Vl 128 Dell#sh ip ospf 2 neighbor Neighbor ID...
Page 966 Dell#show ip route vrf orange Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1,...
Page 967: Route Leaking Vrfs
11.0.0.0/24 Direct, Gi 2/1 00:19:46 Dell#show ip route vrf orange Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1,...
Page 968: Dynamic Route Leaking
NOTE: In Dell Networking OS, you can configure at most one route-export per VRF as only one set of routes can be exposed for leaking. However, you can configure multiple route-import targets because a VRF can accept routes from multiple VRFs.
Page 969 ip address ip—address mask A non-default VRF named VRF-Shared is created and the interface 1/4 is assigned to this VRF. Configure the export target in the source VRF:. ip route-export 1:1 Configure VRF-red. ip vrf vrf-red interface-type slot/port ip vrf forwarding VRF-red ip address ip—address mask A non-default VRF named VRF-red is created and the interface is assigned to this VRF.
Page 970 VRF-Green ip vrf VRF-shared ip route-export ip route-import ip route-import Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red 11.1.1.1/32 via 111.1.1.1 110/0 00:00:10 111.1.1.0/24 Direct, Gi 1/11 0/0...
Page 971: Configuring Route Leaking With Filtering
122.2.2.0/24 Direct, VRF-Blue:Gi 1/22 0/0 22:39:61 44.4.4.4/32 via 144.4.4.4 110/0 00:00:11 144.4.4.0/24 Direct, Gi 1/4 00:32:36 Important Points to Remember • If the target VRF conatins the same prefix as either the sourced or Leaked route from some other VRF, then route Leaking for that particular prefix fails and the following error-log is thrown.
Page 972 1:1 import_ospf_protocol !this action accepts only OSPF routes from VRF-red even though both OSPF as well as BGP routes are shared The show VRF commands displays the following output: Dell# show ip route vrf VRF-Blue 122.2.2.0/24 Direct, Gi 1/22 22:39:61 22.2.2.2/32 via 122.2.2.2...
Page 973 44.4.4.4/32 via vrf-red:144.4.4.4 00:32:36 << only OSPF and BGP leaked from VRF-red Important Points to Remember • Only Active routes are eligible for leaking. For example, if VRF-A has two routes from BGP and OSPF, in which the BGP route is not active.
Page 974: Virtual Router Redundancy Protocol (Vrrp)
Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).
Page 975: Vrrp Benefits
Figure 141. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables.
Page 976: Vrrp Configuration
For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID) identifies a VRRP group.
Page 977 Delete a VRRP group. INTERFACE mode no vrrp-group vrid Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#interface gigabitethernet 1/1 Dell(conf-if-gi-1/1)#vrrp-group 111 Dell(conf-if-gi-1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-gi-1/1)#show conf interface GigabitEthernet 1/1 ip address 10.10.10.1/24...
Page 978 Virtual IP address to the VRRP group. The device supports a total of 120 VRRP groups on a switch with Dell Networking OS or a total of 20 VRRP groups when using SFTOS. The S-Series supports varying number of maximum VRRP groups per interface.
Page 979 The range is up to 12 addresses. Examples of the Configuring and Verifying a Virtual IP Address The following example shows how to configure a virtual IP address. Dell(conf-if-gi-1/1-vrid-111)#virtual-address 10.10.10.1 Dell(conf-if-gi-1/1-vrid-111)#virtual-address 10.10.10.2 Dell(conf-if-gi-1/1-vrid-111)#virtual-address 10.10.10.3 The following example shows how to verify a virtual IP address configuration.
Page 980: Configuring Vrrp Authentication
Configuring VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, Dell Networking OS includes the password in its VRRP transmission. The receiving router uses that password to verify the transmission.
Page 981 Examples of the authentication-type Command The bold section shows the encryption type (encrypted) and the password. Dell(conf-if-gi-1/1-vrid-111)#authentication-type ? Dell(conf-if-gi-1/1-vrid-111)#authentication-type simple 7 force10 The following example shows verifying the VRRP authentication configuration using the show conf command. The bold section shows the encrypted password.
Page 982 MASTER. NOTE: To avoid throttling VRRP advertisement packets, Dell Networking OS recommends increasing the VRRP advertisement interval to a value higher than the default value of one second. If you do change the time interval between VRRP advertisements on one router, change it on all participating routers.
Page 983: Show Track
Track an Interface or Object You can set Dell Networking OS to monitor the state of any interface according to the virtual group. Each VRRP group can track up to 12 interfaces and up to 20 additional objects, which may affect the priority of the VRRP group. If the tracked interface goes down, the VRRP group’s priority decreases by a default value of 10 (also known as cost).
Page 984 Examples of Configuring and Viewing the track Command The following example shows how to configure tracking using the track command. Dell(conf-if-gi-1/1)#vrrp-group 111 Dell(conf-if-gi-1/1-vrid-111)#track gigabitethernet 1/2 The following example shows how to verify tracking using the show conf command. Dell(conf-if-gi-1/1-vrid-111)#show conf...
Page 985: Setting Vrrp Initialization Delay
