Dell 9.7(0.0) manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Dell 9.7(0.0). Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Dell 9.7(0.0) ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Dell 9.7(0.0) décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Dell 9.7(0.0) devrait contenir:
- informations sur les caractéristiques techniques du dispositif Dell 9.7(0.0)
- nom du fabricant et année de fabrication Dell 9.7(0.0)
- instructions d'utilisation, de réglage et d’entretien de l'équipement Dell 9.7(0.0)
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Dell 9.7(0.0) ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Dell 9.7(0.0) et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Dell en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Dell 9.7(0.0), comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Dell 9.7(0.0), l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Dell 9.7(0.0). À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Dell Networking Configuration Guide for the Z9500 Switch 9.7(0.0)[...]

  • Page 2

    Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 201[...]

  • Page 3

    Contents 1 About this Guide................................................................................................. 33 Audience .............................................................................................................................................. 33 Conventions .......................................................[...]

  • Page 4

    Using Hashes to Validate Software Images ........................................................................................ 53 4 Switch Management.......................................................................................... 55 Configuring Privilege Levels ...........................................................................[...]

  • Page 5

    Restoring Factory-Default Boot Environment Variables .............................................................. 75 5 802.1X................................................................................................................... 78 The Port-Authentication Process ........................................................................[...]

  • Page 6

    Implementation Information ...................................................................................................... 109 Configuration Task List for Prefix Lists ....................................................................................... 109 ACL Resequencing ..................................................................[...]

  • Page 7

    Best Path Selection Criteria ......................................................................................................... 155 Weight .......................................................................................................................................... 157 Local Preference ............................................[...]

  • Page 8

    Filtering BGP Routes Using AS-PATH Information .................................................................... 194 Configuring BGP Route Reflectors ............................................................................................. 195 Aggregating Routes ................................................................................[...]

  • Page 9

    Troubleshooting CPU Packet Loss ............................................................................................. 234 Viewing Per-Protocol CoPP Counters ....................................................................................... 237 Viewing Per-Queue CoPP Counters .............................................................[...]

  • Page 10

    Configuration Example for DSCP and PFC Priorities ................................................................ 264 DCBx Example ............................................................................................................................. 265 DCBx Prerequisites and Restrictions ....................................................[...]

  • Page 11

    Full Kernel Core Dumps .................................................................................................................... 316 Enabling TCP Dumps .........................................................................................................................317 14 Dynamic Host Configuration Protocol (DHCP).................[...]

  • Page 12

    16 FCoE Transit.................................................................................................... 344 Fibre Channel over Ethernet ............................................................................................................ 344 Ensure Robustness in a Converged Ethernet Network .......................................[...]

  • Page 13

    Configuring the Control VLAN ................................................................................................... 373 Configuring and Adding the Member VLANs ............................................................................. 374 Setting the FRRP Timers .......................................................................[...]

  • Page 14

    Designating a Multicast Router Interface ........................................................................................ 396 22 Interfaces......................................................................................................... 397 Basic Interface Configuration ...............................................................[...]

  • Page 15

    Changing the Hash Algorithm .................................................................................................... 417 Bulk Configuration ............................................................................................................................ 418 Interface Range .....................................................[...]

  • Page 16

    Specifying the Local System Domain and a List of Domains ......................................................... 448 Configuring DNS with Traceroute ................................................................................................... 448 ARP ...........................................................................................[...]

  • Page 17

    Configuration Tasks for IPv6 ............................................................................................................. 471 Adjusting Your CAM Profile .........................................................................................................472 Assigning an IPv6 Address to an Interface .............................[...]

  • Page 18

    Configuring Authentication Passwords ..................................................................................... 506 Setting the Overload Bit ............................................................................................................. 506 Debugging IS-IS ....................................................................[...]

  • Page 19

    Configure Redundant Pairs ...............................................................................................................535 Important Points about Configuring Redundant Pairs .............................................................. 537 Far-End Failure Detection .................................................................[...]

  • Page 20

    32 Multicast Source Discovery Protocol (MSDP)........................................... 570 Protocol Overview ............................................................................................................................ 570 Anycast RP ...................................................................................................[...]

  • Page 21

    Modifying the Interface Parameters ................................................................................................. 601 Configuring an EdgePort .................................................................................................................. 602 Flush MAC Addresses after a Topology Change ..........................[...]

  • Page 22

    Assigning Area ID on an Interface .............................................................................................. 647 Assigning OSPFv3 Process ID and Router ID Globally .............................................................. 648 Configuring Stub Areas ............................................................................[...]

  • Page 23

    PBR Exceptions (Permit) ............................................................................................................. 680 Sample Configuration .......................................................................................................................683 Create the Redirect-List GOLDAssign Redirect-List GOLD to Interface [...]

  • Page 24

    43 Quality of Service (QoS)................................................................................ 718 Implementation Information ............................................................................................................ 718 Port-Based QoS Configurations ....................................................................[...]

  • Page 25

    RIP Configuration Example ......................................................................................................... 757 45 Remote Monitoring (RMON)........................................................................ 763 Implementation Information ...................................................................................[...]

  • Page 26

    RADIUS Authentication and Authorization ................................................................................ 800 Configuration Task List for RADIUS ............................................................................................ 801 TACACS+ .....................................................................................[...]

  • Page 27

    Setting Rate-Limit BPDUs ........................................................................................................... 834 Debugging Layer 2 Protocol Tunneling ..................................................................................... 835 Provider Backbone Bridging ...........................................................[...]

  • Page 28

    Copy a Binary File to the Startup-Configuration ....................................................................... 857 Additional MIB Objects to View Copy Statistics ......................................................................... 857 Obtaining a Value for MIB Objects ...................................................................[...]

  • Page 29

    Configuring Loop Guard ............................................................................................................ 882 Displaying STP Guard Configuration ............................................................................................... 883 53 System Time and Date........................................................[...]

  • Page 30

    57 Virtual LANs (VLANs)...................................................................................... 913 Default VLAN ..................................................................................................................................... 913 Port-Based VLANs ....................................................................[...]

  • Page 31

    RSTP and VLT .............................................................................................................................. 950 VLT Bandwidth Monitoring ......................................................................................................... 950 VLT and IGMP Snooping .................................................[...]

  • Page 32

    Sample Configuration Scenario for VLT Proxy Gateway ........................................................... 997 Configuring an LLDP VLT Proxy Gateway ....................................................................................... 999 61 Virtual Router Redundancy Protocol (VRRP)......................................... 1000 VRRP Overview[...]

  • Page 33

    1 About this Guide This guide describes the protocols and features that the Dell Networking Operating Software (OS) supports on the Z9500 system and provides configuration instructions and examples for implementing them. Though this guide contains information on protocols, it is not intended to be a complete reference. This guide is a reference for[...]

  • Page 34

    2 Configuration Fundamentals The Dell Networking OS command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels. After[...]

  • Page 35

    • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information. • EXEC Privilege mode has commands to view configurations, clear counters, manage configuration files, run diagnostics, and [...]

  • Page 36

    CLI Command Mode Prompt Access Command NOTE: Access all of the following modes from CONFIGURATION mode. AS-PATH ACL Dell(config-as-path)# ip as-path access-list 10 Gigabit Ethernet Interface Dell(conf-if-te-0/0)# interface (INTERFACE modes) 40 Gigabit Ethernet Interface Dell(conf-if-fo-0/0)# interface (INTERFACE modes) Interface Range Dell(conf-if-[...]

  • Page 37

    CLI Command Mode Prompt Access Command ROUTE-MAP Dell(config-route-map)# route-map ROUTER BGP Dell(conf-router_bgp)# router bgp BGP ADDRESS-FAMILY Dell(conf-router_bgp_af)# (for IPv4) Dell(conf- routerZ_bgpv6_af)# (for IPv6) address-family {ipv4 multicast | ipv6 unicast} (ROUTER BGP Mode) ROUTER ISIS Dell(conf-router_isis)# router isis ISIS ADDRESS[...]

  • Page 38

    CLI Command Mode Prompt Access Command MONITOR SESSION Dell(conf-mon-sess- sessionID )# monitor session OPENFLOW INSTANCE Dell(conf-of-instance- of- id )# openflow of-instance PORT-CHANNEL FAILOVER- GROUP Dell(conf-po-failover- grp)# port-channel failover- group PRIORITY GROUP Dell(conf-pg)# priority-group PROTOCOL GVRP Dell(config-gvrp)# protocol [...]

  • Page 39

    TenGigabitEthernet 0/8 unassigned YES Manual up up TenGigabitEthernet 0/9 unassigned YES Manual up up Rainier(conf)# do show version Dell Real Time Operating System Software Dell Operating System Version: 2.0 Dell Application Software Version: 9-5 Copyright (c) 1999-2014 by Dell Inc. All Rights Reserved. Build Time: Wed Jul 2 11:24:04 2014 Build Pa[...]

  • Page 40

    Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: • To list the keywords available in the current mode, enter ? at the prompt or after a keyword. • Enter ? after a command prompt lists all of the available keywords. The output of this command is the same as[...]

  • Page 41

    Short-Cut Key Combination Action CNTL-D Deletes character at cursor. CNTL-E Moves the cursor to the end of the line. CNTL-F Moves the cursor forward one character. CNTL-I Completes a keyword. CNTL-K Deletes all characters from the cursor to the end of the command line. CNTL-L Re-enters the previous command. CNTL-N Return to more recent commands in [...]

  • Page 42

    • show run | grep ethernet does not return that search result because it only searches for instances containing a non-capitalized “ethernet.” • show run | grep Ethernet ignore-case returns instances containing both “Ethernet” and “ethernet.” The grep command displays only the lines containing specified text. The following example sh[...]

  • Page 43

    508 290 29 10000 0.00% 0.02% 0.09% 0 confdMgr 655 270 27 10000 0.00% 0.00% 0.09% 0 login 557 180 18 10000 0.00% 0.00% 0.06% 0 ipm 579 5670 567 10000 0.00% 0.00% 1.85% 0 confd 19 410 41 10000 0.00% 0.00% 0.00% 0 mount_mfs 22 0 0 0 0.00% 0.00% 0.00% 0 mount_mfs 533 0 0 0 0.00% 0.00% 0.00% 0 sysmon 12 0 0 0 0.00% 0.00% 0.00% 0 mount_mfs 2 10 1 10000 0[...]

  • Page 44

    3 Getting Started This chapter describes how you start configuring your Z9500 operating software. When you power up the chassis, the system performs a power-on self test (POST) and loads the Dell Networking operating software. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process procee[...]

  • Page 45

    Accessing the Console Port To access the console port, follow these steps: For the console port pinout, refer to Accessing the RJ-45 Console Port with a DB-9 Adapter . 1. Install an RJ-45 copper cable into the console port. Use a rollover (crossover) cable to connect the Z9500 console port to a terminal server. 2. Connect the other end of the cable[...]

  • Page 46

    • Characters within the string can be letters, digits, and hyphens. To create a host name, use the following command. • Create a host name. CONFIGURATION mode hostname name Example of the hostname Command Dell(conf)#hostname R1 R1(conf)# Accessing the System Remotely You can configure the system to access it remotely by Telnet or SSH. • The Z[...]

  • Page 47

    no shutdown Configure a Management Route Define a path from the Z9500 to the network from which you are accessing the system remotely. Management routes are separate from IP routes and are only used to manage the Z9500 through the management port. • Configure a management route to the network from which you are accessing the system. CONFIGURATION[...]

  • Page 48

    – encryption-type : specifies how you are inputting the password, is 0 by default, and is not required. * 0 is for inputting the password in clear text. * 7 is for inputting a password that is already encrypted using a DES hash. Obtain the encrypted password from the configuration file of another Dell Networking system. * 5 is for inputting a pas[...]

  • Page 49

    • To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location. • To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination syntax for a local file location. Table 3. Forming[...]

  • Page 50

    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration. The system uses the startup-configuration during boot-up to[...]

  • Page 51

    • View a list of files on an external flash. EXEC Privilege mode dir usbflash: • View the running-configuration. EXEC Privilege mode show running-config • View the startup-configuration. EXEC Privilege mode show startup-config Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and d[...]

  • Page 52

    ! redundancy auto-synchronize full redundancy disable-auto-reboot ! service timestamps log datetime ! logging coredump ! hostname pt-z9500-11 ! enable password 7 b125455cf679b208e79b910e85789edf ! username admin password 7 1d28e9f33f99cf5c ! linecard 0 provision Z9500LC36 --More— Enabling Software Features on Devices Using a Command Option This c[...]

  • Page 53

    For a particular target where VRF is enabled, the show output is similar to the following: Feature State ------------------------------ VRF enabled View Command History The command-history trace feature captures all commands entered by all users of the system with a time stamp and writes these messages to a dedicated trace log buffer. The system ge[...]

  • Page 54

    1. Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file is displayed next to the software image file on the iSupport page. 2. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy command. 3. Run the verify { md5 | sha2[...]

  • Page 55

    4 Switch Management This chapter describes the switch management tasks supported on the Z9500. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1 . Level Description Level 0 Access to the system begi[...]

  • Page 56

    Allowing Access to CONFIGURATION Mode Commands To allow access to CONFIGURATION mode, use the privilege exec level level configure command from CONFIGURATION mode. A user that enters CONFIGURATION mode remains at his privilege level and has access to only two commands, end and exit . You must individually specify each CONFIGURATION mode command you[...]

  • Page 57

    • Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command. CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level { command ||...|| command } Example of EXEC Privilege Commands Dell(conf)#do show run priv ! privilege exec level 3 capture privilege exec level 3 configure privileg[...]

  • Page 58

    Dell(conf)#line vty 0 Dell(config-line-vty)#? exit Exit from line configuration mode Dell(config-line-vty)# Applying a Privilege Level to a Username To set the user privilege level, use the following command. • Configure a privilege level for a user. CONFIGURATION mode username username privilege level Applying a Privilege Level to a Terminal Lin[...]

  • Page 59

    Audit and Security Logs This section describes how to configure, display, and clear audit and security logs. The following is the configuration task list for audit and security logs: • Enabling Audit and Security Logs • Displaying Audit and Security Logs • Clearing Audit Logs Enabling Audit and Security Logs You enable audit and security logs[...]

  • Page 60

    • The network administrator and network operator user roles can view system events. NOTE: If extended logging is disabled, you can only view system events, regardless of RBAC user role. Example of Enabling Audit and Security Logs Dell(conf)#logging extended Displaying Audit and Security Logs To display audit logs, use the show logging auditlog co[...]

  • Page 61

    Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server Dell(conf)#ip ssh server enable 2. On the syslog server, create a reverse SSH t[...]

  • Page 62

    3. Configure logging to a local host. locahost is “127.0.0.1” or “::1”. If you do not, the system displays an error when you attempt to enable role-based only AAA authorization. Dell(conf)# logging localhost tcp port Dell(conf)#logging 127.0.0.1 tcp 5140 Log Messages in the Internal Buffer All error messages, except those beginning with %BO[...]

  • Page 63

    no logging console Sending System Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over UDP. • Specify the [...]

  • Page 64

    Jan 21 04:11:02: %SYSTEM:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 0/0 Jan 21 03:12:54: %SYSTEM:LP %CHMGR-2-PSU_FAN_SPEED_CHANGE: PSU_Fan speed changed to 60 % of the full speed Jan 21 03:12:54: %SYSTEM:LP %CHMGR-2-FAN_SPEED_CHANGE: Fan speed changed to 40 % of the full speed Jan 21 03:02:51: %SYSTEM:LP %CHMGR-2-PSU_FAN_SPEED_CHANG[...]

  • Page 65

    NOTE: When you decrease the buffer size, the operating system deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. • Specify the number of messages that the operating system saves to its logging history table. CONFIGURATION mode logging history size size To view the logging buffer and confi[...]

  • Page 66

    – uucp (UNIX to UNIX copy protocol) Example of the show running-config logging Command To view non-default settings, use the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec ! logging trap debugging log[...]

  • Page 67

    • Add timestamp to syslog messages. CONFIGURATION mode service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] Specify the following optional parameters: – You can add the keyword localtime to include the localtime , msec , and show-timezone . If you do not add the keyword localtime , the time is UTC. – uptime [...]

  • Page 68

    CONFIGURATION mode ftp-server enable Example of Viewing FTP Configuration Dell#show running ftp ! ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following c[...]

  • Page 69

    ip ftp source-interface interface • Configure a password. CONFIGURATION mode ip ftp password password • Enter a username to use on the FTP client. CONFIGURATION mode ip ftp username name To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enable FTP Server . Terminal Lines Y[...]

  • Page 70

    Configuring Login Authentication for Terminal Lines You can use any combination of up to six authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication method, the system prompts the next method until all methods are exhausted, at whic[...]

  • Page 71

    login authentication myvtymethodlist Dell(config-line-vty)# Setting Time Out of EXEC Privilege Mode EXEC time-out is a basic security feature that returns the system to EXEC mode after a period of inactivity on the terminal lines. To set time out, use the following commands. • Set the number of minutes and seconds. The default is 10 minutes on th[...]

  • Page 72

    Connected to 10.11.80.203. Exit character is '^]'. Login: Login: admin Password: Dell>exit Dell#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'. FreeBSD/i386 (freebsd2.force10networks.com) (ttyp1) login: admin Dell# Lock CONFIGU[...]

  • Page 73

    the following users are currently configuring the system: User "admin" on line vty1 ( 10.1.1.1 ) . NOTE: The CONFIGURATION mode lock corresponds to a VTY session, not a user. Therefore, if you configure a lock and then exit CONFIGURATION mode, and another user enters CONFIGURATION mode, when you attempt to re-enter CONFIGURATION mode, you[...]

  • Page 74

    4. At the BLI prompt, set the system parameter to ignore the startup configuration and reload the system: BOOT_USER# ignore startup-config BOOT_USER# reload NOTE: You must manually enter each CLI command. The system rejects a command if you copy and paste it in the command line. Recovering from a Failed Start on the Z9500 A switch that does not sta[...]

  • Page 75

    • After the restore is complete, a switch reloads immediately. The following example shows how the restore factory-defaults command restores a switch to its factory default settings. Dell# restore factory-defaults nvram *********************************************************************** * Warning - Restoring factory defaults will delete the e[...]

  • Page 76

    • To enable a TFTP boot after restoring factory default settings, you must stop the boot process using the boot-line interface (BLI). • The tftpboot command does not work after you perform a reset bootvar because the management IP address, network mask, and gateway IP address are all reset to NULL. In case the system fails to reload the image f[...]

  • Page 77

    default-gateway gateway_ip_address For example, 10.16.150.254 . 6. The environment variables are auto saved. 7. Reload the system. BOOT_USER # reload Switch Management 77[...]

  • Page 78

    5 802.1X 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.1X employs extensible authentication protocol ([...]

  • Page 79

    Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant . The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X [...]

  • Page 80

    3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests that the supplicant prove that it is who it claims to be, using a spec[...]

  • Page 81

    EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 5. EAP Over RADIUS RADIUS Attributes for 802.1 Support De[...]

  • Page 82

    Important Points to Remember • The system supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS- CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X[...]

  • Page 83

    dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [ range ] 3. Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication Examples of Verifying that 802.1X is Enabled Globally or on an Interface Verify that 802.1X is enabled globally and at the interface level us[...]

  • Page 84

    Configuring Request Identity Re-Transmissions If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits are con[...]

  • Page 85

    Example of Configuring and Verifying Port Authentication The following example shows configuration information for a port for which the authenticator re- transmits an EAP Request Identity frame: • after 90 seconds and a maximum of 10 times for an unresponsive supplicant • re-transmits an EAP Request Identity frame The bold lines show the new re[...]

  • Page 86

    Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#show dot1x interface TenGigabitEthernet 0/0 802.1x info[...]

  • Page 87

    The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-0/0)#dot1x reauthentication interval 7200 Dell(conf-if-Te-0/0)#dot1x reauth-max 10 Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: ----------------------------- Dot1x Status: [...]

  • Page 88

    The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: ----------------------------- Dot1x Status: Enable Port Control: FORCE_AUTHORIZED Port Auth Status: UNAUTHORIZED Re-Authentication: Dis[...]

  • Page 89

    Figure 7. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X ) along with relevant RADIUS server configurations (refer to the illustration in Dynamic VLAN Assignment with Port Authentication ). 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. Create the VLAN to which the interface will be assig[...]

  • Page 90

    If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also, some dumb-terminals, such as network printers, do not have 802.1X capab[...]

  • Page 91

    ! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config ! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shu[...]

  • Page 92

    6 Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Laye[...]

  • Page 93

    • VRF based IMPLICIT DENY Rules NOTE: In order for the VRF ACLs to take effect, ACLs configured in the Layer 3 CAM region must have an implicit-permit option. You can use the ip access-group command to configure VRF-aware ACLs on interfaces. Using the ip access-group command, in addition to a range of VLANs, you can also specify a range of VRFs a[...]

  • Page 94

    • CAM Optimization User-Configurable CAM Allocation User-configurable content-addressable memory (CAM) allows you to specify the amount of memory space that you want to allocate for ACLs. To allocate ACL CAM, use the cam-acl command in CONFIGURATION mode. For information about how to allocate CAM for ACL VLANs, see Allocating ACL VLAN CAM . The C[...]

  • Page 95

    • L3 Egress Access list ACLs and VLANs There are some differences when assigning ACLs to a VLAN rather than a physical port. For example, when using a single port-pipe, if you apply an ACL to a VLAN, one copy of the ACL entries is installed in the ACL CAM on the port-pipe. The entry looks for the incoming VLAN in the packet. Whereas if you apply [...]

  • Page 96

    Dell(conf-policy-map-in)#exit Dell(conf)#interface tengig 1/0 Dell(conf-if-te-1/0)#service-policy input pmap IP Fragment Handling The system supports a configurable option to explicitly deny IP fragmented packets, particularly second and subsequent packets. It extends the existing ACL command syntax with the fragments keyword for all Layer 3 rules [...]

  • Page 97

    If a packet’s L3 information matches the L3 information in the ACL line, the packet's FO is checked. • If a packet's FO > 0, the packet is permitted. • If a packet's FO = 0, the next ACL entry is processed. Deny ACL line with L3 information only, and the fragments keyword is present: If a packet's L3 information does ma[...]

  • Page 98

    CONFIGURATION mode ip access-list standard access-listname 2. Configure a drop or forward filter. CONFIG-STD-NACL mode seq sequence-number {deny | permit} { source [ mask ] | any | host ip-address } [count [byte]] [order] [fragments] NOTE: When assigning sequence numbers to filters, keep in mind that you might need to insert a new filter. To preven[...]

  • Page 99

    Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters, you can let the system assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of five. 1. Configure a standard IP ACL and assign it a unique name. CONFIGURATION mode ip access-list[...]

  • Page 100

    Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. Because traffic passes through the filter in the order of the filter’s sequence, you can configure the extended IP ACL by first entering IP ACCESS LIST mode and t[...]

  • Page 101

    CONFIG-EXT-NACL mode seq sequence-number {deny | permit} tcp {source mask | any | host ip- address }} [count [byte]] [order] [fragments] Example of the seq Command When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order. NOTE: When assigning sequence number[...]

  • Page 102

    (for example, the first filter was given the lowest sequence number). The show config command in IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10. Example of Viewing Filter Sequence for a Specified Extended ACL Dell(config-ext-nacl)#deny tcp host 123.55.34.0 any Dell(config-ext-nacl)#permit udp 154.44.123.34 0.0.255.2[...]

  • Page 103

    Using ACL VLAN Groups Use an ACL VLAN group to optimize ACL CAM usage by minimizing the number of CAM entries when you apply an egress IP ACL on the member interfaces of specified VLANs. When you apply an ACL on individual VLANs, the amount of CAM space required increases greatly because the ACL rules are saved for each VLAN ID. To avoid excessive [...]

  • Page 104

    Configuring an ACL VLAN Group Configure an ACL VLAN group to optimize ACL CAM use. NOTE: After you configure an ACL VLAN group, you must allocate CAM memory for ACL VLAN services to enable CAM optimization. See Allocating ACL VLAN CAM for more information. 1. Create an ACL VLAN group CONFIGURATION mode acl-vlan-group group-name You can create up to[...]

  • Page 105

    Allocating ACL VLAN CAM CAM optimization for ACL VLAN groups is not enabled by default. You must allocate blocks of ACL VLAN CAM to enable ACL CAM optimization by using the cam-acl-vlan command. By default, 0 blocks of CAM are allocated for VLAN services in the VLAN Content Aware Processor (VCAP), an application that modifies VLAN settings before f[...]

  • Page 106

    ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range ] NOTE: The number of entries allowed per ACL is hardware-dependent. For detailed specification about entries allowed per ACL, refer to your line card documentation. 4. Apply rules to the new ACL. INTERFACE mode ip access-list [standard | extended] name To view which IP ACL is[...]

  • Page 107

    seq 10 deny icmp any any seq 15 permit 1.1.1.2 Configure Egress ACLs Egress ACLs are supported on interfaces and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized traffic. These system-wide ACL[...]

  • Page 108

    CONFIGURATION mode ip control-plane [egress filter] 2. Apply Egress ACLs to IPv6 system traffic. CONFIGURATION mode ipv6 control-plane [egress filter] 3. Create a Layer 3 ACL using permit rules with the count option to describe the desired CPU traffic. CONFIG-NACL mode permit ip { source mask | any | host ip-address } { destination mask | any | hos[...]

  • Page 109

    • To deny routes with a mask less than /24, enter deny x.x.x.x/x le 24 . • To permit routes with a mask greater than /20, enter permit x.x.x.x/x ge 20 . The following rules apply to prefix lists: • A prefix list without any permit or deny filters allows all routes. • An “implicit deny” is assumed (that is, the route is dropped) for all [...]

  • Page 110

    Example of Assigning Sequence Numbers to Filters If you want to forward all routes that do not match the prefix list criteria, configure a prefix list filter to permit all routes ( permit 0.0.0.0/0 le 32 ). The “permit all” filter must be the last filter in your prefix list. To permit the default route only, enter permit 0.0.0.0/0 . The followi[...]