15 minutes, after which VRRP enables normally. NOTE: When you reload a node that contains VRRP configuration and is enabled for VLT, Dell Networking recommends that you configure the reload timer by using the vrrp delay reload command to ensure that VRRP is functional. Otherwise, when you reload a VLT node configured for VRRP, the local destination address is not seen on the reloaded node causing suboptimal routing.
Page 986: Sample Configurations
The default is 0. Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration.
Page 987 Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface gigabitethernet 2/31 R2(conf-if-gi-2/31)#ip address 10.1.1.1/24 R2(conf-if-gi-2/31)#vrrp-group 99 R2(conf-if-gi-2/31-vrid-99)#priority 200 R2(conf-if-gi-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-gi-2/31-vrid-99)#no shut R2(conf-if-gi-2/31)#show conf interface GigabitEthernet 2/31 ip address 10.1.1.1/24 vrrp-group 99 priority 200 virtual-address 10.1.1.3...
Page 988 Figure 143. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following example shows configuring VRRP for IPv6 Router 2 and Router 3.
Page 989: Vrrp In A Vrf Configuration
R2(conf-if-gi-1/1-vrid-10)#virtual-address fe80::10 R2(conf-if-gi-1/1-vrid-10)#virtual-address 1::10 R2(conf-if-gi-1/1-vrid-10)#no shutdown R2(conf-if-gi-1/1)#show config interface GigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 no shutdown R2(conf-if-gi-1/1)#end R2#show vrrp ------------------ GigabitEthernet 1/1, IPv6 VRID: 10, Version: 3, Net:fe80::201:e8ff:fe6a:c59f VRF: 0 default State: Master, Priority: 100, Master: fe80::201:e8ff:fe6a:c59f (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 135...
Page 990 VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two switches. The default gateway to reach the Internet in each VRF is a static route with the next hop being the virtual IP address configured in VRRP.
Page 991 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-gi-1/3-vrid-105)#priority 255 S1(conf-if-gi-1/3-vrid-105)#virtual-address 20.1.1.5 S1(conf-if-gi-1/3)#no shutdown Dell#show vrrp gigabitethernet 2/8 ------------------ GigabitEthernet 2/8, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 0 default State: Master, Priority: 100, Master: 10.1.1.1 (local)
Page 992 S2(conf)#interface GigabitEthernet 1/3 S2(conf-if-gi-1/3)#ip vrf forwarding VRF-3 S2(conf-if-gi-1/3)#ip address 20.1.1.6/24 S2(conf-if-gi-1/3)#vrrp-group 15 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S2(conf-if-gi-1/3-vrid-105)#priority 100 S2(conf-if-gi-1/3-vrid-105)#virtual-address 20.1.1.5 S2(conf-if-gi-1/3)#no shutdown VLAN Scenario In another scenario, to connect to the LAN, VRF-1, VRF-2, and VRF-3 use a single physical interface with multiple tagged VLANs (instead of separate physical interfaces).
Page 993 Dell#show vrrp vrf vrf1 vlan 400 ------------------ Vlan 400, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 278, Gratuitous ARP sent: 1...
Page 994: Vrrp For Ipv6 Configuration
S2(conf-if-vl-300)#no shutdown Dell#show vrrp vrf vrf1 vlan 400 ------------------ Vlan 400, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 278, Gratuitous ARP sent: 1...
Page 995 Figure 145. VRRP for IPv6 Topology NOTE: This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on.
Page 996 Virtual MAC address: 00:00:5e:00:02:0a Virtual IP address: 1::10 fe80::10 Dell#show vrrp gigabitethernet 1/1 GigabitEthernet 1/1, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 0 default State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec...
Page 997 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Dell# Dell#show vrrp vrf vrf1 vlan 400 Vlan 400, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:e9ed VRF: 1 vrf1 State: Master, Priority: 200, Master: fe80::201:e8ff:fe8a:e9ed (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec...
Page 998: Debugging And Diagnostics
Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, Level 0 diagnostics verify the identification registers of the components on the board.
Page 999: Trace Logs
Each trace message provides the date, time, and name of the Dell Networking OS process. All messages are stored in a ring buffer. You can save the messages to a file either manually or automatically after failover.
Page 1000: Hardware Watchdog Timer
Hardware Watchdog Timer The hardware watchdog command automatically reboots an Dell Networking OS switch/router with a single RPM that is unresponsive. This is a last resort mechanism intended to prevent a manual power cycle. Using the Show Hardware Commands The show hardware command tree consists of commands used with the system. These commands display information from a hardware sub-component and from hardware-based feature tables.

Dell S3048-ON Configuration Manual

1 About this Guide

2 Configuration Fundamentals

3 Getting Started

4 Management

6 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)

7 Access Control Lists (Acls)

8 Bidirectional Forwarding Detection (BFD)

9 Border Gateway Protocol Ipv4 (Bgpv4)

10 Content Addressable Memory (CAM)

11 Control Plane Policing (Copp)

12 Dynamic Host Configuration Protocol (DHCP)

Quick Links

Troubleshooting

Related Manuals for Dell S3048-ON

Summary of Contents for Dell S3048-ON