  • Page 111

    Dell(conf-nprefixl)#show conf ! ip prefix-list awe seq 5 permit 123.23.0.0/16 seq 10 deny 133.0.0.0/8 Dell(conf-nprefixl)# To delete a filter, enter the show config command in PREFIX LIST mode and locate the sequence number of the filter you want to delete, then use the no seq sequence-number command in PREFIX LIST mode. Viewing Prefix Lists To vie[...]

  • Page 112

    • Enter RIP mode. CONFIGURATION mode router rip • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a nonexistent prefix list, all routes are forwarded. CONFIG-ROUTER-RIP mode distribute-list prefix-list-name in [ interface ] • Apply a configured prefix list to outgoing routes. You can s[...]

  • Page 113

    Dell(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1 distribute-list prefix awe in Dell(conf-router_ospf)# ACL Resequencing ACL resequencing allows you to re-number the rules and remarks in an access or prefix list. The placement of rules within the list is critical because packets are matched against ru[...]

  • Page 114

    EXEC mode resequence prefix-list {ipv4 | ipv6} { prefix-list-name StartingSeqNum Step- to-Increment } Examples of Resequencing ACLs When Remarks and Rules Have the Same Number or Different Numbers The example shows the resequencing of an IPv4 access-list beginning with the number 2 and incrementing by 2. Remarks and rules that originally have the s[...]

  • Page 115

    remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.1 remark 6 this remark has no corresponding rule remark 8 this remark corresponds to permit ip any host 1.1.1.2 seq 8 permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.3 seq 12 permit ip any host 1.1.1.4 Route Maps Although route maps ar[...]

  • Page 116

    Creating a Route Map Route maps, ACLs, and prefix lists are similar in composition because all three contain filters, but route map filters do not contain the permit and deny actions found in ACLs and prefix lists. Route map filters match certain routes and set or specify values. To create a route map, use the following command. • Create a route [...]

  • Page 117

    Set clauses: tag 35 level stub-area Dell# The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route map, use the show route-map command. Dell#show route-map dilling route-map dilling, permit, sequence 10 Match [...]

  • Page 118

    route-map for any permit statement. If there is a match anywhere, the route is permitted. However, other instances of the route-map deny it. Example of the match Command to Permit and Deny Routes Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(conf)#route-map force deny 20 Dell(config-route-map)#match tag 1000 Dell(c[...]

  • Page 119

    CONFIG-ROUTE-MAP mode match ipv6 next-hop { access-list-name | prefix-list prefix-list-name } • Match source routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip route-source { access-list-name | prefix-list prefix-list-name } • Match source routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 route-sou[...]

  • Page 120

    set local-preference value • Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode set metric {+ | - | metric-value } • Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP address as the route’s next hop. CONFIG-ROUTE-MAP mode set next-[...]

  • Page 121

    that have a next hop of Tengigabitethernet interface 0/0 and that have a metric of 255 are redistributed into the OSPF backbone area. NOTE: When re-distributing routes using route-maps, you must create the route-map defined in the redistribute command under the routing protocol. If you do not create a route-map, NO routes are redistributed. Example[...]

  • Page 122

    set community 1:1 1:2 1:3 set as-path prepend 1 2 3 4 5 continue 30! 122 Access Control Lists (ACLs)[...]

  • Page 123

    7 Bare Metal Provisioning (BMP) Starting with Dell Networking OS Release 9.2(1.0), BMP is supported on the Z9500 switch. This chapter describes the latest Bare Metal Provisioning (BMP) enhancements that apply to the Z9500. For details about supported BMP commands and configuration procedures, refer to the Dell Networking Open Automation Guide . Enh[...]

  • Page 124

    8 Bidirectional Forwarding Detection (BFD) BFD is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used. BFD i[...]

  • Page 125

    NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client. BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet. Figure 8. BFD i[...]

  • Page 126

    Field Description system clears the poll bit and sets the final bit in its response. The poll and final bits are used during the handshake and in Demand mode (refer to BFD Sessions ). NOTE: The Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear.[...]

  • Page 127

    BFD Sessions BFD must be enabled on both sides of a link in order to establish a session. The two participating systems can assume either of two roles: Active The active system initiates the BFD session. Both systems can be active for the same session. Passive The passive system does not initiate a session. It only responds to a request for session[...]

  • Page 128

    handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated. 4. The passive system receives the control packet and changes its state to Up. Both systems agree that a session has been established. However, because both members must send a control packet — that requires a response — anytime there is[...]

  • Page 129

    receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 10. Session State Changes Important Points to Remember • On the Z9500, the system supports 128 sessions at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive [...]

  • Page 130

    • Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness Configure BFD for Static Routes Configuring BFD for static routes is supported on the Z9500 switch.. BFD offers systems a link state detection mechanism for static routes. With BFD, systems are notified to remove static routes from the[...]

  • Page 131

    R1(conf)#ip route 2.2.3.0/24 2.2.2.2 R1(conf)#ip route bfd R1(conf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 2.2.2.2 Te 4/24 Up 100 100 4 R To view detailed session information, use the show bfd neighbors [...]

  • Page 132

    agent on the line card notifies the BFD manager, which in turn notifies the OSPF protocol that a link state change occurred. NOTE: If you enable BFD after OSPF with a large number (more than 100) of OSPF neighbors on a VLAN port-channel and if the VLAN has more than one port-channel, BFD does not come up immediately. (This behavior occurs only if y[...]

  • Page 133

    Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 12. Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neigh[...]

  • Page 134

    INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - [...]

  • Page 135

    To disable BFD sessions, use the following commands. • Disable BFD sessions with all OSPFv3 neighbors. ROUTER-OSPFv3 mode no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Configuring BFD f[...]

  • Page 136

    Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state. Disabling BFD does not trigger a change in BFD clients; a final Admin[...]

  • Page 137

    Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 13. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following comm[...]

  • Page 138

    The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.2 2.2.2.1 Te 2/1 Up 100 100 3 I Changing IS-IS [...]

  • Page 139

    INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD[...]

  • Page 140

    Figure 14. Establishing Sessions with BGP Neighbors The sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command). • By establishing a BFD session with a specified BGP neighbor (the neighbor { ip-address | peer- [...]

  • Page 141

    typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. 1. Enable BFD globally. CONFIGURATION mode bfd enable 2. Specify the AS number and enter ROUTER BGP configuration mode. CONFIGURATION mode route[...]

  • Page 142

    ROUTER BGP mode neighbor { ip-address | peer-group-name } bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor { ip-address | peer-group-name } bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd[...]

  • Page 143

    Examples of Verifying BGP Information The following example shows viewing a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown bfd all-neighbors The following exampl[...]

  • Page 144

    Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/1 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, R[...]

  • Page 145

    The following example shows viewing BFD summary information. The bold line shows the message that displays when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor[...]

  • Page 146

    Foreign host: 2.2.2.2, Foreign port: 179 R2# R2# show ip bgp neighbors 2.2.2.3 BGP neighbor is 2.2.2.3, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 ... Neighbor is using BGP neighbor mode BFD configuration Peer active in peer-gr[...]

  • Page 147

    Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 15. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. • Establish sessions with all VRRP neighbors. I[...]

  • Page 148

    The following example shows viewing sessions with VRRP neighbors. The bold line shows that VRRP BFD sessions are enabled. R1(conf-if-te-4/25)#vrrp bfd all-neighbors R1(conf-if-te-4/25)#do show bfd neighbor * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) V - VRRP LocalAddr RemoteAddr Interface State Rx-int[...]

  • Page 149

    Disabling BFD for VRRP If you disable any or all VRRP sessions, the sessions are torn down. A final Admin Down control packet is sent to all neighbors and sessions on the remote system change to the Down state. To disable all VRRP sessions on an interface, sessions for a particular VRRP group, or for a particular VRRP session on an interface, use t[...]

  • Page 150

    9 Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking OS. BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). The primary fu[...]

  • Page 151

    Figure 16. Interior BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easil[...]

  • Page 152

    Figure 17. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. 152 Borde[...]

  • Page 153

    Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. Fo[...]

  • Page 154

    Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speakers announce only the best route for a given prefix, route reflector rules are applied after the router makes its best path decision. • If a route was received from a noncl[...]

  • Page 155

    • Local Preference • Multi-Exit Discriminators (MEDs) • Origin • AS Path • Next Hop Best Path Selection Criteria Paths for active routes are grouped in ascending order according to their neighboring external AS number (BGP best path selection is deterministic by default, which means the bgp non- deterministic-med command is NOT applied). [...]

  • Page 156

    Figure 19. BGP Best Path Selection Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. a. Routes originated with the Originated via a network[...]

  • Page 157

    c. Paths with no MED are treated as “worst” and assigned a MED of 4294967295. 7. Prefer external (EBGP) to internal (IBGP) paths or confederation EBGP paths. 8. Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. 9. The system deems the paths as equal [...]

  • Page 158

    and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B. Figure 20. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used [...]

  • Page 159

    Figure 21. Multi-Exit Discriminators Origin The origin indicates the origin of the prefix, or how the prefix came into BGP. There are three origin codes: IGP, EGP, INCOMPLETE. Origin Type Description IGP Indicates the prefix originated from information learned through an interior gateway protocol. EGP Indicates the prefix originated from informatio[...]

  • Page 160

    AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through. The local AS number is added by the BGP speaker when advertising to a eBGP neighbor. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths De[...]

  • Page 161

    Implement BGP The following sections describe how BGP is implemented on the Z9500 switch. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By default, a BGP speaker advertises only the best path to [...]

  • Page 162

    Ignore Router-ID for Some Best-Path Calculations You can avoid unnecessary BGP best-path transitions between external paths under certain conditions. The bgp bestpath router-id ignore command reduces network disruption caused by routing and forwarding plane changes and allows for faster convergence. Four-Byte AS Numbers The 4-Byte (32-bit) format i[...]

  • Page 163

    • All AS numbers between 0 and 65535 are represented as a decimal number, when entered in the CLI and when displayed in the show commands outputs. • AS Numbers larger than 65535 is represented using ASDOT notation as <higher 2 bytes in decimal>.<lower 2 bytes in decimal>. For example: AS 65546 is represented as 1.10. ASDOT represent[...]

  • Page 164

    Example of the Running Configuration When AS Notation is Disabled AS NOTATION DISABLED Dell(conf-router_bgp)# no bgp asnotation Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 <output truncated> Dell(conf-router_bgp)#do sho ip bgp BGP table version is 28093, local router ID is 172[...]

  • Page 165

    Figure 22. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the “no prepend” option, the Local-AS does not prepend to the updates received from the eBGP peer. If you do not select “no prepend” (the de[...]

  • Page 166

    BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances support for the BGP management information base (MIB) with many new simple network management protocol (SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4-mibv2-05 . To see these enhancements, download the MIB from the Dell website. NOTE: For the Force10-BGP[...]

  • Page 167

    • High CPU utilization may be observed during an SNMP walk of a large BGP Loc-RIB. • To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5. • To return all[...]

  • Page 168

    Table 7. BGP Default Values Item Default BGP Neighbor Adjacency changes All BGP neighbor changes are logged. Fast External Fallover feature Disabled Graceful Restart feature Disabled Local preference 100 MED 0 Route Flap Damping Parameters half-life = 15 minutes reuse = 750 suppress = 2000 max-suppress-time = 60 minutes Distance external distance =[...]

  • Page 169

    • as-number : from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format). Only one AS is supported per system. NOTE: If you enter a 4-Byte AS number, 4-Byte AS support is enabled automatically. a. Enable 4-Byte support for the BGP process. NOTE: This command is OPTIONAL. Enable if you want to use 4-Byte AS num[...]

  • Page 170

    To view the BGP configuration, enter show config in CONFIGURATION ROUTER BGP mode. To view the BGP status, use the show ip bgp summary command in EXEC Privilege mode. The first example shows the summary with a 2-byte AS number displayed (in bold); the second example shows that the summary with a 4-byte AS number using the show ip bgp summary comman[...]

  • Page 171

    The third line of the show ip bgp neighbors output contains the BGP State. If anything other than ESTABLISHED is listed, the neighbor is not exchanging information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Nettworking OS Command Line Interface Reference Guide . Dell#show ip bgp neighbors BGP n[...]

  • Page 172

    neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.1 update-source Loopback 0 neighbor 192.168.10.1 no shutdown neighbor 192.168.12.2 remote-as 65123 neighbor 192.168.12.2 update-source Loopback 0 neighbor 192.168.12.2 no shutdown R2# Configuring AS4 Number Representations[...]

  • Page 173

    bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30.1.250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 172.30.1.250 no shutdown 5332332 9911991 65057 18508 12182 7018 46164 i The following example shows the bgp asnotatio[...]

  • Page 174

    CONFIG-ROUTERBGP mode neighbor peer-group-name no shutdown By default, all peer groups are disabled. 3. Create a BGP neighbor. CONFIG-ROUTERBGP mode neighbor ip-address remote-as as-number 4. Enable the neighbor. CONFIG-ROUTERBGP mode neighbor ip-address no shutdown 5. Add an enabled neighbor to the peer group. CONFIG-ROUTERBGP mode neighbor ip-add[...]

  • Page 175

    A neighbor may keep its configuration after it was added to a peer group if the neighbor’s configuration is more specific than the peer group’s and if the neighbor’s configuration does not affect outgoing updates. NOTE: When you configure a new set of BGP policies for a peer group, always reset the peer group by entering the clear ip bgp peer[...]

  • Page 176

    10.68.160.1 10.68.161.1 10.68.162.1 10.68.163.1 10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fail-Ove[...]

  • Page 177

    BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.5 BGP state ESTABLISHED, in this state for 00:19:15 Last read 00:00:15, last write 00:00:06 Hold time is 180, keepalive interval is 60 seconds Received 52 messages, 0 notifications, 0 in queue Sen[...]

  • Page 178

    router bgp 65517 neighbor test peer-group neighbor test fail-over neighbor test no shutdown neighbor 100.100.100.100 remote-as 65517 neighbor 100.100.100.100 fail-over neighbor 100.100.100.100 update-source Loopback 0 neighbor 100.100.100.100 no shutdown Dell# Configuring Passive Peering When you enable a peer-group, the software sends an OPEN mess[...]

  • Page 179

    Maintaining Existing AS Numbers During an AS Migration The local-as feature smooths out the BGP network migration operation and allows you to maintain existing ASNs during a BGP network migration. When you complete your migration, be sure to reconfigure your routers with the new information and disable this feature. • Allow external routes from t[...]

  • Page 180

    Allowing an AS Number to Appear in its Own AS Path This command allows you to set the number of times a particular AS number can occur in the AS path. The allow-as feature permits a BGP speaker to allow the ASN to be present for a specified number of times in the update received from the peer, even if that ASN matches its own. The AS-PATH loop is d[...]

  • Page 181

    when they restart. This option provides support for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide . • Add graceful restart to a BGP neighbor o[...]

  • Page 182

    This is the filter that is used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions. You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as Filters . 3. Return to CONFIGURATION mode. AS-PATH ACL mode exit 4. Enter ROUTER BGP mode.[...]

  • Page 183

    Regular Expressions as Filters Regular expressions are used to filter AS paths or community lists. A regular expression is a special character used to define a pattern that is then compared with an input string. For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route[...]

  • Page 184

    neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#neigh 10.155.15.2 filter-list 1 in Dell(conf-router_bgp)#ex Dell(conf)#ip as-path access-list Eagle Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in Dell[...]

  • Page 185

    redistribute ospf process-id [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name ] Configure the following parameters: – process-id : the range is from 1 to 65535. – match external : the range is from 1 or 2. – match internal – metric-type : external or internal. – map-name : name of a configu[...]

  • Page 186

    The system also supports BGP Extended Communities as described in RFC 4360 — BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1. Create a community list and enter COMMUNITY-LIST mode. CONFIGURATION mode ip community-list community-list-name 2. Configure a community list by denying or permitting specific c[...]

  • Page 187

    Configuring an IP Extended Community List To configure an IP extended community list, use these commands. 1. Create a extended community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2. Two types of extended communities are supported. CONFIG-COMMUNITY-LIST mode {permit | deny} {{rt | soo} [...]

  • Page 188

    Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1. Enter the ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [ [...]

  • Page 189

    To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbor or peer group. 1. Enter ROUTE-MAP mode and assig[...]

  • Page 190

    Dell>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i 3.0.0.0/8 195.171.0.16 100 0 209 701 80 i *>i 4.2.49.12/30 195.171.0.16 100 0 20[...]

  • Page 191

    CONFIG-ROUTER-BGP mode bgp default local-preference value – value : the range is from 0 to 4294967295. The default is 100 . To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode. A more flexible method for manipulating the LOCAL_PREF attribute valu[...]

  • Page 192

    set next-hop ip-address Changing the WEIGHT Attribute To change how the WEIGHT attribute is used, enter the first command. You can also use route maps to change this and other BGP attributes. For example, you can include the second command in a route map to specify the next hop address. • Assign a weight to the neighbor connection. CONFIG-ROUTER-[...]

  • Page 193

    • prefix lists (using the neighbor distribute-list command) • AS-PATH ACLs (using the neighbor filter-list command) • route maps (using the neighbor route-map command) Prior to filtering BGP routes, create the prefix list, AS-PATH ACL, or route map. For configuration information about prefix lists, AS-PATH ACLs, and route maps, refer to Acces[...]

  • Page 194

    configure a prefix list filter to permit all routes. For example, you could have the following filter as the last filter in your prefix list permit 0.0.0.0/0 le 32). • After a route matches a filter, the filter’s action is applied. No additional filters are applied to the route. To view the BGP configuration, use the show config command in ROUT[...]

  • Page 195

    ip as-path access-list as-path-name 2. Create a AS-PATH ACL filter with a deny or permit action. AS-PATH ACL mode {deny | permit} as-regular-expression 3. Return to CONFIGURATION mode. AS-PATH ACL exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Filter routes based on the criteria in the configured route map. CONFIG-ROUTER-[...]

  • Page 196

    • Configure the local router as a route reflector and the neighbor or peer group identified is the route reflector client. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } route-reflector-client When you enable a route reflector, the system automatically enables route reflection to all clients. To disable route reflection between [...]

  • Page 197

    • Specifies the confederation ID. CONFIG-ROUTER-BGP mode bgp confederation identifier as-number – as-number : from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte). • Specifies which confederation sub-AS are peers. CONFIG-ROUTER-BGP mode bgp confederation peers as-number [... as-number] – as-number : from 0 to 65535 (2 Byte) or from 1 t[...]

  • Page 198

    bgp dampening [ half-life | reuse | suppress max-suppress-time ] [route-map map-name ] Enter the following optional parameters to configure route dampening parameters: – half-life : the range is from 1 to 45. Number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by [...]

  • Page 199

    • Change the best path selection method to non-deterministic. Change the best path selection method to non-deterministic. CONFIG-ROUTER-BGP mode bgp non-deterministic-med NOTE: When you change the best path selection method, path selection for existing paths remains unchanged until you reset it by entering the clear ip bgp command in EXEC Privile[...]

  • Page 200

    Changing BGP Timers To configure BGP timers, use either or both of the following commands. Timer values configured with the neighbor timers command override the timer values configured with the timers bgp command. When two neighbors, configured with different keepalive and holdtime values, negotiate for new values, the resulting values are as follo[...]

  • Page 201

    To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP router supports this capability, use the show ip bgp neighbors command. If a router supports the route re[...]

  • Page 202

    Match a Clause with a Continue Clause The continue feature can exist without a match clause. Without a match clause, the continue clause executes and jumps to the specified route-map entry. With a match clause and a continue clause, the match clause executes first and the continue clause next in a specified route map entry. The continue clause laun[...]

  • Page 203

    • Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast support on a BGP neighbor/peer group. CONFIG-ROUTER-BGP-AF (Address Family) mode neighbor [ ip-address | peer-group-name ] activate BGP Regular Expression Optimization The system optimizes processing time[...]

  • Page 204

    • Enable soft-reconfiguration debug. EXEC Privilege mode debug ip bgp { ip-address | peer-group-name } soft-reconfiguration To enhance debugging of soft reconfig, use the bgp soft-reconfig-backup command only when route-refresh is not negotiated to avoid the peer from resending messages. In-BGP is shown using the show ip protocols command. The sy[...]

  • Page 205

    Last reset 00:00:12, due to Missing well known attribute Notification History 'UPDATE error/Missing well-known attr' Sent : 1 Recv: 0 'Connection Reset' Sent : 1 Recv: 0 Last notification (len 21) sent 00:26:02 ago ffffffff ffffffff ffffffff ffffffff 00160303 03010000 Last notification (len 21) received 00:26:20 ago ffffffff fff[...]

  • Page 206

    Outgoing packet capture enabled for BGP neighbor 20.20.20.2 Available buffer size 40958758, 27 packet(s) captured using 562 bytes PDU[1] : len 41, captured 00:34:52 ago ffffffff ffffffff ffffffff ffffffff 00290104 000100b4 14141401 0c020a01 04000100 01020080 00000000 PDU[2] : len 19, captured 00:34:51 ago ffffffff ffffffff ffffffff ffffffff 0013040[...]

  • Page 207

    Figure 23. Sample Configurations Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int tengig 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.21/24 R1(conf-if[...]

  • Page 208

    no shutdown R1(conf-if-te-1/31)#router bgp 99 R1(conf-router_bgp)#network 192.168.128.0/24 R1(conf-router_bgp)#neighbor 192.168.128.2 remote 99 R1(conf-router_bgp)#neighbor 192.168.128.2 no shut R1(conf-router_bgp)#neighbor 192.168.128.2 update-source loop 0 R1(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R1(conf-router_bgp)#neighbor 192.168.[...]

  • Page 209

    R2(conf-if-te-2/31)#router bgp 99 R2(conf-router_bgp)#network 192.168.128.0/24 R2(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R2(conf-router_bgp)#neighbor 192.168.128.1 no shut R2(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 R2(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R2(conf-router_bgp)#neighbor 192.168.128.3 no shu[...]

  • Page 210

    no shutdown R3(conf-if-te-3/21)# R3(conf-if-te-3/21)#router bgp 100 R3(conf-router_bgp)#show config ! router bgp 100 R3(conf-router_bgp)#network 192.168.128.0/24 R3(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R3(conf-router_bgp)#neighbor 192.168.128.1 no shut R3(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 R3(conf-router_bgp)#[...]

  • Page 211

    neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown R1# R1#show ip bgp summary BGP router identifier 192.168.128.1, local AS number 99 BGP table version is 1, main routing table version 1 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory 2 BGP pa[...]

  • Page 212

    Received 30 messages, 0 in queue 4 opens, 2 notifications, 4 updates 20 keepalives, 0 route refresh requests Sent 29 messages, 0 in queue 4 opens, 1 notifications, 4 updates 20 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from n[...]

  • Page 213

    Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.1 99 140 136 2 0 (0) 00:11:24 1 192.168.128.3 100 138 140 2 0 (0) 00:18:31 1 R2#show ip bgp neighbor BGP neighbor is 192.168.128.1, remote AS 99, internal link Member of peer-group AAA for session parameters BGP version 4, remote router ID 192.168.128.1 BGP state ESTABLISHED,[...]

  • Page 214

    85 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH([...]

  • Page 215

    Minimum time before advertisements start is 0 seconds Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound[...]

  • Page 216

    10 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On the Z9500, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. On a line card, there are one or two CAM (Dual-CAM) modules per port-pipe. CAM Allocation CAM space is allotted in f[...]

  • Page 217

    Current Settings(in block sizes) 1 block = 256 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 EcfmAcl : 0 nlbclusteracl: 0 Openflow : 0 -- linecard 2 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 E[...]

  • Page 218

    EXEC Privilege mode reload Test CAM Usage The test cam-usage command applies to both IPv4 and IPv6 CAM profiles, but is best used when verifying QoS optimization for IPv6 ACLs. Use this command to determine whether sufficient ACL CAM space is available to enable a service-policy. Create a Class Map with all required ACL rules, then execute the test[...]

  • Page 219

    IpMacAcl : 0 VmanQos : 0 EcfmAcl : 0 Openflow : 0 -- linecard 0 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 EcfmAcl : 0 Openflow : 0 -- linecard 1 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos[...]

  • Page 220

    | | IN-L3-TrcList | 1024 | 0 | 1024 | | IN-L3-McastFib | 9215 | 0 | 9215 | | IN-L3-Qos | 8192 | 0 | 8192 | | IN-L3-PBR | 1024 | 0 | 1024 | | IN-V6 ACL | 0 | 0 | 0 | | IN-V6 FIB | 0 | 0 | 0 | | IN-V6-SysFlow | 0 | 0 | 0 | | IN-V6-McastFib | 0 | 0 | 0 | | OUT-L2 ACL | 1024 | 0 | 1024 | | OUT-L3 ACL | 1024 | 0 | 1024 | | OUT-V6 ACL | 0 | 0 | 0 1 | 1 |[...]

  • Page 221

    Applications for CAM Profiling The following describes link aggregation group (LAG) hashing. LAG Hashing The Dell Networking OS includes a CAM profile and microcode that treats MPLS packets as non-IP packets. Normally, switching and LAG hashing is based on source and destination MAC addresses. Alternatively, you can base LAG hashing for MPLS packet[...]

  • Page 222

    hardware forwarding-table mode Dell(conf)#hardware forwarding-table mode ? scaled-l3-hosts Forwarding table mode for scaling L3 host entries scaled-l3-routes Forwarding table mode for scaling L3 route entries Dell(conf)# Dell(conf)#hardware forwarding-table mode scaled-l3-hosts Hardware forwarding-table mode is changed. Save the configuration and r[...]

  • Page 223

    11 Control Plane Policing (CoPP) Control plane policing (CoPP) protects the Z9500 routing, control, and line-card processors from undesired or malicious traffic and Denial of Service (DoS) attacks by filtering control-plane flows. CoPP uses a dedicated control-plane service policy that consists of ACLs and QoS policies, which provide filtering and [...]

  • Page 224

    Queue-based Control Plane Policing When configuring a queue-based CoPP policy, take into account that there are twenty-four CP queues divided into groups of eight queues for the Route Processor, Control Processor, and line-card CPUs: • Queues 0 to 7 process packets destined to the Control Processor CPU . • Queues 8 to 15 process packets destine[...]

  • Page 225

    19 — 1 20 Source miss, Station move, Trace flow 600 21 BFD 7000 22 HyperPull, FRRP 800 23 sFlow 5000 NOTE: In the line-card CPU, some queues have no protocol traffic mapped to them. These rows appear blank in the preceding table. CoPP Example The illustrations in this section show the benefit of using CoPP compared to not using CoPP on a switch. [...]

  • Page 226

    Figure 25. CoPP Versus Non-CoPP Operation Configure Control Plane Policing You can create a CoPP service policy on a per-protocol and/or a per-queue basis that serves as the system-wide configuration for filtering and rate limiting control-plane traffic. Configuring CoPP for Protocols This section describes how to create a protocol-based CoPP servi[...]

  • Page 227

    For complete information about creating ACL rules and QoS policies, refer to Access Control Lists (ACLs) and Quality of Service (QoS) . 1. Create a Layer 2 extended ACL for specified protocol traffic. CONFIGURATION mode mac access-list extended name permit {arp | frrp | gvrp | isis | lacp | lldp | stp} cpu-qos 2. Create a Layer 3 extended ACL for s[...]

  • Page 228

    Dell(conf-ip-acl-cpuqos)#exit Dell(conf)#mac access-list extended lacp cpu-qos Dell(conf-mac-acl-cpuqos)#permit lacp Dell(conf-mac-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-icmp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit icmp Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp [...]

  • Page 229

    Configuring CoPP for CPU Queues This section describes how to create a queue-based CoPP service policy and apply it to control plane traffic. Controlling traffic on the CPU queues of the control plane does not require ACL rules; only QoS rate- limiting policies are used. To create a queue-based CoPP service policy, you must create a QoS input polic[...]

  • Page 230

    Example of Assigning a QoS Policy to a CPU Queue Dell(conf)#policy-map-input cpuq_rate_policy cpu-qos Dell(conf-qos-policy-in)#service-queue 5 qos-policy cpuq_1 Dell(conf-qos-policy-in)#service-queue 6 qos-policy cpuq_2 Dell(conf-qos-policy-in)#service-queue 7 qos-policy cpuq_1 Example of Applying a Queue-Based Rate Limit to Control Plane Traffic D[...]

  • Page 231

    -------- --------------- --------- ----- ------ ----------- ARP any 0x0806 Q2/Q10/Q3/Q11 CP/RP 600 FRRP 01:01:e8:00:00:10/11 any Q22 LP 300 LACP 01:80:c2:00:00:02 0x8809 Q15 RP 500 LLDP any 0x88cc Q7 CP 500 GVRP 01:80:c2:00:00:21 any Q14 RP 200 STP 01:80:c2:00:00:00 any Q15 RP 150 ISIS 01:80:c2:00:00:14/15 any Q15 RP 500 09:00:2b:00:00:04/05 any Q1[...]

  • Page 232

    -------- ----- ------ --------------- ----------- ARP Q2/Q10/Q3/Q11 CP/RP 600 600 v6 ICMP NS Q2/Q10 CP/RP 600 600 v6 ICMP RS Q2/Q10 CP/RP 600 600 Viewing Complete Protocol-Queue Mapping To view the queues to which all protocol traffic is assigned, use the show protocol-queue-mapping command. Dell# show protocol-queue-mapping CommitRate Peak Rate Co[...]

  • Page 233

    2000 ICMP Q6 CP 300 300 2000 2000 IGMP Q14 RP 300 300 2000 2000 PIM Q14 RP 300 300 2000 2000 MSDP Q14 RP 100 100 2000 2000 BFD Q13/Q21 RP/LP 7000 7000 3000 3000 802.1x Q7 CP 150 150 1000 1000 iSCSI Q9 RP 100 100 500 500 DHCP RELAY Q7 CP 1200 1200 2000 2000 DHCP Q7 CP 1200 1200 2000 2000 NTP Q4 CP 200 200 2000 2000 FTP Q4 CP 400 400 3000 3000 TELNET[...]

  • Page 234

    Troubleshooting CoPP Operation To troubleshoot CoPP operation, use the debug commands described in this section. Enabling CPU Traffic Statistics During high-traffic network conditions, you may want to manually enable the collection of CPU traffic statistics by entering the debug cpu-traffic-stats command. Statistic collection begins as soon as you [...]

  • Page 235

    system-flow layer2 [cp-switch | linecard slot-id portset port-pipe ] command. The number of hits for each system flow is also displayed. Dell#show hardware system-flow layer2 linecard 2 port-set 0 ############## FP Entry for redirecting STP BPDU to CPU Port ################ EID 0x00000300: gid=0xa, slice=9, slice_idx=0x1, part =0 prio=0x300, flags=[...]

  • Page 236

    MASK=0x0000ffff ffffffff action={act=DropPrecedence, param0=1(0x1), param1=0(0), param2=0(0), param3=0(0)} action={act=Drop, param0=0(0), param1=0(0), param2=0(0), param3=0(0)} action={act=CosQCpuNew, param0=3(0x3), param1=0(0), param2=0(0), param3=0(0)} action={act=CopyToCpu, param0=1(0x1), param1=4(0x4), param2=0(0), param3=0(0)} policer= statist[...]

  • Page 237

    --More-- ######################## FP Entry for VLT IGMP Sync frames ########################## --More-- ######################## FP Entry for VLT ARP Replies Tunneled ########################## --More-- ######################## FP Entry for VLT L2PM Sync frames ########################## --More-- ######################## FP Entry for VLT ARP Sync f[...]

  • Page 238

    GVRP 14988129080 551480 14987577600 ARP RESP/ARP REQ 29604578172 3559868 29601018304 802.1x 0 0 0 FEFD 0 0 0 FRRP 0 0 0 ECFM 0 0 0 L2PT 0 0 0 ISIS 0 0 0 BFD 0 0 0 BGP 0 0 0 v6 BGP 0 0 0 OSPF 0 0 0 v6 OSPF 0 0 0 RIP 0 0 0 VRRP 0 0 0 v6 VRRP 0 0 0 IGMP 0 0 0 PIM 0 0 0 NTP 0 0 0 MULTICAST CATCH ALL 0 0 0 v6 MULTICAST CATCH ALL 0 0 0 DHCP RELAY/DHCP 0 [...]

  • Page 239

    OSPF 0 0 0 RIP 0 0 0 VRRP 0 0 0 ICMP 0 0 0 IGMP 0 0 0 PIM 0 0 0 MSDP 0 0 0 BFD ON PHYSICAL PORTS 0 0 0 BFD ON LOGICAL PORTS 0 0 0 802.1x 0 0 0 iSCSI 0 0 0 DHCP RELAY 0 0 0 DHCP 0 0 0 NTP 0 0 0 FTP 0 0 0 TELNET 0 0 0 SSH 0 0 0 VLT CTRL 0 0 0 VLT IPM PDU 0 0 0 VLT TTL1 0 0 0 HYPERPULL 0 0 0 OPENFLOW 0 0 0 FEFD 0 0 0 TRACEFLOW 0 0 0 FCoE 0 0 0 SFLOW 0[...]

  • Page 240

    In the show output, Rx Counters displays the number of bytes of control-plane traffic received, on which queue-based rate limiting is applied. Tx Counters displays the number of bytes transmitted to a control- plane CPU after queue-based rate limiting is applied. Drop Counters displays the number of bytes of control-plane traffic that have been dro[...]

  • Page 241

    12 Data Center Bridging (DCB) NOTE: Data center bridging (DCB) is enabled in Z9500 switch. Ethernet Enhancements in Data Center Bridging The following section describes DCB. The device supports the following DCB features: • Data center bridging exchange protocol (DCBx) • Priority-based flow control (PFC) • Enhanced transmission selection (ETS[...]

  • Page 242

    transport protocols (for example, TCP) for reliable data transmission with the associated cost of greater processing overhead and performance impact. Storage traffic Storage traffic based on Fibre Channel media uses the Small Computer System Interface (SCSI) protocol for data transfer. This traffic typically consists of large data packets with a pa[...]

  • Page 243

    The system supports loading two DCB_Config files: • FCoE converged traffic with priority 3. • iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation. • PFC uses DCB M[...]

  • Page 244

    low-latency storage or server cluster traffic in a traffic class to receive more bandwidth and restrict best- effort LAN traffic assigned to a different traffic class. The following figure shows how ETS allows you to allocate bandwidth when different traffic types are classed according to 802.1p priority and mapped to priority groups. Figure 26. En[...]

  • Page 245

    • Discovery of DCB capabilities on peer-device connections. • Determination of possible mismatch in DCB configuration on a peer link. • Configuration of a peer device over a DCB link. DCBx requires the link layer discovery protocol (LLDP) to provide the path to exchange DCB parameters with peer devices. Exchanged parameters are sent in organi[...]

  • Page 246

    For DCB to operate effectively, you can classify ingress traffic according to its dot1p priority so that it maps to different data queues. The dot1p-queue assignments used are shown in the following table. To enable DCB, enable either the iSCSI optimization configuration or the FCoE configuration. NOTE: Dell Networking OS Behavior : DCB is not supp[...]

  • Page 247

    Networking OS 9.3(0.). Max Use Count mode provides the maximum value of the counters accumulated over a period of time. Priority Flow Control (PFC) provides a link level flow control mechanism, which is controlled independently for each frame priority. The goal of this mechanism is to ensure zero loss under congestion in DCB networks. The SNMP supp[...]

  • Page 248

    percentages in all groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the committed rates. The bandwidth allocated to other priority groups is made available and allocated according to the specified percentages. If a priority group does not use its allocated bandwidt[...]

  • Page 249

    Step Task Command Command Mode Dell# interface tengigabitEthernet 1/1 Dell(config-if-te-1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port. You cannot apply a DCB map on an interface that has been already configured for PFC using the pfc priority command or which is already configured for lossless queues ( pf[...]

  • Page 250

    When configuring lossless queues on a port interface, consider the following points: • By default, no lossless queues are configured on a port. • A limit of two lossless queues are supported on a port. If the number of lossless queues configured exceeds the maximum supported limit per port (two), an error message is displayed. You must re- conf[...]

  • Page 251

    The default dot1p priority-queue assignments are applied as follows: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 1 2 3 4 5 6 7 Queue : 2 0 1 3 4 5 6 7 Dell(conf)# NOTE: In Egress queue assignment (8 queues in S6000 and Z9500, 4 against in S5000 and S4810. PFC is not applied on specific dot1p priorities. ETS: Equal bandwidth is ass[...]

  • Page 252

    • Traffic may be interrupted when you reconfigure PFC no-drop priorities in a DCB map or re-apply the DCB map to an interface. • For PFC to be applied, the configured priority traffic must be supported by a PFC peer (as detected by DCBx). • If you apply a DCB map with PFC disabled ( pfc off ), you can enable link-level flow control on the int[...]

  • Page 253

    • Traffic in priority groups is assigned to strict-queue or weighted round-robin (WRR) scheduling in an ETS configuration and is managed using the ETS bandwidth-assignment algorithm. Dell Networking OS de-queues all frames of strict-priority traffic before servicing any other queues. A queue with strict-priority traffic can starve other queues in[...]

  • Page 254

    When you configure priority groups in a DCB map: • A priority group consists of 802.1p priority values that are grouped together for similar bandwidth allocation and scheduling, and that share the same latency and loss requirements. All 802.1p priorities mapped to the same queue must be in the same priority group. • In a DCB map, each 802.1p pr[...]

  • Page 255

    Priority group range is from 0 to 7. All priorities that map to the same queue must be in the same priority group. Leave a space between each priority group number. For example: priority-pgid 0 0 0 1 2 4 4 4 in which priority group 0 maps to dot1p priorities 0, 1, and 2; priority group 1 maps to dot1p priority 3; priority group 2 maps to dot1p prio[...]

  • Page 256

    context. For example, one of the Te/Fo interfaces can have pfc-dot1p priorities as 2 and 3. Whereas, the other Te/Fo interface(s) can have its pfc-dot1p priorities as 4 and 5. It is the user responsibility to have symmetric PFC configurations on the interfaces involved in a particular PFC-enabled traffic-flow to obtain lossless behavior. Configure [...]

  • Page 257

    Committed and peak bandwidth is in megabits per second. The range is from 0 to 40000. Committed and peak burst size is in kilobytes. Default is 50. The range is from 0 to 10000. 3. Configure the 802.1p priorities for the traffic on which you want to apply an ETS output policy. PRIORITY-GROUP mode priority-list value The range is from 0 to 7. The de[...]

  • Page 258

    • The DCBx port-role configurations determine the ETS operational parameters (refer to Configure a DCBx Operation ). • ETS configurations received from TLVs from a peer are validated. • If there is a hardware limitation or TLV error: – DCBx operation on an ETS port goes down. – New ETS configurations are ignored and existing ETS configura[...]

  • Page 259

    QoS OUTPUT POLICY mode exit 5. Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port 6. Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode service-policy output output-policy-name Applying the DCB Policies on Linecard You can apply DCB policies wit[...]

  • Page 260

    is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end). For more information about how these features are implemented and used, refer to: • Configure Enhanced Transmission Selection DCBx supports the following versions: CIN, CE[...]

  • Page 261

    Auto- downstream The port advertises its own configuration to DCBx peers but is not willing to receive remote peer configuration. The port always accepts internally propagated configurations from a configuration source. An auto-downstream port that receives an internally propagated configuration overwrites its local configuration with the new param[...]

  • Page 262

    NOTE: On a DCBx port, application priority TLV advertisements are handled as follows: • The application priority TLV is transmitted only if the priorities in the advertisement match the configured PFC priorities on the port. • On auto-upstream and auto-downstream ports: – If a configuration source is elected, the ports send an application pri[...]

  • Page 263

    A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports. Ports receiving auto-configuration information from the configuration source ignore their current settings and use the configuration source information. Propagation of DCB Information When an auto-upstream or auto-downst[...]

  • Page 264

    Behavior of Tagged Packets The below is example for enabling PFC for priority 2 for tagged packets. Priority (Packet Dot1p) 2 will be mapped to PG6 on PRIO2PG setting. All other Priorities for which PFC is not enabled are mapped to default PG – PG7. Classification rules on ingress (Ingress FP CAM region) matches incoming packet-dot1p and assigns [...]

  • Page 265

    3. Dot1p->Queue Mapping Configuration is retained at the default value. Default dot1p-queue mapping is, Dell#show qos dot1p-queue-mapping Dot1p Priority : 0 1 2 3 4 5 6 7 Queue :2 0 1 3 4 5 6 7 4. Interface Configurations on server connected ports. a. Enable DCB globally. Dell(conf)#dcb enable b. Apply PFC Priority configuration. Configure prior[...]

  • Page 266

    in the Link Layer Discovery Protocol (LLDP) chapter). If multiple DCBx peer ports are detected on a local DCBx interface, LLDP is shut down. • The CIN version of DCBx supports only PFC, ETS, and FCOE; it does not support iSCSI, backward congestion management (BCN), logical link down (LLDF), and network interface virtualization (NIV). Configuring [...]

  • Page 267

    PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [ets-conf | ets-reco | pfc] • ets-conf : enables the advertisement of ETS Configuration TLVs. • ets-reco : enables the advertisement of ETS Recommend TLVs. • pfc enables : the advertisement of PFC TLVs. The default is All PFC and ETS TLVs are ad[...]

  • Page 268

    • auto : configures all ports to operate using the DCBx version received from a peer. • cee : configures a port to use CEE (Intel 1.01). cin configures a port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5 : configures a port to use IEEE 802.1Qaz (Draft 2.5). The default is Auto . NOTE: To configure the DCBx port role the interfaces use to [...]

  • Page 269

    The default is 0x10 . DCBx Error Messages The following syslog messages appear when an error in DCBx operation occurs. LLDP_MULTIPLE_PEER_DETECTED: DCBx is operationally disabled after detecting more than one DCBx peer on the port interface. LLDP_PEER_AGE_OUT: DCBx is disabled as a result of LLDP timing out on a DCBx peer interface. DSM_DCBx_PEER_V[...]

  • Page 270

    Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 11. Displaying DCB Configurations Command Output show dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [linecard {all | unit-number }] [sfm {all | unit-number }] Displays the data center bridging status, number of PF[...]

  • Page 271

    The following example shows the show dcb command. Dell#sh dcb linecard 2 port-set 0 DCB Status: Enabled, PFC Queue Count: 2 linecard Total Buffer PFC Total Buffer PFC Shared Buffer PFC Available Buffer PP (KB) (KB) (KB) (KB) -------------------------------------------------------------------------------- -- 2 0 11210 7488 2496 4992 The following ex[...]

  • Page 272

    Local is enabled Oper status is recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quanta Application Priority TLV Parameters : -------------------------------------- FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Local ISCSI Priority[...]

  • Page 273

    Fields Description PFC DCBx Oper status Operational status for exchange of PFC configuration on local port: match (up) or mismatch (down). State Machine Type Type of state machine used for DCBx exchanges of PFC parameters: • Feature: for legacy DCBx versions • Symmetric: for an IEEE version TLV Tx Status Status of PFC TLV advertisements: enable[...]

  • Page 274

    4 0 0 5 0 0 6 0 0 7 0 0 The following example shows the show interface ets summary command. Dell(conf-qos-policy-out-ets)#do sho int te 1/3 ets su Interface TenGigabitEthernet 1/3 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------ Admin is enabled TC-grp Priority# Bandwidth TSA -------[...]

  • Page 275

    Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Priority# Bandwidth TSA 0 13% ETS 1 13% ETS 2 13% ETS 3 13% ETS 4 12% ETS 5 12% ETS 6 12% ETS 7 12% ETS Remote Parameters: ------------------- Remote is disabled Local Parameters : ------------------ Local is ena[...]

  • Page 276

    % Rate(Mbps) Burst(KB) Rate(Mpbs) Burst(KB) -------------------------------------------------------------------------------- -- 0 0,1,2,4,5,6,7 50 400 100 4000 400 ETS 1 3 50 - - - - ETS 2 - - - - - - 3 - - - - - - 4 - - - - - - 5 - - - - - - 6 - - - - - - 7 - - - - - - Remote Parameters : ------------------- Remote is disabled Local Parameters : -[...]

  • Page 277

    Field Description priorities, and bandwidth allocation. If the ETS Admin mode is enabled on the remote port for DCBx exchange, the Willing bit received in ETS TLVs from the remote peer is included. Local Parameters ETS configuration on local port, including Admin mode (enabled when a valid TLV is received from a peer), priority groups, assigned dot[...]

  • Page 278

    Number of Traffic Classes is 8 Admin mode is on Admin Parameters: -------------------- Admin is enabled PG-grp Priority# Bandwidth TSA ------------------------------------------------ 0 0,1,2,4,5,6,7 50 % ETS 1 3 50 % ETS 2 - - 3 - - 4 - - 5 - - 6 - - 7 - - The following example shows the show sfm 0 backplane all pfc details command Dell#show sfm 0[...]

  • Page 279

    ---------- Interface TenGigabitEthernet 2/12 Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx Compatibility mode is IEEEv2.5 Local DCBx Configured mode is IEEEv2.5 Peer Operating version is IEEEv2.5 Local DCBx TLVs Transmitted: ERPFi 1 Input PFC TLV pkts, 2 Output [...]

  • Page 280

    Table 14. show interface DCBx detail Command Description Field Description Interface Interface type with chassis slot and port number. Port-Role Configured DCBx port role: auto-upstream, auto- downstream, config-source, or manual. DCBx Operational Status Operational status (enabled or disabled) used to elect a configuration source and internally pr[...]

  • Page 281

    Field Description Total DCBx Frames received Number of DCBx frames received from remote peer port. Total DCBx Frame errors Number of DCBx frames with errors received. Total DCBx Frames unrecognized Number of unrecognizable DCBx frames received. Generation of PFC for a Priority for Untagged Packets In order to generate PFC for a particular priority [...]

  • Page 282

    packet Dot1p and Dot1p based queue classification. This document will discuss the configurations required to support PFC for untagged packets based on incoming packet DSCP. For the tagged packets, Queue is selected based on the incoming Packet Dot1p. When PFC frames for a specific priority is received from the peer switch, the queue corresponding t[...]

  • Page 283

    Figure 29. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification : The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment . The follow[...]

  • Page 284

    dot1p Value in the Incoming Frame Priority Group Assignment 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 50% LAN 45% PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center tra[...]

  • Page 285

    Priority group 1 Assigns traffic to one priority queue with 20% of the link bandwidth and strict- priority scheduling. Priority group 2 Assigns traffic to one priority queue with 30% of the link bandwidth. Priority group 3 Assigns traffic to two priority queues with 50% of the link bandwidth and strict- priority scheduling. In this example, the con[...]

  • Page 286

    When a device sends a pause frame to another device, the time for which the sending of packets from the other device must be stopped is contained in the pause frame. The device that sent the pause frame empties the buffer to be less than the threshold value and restarts the acceptance of data packets. Dynamic ingress buffering enables the sending o[...]

  • Page 287

    dcb enable 2. Configure the shared PFC buffer size and the total buffer size. A maximum of 4 lossless queues are supported. CONFIGURATION mode dcb pfc-shared-buffer-size 2000 dcb pfc-total-buffer-size 5000 3. Configure the number of PFC queues. CONFIGURATION mode dcb enable pfc-queues pfc-queues The number of ports supported based on lossless queue[...]

  • Page 288

    CONFIGURATION mode dcb pfc-total-buffer-size buffer-size sfm all 11. Configuring DCB global shared buffer on SFM ports. CONFIGURATION mode dcb pfc-shared-buffer-size buffer-size sfm all 12. Configuring global shared buffer size on linecards. CONFIGURATION mode dcb pfc-shared-buffer-size buffer-size linecard {linecard-number | all} [port-set { port-[...]

  • Page 289

    Sample Configurations Figure 30. Configure DCB end to end on this setup Sample configuration for RoCE traffic MXL Fab B1 and B2 Switches (RoCE Traffic Only) ! dcb enable iscsi enable ! interface TenGigabitEthernet 0/1 Data Center Bridging (DCB) 289[...]

  • Page 290

    Description Link to RoCE Adapter in Blade Server no ip address mtu 12000 portmode hybrid switchport no spanning-tree ! protocol lldp dcbx port-role auto-downstream no shutdown ! interface fortyGigE 0/33 Description “To S4810s” no ip address mtu 12000 ! port-channel-protocol LACP port-channel 1 mode active ! protocol lldp no advertise dcbx-tlv e[...]

  • Page 291

    vlt domain 2 peer-link port-channel 128 back-up destination <mgmipofremotepeer> interface Port-channel 128 no ip address mtu 12000 channel-member fortyGigE 0/56 no shutdown interface fortyGigE 0/56 no ip address mtu 12000 dcb-map Converged protocol lldp no shutdown S4810 2 vlt domain 2 peer-link port-channel 128 back-up destination <mgmipo[...]

  • Page 292

    Description SOFS-RDMA no ip address mtu 12000 portmode hybrid switchport no spanning-tree dcb-map RoCE ! protocol lldp no shutdown ! interface TenGigabitEthernet 0/22 Description SOFS- iSCSI no ip address mtu 12000 portmode hybrid switchport spanning-tree rstp edge-port spanning-tree 0 portfast dcb-map iSCSI ! protocol lldp no shutdown 292 Data Cen[...]

  • Page 293

    13 Debugging and Diagnostics This chapter describes the debugging and diagnostics tasks you can perform on the switch. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostic tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various[...]

  • Page 294

    EXEC Privilege mode show system brief 3. Start diagnostics on the switch. diag system unit When the tests complete, the system displays a syslog message: 00:13:17 : Diagnostic test results are stored on file: flash:/TestReport- LP-0.txt 00:13:19 : Diagnostic test results are stored on file: flash:/TestReport- LP-1.txt 00:13:20 : Diagnostic test res[...]

  • Page 295

    Examples of Running Offline Diagnostics Example of Taking a Switch Offline Dell# offline system Warning - offline of system will bring down all the protocols and the system will be operationally down, except for running Diagnostics. The "reload" command is required for normal operation after the offline command is issued. Proceed with Off[...]

  • Page 296

    00:11:05 : Approximate time to complete the Diags (all levels)... 10 Mins 00:11:05: %Z9500LC12:0 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on linecard 0 00:11:05 : Approximate time to complete the Diags (all levels)... 10 Mins 00:11:06: %Z9500LC12:2 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on linecard 2 00:11:06 : Approximate time to complete th[...]

  • Page 297

    • Line-card CPU 2 is LP-2. • The Control Processor is CP. Example of a Test Log Report (All Levels) for Control Processor: TestReport-CP.txt Dell# show file flash://TestReport-CP.txt DELL DIAGNOSTICS-Z9500-CP00 [0] PPID -- US0WGHX2779513AG00T PPID Rev -- X00 Service Tag -- 6NHW6Z1 Part Number -- 7520072402 Part Number Revision -- H SW Version -[...]

  • Page 298

    PSU[2] sensor[2] temperature 23.0 C +PSU[2] test PASS PSU[3] sensor[0] temperature 37.0 C PSU[3] sensor[1] temperature 30.0 C PSU[3] sensor[2] temperature 21.0 C +PSU[3] test PASS psuTest ..................................................... PASS rtcTest ..................................................... PASS sataSsdTest ........................[...]

  • Page 299

    + HG Link Status Test for Fabric 3: PASSED + HG Link Status Test for Fabric 4: PASSED + HG Link Status Test for Fabric 5: PASSED fabricLinkStatusTest ........................................ PASS Starting test: fanTest ...... ERROR: Tray[0] fan[1] speed 49% is out of expected range [80-100%] ERROR: Fan speed variation failed for tray[0] ERROR: Tray[...]

  • Page 300

    DELL DIAGNOSTICS-Z9500-CP00 [0] PPID -- NA PPID Rev -- NA Service Tag -- NA Part Number -- NA Part Number Revision -- NA SW Version -- 9.2(1.0B2) Available free memory: 2,646,888,448 bytes LEVEL 0 DIAGNOSTIC eepromTest .................................................. PASS i2cTest ..................................................... PASS macPhyRe[...]

  • Page 301

    ERROR: Unit 2 (Portcard 2): XE 11 is DOWN + XE Link Status Test for unit 2 (Portcard 2): FAILED portcardXELinkStatusTest .................................... FAIL qsfpOpticsTest .............................................. PASS qsfpPhyTest ................................................. PASS qsfpPresenceTest ....................................[...]

  • Page 302

    Starting test: temperatureTest ...... Thermal Monitor Diodes: Diode[0] temperature 33.9 C Diode[1] temperature 35.0 C Diode[2] temperature 35.0 C Diode[4] temperature 34.5 C Port card[0]: Average temperature 38.3 C, maximum 41.1 C Port card[1]: Average temperature 40.5 C, maximum 43.3 C Port card[2]: Average temperature 42.8 C, maximum 44.9 C Ether[...]

  • Page 303

    Auto Save on Reload, Crash, or Rollover Exception information for the switch is stored in the flash:/TRACE_LOG_DIR directory. This directory contains files that save trace information when there has been a task crash or timeout and trace information from the Route Processor and Control Processor CPUs. You can access the TRACE_LOG_DIR files by FTP o[...]

  • Page 304

    show hardware linecard {0-2} buffer total-buffer • Display the modular packet buffers details per unit and the mode of allocation. show hardware linecard {0-2} buffer unit {0-3} total-buffer • Display the forwarding plane statistics containing the packet buffer usage per port per line card. show hardware linecard {0-2} buffer unit {0-3} port {1[...]

  • Page 305

    Troubleshoot a flap or fault condition on a HiGig backplane link by displaying the internal ports that are mapped to backplane links for control or data traffic and the status of backplane links. In the show hardware bp-link-state command output, 1 indicates that a backplane link is up; 0 indicates the a link is down. You can also display the traff[...]

  • Page 306

    -- Major Alarms -- Alarm Type Duration --------------------------------------------------------------------------- PEM 0 in unit 0 down 25 sec PEM 2 in unit 0 down 6 sec • Use the show environment pem command to display complete information on power supply operation. Dell#show environment pem -- Power Supplies -- Unit Bay Status Type FanStatus Fa[...]

  • Page 307

    To verify the transceiver plugged into a Z9500 port, use the show inventory media command. Dell#show inventory media Slot Port Type Media Serial Number F10Qualified -------------------------------------------------------------------------------- ----------- 2 0 QSFP 40GBASE-CR4-1M APF12380010GM4 Yes 2 4 Media not present or accessible 2 8 Media not[...]

  • Page 308

    QSFP 168 BR max = 0 QSFP 168 BR min = 0 QSFP 168 Vendor SN = Z12I00005 QSFP 168 Datecode = 130117 QSFP 168 CheckCodeExt = 0xe8 QSFP 168 Diagnostic Information =================================== QSFP 168 Rx Power measurement type = Average =================================== QSFP 168 Temp High Alarm threshold = 80.000C QSFP 168 Voltage High Alarm t[...]

  • Page 309

    Minor Minor Off Major Major Off Shutdown S0 50 45 50 45 N/A S1 N/A N/A N/A N/A N/A S2 50 45 50 45 N/A S3 50 45 50 45 N/A S4 40 35 40 35 N/A S5 50 45 50 45 N/A S6 67 62 67 62 N/A S7 68 63 68 63 N/A S8 66 61 66 61 N/A S9 66 61 66 61 N/A -- Switching Core -- -- Temperature Limits (deg C) -- -------------------------------------------------------------[...]

  • Page 310

    threshold crossings do not cause alarms, but are used to trigger increases in the speed of the system fans as needed to keep the component temperature within the desired range. Dell#show environment thermal-sensors -- Thermal Sensor Readings (deg C) -- Module S0 S1 S2 S3 S4 S5 S6 S7 S8 S9 S10 --------------------------------------------------------[...]

  • Page 311

    If the system is not able to cool down within one minute from the time the shutdown alarm is generated, a second alarm is triggered and the system shuts down immediately to avoid damaging any component due to overheating: 00:16:08: %SYSTEM:LP %CHMGR-0-TEMP_SHUTDOWN_WARN: Unit 0 a temperature sensor has exceeded its critical shutdown temperature; Un[...]

  • Page 312

    UNIT No: 0 Total Ingress Drops : 41694 Total IngMac Drops : 0 Total Mmu Drops : 0 Total EgMac Drops : 0 Total Egress Drops : 0 Dell#show hardware linecard 2 drops unit 0 UserPort PortNumber Ingress Drops IngMac Drops Total Mmu Drops EgMac Drops Egress Drops 0 1 0 0 0 0 0 4 5 0 0 0 0 0 8 9 0 0 0 0 0 12 13 41745 0 0 0 0 16 17 0 0 0 0 0 17 18 0 0 0 0 [...]

  • Page 313

    0 0 0 Internal 58 0 0 0 0 0 Internal 59 0 0 0 0 0 Internal 60 0 0 0 0 0 Internal 61 0 0 0 0 0 Displaying Dataplane Statistics The show hardware linecard {0–2} cpu data-plane statistics command provides information about the packet types entering a line-card CPU. As shown in the following example, the show hardware linecard cpu data-plane statisti[...]

  • Page 314

    Oversize frames recvd = 0 Fragments = 0 Jabber = 0 Dropped Frames = 0 Under/oversized frames = 0 FLR frames = 0 RCDE frames = 0 RCSE frames = 0 Dell#show hardware party-bus port 0 statistics Party Bus Transmit Counters for port 0: Tx Octets = 350320163 Tx Drop Packets = 0 tx_q0_pkts = 597876 tx_q1_pkts = 0 tx_q2_pkts = 0 tx_q3_pkts = 0 tx_q4_pkts =[...]

  • Page 315

    transmit statistics for a port-pipe unit on a specified line card, according to the command option you enter. Dell#show hardware linecard 0 unit 1 counters RUC.cpu0 : 528,687 +528,687 ING_NIV_RX_FRAMES.cpu0 : 528,687 +528,687 TDBGC6.cpu0 : 528,687 +528,687 PERQ_PKT(0).cpu0 : 1,172 +1,172 PERQ_PKT(41).cpu0 : 527,515 +527,515 PERQ_BYTE(0).cpu0 : 79,6[...]

  • Page 316

    NOTE: On the Z9500, when you enable core dumps of application crashes to be uploaded to an FTP server, only core dumps from the Control Processor are uploaded to the server. Application core-dump files from the Route Processor and line-card CPUs are moved to flash memory on the Control Processor CPU and can be accessed by performing an FTP to the C[...]

  • Page 317

    command in global configuration mode. The kernel core dump is copied to flash://CORE_DUMP_DIR/ f10_ cpu _ timestamp .kcore.gz Where cpu specifies a Z9500 CPU and is one of the following values: cp (Control Processor), cp (Route Processor), lp0 (line-card processor 0), lp1 (line-card processor 1), or lp2 (line-card processor 2); timestamp is a text [...]

  • Page 318

    14 Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious [...]

  • Page 319

    Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Server Option 6 Specifies the domain name servers (DNSs) that are available to the client. Domain Name Option 15 Specifies the domain name that clien[...]

  • Page 320

    Option Number and Description Identifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Snooping Option 82 Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database. End Option 255 Signals the last option in the DHCP packe[...]

  • Page 321

    Figure 32. Client and Server Messaging Implementation Information The following describes DHCP implementation. • Dell Networking implements DHCP based on RFC 2131 and RFC 3046. • IP source address validation is a sub-feature of DHCP Snooping; the Dell Networking OS uses access control lists (ACLs) internally to implement this feature and as suc[...]

  • Page 322

    Configure the System to be a DHCP Server A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient. The following table lists the key responsibilities of DHCP servers. Table 17. DHCP Se[...]

  • Page 323

    DHCP <POOL> mode network network/prefix-length • network : the subnet address. • prefix-length : specifies the number of bits used for the network portion of the address you specify. The prefix-length range is from 17 to 31. 4. Display the current pool configuration. DHCP <POOL> mode show config After an IP address is leased to a cl[...]

  • Page 324

    lease {days [hours] [minutes] | infinite} The default is 24 hours . Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client. To specify a default gateway, follow this step. • Specify default gateway(s) for the clients on the subnet, in order of preference. DHCP <POOL> default-router addre[...]

  • Page 325

    Creating Manual Binding Entries An address binding is a mapping between the IP address and the media access control (MAC) address of a client. The DHCP server assigns the client an available IP address automatically, and then creates an entry in the binding table. However, the administrator can manually create an entry for a client; manual bindings[...]

  • Page 326

    Configure the System to be a Relay Agent DHCP clients and servers request and offer configuration information via broadcast DHCP messages. Routers do not forward broadcasts, so if there are no DHCP servers on the subnet, the client does not receive a response to its request and therefore cannot access the network. You can configure an interface on [...]

  • Page 327

    Figure 33. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int gig 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24 Broadcast address is 10.11.0.255 Address[...]

  • Page 328

    ICMP redirects are not sent ICMP unreachables are not sent Configure the System to be a DHCP Client A DHCP client is a network device that requests an IP address and configuration parameters from a DHCP server. Implement the DHCP client functionality as follows: • The switch can obtain a dynamically assigned IP address from a DHCP server. A start[...]

  • Page 329

    DHCP Client Operation with Other Features A DHCP client also operates with the following software features. Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel (LAG) interfaces as on a physical interface. DHCP [...]

  • Page 330

    • Source Address Validation Option 82 RFC 3046 (the relay agent information option, or Option 82) is used for class-based IP address assignment. The code for the relay agent information option is 82, and is comprised of two sub-options, circuit ID and remote ID. Circuit ID This is the interface on which the client-originated message is received. [...]

  • Page 331

    packet arrived on the correct port. Packets that do not pass this check are forwarded to the server for validation. This checkpoint prevents an attacker from spoofing a client and declining or releasing the real client’s address. Server-originated packets (DHCPOFFER, DHCPACK, and DHCPNACK) that arrive on a not trusted port are also dropped. This [...]

  • Page 332

    ipv6 dhcp snooping trust 3. Enable IPv6 DHCP snooping on a VLAN or range of VLANs. CONFIGURATION mode ipv6 dhcp snooping vlan vlan-id Adding a Static Entry in the Binding Table To add a static entry in the binding table, use the following command. • Add a static entry in the binding table. EXEC Privilege mode ip dhcp snooping binding mac Adding a[...]

  • Page 333

    Dell#show ip dhcp snooping IP DHCP Snooping : Enabled. IP DHCP Snooping Mac Verification : Disabled. IP DHCP Relay Information-option : Disabled. IP DHCP Relay Trust Downstream : Disabled. Database write-delay (In minutes) : 0 DHCP packets information Relay Information-option packets : 0 Relay Trust downstream packets : 0 Snooping packets : 0 Packe[...]

  • Page 334

    IPv6 DHCP Snooping MAC-Address Verification Configure to enable verify source mac-address in the DHCP packet against the mac address stored in the snooping binding table. • Enable IPV6 DHCP snooping . CONFIGURATION mode ipv6 dhcp snooping verify mac-address Drop DHCP Packets on Snooped VLANs Only Binding table entries are deleted when a lease exp[...]

  • Page 335

    packets addressed to the client to it. As a result, the attacker is able to sniff all packets to and from the client. Other attacks using ARP spoofing include: Broadcast An attacker can broadcast an ARP reply that specifies FF:FF:FF:FF:FF:FF as the gateway’s MAC address, resulting in all clients broadcasting all internet-bound packets. MAC floodi[...]

  • Page 336

    --------------------------------------------------------------------- Internet 10.1.1.251 - 00:00:4d:57:f2:50 Te 0/2 Vl 10 CP Internet 10.1.1.252 - 00:00:4d:57:e6:f6 Te 0/1 Vl 10 CP Internet 10.1.1.253 - 00:00:4d:57:f8:e8 Te 0/3 Vl 10 CP Internet 10.1.1.254 - 00:00:4d:69:e8:f2 Te 0/50 Vl 10 CP Dell# To see how many valid and invalid ARP packets hav[...]

  • Page 337

    Enabling IP Source Address Validation IP source address validation (SAV) prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP binding table. A spoofed IP packet is one in which the IP source address is strategically chosen to disguise the attacker. For example, using ARP spoofing, an attacker can assume a leg[...]

  • Page 338

    3. Reload the system. EXEC Privilege reload 4. Enable IP+MAC SAV. INTERFACE mode ip dhcp source-address-validation ipmac The system creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface. To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-address-val[...]

  • Page 339

    15 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) supports multiple paths in next-hop packet forwarding to a destination device. ECMP for Flow-Based Affinity ECMP for flow-based affinity includes link bundle monitoring. Enabling Deterministic ECMP Next Hop Deterministic ECMP next hop arranges all ECMPs in order before writing them into t[...]

  • Page 340

    NOTE: While the seed is stored separately on each port-pipe, the same seed is used across all CAMs. NOTE: You cannot separate LAG and ECMP, but you can use different algorithms across the chassis with the same seed. If LAG member ports span multiple port-pipes and line cards, set the seed to the same value on each port-pipe to achieve deterministic[...]

  • Page 341

    NOTE: Save the new ECMP settings to the startup-config ( write-mem ) then reload the system for the new settings to take effect. • Configure the maximum number of paths per ECMP group. CONFIGURATION mode. ip ecmp-group maximum-paths { 2-64 } • Enable ECMP group path management. CONFIGURATION mode. ip ecmp-group path-fallback Example of the ip e[...]

  • Page 342

    The default is 60% . • Display details for an ECMP group bundle. EXEC mode show link-bundle-distribution ecmp-group ecmp-group-id The range is from 1 to 64. Viewing an ECMP Group NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when you configure multipath routes to the same network. The system can generate a maximu[...]

  • Page 343

    -------------------------------------------------- [ 132] 20::1 00:00:20:d5:ec:a0 Fo 0/16 0 1 [ 132] 20::1 00:00:20:d5:ec:a1 Fo 0/24 0 1 To re-enable programming of IPv6 /128 route prefixes in the LPM table, use the no ipv6 unicast- host-route command. A warning message states that the change takes effect only when IPv4 or IPv6 route prefixes are c[...]

  • Page 344

    16 FCoE Transit The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a Z9500 switch. Fibre Channel over Ethernet FCoE provides a converged Ethernet n[...]

  • Page 345

    requirement for point-to-point connections by creating a unique virtual link for each connection between an FCoE end-device and an FCF via a transit switch. FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received between FCoE end-devices (ENodes) and the F[...]

  • Page 346

    Figure 34. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF[...]

  • Page 347

    FCoE- generated ACLs These take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames. The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network. The top-of-rack (ToR) switch operates as an FCF for FCoE traffic.Converged LAN and SAN traffic is transmi[...]

  • Page 348

    • Allocate CAM resources for FCoE. • Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. • To assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in, set the FCoE MAC address prefix (FC-MAP) value an FCF uses. The FC-MAP value is used in [...]

  • Page 349

    Important Points to Remember • Enable DCBx on the switch before enabling the FIP Snooping feature. • To enable the feature on the switch, configure FIP Snooping. • To allow FIP frames to pass through the switch on all VLANs, enable FIP snooping globally on a switch. • A switch can support a maximum eight VLANs. Configure at least one FCF/br[...]

  • Page 350

    Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configure FIP Snooping . As soon as you enable the FCoE transit feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied. The FCoE [...]

  • Page 351

    Configure a Port for a Bridge-to-FCF Link If a port is directly connected to an FCF, configure the port mode as FCF. Initially, all FCoE traffic is blocked; only FIP frames are allowed to pass. FCoE traffic is allowed on the port only after a successful fabric login (FLOGI) request/response and confirmed use of the configured FC-MAP value for the V[...]

  • Page 352

    To enable FCoE transit on the switch and configure the FCoE transit parameters on ports, follow these steps. 1. Configure FCoE. FCoE configuration: copy flash:/ CONFIG_TEMPLATE/ FCoE_DCB_Config running-config The configuration files are stored in the flash memory in the CONFIG_TEMPLATE file. NOTE: DCB/DCBx is enabled when either of these configurat[...]

  • Page 353

    FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 36. Configuration Example: FIP Snooping on a Switch In this example, DCBx and PFC are enabled on the FIP snoop[...]

  • Page 354

    Example of Enabling an FC-MAP Value on a VLAN Dell(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01 NOTE: Configuring an FC-MAP value is only required if you do not use the default FC-MAP value (0x0EFC00). Example of Configuring the ENode Server-Facing Port Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# portmode hybrid Dell(conf-if-[...]

  • Page 355

    Command Output show fip-snooping enode [ enode-mac- address ] Displays information on the ENodes in FIP- snooped sessions, including the ENode interface and MAC address, FCF MAC address, VLAN ID and FC-ID. show fip-snooping fcf [ fcf-mac-address ] Displays information on the FCFs in FIP-snooped sessions, including the FCF interface and MAC address,[...]

  • Page 356

    Table 22. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FCoE MAC MAC[...]

  • Page 357

    The following example shows the show fip-snooping fcf command. Dell# show fip-snooping fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No. of Enodes ------- ------------- ---- ------ -------------- ------------- 54:7f:ee:37:34:40 Po 22 100 0e:fc:00 4000 2 The following table describes the show fip-snooping fcf command fields. Table 24. show fi[...]

  • Page 358

    Number of FLOGI :1 Number of FDISC :16 Number of FLOGO :0 Number of Enode Keep Alive :4416 Number of VN Port Keep Alive :3136 Number of Multicast Discovery Advertisement :0 Number of Unicast Discovery Advertisement :0 Number of FLOGI Accepts :0 Number of FLOGI Rejects :0 Number of FDISC Accepts :0 Number of FDISC Rejects :0 Number of FLOGO Accepts [...]

  • Page 359

    Field Description Number of FLOGI Number of FIP-snooped FLOGI request frames received on the interface. Number of FDISC Number of FIP-snooped FDISC request frames received on the interface. Number of FLOGO Number of FIP-snooped FLOGO frames received on the interface. Number of ENode Keep Alives Number of FIP-snooped ENode keep-alive frames received[...]

  • Page 360

    The following example shows the show fip-snooping vlan command. Dell# show fip-snooping vlan * = Default VLAN VLAN FC-MAP FCFs Enodes Sessions ---- ------ ---- ------ -------- *1 - - - - 100 0X0EFC00 1 2 17 360 FCoE Transit[...]

  • Page 361

    17 Enabling FIPS Cryptography Federal information processing standard (FIPS) cryptography provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce. FIPS mode is also validated for numerous platforms to meet [...]

  • Page 362

    Enabling FIPS Mode To enable or disable FIPS mode, use the console port. Secure the host attached to the console port against unauthorized access. Any attempts to enable or disable FIPS mode from a virtual terminal session are denied. When you enable FIPS mode, the following actions are taken: • If enabled, the SSH server is disabled. • All ope[...]

  • Page 363

    Monitoring FIPS Mode Status To view the status of the current FIPS mode (enabled/disabled), use the following commands. • Use either command to view the status of the current FIPS mode. show fips status show system Example of the show fips status Command Example of the show system Command Dell#show fips status FIPS Mode : Enabled for the system u[...]

  • Page 364

    • To disable FIPS mode from a console port. CONFIGURATION mode no fips mode enable The following Warning message displays: WARNING: Disabling FIPS mode will close all SSH/Telnet connections, restart those servers, and destroy all configured host keys. Proceed (y/n) ? 364 Enabling FIPS Cryptography[...]

  • Page 365

    18 Flex Hash This chapter describes the Flex Hash enhancements. Flex Hash Capability Overview This functionality is supported on the platform. The flex hash functionality enables you to configure a packet search key and matches packets based on the search key. When a packet matches the search key, two 16-bit hash fields are extracted from the start[...]

  • Page 366

    When load balancing RRoCE packets using flex hash is enabled, the show ip flow command is disabled. Similarly, when the show ip flow command is in use (ingress port-based load balancing is disabled), the hashing of RRoCE packets is disabled. Flex hash APIs do not mask out unwanted byte values after extraction of the data from the Layer 4 headers fo[...]

  • Page 367

    RRoCE packets are received and transmitted on specific interfaces called lite-subinterfaces. These interfaces are similar to the normal Layer 3 physical interfaces except for the extra provisioning that they offer to enable the VLAN ID for encapsulation. You can configure a physical interface or a Layer 3 Port Channel interface as a lite subinterfa[...]

  • Page 368

    19 Force10 Resilient Ring Protocol (FRRP) Force10 resilient ring protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can [...]

  • Page 369

    A virtual LAN (VLAN) is configured on all node ports in the ring. All ring ports must be members of the Member VLAN and the Control VLAN. The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including[...]

  • Page 370

    Multiple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system. More than the recommended number of rings may cause interface instability. You can configure multiple rings with a single switch connection; a single ring can have multiple FRRP groups; multiple rings can be connected with a common link. Member V[...]

  • Page 371

    Concept Explanation Control VLAN Each ring has a unique Control VLAN through which tagged ring health frames (RHF) are sent. Control VLANs are used only for sending RHF, and cannot be used for any other purpose. Member VLAN Each ring maintains a list of member VLANs. Member VLANs must be consistent across the entire ring. Port Role Each node has tw[...]

  • Page 372

    Concept Explanation There is no periodic transmission of TCRHFs. The TCRHFs are sent on triggered events of ring failure or ring restoration only. Implementing FRRP • FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) [...]

  • Page 373

    Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to Layer 2 . Be sure to follow these guidelines: • All VLANS must be in Layer 2 mode. • You can only add ring n[...]

  • Page 374

    4. Configure the Master node. CONFIG-FRRP mode. mode master 5. Identify the Member VLANs for this FRRP group. CONFIG-FRRP mode. member-vlan vlan-id { range } VLAN-ID, Range : VLAN IDs for the ring’s member VLANS. 6. Enable FRRP. CONFIG-FRRP mode. no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally f[...]

  • Page 375

    Interface : • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Slot/Port, Range : Slot and Port ID for the interface. Range is entered Slot/Port-Port. VLAN ID : Identification number of the [...]

  • Page 376

    Viewing the FRRP Configuration To view the configuration for the FRRP group, use the following command. • Show the configuration for this FRRP group. CONFIG-FRRP mode. show configuration Viewing the FRRP Information To view general FRRP information, use one of the following commands. • Show the information for the identified FRRP group. EXEC or[...]

  • Page 377

    no shutdown ! interface TengigabitEthernet 1/34 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged TengigabitEthernet 1/24,34 no shutdown ! interface Vlan 201 no ip address tagged TengigabitEthernet 1/24,34 no shutdown ! protocol frrp 101 interface primary TengigabitEthernet 1/24 secondary TengigabitEthernet 1/34 control[...]

  • Page 378

    ! interface Vlan 101 no ip address tagged TengigabitEthernet 3/14,21 no shutdown ! interface Vlan 201 no ip address tagged TengigabitEthernet 3/14,21 no shutdown ! protocol frrp 101 interface primary TengigabitEthernet 3/21 secondary TengigabitEthernet 3/14 control-vlan 101 member-vlan 201 mode transit no disable 378 Force10 Resilient Ring Protocol[...]

  • Page 379

    20 GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches. GVRP-compliant switches use GARP to register and de-register attribute values, such as VLAN IDs, with each other. Typical virtual local [...]

  • Page 380

    Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, GVRP is configured on VLAN trunk ports. Figure 37. Glob[...]

  • Page 381

    Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config ! protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the[...]

  • Page 382

    not be unconfigured when it receives a Leave PDU. Therefore, the registration mode on that interface is FIXED. • Forbidden Mode — Disables the port to dynamically register VLANs and to propagate VLAN information except information about VLAN 1. A port with forbidden registration type thus allows only VLAN 1 to pass through even though the PDU c[...]

  • Page 383

    LeaveAll Timer 5000 Dell(conf)# The system displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer . GARP VLAN Registration Protocol (GVRP) 383[...]

  • Page 384

    21 Internet Group Management Protocol (IGMP) Internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group. Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. Multicast routing protocols (suc[...]

  • Page 385

    Figure 38. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group. 1. One router on a subnet is elect[...]

  • Page 386

    response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability to filter by multicast source, which helps multicast routing protoc[...]

  • Page 387

    Figure 40. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. 2. T[...]

  • Page 388

    Figure 41. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 a[...]

  • Page 389

    Figure 42. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command. 2. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP Version • Viewing IGMP Groups • Adjusting Time[...]

  • Page 390

    • Fast Convergence after MSTP Topology Changes • Designating a Multicast Router Interface Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP. To view IGMP-enabled interfaces, use the following command. • View IGMP-enabled interfaces. EXEC Privilege mode show ip igmp interface Example of[...]

  • Page 391

    IGMP version is 3 Dell(conf-if-te-1/13)# Viewing IGMP Groups To view both learned and statically configured IGMP groups, use the following command. • View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell(conf-if-te-1/0)#do show ip igmp groups Total Number o[...]

  • Page 392

    INTERFACE mode ip igmp query-interval • Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Adjusting the IGMP Querier Timeout Value If there is more than one multicast router on a subnet, only one is elected to be the querier, wh[...]

  • Page 393

    Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). Then, after no response, it removes the group from the outgoing interface for the subnet. IGMP immediate leave reduces leave latency by enabling a router to immediately delete the group[...]

  • Page 394

    • View the configuration. CONFIGURATION mode show running-config • Disable snooping on a VLAN. INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks • Removing a Group-Port Association • Disabling Multicast Flooding • Specifying a Port as Connected to a Multicast Router • Configuring the Switch as Querier Example of ip igm[...]

  • Page 395

    • Configure the switch to only forward unregistered packets to ports on a VLAN that are connected to mrouter ports. CONFIGURATION mode no ip igmp snooping flood Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN, use the following commands. • Statically specify a port in a VLAN as connected to a [...]

  • Page 396

    ip igmp snooping last-member-query-interval Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, the system sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is upd[...]

  • Page 397

    22 Interfaces This chapter describes interface types, both physical and logical, and how to configure them on the Z9500 switch. • 10-Gigabit Ethernet and 40-Gigabit Ethernet interfaces are supported on the Z9500. Basic Interface Configuration • Interface Types • View Basic Interface Information • Enabling a Physical Interface • Physical I[...]

  • Page 398

    to top in multiples of four, starting with zero; for example, 0, 4, 8, 12, and so on. When a breakout cable is installed, the resulting four 10GbE ports are numbered with the remaining numbers. For example, 40GbE port 0 contains 10GbE ports 0, 1, 2, and 3; 40GbE port 4 contains 10GbE ports 4, 5, 6, and 7. Line card 0 consists of ports 0 to 143; lin[...]

  • Page 399

    • Lists all configurable interfaces on the chassis. EXEC mode show interfaces This command has options to display the interface status, IP and MAC addresses, and multiple counters for the amount and type of traffic passing through the interface. If you configured a port channel interface, this command lists the interfaces configured in the port c[...]

  • Page 400

    To view which interfaces are enabled for Layer 3 data transmission, use the show ip interfaces brief command in EXEC Privilege mode. In the following example, TengigabitEthernet interface 1/5 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally up. Dell#show ip interface brief Interface IP-A[...]

  • Page 401

    • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. 2. Enable the interface. INTERFACE mode no shutdown To confirm that the interface is enabled, use the show config command in INTERFACE mode. To leave INTERFACE mode, use the exit command or end command. You cannot delete a physical interface. Physic[...]

  • Page 402

    interconnect links run across 40-Gigabit Ethernet internal ports. A 40-Gigabit Ethernet internal port is also referred to as a HiGig port. On the Z9500, each NPU that constitutes a port pipe processes traffic from a set of front-end I/O ports. In the command-line interface, a Z9500 NPU is entered as unit unit-number . Configuration Task List for Ph[...]

  • Page 403

    Example of a Basic Layer 2 Interface Configuration Dell(conf-if)#show config ! interface Port-channel 1 no ip address switchport no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface. INTERFACE mode no shutdown • Place the interface in Layer [...]

  • Page 404

    no ip address switchport no shutdown Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Te 1/2. Dell(conf-if)# To determine the configuration of an interface, use the show config command in INTERFACE mode or the various show interface commands in EXEC mode. Configuring Layer 3 (Interface) Mode To assign an IP address, use the f[...]

  • Page 405

    Egress Interface Selection (EIS) EIS allows you to isolate the management and front-end port domains by preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports. The following protocols support EIS: DNS, FTP, HTTP, IGMP, NTP, RADIUS, SNMP, SSH, S[...]

  • Page 406

    Management Interfaces The Z9500 supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system. Configuring a Dedicated Management Interface The dedicated Management interface provides management access to the system. You can configure this interface using the CLI, but th[...]

  • Page 407

    Global IPv6 address: 1::1/ Global IPv6 address: 2::1/64 Virtual-IP is not set Virtual-IP IPv6 address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode full duplex ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:06:14 Queueing strategy: fifo Input 791 packets, 62913 bytes, 775 multic[...]

  • Page 408

    Example of the show interface and show ip route Commands To display the configuration for a given port, use the show interface command in EXEC Privilege mode, as shown in the following example. To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int fortyGigE 2/12 fortyGigE 2/12 is up, line protocol is up H[...]

  • Page 409

    • Configure an IP address and mask on the interface. INTERFACE mode ip address ip-address mask [secondary] – ip-address mask : enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). – secondary : the IP address is the interface’s backup IP address. You can configure up to eight secondary IP addresses. E[...]

  • Page 410

    • Enter INTERFACE mode of the Null interface. CONFIGURATION mode interface null 0 The only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port C[...]

  • Page 411

    Member ports of a LAG are added and programmed into the hardware in a predictable order based on the port ID, instead of in the order in which the ports come up. With this implementation, load balancing yields predictable results across line card resets and chassis reloads. A physical interface can belong to only one port channel at a time. Each po[...]

  • Page 412

    • Adding a Physical Interface to a Port Channel (mandatory) • Reassigning an Interface to a New Port Channel (optional) • Configuring the Minimum Oper Up Links in a Port Channel (optional) • Adding or Removing a Port Channel from a VLAN (optional) • Assigning an IP Address to a Port Channel (optional) • Deleting or Disabling a Port Chan[...]

  • Page 413

    To add a physical interface to a port, use the following commands. 1. Add the interface to a port channel. INTERFACE PORT-CHANNEL mode channel-member interface The interface variable is the physical interface type and slot/port information. 2. Double check that the interface was added to the port channel. INTERFACE PORT-CHANNEL mode show config Exa[...]

  • Page 414

    When more than one interface is added to a Layer 2-port channel, the system selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief command indicates the primary port. As soon as a physical interf[...]

  • Page 415

    Dell(conf-if-portch)#int port 5 Dell(conf-if-portch)#channel te 1/8 Dell(conf-if-portch)#show conf ! interface Port-channel 5 no ip address channel-member TengigabitEthernet 1/8 shutdown Dell(conf-if-portch)# Configuring the Minimum Oper Up Links in a Port Channel You can configure the minimum links in a port channel (LAG) that must be in “oper u[...]

  • Page 416

    no untagged port-channel id number • Identify which port channels are members of VLANs. EXEC Privilege mode show vlan Assigning an IP Address to a Port Channel You can assign an IP address to a port channel and use port channels in Layer 3 routing protocols. To assign an IP address, use the following command. • Configure an IP address and mask [...]

  • Page 417

    Load-Balancing Methods By default, LAG hashing uses the source IP, destination IP, source transmission control protocol (TCP)/ user datagram protocol (UDP) port, and destination TCP/UDP port for hash computation. For packets without a Layer 3 header, the system automatically uses load-balance mac source-dest-mac . Do not configure IP hashing or MAC[...]

  • Page 418

    Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor1 lag crc16 Dell(conf)# The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crc- lower . This command takes the lower 32 bits of the hash key to compute the egress port. Other options for ECMP hash-algorithms are: • crc-upper — uses [...]

  • Page 419

    • Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single range. Example of the interface range Command (Single Range) Dell(config)# interface range tengigabitethernet 0/1 - 23 Dell(config-if-range-te-0/1-23)# no shutdown Dell(config-if-range-te-0/1-23)# Create a Multiple-Range The following is [...]

  • Page 420

    Commas The following is an example of how to use commas to add different interface types to the range, enabling all Ten Gigabit Ethernet interfaces in the range 5/1 to 5/23 and both Ten Gigabit Ethernet interfaces 1/1 and 1/2. Example of Adding Interface Ranges Dell(config-if)# interface range tengigabitethernet 5/1 - 23, tengigabitethernet 1/1 - 2[...]

  • Page 421

    Define the Interface Range The following example shows how to define an interface-range macro named “test” to select 10– GigabitEthernet interfaces 5/1 through 5/4. Example of the define interface-range Command for Macros Dell(config)# define interface-range test tengigabitethernet 5/1 - 4 Choosing an Interface-Range Macro To use an interface[...]

  • Page 422

    • a — Page down • q — Quit Dell#monitor interface te 3/1 FTOS uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.: 2s Interface: Te 3/1, Disabled, Link is Down, Linespeed is 1000 Mbit Traffic statistics: Current Rate Delta Input bytes: 0 0 Bps 0 Output bytes: 0 0 Bps 0 Input packets: 0 0 pps 0 Output packets: 0[...]

  • Page 423

    Use the clear hardware sfm hg-stats and clear hardware linecard hg-stats commands to reset HiGig port statistics. Link Bundle Monitoring Monitoring linked LAG bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time. A threshold of 60% is defined as an acceptable amount of traffic on a member l[...]

  • Page 424

    You can enable the capability to detect uneven traffic distribution in the member links of a HiGig link bundle on a line-card or SFM NPU. You can also enable a notification to be sent using alarms and SNMP traps. The algorithm used to determine uneven distribution of traffic is predefined. Monitoring HiGig link bundles allows you to view and analyz[...]

  • Page 425

    • You can enable SNMP traps and syslog messages to be generated when an uneven traffic distribution is detected in a HiGig link bundle. • Traffic distribution in a HiGig link bundle is calculated as the bandwidth-weighted mean use of all links in the bundle. This calculation is performed only on links that are up in their operational status. ?[...]

  • Page 426

    Splitting QSFP Ports to SFP+ Ports The Z9500 supports splitting a single 40G QSFP port into four 10G SFP+ ports without reload using a supported breakout cable. (For the link to a list of supported cables, refer to the Z9500 Installation Guide or the Z9500 Release Notes ). To split a single 40G port into four 10G ports, use the following command. ?[...]

  • Page 427

    NOTE: Trident2 chip sets do not work at 1G speeds with auto-negotiation enabled. As a result, when you peer any device using SFP, the link does not come up if auto-negotiation is enabled. Therefore, you must disable auto-negotiation on platforms that currently use Trident2 chip sets (S6000 and Z9000). This limitation applies only when you convert Q[...]

  • Page 428

    SFP+ 0 Encoding = 0x00 ……………… ……………… SFP+ 0 Diagnostic Information =================================== SFP+ 0 Rx Power measurement type = OMA =================================== SFP+ 0 Temp High Alarm threshold = 0.000C SFP+ 0 Voltage High Alarm threshold = 0.000V SFP+ 0 Bias High Alarm threshold = 0.000mA NOTE: In the follo[...]

  • Page 429

    NOTE: In the following show interfaces tengigbitethernet transceiver commands, the ports 5,6, and 7 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is inserted into these ports. This is a so[...]

  • Page 430

    QSFP 0 Diagnostic Information =================================== QSFP 0 Rx Power measurement type = OMA =================================== QSFP 0 Temp High Alarm threshold = 0.000C QSFP 0 Voltage High Alarm threshold = 0.000V QSFP 0 Bias High Alarm threshold = 0.000mA $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Dell#show inter[...]

  • Page 431

    Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP type is 1GBASE …………………… LineSpeed 1000 Mbit Dell#show interfaces tengigabitethernet 0/7 gigabitethernet 0/0 is up, line protocol is down Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:[...]

  • Page 432

    the interface becomes stable and the penalty decays below a certain threshold, the interface comes up again and the routing protocols re-converge. Link dampening: • reduces processing on the CPUs by reducing excessive interface flapping. • improves network stability by penalizing misbehaving interfaces and redirecting traffic. • improves conv[...]

  • Page 433

    Clearing Dampening Counters To clear dampening counters and accumulated penalties, use the following command. • Clear dampening counters. clear dampening Example of the clear dampening Command Dell# clear dampening interface Te 0/1 Dell# show interfaces dampening TengigabitEthernet0/0 InterfaceStateFlapsPenaltyHalf-LifeReuseSuppressMax-Sup Te 0/1[...]

  • Page 434

    The globally assigned 48-bit Multicast address 01-80-C2-00-00-01 is used to send and receive pause frames. To allow full-duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to this multicast address. The PAUSE frame is defined by IEEE 802.3x and uses MAC Contro[...]

  • Page 435

    – tx on : enter the keywords tx on to send control frames from this port to the connected device when a higher rate of traffic is received. – tx off : enter the keywords tx off so that flow control frames are not sent from this port to the connected device when a higher rate of traffic is received. – threshold : when you configure tx on , you[...]

  • Page 436

    • The VLAN link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the VLAN members. For example, the VLAN contains tagged members with Link MTU of 1522 and IP MTU of 1500 and untagged members with Link MTU of 1518 and IP MTU of 1500. The VLAN’s Link MTU cannot be higher than 1518 bytes and its IP MTU cann[...]

  • Page 437

    View Advanced Interface Information The following options have been implemented for the show [ip | running-config] interfaces commands for (only) linecard interfaces. When you use the configured keyword, only interfaces that have non-default configurations are displayed. Dummy linecard interfaces (created with the linecard command) are treated like[...]

  • Page 438

    The following example shows how to configure rate interval when changing the default value. To configure the number of seconds of traffic statistics to display in the show interfaces output, use the following command. • Configure the number of seconds of traffic statistics to display in the show interfaces output. INTERFACE mode rate-interval Exa[...]

  • Page 439

    Rate info (interval 100 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h42m Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, the system automatically turns on cou[...]

  • Page 440

    – (OPTIONAL) To clear statistics for all VRRP groups configured, enter the keyword vrrp . Enter a number from 1 to 255 as the vrid . – (OPTIONAL) To clear unknown source address (SA) drop counters when you configure the MAC learning limit on the interface, enter the keywords learning-limit . Example of the clear counters Command When you enter [...]

  • Page 441

    23 Internet Protocol Security (IPSec) Internet protocol security (IPSec) is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and FTP protocols. It supports t[...]

  • Page 442

    Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. 1. Define the transform set. CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp- encryption des 2. Define the crypto policy. CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXf[...]

  • Page 443

    24 IPv4 Routing IPv4 routing and various IP addressing features are supported. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature Default DNS Disabled Directed Broadcast Disabled Proxy ARP Enabled ICMP Unreachable Di[...]

  • Page 444

    • Configuring Static Routes (optional) • Configure Static Routes for the Management Interface (optional) For a complete listing of all commands related to IP addressing, refer to the Dell Networking OS Command Line Reference Guide . Assigning IP Addresses to an Interface Assign primary and secondary IP addresses to physical or logical (for exam[...]

  • Page 445

    ! Dell(conf-if)# Dell(conf-if)#show conf ! interface TengigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown ! Dell(conf-if)# Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF). Often, static routes are used as backup routes i[...]

  • Page 446

    S 6.1.2.14/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.15/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.16/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.17/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 11.1.1.0/24 Direct, Nu 0 0/0 00:02:30 Direct, Lo 0 --More-- The system installs a next hop that is on the directly connected subnet of current IP address on[...]

  • Page 447

    To view the configuration, use the show config command in INTERFACE mode. Resolution of Host Names Domain name service (DNS) maps host names to IP addresses. This feature simplifies such commands as Telnet and FTP by allowing you to enter a name instead of an IP address. Dynamic resolution of host names is disabled by default. Unless you enable the[...]

  • Page 448

    Specifying the Local System Domain and a List of Domains If you enter a partial domain, the system can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. The system searches the host table first to resolve the partial domain. The host table [...]

  • Page 449

    Dell#traceroute www.force10networks.com Translating "www.force10networks.com"...domain server (10.11.0.1) [OK] Type Ctrl-C to abort. ---------------------------------------------------------------------- Tracing the route to www.force10networks.com (10.11.84.18), 30 hops max, 40 byte packets -----------------------------------------------[...]

  • Page 450

    Configuring Static ARP Entries ARP dynamically maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static ARP) for the ARP cache. To configure a static ARP entry, use the following command. • Configure an IP address and MAC address mapping for an interface. CONFIGURATION mod[...]

  • Page 451

    – ip ip-address (OPTIONAL): enter the keyword ip then the IP address of the ARP entry you wish to clear. – no-refresh (OPTIONAL): enter the keywords no-refresh to delete the ARP entry from CAM. Or to specify which dynamic ARP entries you want to delete, use this option with interface or ip ip-address . – For a port channel interface, enter th[...]

  • Page 452

    Figure 44. ARP Learning via ARP Request When you enable ARP learning via gratuitous ARP, the system installs a new ARP entry, or updates an existing entry for all received ARP requests. Figure 45. ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable ARP learning via gratuitous ARP, the system does [...]

  • Page 453

    CONFIGURATION mode arp backoff-time The default is 30 . The range is from 1 to 3600. • Display all ARP entries learned via gratuitous ARP. EXEC Privilege mode show arp retries ICMP For diagnostics, the internet control message protocol (ICMP) provides routing information to end stations by choosing the best route (ICMP redirect messages) or deter[...]

  • Page 454

    UDP Helper User datagram protocol (UDP) helper allows you to direct the forwarding IP/UDP broadcast traffic by creating special broadcast addresses and rewriting the destination IP address of packets to match those addresses. Configure UDP Helper Configuring the system to direct UDP broadcast is a two-step process: 1. Enable UDP helper and specify [...]

  • Page 455

    -------------------------------------------------- Te 1/1 1000 Configuring a Broadcast Address To configure a broadcast address, use the following command. • Configure a broadcast address on an interface. ip udp-broadcast-address Examples of Configuring and Viewing a Broadcast Address The following example shows configuring a broadcast address. D[...]

  • Page 456

    1. Packet 1 is dropped at ingress if you did not configure UDP helper address. 2. If you enable UDP helper (using the ip udp-helper udp-port command), and the UDP destination port of the packet matches the UDP port configured, the system changes the destination address to the configured broadcast 1.1.255.255 and routes the packet to VLANs 100 and 1[...]

  • Page 457

    Figure 47. UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a destination IP address that matches the configured broa[...]

  • Page 458

    • If the Incoming packet has a destination IP address that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# de[...]

  • Page 459

    25 IPv6 Routing Internet protocol version 6 (IPv6) routing is the successor to IPv4. Due to the rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the [...]

  • Page 460

    NOTE: The system provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS). By default, RA response messages are sent when an RS message is received. The manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised so [...]

  • Page 461

    IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 49. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits defi[...]

  • Page 462

    The following lists the Next Header field values. Value Description 0 Hop-by-Hop option header 4 IPv4 6 TCP 8 Exterior Gateway Protocol (EGP) 41 IPv6 43 Routing header 44 Fragmentation header 50 Encrypted Security 51 Authentication header 59 No Next Header 60 Destinations option header NOTE: This table is not a comprehensive list of Next Header fie[...]

  • Page 463

    However, if the Destination Address is a Hop-by-Hop options header, the Extension header is examined by every forwarding router along the packet’s route. The Hop-by-Hop options header must immediately follow the IPv6 header, and is noted by the value 0 (zero) in the Next Header field. Extension headers are processed in the order in which they app[...]

  • Page 464

    of double colons is supported in a single address. Any number of consecutive 0000 groups may be reduced to two colons, as long as there is only one double colon used in an address. Leading and/or trailing zeros in a group can also be omitted (as in ::1 for localhost, 1:: for network addresses and :: for unspecified addresses). All the addresses in [...]

  • Page 465

    IPv6 Implementation on the Dell Networking OS The Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform. The sections following the table give greater detail about the feature. Feature and[...]

  • Page 466

    Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location Z9000 IS-IS for IPv6 support for redistribution 8.3.11 Intermediate System to Intermediate System IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide . ISIS for IPv6 support for distribute lists and administrative distance 8.3.11 Inter[...]

  • Page 467

    Configuring the LPM Table for IPv6 Extended Prefixes The LPM CAM table consists of two partitions: Partition I for IPv6 /65-/128 route-prefix entries and Partition II for IPv6 0/0-/64 and IPv4 0/0-0/32 route-prefix entries. You must reconfigure LPM CAM to allow IPv6 /65-/128 route prefixes to be stored in Partition I. • Use the cam-ipv6 extended-[...]

  • Page 468

    Figure 50. Path MTU Discovery Process IPv6 Neighbor Discovery The IPv6 neighbor discovery protocol (NDP) is a top-level protocol for neighbor discovery on an IPv6 network. In place of address resolution protocol (ARP), NDP uses “Neighbor Solicitation” and “Neighbor Advertisement” ICMPv6 messages for determining relationships between neighbo[...]

  • Page 469

    Figure 51. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate. For example, if you set ipv6 nd mtu to 1280, the[...]

  • Page 470

    Example for Configuring an IPv6 Recursive DNS Server The following example configures a RDNNS server with an IPv6 address of 1000::1 and a lifetime of 1 second. Dell(conf-if-te-0/1)#ipv6 nd dns-server ? X:X:X:X::X Recursive DNS Server's (RDNSS) IPv6 address Dell(conf-if-te-0/1)#ipv6 nd dns-server 1000::1 ? <0-4294967295> Max lifetime (se[...]

  • Page 471

    ff02::1 ff02::2 ff02::1:ff00:12 ff02::1:ff8b:7570 ND MTU is 0 ICMP redirects are not sent DAD is enabled, number of DAD attempts: 3 ND reachable time is 20120 milliseconds ND base reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent [...]

  • Page 472

    Adjusting Your CAM Profile Although adjusting your CAM profile is not a mandatory step, if you plan to implement IPv6 ACLs, Dell Networking recommends that you adjust your CAM settings. The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. There are 16 FP blocks, but the System Flow requires three blocks that ca[...]

  • Page 473

    You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host, per RFC 4861. Data ports support more than two IPv6 addresses. When you configure IPv6 addresses on multiple interfaces (the ipv6 address command) and verify the configuration (the show ipv6 in[...]

  • Page 474

    Configuring Telnet with IPv6 The Telnet client and server on a switch supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router. • Enter the IPv6 Address for the device. EXEC mode or EXEC Privileged mode telnet ipv6 address – ip[...]

  • Page 475

    prefix-list List IPv6 prefix lists route IPv6 routing information rpf RPF table Dell# Displaying an IPv6 Configuration To view the IPv6 configuration for a specific interface, use the following command. • Display the currently running configuration for a specified interface. EXEC mode show ipv6 interface type { slot/port } Enter the keyword inter[...]

  • Page 476

    • Display IPv6 routing information for the specified route type. EXEC mode show ipv6 route type The following keywords are available: – To display information about a network, enter ipv6 address (X:X:X:X::X). – To display information about a host, enter hostname . – To display information about all IPv6 routes (including non-active routes),[...]

  • Page 477

    S 8888:9999:5555:6666:1111:2222::/96 [1/0] via 2222:2222:3333:3333::1, Te 9/1, 00:03:16 S 9999:9999:9999:9999::/64 [1/0] via 8888:9999:5555:6666:1111:2222:3333:4444, 00:03:16 Displaying the Running Configuration for an Interface To view the configuration for any interface, use the following command. • Display the currently running configuration f[...]

  • Page 478

    26 iSCSI Optimization This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic. The topics covered in this chapter include: • iSCSI Optimization • Default iSCSI Optimization Values • iSCSI Optimization Prerequisites • Configuring[...]

  • Page 479

    • iSCSI monitoring sessions — the switch monitors and tracks active iSCSI sessions in connections on the switch, including port information and iSCSI session information. • iSCSI QoS — A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used to direct the iSCSI data traffic to queues [...]

  • Page 480

    Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 27. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting iSCSI CoS mode (802.1p priority queue mapping) iSCSI CoS Packet classification When you enable iSCSI, iSCSI packets are queued based on dot[...]

  • Page 481

    NOTE: Content addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. However, if no CAM blocks are allocated, session monitoring is disabled and the show iscsi command displ[...]

  • Page 482

    • ip-address specifies the IP address of the iSCSI target. When you enter the no form of the command, and the TCP port you want to delete is one bound to a specific IP address, include the IP address value in the command. If multiple IP addresses are mapped to a single TCP port, use the no iscsi target port command to remove all IP addresses assi[...]

  • Page 483

    [no] iscsi profile-compellent . The default is: Compellent disk arrays are not detected. Displaying iSCSI Optimization Information To display information on iSCSI optimization, use the following show commands. • Display the currently configured iSCSI settings. show iscsi • Display information on active iSCSI sessions on the switch. show iscsi s[...]

  • Page 484

    Dell# show iscsi session detailed Session 0: ------------------------------------------------------------ Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP[...]

  • Page 485

    NOTE: By default, CAM allocation for iSCSI is set to 0. This disables session monitoring. Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer The following behavior occurs during synchronization of iSCSI sessions. • If the iSCSI login request packet is received on a port belonging to a VLT lag, the information is synced to the VLT peer[...]

  • Page 486

    If more than 256 simultaneous sessions are logged continuously, the following message displays indicating the queue rate limit has been reached: %Z9500LC48:1 %ACL_AGENT-3-ISCSI_OPT_MAX_SESS_LIMIT_REACHED: Monitored iSCSI sessionsreached maximum limit NOTE: If you are using EqualLogic or Compellent storage arrays, more than 256 simultaneous iSCSI se[...]

  • Page 487

    • Configure a port connected to a Dell Compellent storage array. INTERFACE Configuration mode iscsi profile-compellent The command configures a port for the best iSCSI traffic conditions. The following message displays the first time you use the iscsi profile-compellent command to configure a port connected to a Dell Compellent storage array and [...]

  • Page 488

    27 Intermediate System to Intermediate System The intermediate system to intermediate system (IS-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. The IS-IS protocol standards are listed in the Standards Compliance chapter. IS-IS Protocol Overview The IS-IS protocol, developed by [...]

  • Page 489

    • area address — within your routing domain or area, each area must have a unique area value. The first byte is called the authority and format indicator (AFI). • system address — the router’s MAC address. • N-selector — this is always 0. The following illustration is an example of the ISO-style address to show the address format IS-I[...]

  • Page 490

    area or domain are operating in multi-topology IPv6 mode, the topological restrictions of single- topology mode are no longer in effect. Interface Support MT IS-IS is supported on physical Ethernet interfaces, physical synchronous optical network technologies (SONET) interfaces, port-channel interfaces (static and dynamic using LACP), and virtual l[...]

  • Page 491

    • The T2 timer is the maximum time that the system waits for LSP database synchronization. This timer applies to the database type (level-1, level-2, or both). • The T3 timer sets the overall wait time after which the router determines that it has failed to achieve database synchronization (by setting the overload bit in its own LSP). You can b[...]

  • Page 492

    IS-IS Parameter Default Value Designated Router priority 64 Circuit Type Level 1 and Level 2 IS Type Level 1 and Level 2 Equal Cost Multi Paths 16 Configuration Information To use IS-IS, you must configure and enable IS-IS in two or three modes: CONFIGURATION ROUTER ISIS, CONFIGURATION INTERFACE, and ( when configuring for IPv6) ADDRESS-FAMILY mode[...]

  • Page 493

    NOTE: Even though you enable IS-IS globally, enable the IS-IS process on an interface for the IS-IS process to exchange protocol information and form adjacencies. To configure IS-IS globally, use the following commands. 1. Create an IS-IS routing process. CONFIGURATION mode router isis [ tag ] tag : (optional) identifies the name of the IS-IS proce[...]

  • Page 494

    The IPv6 address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 6. Enable IS-IS on the IPv4 interface. ROUTER ISIS mode ip router isis [ tag ] If you configure a tag variable, it must be the same as the tag variable assigned in step 1. 7. Enable IS-IS on the IPv6 interface. ROUTER[...]

  • Page 495

    IS-IS: Level-1 DR Elections : 2 IS-IS: Level-2 DR Elections : 2 IS-IS: Level-1 SPF Calculations : 29 IS-IS: Level-2 SPF Calculations : 29 IS-IS: LSP checksum errors received : 0 IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. The system supports up to[...]

  • Page 496

    Configuring IS-IS Graceful Restart To enable IS-IS graceful restart globally, use the following commands. Additionally, you can implement optional commands to enable the graceful restart settings. • Enable graceful restart on ISIS processes. ROUTER-ISIS mode graceful-restart ietf • Configure the time during which the graceful restart attempt is[...]

  • Page 497

    – adjacency : the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. – manual : allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds . Example of the show isis graceful-restart detai[...]

  • Page 498

    Level-1 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.01 Hello Interval: 10, Hello Multiplier: 3, CSNP Interval: 10 Number of active level-1 adjacencies: 1 Level-2 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.01 Hello Interval: 10, Hello Multiplier: 3, CSNP Interval: 10 Number of active level-2 adjacencies: 1 Next IS-IS LAN Level-1 H[...]

  • Page 499

    Dell#show running-config isis ! router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00 Dell# Configuring the IS-IS Metric Style All IS-IS links or interfaces are associated with a cost that is used in the shortest path first (SPF) calculations. The possible cost varies depending on the metric styl[...]

  • Page 500

    The default is Level 1 and Level 2 ( level-1–2 ) To view which metric types are generated and received, use the show isis protocol command in EXEC Privilege mode. The IS-IS matrixes settings are in bold. Example of Viewing IS-IS Metric Types Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual[...]

  • Page 501

    Metric Sytle Correct Value Range wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 To view the interface’s current metric, use the show config command in INTERFACE mode or the show isis interface command in EXEC Privilege mode. Configuring the Distance of a Route To configure the distance[...]

  • Page 502

    eljefe.02-00 * 0x00000001 0x2E7F 1113 0/0/0 Force10.00-00 0x00000002 0xD1A7 1102 0/0/0 IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL B233.00-00 0x00000006 0xC38A 1124 0/0/0 eljefe.00-00 * 0x0000000D 0x51C6 1129 0/0/0 eljefe.01-00 * 0x00000001 0x68DF 1122 0/0/0 eljefe.02-00 * 0x00000001 0x2E7F 1113 0/0/0 Forc[...]

  • Page 503

    – For the Loopback interface on the RPM, enter the keyword loopback then a number from 0 to 16383. – For a port channel, enter the keywords port-channel then a number. – For a SONET interface, enter the keyword sonet then the slot/port information. – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/por[...]

  • Page 504

    distribute-list prefix-list-name out [bgp as-number | connected | ospf process-id | rip | static] You can configure one of the optional parameters: – connected : for directly connected routes. – ospf process-id : for OSPF routes only. – rip : for RIP routes only. – static : for user-configured routes. – bgp : for BGP routes only. • Deny[...]

  • Page 505

    – metric value the range is from 0 to 16777215. The default is 0 . – match external the range is from 1 or 2. – match internal – metric-type : external or internal. – map-name : enter the name of a configured route map. Redistributing IPv6 Routes To add routes from other routing instances or protocols, use the following commands. NOTE: Th[...]

  • Page 506

    Configuring Authentication Passwords You can assign an authentication password for routers in Level 1 and for routers in Level 2. Because Level 1 and Level 2 routers do not communicate with each other, you can assign different passwords for Level 1 routers and for Level 2 routers. However, if you want the routers in the level to communicate with ea[...]

  • Page 507

    Example of Viewing the Overload Bit Setting When the bit is set, a 1 is placed in the OL column in the show isis database command output. The overload bit is set in both the Level-1 and Level-2 database because the IS type for the router is Level-1-2. Dell#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdt[...]

  • Page 508

    – interface : Enter the type of interface and slot/port information to view IS-IS information on that interface only. • View the events that triggered IS-IS shortest path first (SPF) events for debugging purposes. EXEC Privilege mode debug isis spf-triggers • View sent and received LSPs. EXEC Privilege mode debug isis update-packets [ interfa[...]

  • Page 509

    Metric Style Correct Value Range for the isis metric Command wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all other metric styles support a range of 0 to 0x[...]

  • Page 510

    Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value transition narrow original value transition narrow original value transition wide transition original value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narrow transition transition original value [...]

  • Page 511

    Leaks from One Level to Another In the following scenarios, each IS-IS level is configured with a different metric style. Table 32. Metric Value with Different Levels Configured with Different Metric Styles Level-1 Metric Style Level-2 Metric Style Resulting Metric Value narrow wide original value narrow wide transition original value narrow narrow[...]

  • Page 512

    NOTE: Whenever you make IS-IS configuration changes, clear the IS-IS process (re-started) using the clear isis command. The clear isis command must include the tag for the ISIS process. The following example shows the response from the router: Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of[...]

  • Page 513

    ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell(conf-router_isis)#show config ! router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf-router_isis)# Dell(conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router i[...]

  • Page 514

    28 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP The Dell Networking OS uses LACP to create dynamic LAGs. LACP provid[...]

  • Page 515

    – The shutdown command on LAG “xyz” disables the LAG and retains the user commands. However, the system does not allow the channel number “xyz” to be statically created. – The no interface port-channel channel-number command deletes the specified LAG, including a dynamically created LAG. This command removes all LACP-specific commands o[...]

  • Page 516

    [no] port-channel number mode [active | passive | off] – number : cannot statically contain any links. The default is LACP active . • Configure port priority. LACP mode [no] lacp port-priority priority-value The range is from 1 to 65535 (the higher the number, the lower the priority). The default is 32768 . LACP Configuration Tasks The followin[...]

  • Page 517

    Configuring the LAG Interfaces as Dynamic After creating a LAG, configure the dynamic LAG interfaces. To configure the dynamic LAG interfaces, use the following command. • Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface Tengigabitethernet 3/[...]

  • Page 518

    Dell(conf-if-po-32)#switchport Dell(conf-if-po-32)#lacp long-timeout Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.45a5 Actor Admin Key 1, Oper Key 1, Partner Oper Key 1 LACP LAG 1 is an aggregatable[...]

  • Page 519

    Figure 55. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). the system has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking. To achieve this functionality, you must group LAG 1 and LAG 2 into[...]

  • Page 520

    As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 56. Configuring Shared LAG State Tracking The following are shared LAG state tracking console m[...]

  • Page 521

    • You can configure shared LAG state tracking on one side of a link or on both sides. • If a LAG that is part of a failover group is deleted, the failover group is deleted. • If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are base[...]

  • Page 522

    Flowcontrol rx on tx on ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:02:11 Queueing strategy: fifo Input statistics: 132 packets, 163668 bytes 0 Vlans 0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 132 Multicasts, 0 Broadc[...]

  • Page 523

    Figure 59. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP) 523[...]

  • Page 524

    Figure 60. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 2/31 Alpha(conf-if-te-2/31)#no ip address Alpha(conf-if-te-2/31)#no switchport Alpha(conf-if-te-2/31)#shutdown Alpha(conf-if-te-2/31)#port-channel-protocol lacp Alpha(conf-if-te-2/31-lacp)#port-channel 10[...]

  • Page 525

    interface TengigabitEthernet 2/31 no ip address Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bra[...]

  • Page 526

    Figure 61. Inspecting a LAG Port on BRAVO Using the show interface Command 526 Link Aggregation Control Protocol (LACP)[...]

  • Page 527

    Figure 62. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP) 527[...]

  • Page 528

    Figure 63. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry [...]

  • Page 529

    29 Layer 2 This chapter describes the Layer 2 features supported on the Z9500. Manage the MAC Address Table You can perform the following management tasks inr the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries • Configuring a Static MAC Address • Displaying the MAC Address Table Clearing the[...]

  • Page 530

    The range is from 10 to 1000000. Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table static Displaying the MAC Address T[...]

  • Page 531

    interface ) before the system verifies that sufficient CAM space exists. If the CAM check fails, a message is displayed: %E90MH:5 %ACL_AGENT-2-ACL_AGENT_LIST_ERROR: Unable to apply access-list Mac- Limit on TengigabitEthernet 5/84 In this case, the configuration is still present in the running-config and show output. Remove the configuration before[...]

  • Page 532

    To save all sticky MAC addresses into a configuration file that can be used as a startup configuration file, use the write config command. If the number of existing MAC addresses is fewer than the configured MAC learning limit, additional MAC addresses are converted to sticky MACs addresse on the port. To remove all sticky MAC addresses from the ru[...]

  • Page 533

    Learning Limit Violation Actions Learning limit violation actions are user-configurable. To configure the system to take an action when the MAC learning limit is reached on an interface and a new address is received using one the following options with the mac learning-limit command, use the following commands. • Generate a system log message whe[...]

  • Page 534

    NOTE: Alternatively, you can reset the interface by shutting it down using the shutdown command and then re-enabling it using the no shutdown command. • Reset interfaces in the ERR_Disabled state caused by a learning limit violation or station move violation. EXEC Privilege mode mac learning-limit reset • Reset interfaces in the ERR_Disabled st[...]

  • Page 535

    address-table station-move refresh-arp command on the switch at the time that NIC teaming is being configured on the server. NOTE: If you do not configure the mac-address-table station-move refresh-arp command, traffic continues to be forwarded to the failed NIC until the ARP entry on the switch times out. Figure 65. Configuring the mac-address-tab[...]

  • Page 536

    Figure 66. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command. Initially, the primary interface is active and transmits traffic and the backup interface remains down. If the primary fails for any reason, the back[...]

  • Page 537

    To ensure that existing network applications see no difference when a primary interface in a redundant pair transitions to the backup interface, be sure to apply identical configurations of other traffic parameters to each interface. If you remove an interface in a redundant link (remove the line card of a physical interface or delete a port channe[...]

  • Page 538

    3/42 00:24:55: %SYSTEM-P:CP %IFMGR-5-ACTIVE: Changed Vlan interface state to active: Vl 1 00:24:55: %SYSTEM-P:CP %IFMGR-5-STATE_STBY_ACT: Changed interface state from standby to active: Te 3/42 Dell(conf-if-te-3/41)#do show ip int brief | find 3/41 TengigabitEthernet 3/41 unassigned NO Manual administratively down down TengigabitEthernet 3/42 unass[...]

  • Page 539

    Figure 67. Configuring Far-End Failure Detection The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not available. The connecting line protocol is brought down so[...]

  • Page 540

    4. If the FEFD enabled system is configured to use FEFD in Normal mode and neighboring echoes are not received after three intervals, (you can set each interval can be set between 3 and 300 seconds) the state changes to unknown. 5. If the FEFD system has been set to Aggressive mode and neighboring echoes are not received after three intervals, the [...]

  • Page 541

    To report interval frequency and mode adjustments, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address , switchport 2. Activate the necessary ports administratively. INTEFACE mode no shutdown 3. Enable fefd globally. CONFIGURATION mode fefd {interval | mode} Example of t[...]

  • Page 542

    To set up and activate two or more connected interfaces, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address , switchport 2. Activate the necessary ports administratively. INTERFACE mode no shutdown 3. INTERFACE mode fefd {disable | interval | mode} Example of Viewing FE[...]

  • Page 543

    inactive: Vl 1 2w1d22h : FEFD state on Te 4/0 changed from Bi-directional to Unknown The following example shows the debug fefd packets command. Dell#debug fefd packets Dell#2w1d22h : FEFD packet sent via interface Te 1/0 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Te 1/0) Peer info -- Mgmt Mac (00:01:e8:14:[...]

  • Page 544

    30 Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP) on the Z9500 switch. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adja[...]

  • Page 545

    Table 34. Type, Length, Value (TLV) Types Type TLV Description 0 End of LLDPDU Marks the end of an LLDPDU. 1 Chassis ID An administratively assigned name that identifies the LLDP agent. 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received. 3 Time to Live An administratively assigned name that i[...]

  • Page 546

    Figure 70. Organizationally Specific TLV IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs. Table 35. Optional TLV Types Type TLV Description Optional TL[...]

  • Page 547

    Type TLV Description 127 Protocol Identity Indicates the protocols that the port can process. The Dell Networking OS does not currently support this TLV. IEEE 802.3 Organizationally Specific TLVs 127 MAC/PHY Configuration/Status Indicates the capability and current setting of the duplex status and bit rate, and whether the current settings are the [...]

  • Page 548

    Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: • manage inventory • manage Power over Ethernet (PoE) • identify physical location • identify network policy LLDP-MED is designed for, but not limited to, VoIP endpoints. TIA Organizationally Specific TLVs The Dell Networking system is [...]

  • Page 549

    Type SubType TLV Description None or all TLVs must be supported. The Dell Networking OS does not currently support these TLVs. 127 5 Inventory — Hardware Revision Indicates the hardware revision of the LLDP- MED device. 127 6 Inventory — Firmware Revision Indicates the firmware revision of the LLDP- MED device. 127 7 Inventory — Software Revi[...]

  • Page 550

    Figure 71. LLDP-MED Capabilities TLV Table 37. LLDP-MED Capabilities Bit Position TLV Supported? 0 LLDP-MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6–15 reserved No Table 38. LLDP-MED Device Types Value Device Type 0 Type Not Defined 1 Endpo[...]

  • Page 551

    NOTE: As shown in the following table, signaling is a series of control packets that are exchanged between an endpoint device and a network connectivity device to establish and maintain a connection. These signal packets might require a different network policy than the media packets for which a connection is made. In this case, configure the signa[...]

  • Page 552

    Extended Power via MDI TLV The extended power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices. Advertise the extended power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • Power Type — there are two possible power types: power source entity (PSE) [...]

  • Page 553

    Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000. • INTERFACE level[...]

  • Page 554

    Enabling LLDP LLDP is disabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs. To enable LLDP, use the following command. 1. Enter Protocol LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp 2. Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing [...]

  • Page 555

    3. Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no . Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • If you configure the system globally, all interfaces send LLDPDUs wit[...]

  • Page 556

    Figure 74. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Examples of Viewing LLDP Configurations The following example shows viewing an LLDP global configuration. R1(conf)#protocol lldp R1(conf-lldp)#show conf[...]

  • Page 557

    Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • Display brief information about adjacent devices. show lldp neighbors • Display all of the information that neighbors are advertising. show lldp neig[...]

  • Page 558

    Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds . To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval. CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol ll[...]

  • Page 559

    • Return to the default setting. CONFIGURATION mode or INTERFACE mode no mode Example of Configuring a Single Mode R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(co[...]

  • Page 560

    advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#multiplier ? <2-10> Multiplier (default=4) R1(conf-lldp)# multiplier 5 R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id [...]

  • Page 561

    Figure 75. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects The system supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on the local agent • IEEE 802.1AB Organizationally Specific TLVs • received and tr[...]

  • Page 562

    MIB Object Category LLDP Variable LLDP MIB Object Description msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs. txInfoTTL lldpTxInfoTTL Time to live for transmitted TLVs. Basic TLV Selection mibBasicTLVsTxEnable lldpPortConfigTLVsTxEnabl e Indicates which management TLVs are enabled[...]

  • Page 563

    Table 41. LLDP System MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object 1 Chassis ID chassis ID subtype Local lldpLocChassisIdSub type Remote lldpRemChassisIdSu btype chassid ID Local lldpLocChassisId Remote lldpRemChassisId 2 Port ID port subtype Local lldpLocPortIdSubtyp e Remote lldpRemPortIdSubty pe port ID Local lldpLocPortId R[...]

  • Page 564

    TLV Type TLV Name TLV Variable System LLDP MIB Object interface numbering subtype Local lldpLocManAddrIfSu btype Remote lldpRemManAddrIfS ubtype interface number Local lldpLocManAddrIfId Remote lldpRemManAddrIfId OID Local lldpLocManAddrOID Remote lldpRemManAddrOI D Table 42. LLDP 802.1 Organizationally specific TLV MIB Objects TLV Type TLV Name TL[...]

  • Page 565

    Table 43. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object 1 LLDP-MED Capabilities LLDP-MED Capabilities Local lldpXMedPortCapSu pported lldpXMedPortConfig TLVsTx Enable Remote lldpXMedRemCapSu pported lldpXMedRemConfig TLVsTxEnable LLDP-MED Class Type Local lldpXMedLocDevice Class Remote lldpXMedRemDevice C[...]

  • Page 566

    TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object 3 Location Identifier Location Data Format Local lldpXMedLocLocatio nSubtype Remote lldpXMedRemLocati onSubtype Location ID Data Local lldpXMedLocLocatio nInfo Remote lldpXMedRemLocati onInfo 4 Extended Power via MDI Power Device Type Local lldpXMedLocXPoED eviceType Remote lldpXMedRemXP[...]

  • Page 567

    31 Microsoft Network Load Balancing Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. Microsoft NLB clustering allows multiple servers running Microsoft Windows to be represented by one MAC and one IP address to provide transparent failover a[...]

  • Page 568

    With NLB, the data frame is forwarded to all servers in the cluster for the servers to perform load- balancing. NLB Multicast Mode Example Consider a sample topology in which four servers, namely S1 through S4, are configured as a cluster or a farm. This set of servers is connected to a Layer 3 switch, which in turn is connected to the end-clients.[...]

  • Page 569

    NLB VLAN Flooding To preserve Microsoft server failover and load-balancing, configure a switch to forward the traffic destined for a server cluster on all member ports of the VLAN connected to the cluster ( ip vlan- flooding command). Configure the switch for NLB VLAN flooding when you configure the server cluster. After you configure a switch to p[...]

  • Page 570

    32 Multicast Source Discovery Protocol (MSDP) This chapter describes how to configure and use the multicast source discovery protocol (MSDP) on the Z9500 switch. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers [...]

  • Page 571

    Figure 76. Multicast Source Discovery Protocol (MSDP) RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 77. MSDP SA Message Format Mul[...]

  • Page 572

    Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows you to configure two or more RPs with the same IP address on Loopback interfaces. Th[...]

  • Page 573

    • Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active Cache • Preventing MSDP from Caching a Local Source • Preventing MSDP from Caching a Remote Source • Preventing MSDP from Advertising a Local Source • Terminating a Peership • Clearing Peer Statistics • Debuggin[...]

  • Page 574

    Figure 79. Configuring OSPF and BGP for MSDP 574 Multicast Source Discovery Protocol (MSDP)[...]

  • Page 575

    Figure 80. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP) 575[...]

  • Page 576

    Figure 81. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source 576 Multicast Source Discovery Protocol (MSDP)[...]

  • Page 577

    Example of Configuring MSDP Example of Viewing Peer Information R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3(conf)#do show ip msdp summary Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in [...]

  • Page 578

    Limiting the Source-Active Cache Set the upper limit of the number of active sources that the system caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the reverse path forwarding (RPF) and policy check. To limit the n[...]

  • Page 579

    Figure 82. MSDP Default Peer, Scenario 1 Multicast Source Discovery Protocol (MSDP) 579[...]

  • Page 580

    Figure 83. MSDP Default Peer, Scenario 2 580 Multicast Source Discovery Protocol (MSDP)[...]

  • Page 581

    Figure 84. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP) 581[...]

  • Page 582

    Figure 85. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the p[...]

  • Page 583

    Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 73 00:13:49 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 73 00:13:49 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 73 00:[...]

  • Page 584

    Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache. To apply the redistribute filter to entries already present in the SA cache, first cle[...]

  • Page 585

    R3(conf)#do show ip msdp sa-cache R3(conf)# R3(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.0(639) Connect Source: Lo 0 State: Listening Up/Down Time: 00:01:19 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Outpu[...]

  • Page 586

    Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with[...]

  • Page 587

    Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.3(639) Connect Source: Lo 0 State: Established Up/Down Time: 00:04:26 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 5/0 SAs learned from this peer: 0 SA Filtering:[...]

  • Page 588

    technique is less effective as traffic increases because preemptive load balancing requires prior knowledge of traffic distributions. • lack of scalable register decasulation : With only a single RP per group, all joins are sent to that RP regardless of the topological distance between the RP, sources, and receivers, and data is transmitted to th[...]

  • Page 589

    Configuring Anycast RP To configure anycast RP: 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2. Make this address the RP for the group. CONFIGURATION mode ip pim rp-address 3. In each routing domain that has m[...]

  • Page 590

    CONFIGURATION mode ip msdp originator-id Example of R1 Configuration for MSDP with Anycast RP Example of R2 Configuration for MSDP with Anycast RP Example of R3 Configuration for MSDP with Anycast RP ip multicast-routing ! interface TenGigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface TenGigabitEthernet 1/2 ip a[...]

  • Page 591

    ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.22/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.22/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! ro[...]

  • Page 592

    neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.22 update-source Loopback 0 neighbor 192.168.0.22 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.22 ! ip route 192.168.0.1/32 10.11.0.23 ip route 192.168.0.22/32 10.11.0.[...]

  • Page 593

    interface TenGigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface TenGigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 n[...]

  • Page 594

    redistribute connected redistribute bgp 200 ! router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-multihop 255 neighbor 192.168.0.2 update-source Loopback 0 neighbor 192.168.0.2 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.1 connect-source Loopback 0 ! ip route 192.168.0.2/32 10.11.0.23 ip multi[...]

  • Page 595

    33 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instanc[...]

  • Page 596

    Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 44. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .1s Per-VLAN Spanning Tree [...]

  • Page 597

    • Enabling SNMP Traps for Root Elections and Topology Changes Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands. When you enable MSTP, all physical, VLAN, and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the MSTI 0. • Within an MST[...]

  • Page 598

    Examples of Creating and Viewing MSTP Instances The following example shows using the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)# msti 1 vlan 100 Dell(conf-mstp)# msti 2 vlan 200-300 Dell(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP region must [...]

  • Page 599

    Influencing MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it becomes the root bridge. To change the bridge priority, use the following command. • Assign a number as the bridge priority. PROTOCOL MSTP mode msti instance bridge-priority priority A lower number in[...]

  • Page 600

    NOTE: Some non-Dell equipment may implement a non-null default region name, such as the Bridge ID or a MAC address. Changing the Region Name or Revision To change the region name or revision, use the following commands. • Change the region name. PROTOCOL MSTP mode name name • Change the region revision number. PROTOCOL MSTP mode revision number[...]

  • Page 601

    The default is 15 seconds . 2. Change the hello-time parameter. PROTOCOL MSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds . 3. Change the max-age parameter. PROTOCOL MSTP mode max-ag[...]

  • Page 602

    • Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost. The following lists the default values for port cost by interface. Table 45. Default Values for Port Costs by Interface Port Cost Default Value 100-Mb/s Ethernet interfaces 200000 1-Gigabit Ethernet interfa[...]

  • Page 603

    • Enable EdgePort on an interface. INTERFACE mode spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] Dell Networking OS Behavior : Regarding bpduguard shutdown-on-violation behavior: – If the interface to be shut down is a port channel, all the member ports are disabled in the hardware. – When you add a physical port to a port c[...]

  • Page 604

    Figure 88. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the V[...]

  • Page 605

    no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances t[...]

  • Page 606

    name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface TenGigabitEthernet 3/11 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 3/11,21 no shutdown ! interface Vlan 200 no ip address tagged Te[...]

  • Page 607

    (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs. EXEC Privilege mode debug spanning-tree mstp bpdu • [...]

  • Page 608

    – Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows viewing an MSTP configuration. Dell#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,3[...]

  • Page 609

    INST 2: Flags: 0x70, Reg Root: 32768:0001.e8d5.cbbd, Int Root Cost Brg/Port Prio: 32768/128, Rem Hops: 20 Multiple Spanning Tree Protocol (MSTP) 609[...]

  • Page 610

    34 Multicast Features The Dell Networking OS supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Enabling IP Multicast Before enabling any multicast protocols, you must enable IP multicast routing. • Enable multicast routing. CONFIGUR[...]

  • Page 611

    Figure 89. Multicast with ECMP Implementation Information Because protocol control traffic is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, the system might forward data traffic with certain MAC addresses to the CPU in addition to control traffic. As the upper5 bits of [...]

  • Page 612

    Protocol Ethernet Address PIM-SM 01:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner- traceroute-ipm . • Multicast is not supported on secondary IP addresses. • Egress L3 ACL is not applied to multicast data traffic if you enable multicast routing. First Packet Forwarding for Lossl[...]

  • Page 613

    When the multicast route limit is reached, the following message is displayed: 3w1d13h: %RPM0-P:RP2 %PIM-3-PIM_TIB_LIMIT: PIM TIB limit reached. No new routes will be learnt until TIB level falls below low watermark. 3w1d13h: %RPM0-P:RP2 %PIM-3-PIM_TIB_LIMIT: PIM TIB below low watermark. Route learning will begin. To limit the number of multicast r[...]

  • Page 614

    Figure 90. Preventing a Host from Joining a Group Table 46. Preventing a Host from Joining a Group — Description Location Description 1/21 • Interface GigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13.1/24 614 Multicast [...]

  • Page 615

    Location Description • no shutdown 2/1 • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface GigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.11.23.1/24 • no s[...]

  • Page 616

    Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied. • Limit the rate at which n[...]

  • Page 617

    Figure 91. Preventing a Source from Transmitting to a Group Table 47. Preventing a Source from Transmitting to a Group — Description Location Description 1/21 • Interface GigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13[...]

  • Page 618

    Location Description • no shutdown 2/1 • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface GigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.11.23.1/24 • no s[...]

  • Page 619

    Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems w[...]

  • Page 620

    35 Open Shortest Path First (OSPFv2 and OSPFv3) This chapter describes how to configure and use Open Shortest Path First (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) on the Z9500. NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3. This chapter i[...]

  • Page 621

    Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers. An area within the AS may not see the details of another area’s topology. AS areas are[...]

  • Page 622

    In the previous example, Routers A, B, C, G, H, and I are the Backbone. • A stub area (SA) does not receive external route information, except for the default route. These areas do receive information from inter-area (IA) routes. NOTE: Configure all routers within an assigned stub area as stubby, and not generate LSAs that do not apply. For examp[...]

  • Page 623

    Figure 93. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area Border Router (ABR) Within an AS, an area border rou[...]

  • Page 624

    An ABR can connect to many areas in an AS, and is considered a member of each area it connects to. Autonomous System Border Router (ASBR) The autonomous system border area router (ASBR) connects to more than one AS and exchanges information with the routers in other ASs. Generally, the ASBR connects to a non-interior gate protocol (IGP) such as BGP[...]

  • Page 625

    available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement originated. The link-state ID for Type 4 LSAs is the router ID of the described ASBR). • Type 5: LSA — These LSAs contain information imported into OSPF from other routing processes. They are flooded to all areas, except stub areas. The[...]

  • Page 626

    Virtual Links In the case in which an area cannot be directly connected to Area 0, you must configure a virtual link between that area and Area 0. The two endpoints of a virtual link are ABRs, and you must configure the virtual link in both routers. The common non-backbone area to which the two routers belong is called a transit area. A virtual lin[...]

  • Page 627

    OSPF Implementation The Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within the 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes. Multiple OSPF processes (OSPF MP) are supported on OSPFv2 only; up to 32 simultaneous processes are supported. On OSPFv3, the system supports [...]

  • Page 628

    Processing SNMP and Sending SNMP Traps Though there are may be several OSPFv2 processes, only one process can process simple network management protocol (SNMP) requests and send SNMP traps. The mib-binding command identifies one of the OSPVFv2 processes as the process responsible for SNMP management. If you do not specify the mib-binding command, t[...]

  • Page 629

    To confirm that you enabled RFC-2328–compliant OSPF flooding, use the show ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It is Flooding according to RFC 2328 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Number of area in [...]

  • Page 630

    Configuration Information The interfaces must be in Layer 3 mode (assigned an IP address) and enabled so that they can send and receive traffic. The OSPF process must know about these interfaces. To make the OSPF process aware of these interfaces, they must be assigned to OSPF areas. You must configure OSPF GLOBALLY on the system in CONFIGURATION m[...]

  • Page 631

    If implementing multi-process OSPF, create an equal number of Layer 3 enabled interfaces and OSPF process IDs. For example, if you create four OSPFv2 process IDs, you must have four interfaces with Layer 3 enabled. 1. Assign an IP address to an interface. CONFIG-INTERFACE mode ip address ip-address mask The format is A.B.C.D/M. If you are using a L[...]

  • Page 632

    • Reset the OSPFv2 process. EXEC Privilege mode clear ip ospf process-id • View the current OSPFv2 status. EXEC mode show ip ospf process-id Example of Viewing the Current OSPFv2 Status Dell#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two S[...]

  • Page 633

    If you try to enable more OSPF processes than available Layer 3 interfaces, the following message displays: Dell(conf)#router ospf 1 % Error: No router ID available. Assigning an OSPFv2 Area After you enable OSPFv2, assign the interface to an OSPF area. Set up OSPF areas and enable OSPFv2 on an interface with the network command. You must have at l[...]

  • Page 634

    Dell(conf)#router ospf 1 Dell(conf-router_ospf-1)#network 1.2.3.4/24 area 0 Dell (conf-router_ospf-1)#network 10.10.10.10/24 area 1 Dell(conf-router_ospf-1)#network 20.20.20.20/24 area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To [...]

  • Page 635

    Loopback 0 is up, line protocol is up Internet Address 10.168.253.2/32, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Dell# Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are no[...]

  • Page 636

    Configuring LSA Throttling Timers Configured link-state advertisement (LSA) timers replace the standard transmit and acceptance times for LSAs. The LSA throttling timers are configured in milliseconds. The interval time increases exponentially until a maximum time is reached. If the maximum time is reached, the system continues to transmit at the m[...]

  • Page 637

    To enable both receiving and sending routing updates, use the no passive-interface interface command. Example of Viewing Passive Interfaces When you configure a passive interface, the show ip ospf process-id interface command adds the words passive interface to indicate that the hello packets are not transmitted on that interface (shown in bold). D[...]

  • Page 638

    NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support. Examples of Enabling Fast-Convergence In the following examples, Convergence Level shows the fast-converge par[...]

  • Page 639

    The dead interval must be the same on all routers in the OSPF network. • Change the time interval between hello-packet transmission. CONFIG-INTERFACE mode ip ospf hello-interval seconds – seconds : the range is from 1 to 65535 (the default is 10 seconds ). The hello interval must be the same on all routers in the OSPF network. • Use the MD5 a[...]

  • Page 640

    The bold lines in the example show the change on the interface. The change is reflected in the OSPF configuration. Dell(conf-if)# ip ospf cost 45 Dell(conf-if)#show config ! interface TengigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface TengigabitEthernet 0/0 is up, [...]

  • Page 641

    • retransmit-interval — LSA retransmit interval • transmit-delay — LSA transmission delay • dead-interval — dead router detection time • authentication-key — authentication key • message-digest-key — MD5 authentication key To configure virtual links, use the following command. • Configure the optional parameters of a virtual l[...]

  • Page 642

    ip prefix-list prefix-name You are in PREFIX LIST mode. • Create a prefix list with a sequence number and a deny or permit action. CONFIG- PREFIX LIST mode seq sequence-number {deny |permit} ip-prefix [ge min-prefix-length] [le max- prefix-length] The optional parameters are: – ge min-prefix-length : is the minimum prefix length to match (from [...]

  • Page 643

    Example of Viewing OSPF Configuration after Redistributing Routes To view the current OSPF configuration, use the show running-config ospf command in EXEC mode or the show config command in ROUTER OSPF mode. Dell(conf-router_ospf)#show config ! router ospf 34 network 10.1.2.32 0.0.0.255 area 2.2.2.2 network 10.1.3.24 0.0.0.255 area 3.3.3.3 distribu[...]

  • Page 644

    • View the configuration of OSPF neighbors connected to the local router. EXEC Privilege mode show ip ospf neighbor • View the LSAs currently in the queue. EXEC Privilege mode show ip ospf timers rate-limit • View debug messages. EXEC Privilege mode debug ip ospf process-id [event | packet | spf | database-timers rate-limit] To view debug mes[...]

  • Page 645

    Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that[...]

  • Page 646

    OSPF Area 0 — Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 ! interface Loopback 30 ip address 192.168.100.100/24 no shutdown ! interface TengigabitEthernet 3/1 ip address 10.1.13.3/24 no shutdown ! interface TengigabitEthernet 3/2 ip address 10.2.13.3/24 no shutdown OSPF [...]

  • Page 647

    NOTE: The OSPFv2 network area command enables OSPF on multiple interfaces with the single command. Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3. All IPv6 addresses on an interface are included in the OSPFv3 process that is created on the interface. Enable OSPFv3 for IPv6 by specifying an OSPF process ID and an area in IN[...]

  • Page 648

    ipv6 ospf process-id area area-id – process-id : the process ID number assigned. – area-id : the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter OSPFv3 mode. CONFIGURATION mode ipv6 router osp[...]

  • Page 649

    • Specify whether some or all some of the interfaces are passive. CONF-IPV6-ROUTER-OSPF mode passive-interface {type slot/port} Interface : identifies the specific interface that is passive. – For a port channel, enter the keywords port-channel then a number from 1 to 255 (for example, passive-interface po 100 ) – For a 10-Gigabit Ethernet in[...]

  • Page 650

    default-information originate [always [metric metric-value ] [metric-type type-value ]] [route-map map-name ] Configure the following required and optional parameters: – always : indicate that default route information is always advertised. – metric metric-value : The range is from 0 to 4294967295. – metric-type metric-type : enter 1 for OSPF[...]

  • Page 651

    You decide the set of IPsec protocols that are employed for authentication and encryption and the ways in which they are employed. When you correctly implement and deploy IPsec, it does not adversely affect users or hosts. AH and ESP are designed to be cryptographic algorithm-independent. OSPFv3 Authentication Using IPsec: Configuration Notes OSPFv[...]

  • Page 652

    – Configuring IPsec Encryption for an OSPFv3 Area – Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands. Prerequisite : Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast [...]

  • Page 653

    • Enable IPsec encryption for OSPFv3 packets on an IPv6-based interface. INTERFACE mode ipv6 ospf encryption {null | ipsec spi number esp encryption-algorithm [ key- encryption-type ] key authentication-algorithm [ key-authentication-type ] key } – null : causes an encryption policy configured for the area to not be inherited on the interface. [...]

  • Page 654

    • Enable IPSec authentication for OSPFv3 packets in an area. CONF-IPV6-ROUTER-OSPF mode area- id authentication ipsec spi number {MD5 | SHA1} [ key-encryption-type ] key – area area-id : specifies the area for which OSPFv3 traffic is to be authenticated. For area-id , enter a number or an IPv6 prefix. – spi number : is the SPI value. The rang[...]

  • Page 655

    – key : specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AES-CBC - 32 or 64 hex digits for AES-128 and 48 or 96 hex digits for AES-192. – key-encrypt[...]

  • Page 656

    Policy name : OSPFv3-1-502 Policy refcount : 1 Inbound ESP SPI : 502 (0x1F6) Outbound ESP SPI : 502 (0x1F6) Inbound ESP Auth Key : 123456789a123456789b123456789c12 Outbound ESP Auth Key : 123456789a123456789b123456789c12 Inbound ESP Cipher Key : 123456789a123456789b123456789c123456789d12345678 Outbound ESP Cipher Key : 123456789a123456789b123456789[...]

  • Page 657

    Interface: TenGigabitEthernet 0/1 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sh[...]

  • Page 658

    • View the summary information for the OSPFv3 database. EXEC Privilege mode show ipv6 ospf database • View the configuration of OSPFv3 neighbors. EXEC Privilege mode show ipv6 ospf neighbor • View debug messages for all OSPFv3 interfaces. EXEC Privilege mode debug ipv6 ospf [event | packet] {type slot/port } – event : View OSPF event messag[...]

  • Page 659

    36 Pay As You Grow The Pay As You Grow (PAYG) software feature allows you to purchase a Z9500 switch with 36 40G ports (144 10G ports) and upgrade to a larger number of ports as your networking needs grow. A Z9500 switch with a 36 40G-port license has only the ports on line card 0 enabled. See the Port Numbering figure in this section for exact por[...]

  • Page 660

    To install a license on a Z9500 switch: 1. Check the currently installed port license. show license EXEC Privilege mode In the command output, System Service Tag displays the service tag of the switch on which you enter the command. License Service Tag displays the service tag read from the license file. Current State displays the current number of[...]

  • Page 661

    Enter Yes at the prompt to continue the installation; for example: Dell# install license tftp://10.11.8.12/132.lic ! 3594 bytes successfully copied Retrieving license ....... (OK) LICENSE INFORMATION Vendor : Dell Product : Dell Force10 Z9500 System Service Tag : RtHvKsJ License Service Tag : RTHVKSJ Feature : HW-Port-License 132 Ports Retrieving l[...]

  • Page 662

    unmounting /usr/pkg (/dev/wd0i)... unmounting /boot (/dev/wd0b)... unmounting /usr (mfs:30)... unmounting /force10 (mfs:25)... unmounting /lib (mfs:22)... unmounting /f10 (mfs:19)... unmounting /tmp (mfs:12)... unmounting /kern (kernfs)... unmounting / (/dev/md0a)... done rebooting... Displaying License Information To check the status of an install[...]

  • Page 663

    -- Power Supplies -- Unit Bay Status Type FanStatus FanSpeed(rpm) Power Usage (W) ----------------------------------------------------------------------------- 0 0 up AC up 23008 217.8 0 1 up AC up 22912 189.5 0 2 up AC up 23008 184.8 0 3 up AC up 22912 192.0 Pay As You Grow 663[...]

  • Page 664

    37 PIM Sparse-Mode (PIM-SM) Protocol-independent multicast sparse-mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM- Dense mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information The D[...]

  • Page 665

    3. If a host on the same subnet as another multicast receiver sends an IGMP report for the same multicast group, the gateway takes no action. If a router between the host and the RP receives a PIM Join message for which it already has a (*,G) entry, the interface on which the message was received is added to the outgoing interface list associated w[...]

  • Page 666

    Configuring PIM-SM Configuring PIM-SM is a three-step process. 1. Enable multicast routing (refer to the following step). 2. Select a rendezvous point. 3. Enable PIM-SM on an interface. Enable multicast routing. CONFIGURATION mode ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. • Configuring [...]

  • Page 667

    To display PIM neighbors for each interface, use the show ip pim neighbor command EXEC Privilege mode. Dell#show ip pim neighbor Neighbor Interface Uptime/Expires Ver DR Address Prio/Mode 127.87.5.5 Te 0/11 01:44:59/00:01:16 v2 1 / S 127.87.3.5 Te 0/12 01:45:00/00:01:16 v2 1 / DR 127.87.50.5 Te 1/13 00:03:08/00:01:37 v2 1 / S Dell# To display the P[...]

  • Page 668

    ip access-list extended access-list-name 3. Specify the source and group to which the timer is applied using extended ACLs with permit rules only. CONFIG-EXT-NACL mode [seq sequence-number ] permit ip source-address/mask | any | host source- address } { destination-address/mask | any | host destination-address } 4. Set the expiry time for a specifi[...]

  • Page 669

    Dell#sh run pim ! ip pim rp-address 1.1.1.1 group-address 224.0.0.0/4 Overriding Bootstrap Router Updates PIM-SM routers must know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration. Use the following command if you ha[...]

  • Page 670

    Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs). PMBRs connect each PIM domain to the rest of the Internet. Create multicast boundaries and domains by filtering inbound and outbound boot[...]

  • Page 671

    38 PIM Source-Specific Mode (PIM-SSM) PIM source-specific mode (PIM-SSM) is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but [...]

  • Page 672

    Configure PIM-SMM Configuring PIM-SSM is a two-step process. 1. Configure PIM-SMM. 2. Enable PIM-SSM for a range of addresses. Related Configuration Tasks • Use PIM-SSM with IGMP Version 2 Hosts Enabling PIM-SSM To enable PIM-SSM, follow these steps. 1. Create an ACL that uses permit rules to specify what range of addresses should use SSM. CONFIG[...]

  • Page 673

    • You may enter multiple ssm-map commands for different access lists. You may also enter multiple ssm-map commands for the same access list, as long as they use different source addresses. • When an extended ACL is associated with this command, an error message is displayed. If you apply an extended ACL before you create it, the system accepts [...]

  • Page 674

    Uptime 00:00:05 Expires Never Router mode INCLUDE Last reporter 10.11.4.2 Last reporter mode INCLUDE Last report received ALLOW Group source list Source address Uptime Expires 10.11.5.2 00:00:05 00:02:04 Member Ports: Te 1/2 674 PIM Source-Specific Mode (PIM-SSM)[...]

  • Page 675

    39 Policy-based Routing (PBR) Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. This chapter covers the following topics: • Overview • Implementing Policy-based Routing with Dell Networking OS • Configuration Task List for Policy-based Routing • Sample Configuration Overview When[...]

  • Page 676

    To enable a PBR, you create a redirect list. Redirect lists are defined by rules, or routing policies. The following parameters can be defined in the routing policies or rules: • IP address of the forwarding router (next-hop IP address) • Protocol as defined in the header • Source IP address and mask • Destination IP address and mask • So[...]

  • Page 677

    a tunnel interface user needs to provide tunnel id mandatory. Instead if user provides the tunnel destination IP as next hop, that would be treated as IPv4 next hop and not tunnel next hop. PBR with Multiple Tacking Option: Policy based routing with multiple tracking option extends and introduces the capabilities of object tracking to verify the ne[...]

  • Page 678

    Use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose ip redirect-list redirect-list- name CONFIGURATION Create a redirect list by entering the list name. Format: 16 characters Delete the redirect list with the no ip redirect-list command. The following example creates a redirect list by the name of “xyz.” Dell(co[...]

  • Page 679

    destination ip-address or any or host ip-address is the Destination’s IP address FORMAT: A.B.C.D/NN, or ANY or HOST IP address Delete a rule with the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The below step shows a step-by-step example of how to create a rule for a redirec[...]

  • Page 680

    Creating multiple rules for a redirect-list: Dell(conf)#ip redirect-list test Dell(conf-redirect-list)#seq 10 redirect 10.1.1.2 ip 20.1.1.0/24 any Dell(conf-redirect-list)#seq 15 redirect 10.1.1.3 ip 20.1.1.0/25 any Dell(conf-redirect-list)#seq 20 redirect 10.1.1.3 ip 20.1.1.128/24 any Dell(conf-redirect-list)#show config ! ip redirect-list test se[...]

  • Page 681

    NOTE: When you apply a redirect-list on a port-channel, when traffic is redirected to the next hop and the destination port-channel is shut down, the traffic is dropped. However, on the S-Series, the traffic redirected to the destination port-channel is sometimes switched. Use the following command in INTERFACE mode to apply a redirect list to an i[...]

  • Page 682

    show cam pbr show cam-usage EXEC View the redirect list entries programmed in the CAM. List the redirect list configuration using the show ip redirect-list redirect-list-name command. The non- contiguous mask is displayed in dotted format (x.x.x.x). The contiguous mask is displayed in /x format. Some sample outputs are shown below: Dell#show ip red[...]

  • Page 683

    Cam Port VlanID Proto Tcp Src Dst SrcIp DstIp Next-hop Egress Index Flag Port Port MAC Port -------------------------------------------------------------------------------- --------------------------------- 06080 0 N/A IP 0x0 0 0 200.200.200.200 200.200.200.200 199.199.199.199 199.199.199.199 N/A NA 06081 0 N/A TCP 0x10 0 40 234.234.234.234 255.234[...]

  • Page 684

    Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 per[...]

  • Page 685

    View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23) seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23) seq 15 permit ip any any Applied interfaces: Te 2/11 EDGE_ROUTER# Policy-based Routing ([...]

  • Page 686

    40 Port Monitoring Port monitoring (also referred to as mirroring ) allows you to monitor ingress and/or egress traffic on specified ports. The mirrored traffic can be sent to a port to which a network analyzer is connected to inspect or troubleshoot the traffic. The Dell Networking OS supports the following mirroring techniques: • Port monitorin[...]

  • Page 687

    Example of Changing the Destination Port in a Monitoring Session Dell(conf-mon-sess-5)#do show moni session SessID Source Destination Dir Mode Source IP Dest IP ------ ------ ----------- --- ---- --------- -------- 1 Te 0/0 Te 0/1 both Port N/A N/A 2 Te 0/0 Te 0/2 both Port N/A N/A 3 Te 0/0 Te 0/3 both Port N/A N/A 4 Te 0/0 Te 0/4 both Port N/A N/A[...]

  • Page 688

    Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs. If the MD port is a Layer 3 port, the frames are tagged with VLAN ID 4095. If the MD port is in a Layer 3 VLAN, the frames are tagged with the respective Layer 3 VLAN ID. For example, in the configuration source TenGig 6/0 destination TenGig 6/1 direction tx, [...]

  • Page 689

    Figure 97. Port Monitoring Example Remote Port Mirroring While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port on the same switch/router, remote port mirroring allows you to monitor Layer 2 and Layer 3 ingress and/or egress traffic on multiple source ports on different switches[...]

  • Page 690

    The reserved VLANs transport the mirrored traffic in sessions (blue pipes) to the destination analyzers in the local network. Two destination sessions are shown: one for the reserved VLAN that transports orange-circle traffic; one for the reserved VLAN that transports green-circle traffic. Configuring Remote Port Mirroring Remote port mirroring req[...]

  • Page 691

    • You cannot configure a private VLAN or a GVRP VLAN as the reserved RPM VLAN. • The L3 interface configuration should be blocked for the reserved VLAN. • The member port of the reserved VLAN should have MTU and IPMTU value as MAX+4 (to hold the VLAN tag parameter). • To associate with a source session, the reserved VLAN can have a maximum [...]

  • Page 692

    • You can configure the same source port to be used in multiple source sessions. • You cannot configure a source port channel or source VLAN in a source session if the port channel or VLAN has a member port that is configured as a destination port in a remote-port mirroring session. • A destination port for remote port mirroring cannot be use[...]

  • Page 693

    Step Command Description 1 configure terminal Enter global configuration mode. 2 monitor session id type rpm Specify a unique session ID number and RPM as the session type, and enter Monitoring-Session configuration mode. 3 source { interface | range } destination interface direction {rx | tx | both} Enter a source port or a range of source port in[...]

  • Page 694

    Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir both Dell(conf-mon-sess-3)#no disable Dell(conf-mon-sess-3)#exit Dell(conf)#end Dell# Dell#show monitor session SessID Source Destination Dir Mode Source IP Dest IP ------ ------ -------[...]

  • Page 695

    ------ ------ ----------- --- ---- --------- -------- 1 remote-vlan 10 Te 0/3 N/A N/A N/A N/A 2 remote-vlan 20 Te 0/4 N/A N/A N/A N/A 3 remote-vlan 30 Te 0/5 N/A N/A N/A N/A Dell# Configuring RPM Source Sessions to Avoid BPD Issues When you configure an RPM source session, you can avoid BPDU issues by using the configuration: 1. Enable the MAC cont[...]

  • Page 696

    Encapsulated Remote-Port Monitoring Encapsulated Remote Port Monitoring (ERPM) copies traffic from source ports/port-channels or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the destination IP address specified in the session. Important: When configuring ERPM, follow these guidelines: • The Dell Networking OS s[...]

  • Page 697

    6 flow-based enable Specify ERPM to be performed on a flow- by-flow basis or if you configure a VLAN source interface. Enter no flow-based disable to disable flow-based ERPM. 7 no disable Enter the no disable command to activate the ERPM session. The following example shows a sample ERPM configuration. Dell(conf)#monitor session 0 type erpm Dell(co[...]

  • Page 698

    41 Private VLANs (PVLAN) Private VLANs (PVLANs) extend Dell Networking OS security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN). A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. Private VLANs block all traffic to isolated ports except traff[...]

  • Page 699

    – A primary VLAN has one or more secondary VLANs. – A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. – A primary VLAN has one or more promiscuous ports. – A primary VLAN might have one or more trunk ports, or none. • Secondary VLAN — a subdomain of the primary VLAN. – There are t[...]

  • Page 700

    INTERFACE VLAN mode [no] private-vlan mapping secondary-vlan vlan-list • Display type and status of PVLAN interfaces. EXEC mode or EXEC Privilege mode show interfaces private-vlan [interface interface ] • Display PVLANs and/or interfaces that are part of a PVLAN. EXEC mode or EXEC Privilege mode show vlan private-vlan [community | interface | i[...]

  • Page 701

    4. Select the PVLAN mode. INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • host (isolated or community VLAN port) • promiscuous (intra-VLAN communication port) • trunk (inter-switch PVLAN hub port) Example of the switchport mode private-vlan Command For interface details, refer to Enabling a Physical Interface in the[...]

  • Page 702

    INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be: • Specified in comma-delimited ( VLAN-ID,VLAN-ID ) or hyphenated-range format ( VLAN-ID- VLAN-ID ). • Specified with this command even before they have been created. • Amended by specifying the new secondary VLAN to be added to the list. 5. A[...]

  • Page 703

    INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited ( slot/ port,port,port ) or hyphenated ( slot/ port-port ). You can only add host (isolated) ports to the VLAN. Creating an Isolated VLAN An isolated VLAN is a secondary VLAN of a primary VLAN. An isolated VLAN p[...]

  • Page 704

    Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 98. Sample Private VLAN Topology The following configuration is based on the example diagram for the C300–1: • Te 0/0 and Te 23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000. • Te 0/25 is configured as a PVLAN trunk po[...]

  • Page 705

    • All the ports in the secondary VLANs (both community and isolated VLANs) can only communicate with ports in the other secondary VLANs of that PVLAN over Layer 3, and only when the ip local- proxy-arp command is invoked in the primary VLAN. NOTE: Even after you disable ip-local-proxy-arp ( no ip-local-proxy-arp ) in a secondary VLAN, Layer 3 com[...]

  • Page 706

    show vlan private-vlan mapping This command is specific to the PVLAN feature. Examples of Viewing a Private VLANs The show arp and show vlan commands are revised to display PVLAN data. The following example shows viewing a private VLAN for a C300 system. Dell#show vlan private-vlan Primary Secondary Type Active Ports ------- --------- --------- ---[...]

  • Page 707

    no ip address switchport switchport mode private-vlan host no shutdown ! interface TengigabitEthernet 0/5 no ip address switchport switchport mode private-vlan host no shutdown ! interface TengigabitEthernet 0/6 no ip address switchport switchport mode private-vlan host no shutdown ! interface TengigabitEthernet 0/25 no ip address switchport switch[...]

  • Page 708

    42 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview A sample PVST+ topology is shown below. For more information about spanning tree, r[...]

  • Page 709

    Table 48. Spanning Tree Versions Supported Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information • The Dell Networking OS implementation of PVST+ is based on I[...]

  • Page 710

    no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use[...]

  • Page 711

    Figure 100. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridg[...]

  • Page 712

    Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.e80d.b6d6 Number of topology changes 5, last chang[...]

  • Page 713

    PROTOCOL PVST mode vlan max-age The range is from 6 to 40. The default is 20 seconds . The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to increase or decrease the probability that a port b[...]

  • Page 714

    The range is from 0 to 240, in increments of 16. The default is 128 . The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface fo[...]

  • Page 715

    PVST+ in Multi-Vendor Networks Some non-Dell Networking systems which have hybrid ports participating in PVST+ transmit two kinds of BPDUs: an 802.1D BPDU and an untagged PVST+ BPDU. Dell Networking systems do not expect PVST+ BPDU (tagged or untagged) on an untagged port. If this situation occurs, the system places the port in an Error-Disable sta[...]

  • Page 716

    Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5 ), Address 0001.e[...]

  • Page 717

    interface Vlan 100 no ip address tagged TengigabitEthernet 2/12,32 no shutdown ! interface Vlan 200 no ip address tagged TengigabitEthernet 2/12,32 no shutdown ! interface Vlan 300 no ip address tagged TengigabitEthernet 2/12,32 no shutdown ! protocol spanning-tree pvst no disable vlan 200 bridge-priority 4096 Example of PVST+ Configuration (R3) in[...]

  • Page 718

    43 Quality of Service (QoS) This chapter describes how to use and configure Quality of Service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Figure 102. Dell Networking QoS Architecture Implementation Information The Dell Networking QoS implementati[...]

  • Page 719

    • RFC 2475, An Architecture for Differentiated Services • RFC 2597, Assured Forwarding PHB Group • RFC 2598, An Expedited Forwarding PHB You cannot configure port-based and policy-based QoS on the same interface. Port-Based QoS Configurations You can configure the following QoS features on an interface. NOTE: You cannot simultaneously use egr[...]

  • Page 720

    Honoring dot1p Priorities on Ingress Traffic By default, the system does not honor dot1p priorities on ingress traffic. You can configure this feature on physical interfaces and port-channels, but you cannot configure it on individual interfaces in a port channel. You can configure service-class dynamic dot1p from CONFIGURATION mode, which applies [...]

  • Page 721

    Example of Configuring and Viewing Rate Policing The following example shows configuring rate policing. Dell#config t Dell(conf)#interface tengigabitethernet 1/2 Dell(conf-if)#rate police 100 40 peak 150 50 Dell(conf-if)#end Dell# The following example shows viewing the rate policing status. Dell#show interfaces tengigabitEthernet 1/2 rate police R[...]

  • Page 722

    Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 103. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 an[...]

  • Page 723

    Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value, IP precedence, VLANs, or characteristics defined in an IP ACL. You can also use VLAN IDs and VRF IDs to classify the traffic using layer 3 class-maps. You can specify more than one DSCP and IP precedence value, but only one value must match to t[...]

  • Page 724

    The following example matches IPv6 traffic with a DSCP value of 40. Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40 The following example matches IPv4 and IPv6 traffic with a precedence value of 3. Dell(conf)# class-map match-any test1 Dell(conf-class-map)#match ip-any precedence 3 Creating a Layer 2 Class Map All clas[...]

  • Page 725

    Dell(conf)# interface fo 0/0 INTERFACE mode Dell(conf-if-fo-0/0)# ip address 90.1.1.1/16 2. Configure a Layer 2 QoS policy with Layer 2 (Dot1p or source MAC-based) match criteria. CONFIGURATION mode Dell(conf)# policy-map-input l2p layer2 3. Apply the Layer 2 policy on a Layer 3 interface. INTERFACE mode Dell(conf-if-fo-0/0)# service-policy input l[...]

  • Page 726

    6. Create an input policy map. CONFIGURATION mode Dell(conf)#policy-map-input pp_policmap 7. Create a service queue to associate the class map and QoS policy map. POLICY-MAP mode Dell(conf-policy-map-in)#service-queue 0 class-map pp_classmap qos-policy pp_qospolicy Ordering ACL Rules When you link class-maps to queues using the service-queue comman[...]

  • Page 727

    class-map match-any ClassAF1 match ip access-group AF1-FB1 set-ip-dscp 10 match ip access-group AF1-FB2 set-ip-dscp 12 match ip dscp 10 set-ip-dscp 14 match ipv6 dscp 20 set-ip-dscp 14 ! class-map match-all ClassAF2 match ip access-group AF2 match ip dscp 18 Dell#show running-config ACL ! ip access-list extended AF1-FB1 seq 5 permit ip host 23.64.0[...]

  • Page 728

    Create a QoS Policy There are two types of QoS policies — input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. • Layer 3 — QoS input policies allow you to rate police and set a DSCP or dot1p value. In addition, you can[...]

  • Page 729

    to which you should apply the QoS policy (using the service-queue from POLICY-MAP-IN mode). If you apply the QoS policy to a queue other than the one specified in the informational message, Dell Networking OS replaces the first 3–bits in the DSCP field with the queue ID you specified. Example of Setting a DSCP Value for Egress Packets Dell#config[...]

  • Page 730

    Configuring Policy-Based Rate Shaping To configure policy-based rate-shaping, use the rate-shape command. • Configure rate-shaping on egress traffic. QOS-POLICY-OUT mode rate-shape {kbps | pps} peak-rate { burst-kbps | burst-packets } [committed {kbps | pps} committed-rate { burst-kbps | burst-packets }] In a QoS output policy, you can configure [...]

  • Page 731

    Queue Default Bandwidth Percentage for 4–Queue System Default Bandwidth Percentage for 8–Queue System 7 — 50% When you assign a percentage to one queue, note that this change also affects the amount of bandwidth that is allocated to other queues. Therefore, whenever you are allocating bandwidth to one queue, Dell Networking recommends evaluat[...]

  • Page 732

    Applying a Class-Map or Input QoS Policy to a Queue To apply a class-map or input QoS policy to a queue, use the following command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following command. • Apply [...]

  • Page 733

    Table 53. Default dot1p to Queue Mapping dot1p Queue ID 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 The dot1p value is also honored for frames on the default VLAN. For more information, refer to Priority- Tagged Frames on the Default VLAN . • Enable the trust dot1p feature. POLICY-MAP-IN mode trust dot1p Mapping dot1p Values to Service Queues All traffic is [...]

  • Page 734

    • You cannot apply a class-map and QoS policies to the same interface. • You cannot apply an input Layer 2 QoS policy on an interface you also configure with vlan-stack access. • If you apply a service policy that contains an ACL to more than one interface, the system uses ACL optimization to conserve CAM space. The ACL optimization behavior [...]

  • Page 735

    You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configuration. This sections consists of the following topics: • Creating a DSCP Color Map • Displaying Color Maps • Dis[...]

  • Page 736

    qos dscp-color-policy color-map-name Example: Create a DSCP Color Map The following example creates a DSCP color map profile, color-awareness policy, and applies it to interface te 0/11 . Create the DSCP color map profile, bat-enclave-map , with a yellow drop precedence , and set the DSCP values to 9,10,11,13,15,16 Dell(conf)# qos dscp-color-map ba[...]

  • Page 737

    TE 0/10 mapONE TE0/11 mapTWO Display summary information about a color policy for a specific interface. Dell# show qos dscp-color-policy summary te 0/10 Interface dscp-color-map TE 0/10 mapONE Display detailed information about a color policy for a specific interface Dell# show qos dscp-color-policy detail te 0/10 Interface TenGigabitEthernet 0/10 [...]

  • Page 738

    Enabling Strict-Priority Queueing In strict-priority queuing, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast queue, using the strict-priority command • Policy-based per-queue rate shaping is not supported on the queue configured for strict-priority queuing.[...]

  • Page 739

    Figure 104. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 54. Pre-Defined WRED Profiles Default Profile Name Minimum Threshold Maximum Threshold Maximum Drop Rate wred_drop 0 0 100 wred_teng_y 594 5941 100 wred_teng_g 594 5941 50 wred_fortyg_y 594 5941 50 wred_fortyg_g 594 5941 25 [...]

  • Page 740

    Applying a WRED Profile to Traffic After you create a WRED profile, you must specify on which traffic the system applies the profile. The system assigns a color-coded drop precedence — red, yellow, or green — to each packet based on the fourth bit of the 6-bit DSCP field in the packet header before queuing it. • If the fourth DSCP bit is 0, p[...]

  • Page 741

    Explicit Congestion Notification Explicit Congestion Notification (ECN) enhances and extends WRED functionality by marking packets for later transmission instead of dropping them when a threshold value is exceeded. Use ECN for WRED to reduce the packet transmission rate in a congested, heavily-loaded network. While WRED drops packets to indicate co[...]

  • Page 742

    • match ip vlan By default, all packets are marked for green handling if the rate-police and trust-diffserv commands are not used in an ingress policy map. All packets marked for red handling or “violate” are dropped. In the class map, in addition to color-marking matching packets for yellow handling, you can also configure a DSCP value for m[...]

  • Page 743

    ip access-list standard dscp_40 seq 5 permit any dscp 40 ip access-list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ip access-list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class-map match-any class_dscp_40 match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40 class-map match-any class_dscp_5[...]

  • Page 744

    thresholds. You can configure different weights for WRED and ECN operation to finely tune how different types of traffic are handled when a WRED threshold is exceeded. Benefits of Using a Configurable Weight for WRED with ECN On the Z9500, using a configurable weight for WRED and ECN allows you to specify how the average queue size is calculated. I[...]

  • Page 745

    Global Service-Pools for WRED with ECN You can enable WRED with ECN to work with global service-pools. Global service pools that function as shared buffers are accessed by multiple queues when the minimum guaranteed buffers for a queue are consumed. The Z9500 switch supports four global service-pools in the egress direction. Two types of service-po[...]

  • Page 746

    Queue Configuration Service-Pool Configuration WRED Threshold Relationship Q threshold = Q-T Service-pool threshold = SP-T Expected Functionality Enabled Enabled Disabled N/A N/A Queue-based ECN marking above queue threshold. ECN marking up to shared buffer limits of the service-pool and then packets are tail dropped. Enabled N/A Q-T < SP-T SP-T[...]

  • Page 747

    mode Dell(conf)#service-pool wred green pool0 thresh-1 pool1 thresh-2 Dell(conf)#service-pool wred yellow pool0 thresh-3 pool1 thresh-4 Dell(conf)#service-pool wred weight pool0 11 pool1 4 5. Enable ECN marking on specific queues on backplane ports with a service class. CONFIGURATION mode Dell(conf)#service-class wred ecn 0, 3-5, 7 backplane Pre-Ca[...]

  • Page 748

    – Allowed — indicates that the policy-map can be applied because the estimated number of CAM entries is less or equal to the available number of CAM entries. The number of interfaces in the port-pipe to which the policy-map can be applied is given in parentheses. – Exception — indicates that the number of CAM entries required to write the p[...]

  • Page 749

    44 Routing Information Protocol (RIP) The Routing Information Protocol (RIP) tracks distances or hop counts to nearby routers when establishing network connections and is based on a distance-vector algorithm. RIP protocol standards are listed in the Standards Compliance chapter. Protocol Overview RIP is the oldest interior gateway protocol. There a[...]

  • Page 750

    Implementation Information The Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the default values for RIP parameters on the switch. Table 56. RIP Defaults Feature Default Interfaces running RIP • List[...]

  • Page 751

    Enabling RIP Globally By default, RIP is disabled on the switch. To enable RIP globally, use the following commands. 1. Enter ROUTER RIP mode and enable the RIP process. CONFIGURATION mode router rip 2. Assign an IP network address as a RIP network to exchange routing information. ROUTER RIP mode network ip-address Examples of Viewing RIP Informati[...]

  • Page 752

    192.162.2.0/24 [120/1] via 29.10.10.12, 00:01:21, Fa 0/0 192.162.2.0/24 auto-summary 192.161.1.0/24 [120/1] via 29.10.10.12, 00:00:27, Fa 0/0 192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.12, 00:01:22, Fa 0/0 192.162.3.0/24 auto-summary To disable RIP globally, use the no router rip command in CONFIGURATION mode. Configure RIP on [...]

  • Page 753

    distribute-list prefix-list-name in • Assign a configured prefix list to all outgoing RIP routes. ROUTER RIP mode distribute-list prefix-list-name out To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Adding RIP Routes from Other Instances In addition to filterin[...]

  • Page 754

    • Set the RIP versions received on that interface. INTERFACE mode ip rip receive version [1] [2] • Set the RIP versions sent out on that interface. INTERFACE mode ip rip send version [1] [2] Examples of Setting the RIP Process To see whether the version command is configured, use the show config command in ROUTER RIP mode. To view the routing p[...]

  • Page 755

    Outgoing filter for all interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface Recv Send FastEthernet 0/0 2 1 2 Routing for Networks: 10.0.0.0 Routing Information Sources: Gateway Distance Last Update Distance: (default is 120) Dell# Generating a De[...]

  • Page 756

    Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link. To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the offset command. Exercise caution when applying an off[...]

  • Page 757

    Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command. RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration — Core 2 and Core 3 . The host prompts used in the following example reflect those names. The e[...]

  • Page 758

    Core 2 RIP Output The examples in the section show the core 2 RIP output. Examples of the show ip Command with Core 2 Output • To display Core 2 RIP database, use the show ip rip database command. • To display Core 2 RIP setup, use the show ip route command. • To display Core 2 RIP activity, use the show ip protocols command. To view the lear[...]

  • Page 759

    To view the RIP configuration activity on Core 2, use the show ip protocols command. Core2#show ip protocols Routing Protocol is "RIP" Sending updates every 30 seconds, next due in 17 Invalid after 180 seconds, hold down 180, flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in effect Outgoin[...]

  • Page 760

    Examples of the show ip Command with Core 3 Output To view learned RIP routes on Core 3, use the show ip rip database command. Core3#show ip rip database Total number of routes in RIP database: 7 10.11.10.0/24 [120/1] via 10.11.20.2, 00:00:13, TenGigabitEthernet 3/21 10.200.10.0/24 [120/1] via 10.11.20.2, 00:00:13, TenGigabitEthernet 3/21 10.300.10[...]

  • Page 761

    10.11.20.0 10.11.30.0 192.168.2.0 192.168.1.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.2 120 00:00:22 Distance: (default is 120) Core3# RIP Configuration Summary Examples of Viewing the RIP Configuration on Core 2 and Core 3 The following example shows viewing the RIP configuration on Core 2. ! interface TengigabitEthernet[...]

  • Page 762

    ! router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.168.1.0 network 192.168.2.0 762 Routing Information Protocol (RIP)[...]

  • Page 763

    45 Remote Monitoring (RMON) Remote monitoring (RMON) is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management pro[...]

  • Page 764

    • Platform Adaptation — RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object. CONFIGURATION mode [no] rmon alarm number variable interval {delta [...]

  • Page 765

    increase of 15 or more (such as from 100000 to 100015). The alarm then triggers event number 1, which is configured with the RMON event command. Possible events include a log entry or an SNMP trap. If the 1.3.6.1.2.1.2.2.1.20.1 value changes to 0 (falling-threshold 0), the alarm is reset and can be triggered again. Dell(conf)#rmon alarm 10 1.3.6.1.[...]

  • Page 766

    – integer : a value from 1 to 65,535 that identifies the RMON Statistics Table. The value must be unique in the RMON Statistic Table. – owner : (Optional) specifies the name of the owner of the RMON group of statistics. – ownername : (Optional) records the name of the owner of the RMON group of statistics. The default is a null-terminated str[...]

  • Page 767

    46 Rapid Spanning Tree Protocol (RSTP) The Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP).. Protocol Overview The D[...]

  • Page 768

    • All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology. • Adding a group of ports to a range of VLANs sends multiple messages to the RSTP task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five[...]

  • Page 769

    Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Enabling Rapid Spanning Tree Protocol Globally Enable RSTP globally on all participating bridges; it is not enabled by default. When you enable RSTP, all physical and port-channel interfaces that are enabled and in Layer 2 mode are automatically[...]

  • Page 770

    Figure 106. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.[...]

  • Page 771

    BPDU : sent 121, received 2 The port is not in the Edge port mode Port 379 (TengigabitEthernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.379, designate[...]

  • Page 772

    Modifying Global Parameters You can modify RSTP parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in the Rapid Spanning Tree group. • Forward-delay — the amount of time an interface waits in the Listening state and the Learning state before it tran[...]

  • Page 773

    • Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds . To view the current values for global parameters, use the show spanning-tree rstp command from EXEC privilege mode. Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps, use the follow[...]

  • Page 774

    Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge. To change the bridge priority, use the following command. • Assign a number as the bridge priority or designate it as the primary or secondary root. PROTOCOL SPANNING TR[...]

  • Page 775

    – Disable the shutdown-on-violation command on the interface (the no spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] command). – Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). – Disable global spanning tree (the no spanning-tree command in CONFIGURATION mode). To enable EdgePort on[...]

  • Page 776

    NOTE: The hello time is encoded in BPDUs in increments of 1/256ths of a second. The standard minimum hello time in seconds is 1 second, which is encoded as 256. Millisecond. hello times are encoded using values less than 256; the millisecond hello time equals (x/1000)*256. When you configure millisecond hellos, the default hello interval of 2 secon[...]

  • Page 777

    47 Security This chapter describes several ways to provide access security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide . Role-Based Access Control With Role-Based Access Control (RBAC), access and authorization is control[...]

  • Page 778

    allows you to change permissions based on the role. You can modify the permissions specific to that command and/or command option. For more information, see Modifying Command Permissions for Roles . NOTE: When you enter a user role, you have already been authenticated and authorized. You do not need to enter an enable password because you will be a[...]

  • Page 779

    For consistency, the best practice is to define the same authorization method list across all lines, in the same order of comparison; for example VTY and console port. You could also use the default authorization method list to apply to all the LINES (console port, VTY). If you do not, the following error is displayed when you attempt to enable rol[...]

  • Page 780

    Role Modes netoperator netadmin Exec Config Interface Router IP Route-map Protocol MAC secadmin Exec Config Line sysadmin Exec Config Interface Line Router IP Route-map Protocol MAC User Roles This section describes how to create a new user role and configure command permissions and contains the following topics. • Creating a New User Role • Mo[...]

  • Page 781

    Example of Creating a User Role The configuration in the following example creates a new user role, myrole , which inherits the security administrator (secadmin) permissions. Create a new user role, myrole and inherit security administrator permissions. Dell(conf)#userrole myrole inherit secadmin Verify that the user role, myrole , has inherited th[...]

  • Page 782

    The following example denies the netadmin role from using the show users command and then verifies that netadmin cannot access the show users command in exec mode. Note that the netadmin role is not listed in the Role access: secadmin,sysadmin , which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin [...]

  • Page 783

    The following example removes the secadmin access to LINE mode and then verifies that the security administrator can no longer access LINE mode, using the show role mode configure line command in EXEC Privilege mode. Dell(conf)#role configure deleterole secadmin ? LINE Initial keywords of the command to modify Dell(conf)#role configure deleterole s[...]

  • Page 784

    The following example adds a user, to the secadmin user role. Dell (conf)#username john role secadmin password 0 password AAA Authentication and Authorization for Roles This section describes how to configure AAA Authentication and Authorization for Roles. Configuration Task List for AAA Authentication and Authorization for Roles This section conta[...]

  • Page 785

    their session; for example, Exec mode or Exec Privilege mode. For information about how to configure authentication for roles, see Configure AAA Authentication for Roles. aaa authorization exec { method-list-name | default} method [… method4 ] You can further restrict users’ permissions, using the aaa authorization command command in CONFIGURAT[...]

  • Page 786

    line vty 7 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 8 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 9 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa ! Configuring TACACS+ and RADIUS[...]

  • Page 787

    Role Accounting This section describes how to configure role accounting and how to display active sessions for roles. This sections consists of the following topics: • Configuring AAA Accounting for Roles • Applying an Accounting Method to a Role • Displaying Active Accounting Sessions for Roles Configuring AAA Accounting for Roles To configu[...]

  • Page 788

    service=shell Display Information About User Roles This section describes how to display information about user roles. This sections consists of the following topics: • Displaying User Roles • Displaying Information About Roles Logged into the Switch • Displaying Active Accounting Sessions for Roles Displaying User Roles To display user roles[...]

  • Page 789

    the output and both the privilege and roles for all users is also displayed. If the role is not defined, the system displays "unassigned" . Example of Displaying Information About Users Logged into the Switch Dell#show users Authorization Mode: role or privilege Line User Role Privilege Host(s) Location 0 console 0 admin sysadmin 15 idle [...]

  • Page 790

    – default | name : enter the name of a list of accounting methods. – start-stop : use for more accounting information, to send a start-accounting notice at the beginning of the requested event and a stop-accounting notice at the end. – wait-start : ensures that the TACACS+ security server acknowledges the start notice before granting the user[...]

  • Page 791

    Example of Enabling AAA Accounting with a Named Method List Dell(config-line-vty)# accounting commands 15 com15 Dell(config-line-vty)# accounting exec execAcct Monitoring AAA Accounting The system does not support periodic interim accounting because the periodic command can cause heavy congestion when many users are logged in to the network. No spe[...]

  • Page 792

    • Configuring AAA Authentication Login Methods • Enabling AAA Authentication • Enabling AAA Authentication—RADIUS For a complete list of all commands related to login authentication, refer to the Security chapter in the Dell Networking OS Command Reference Guide . Configure Login Authentication for Terminal Lines You can assign up to five a[...]

  • Page 793

    NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH). You can create multiple method lists and assign them to different terminal lines. Enabling AAA Authentication To enable AAA authentication, use the following command. • [...]

  • Page 794

    To use local authentication for enable secret on the console, while using remote authentication on VTY lines, issue the following commands. Dell(config)# aaa authentication enable mymethodlist radius tacacs Dell(config)# line vty 0 9 Dell(config-line-vty)# enable authentication mymethodlist Server-Side Configuration Using AAA authentication, the sw[...]

  • Page 795

    AAA Authorization The system enables AAA new-model by default. You can set authorization to be either local or remote . Different combinations of authentication and authorization yield different results. By default, the system sets both to local . Privilege Levels Overview Limiting access to the system is one method of protecting the system and you[...]

  • Page 796

    For a complete listing of all commands related to privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide . Configuring a Username and Password In the Dell Networking OS, you can assign a specific username to limit user access to the system. To configure a username and password, use the follow[...]

  • Page 797

    Configuring Custom Privilege Levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels. Within the Dell Networking OS, commands have certain privilege levels. With the privilege command, you can change the default level or you can reset the[...]

  • Page 798

    • command : a CLI keyword (up to five keywords allowed). • reset : return the command to its default privilege mode. Examples of Custom Privilege Level Commands To view the configuration, use the show running-config command in EXEC Privilege mode. The following example shows a configuration to allow a user john to view only EXEC mode commands a[...]

  • Page 799

    end Exit from Configuration mode exit Exit from Configuration mode no Reset a command snmp-server Modify SNMP parameters Dell(conf)# Specifying LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines. The user’s privilege level is the same as the privilege level assigned to the terminal [...]

  • Page 800

    RADIUS Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to the RADIUS server and requests authentication [...]

  • Page 801

    ACL Configuration Information The RADIUS server can specify an ACL. If an ACL is configured on the RADIUS server, and if that ACL is present, the user may be allowed access based on that ACL. If the ACL is absent, authorization fails, and a message is logged indicating this. RADIUS can specify an ACL for the user if both of the following are true: [...]

  • Page 802

    To view the configuration, use the show config in LINE mode or the show running-config command in EXEC Privilege mode. Defining a AAA Method List to be Used for RADIUS To configure RADIUS to authenticate or authorize users on the system, create a AAA method list. Default method lists do not need to be explicitly applied to the line, so they are not[...]

  • Page 803

    radius-server host { hostname | ip-address } [auth-port port-number ] [retransmit retries ] [timeout seconds ] [key [ encryption-type ] key ] Configure the optional communication parameters for the specific host: – auth-port port-number : the range is from 0 to 65335. Enter a UDP port number. The default is 1812 . – retransmit retries : the ran[...]

  • Page 804

    radius-server retransmit retries – retries : the range is from 0 to 100. Default is 3 retries . • Configure the time interval the system waits for a RADIUS server host response. CONFIGURATION mode radius-server timeout seconds – seconds : the range is from 0 to 1000. Default is 5 seconds . To view the configuration of RADIUS communication par[...]

  • Page 805

    Use this command multiple times to configure multiple TACACS+ server hosts. 2. Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method. CONFIGURATION mode aaa authentication login { method-list-name | default} tacacs+ [ ...method3 ] The TACACS+ method must not be the last m[...]

  • Page 806

    on vty0 (10.11.9.209) %SYSTEM-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0 ( 10.11.9.209 ) Monitoring TACACS+ To view information on TACACS+ transactions, use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ TACACS+ Remote Authentication and[...]

  • Page 807

    CONFIGURATION mode tacacs-server host { hostname | ip-address } [port port-number ] [timeout seconds ] [key key ] Configure the optional communication parameters for the specific host: – port port-number : the range is from 0 to 65335. Enter a TCP port number. The default is 49 . – timeout seconds : the range is from 0 to 1000. Default is 10 se[...]

  • Page 808

    Protection from TCP Tiny and Overlapping Fragment Attacks Tiny and overlapping fragment attack is a class of attack where configured ACL entries — denying TCP port-specific traffic — is bypassed and traffic is sent to its destination although denied by the ACL. RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is c[...]

  • Page 809

    Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. To disable SSH server functions, use the no ip ssh server enable command. Using SCP with SSH to Copy a Software Image To use secure copy (SCP) to copy a software image through an SSH connection from one switch to another, use the following command[...]

  • Page 810

    Dell#copy scp: flash: Address or name of remote host []: 10.10.10.1 Port number of the server [22]: 99 Source file name []: test.cfg User name to login remote host: admin Password to login remote host: Removing the RSA Host Keys and Zeroizing Storage Use the crypto key zeroize rsa command to delete the host key pairs, both the public and private ke[...]

  • Page 811

    The following ciphers are available. • 3des-cbc • aes128-cbc • aes192-cbc • aes256-cbc • aes128-ctr • aes192-ctr • aes256-ctr The default cipher list is 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr Example of Configuring a Cipher List The following example shows you how to configure a cipher list. Dell(co[...]

  • Page 812

    Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server ciphers cipher-list command in CONFIGURATION mode. cipher-list- : Enter a space-delimited list of ciphers the SSH server will support. The following ciphers are available. • 3des-cbc • aes128-cbc • aes192-cbc • aes256-cbc ?[...]

  • Page 813

    • Enable SSH password authentication. CONFIGURATION mode ip ssh password-authentication enable Example of Enabling SSH Password Authentication To view your SSH configuration, use the show ip ssh command from EXEC Privilege mode. Dell(conf)#ip ssh server enable % Please wait while SSH Daemon initializes ... done. Dell(conf)#ip ssh password-authent[...]

  • Page 814

    Configuring Host-Based SSH Authentication Authenticate a particular host. This method uses SSH version 2. To configure host-based authentication, use the following commands. 1. Configure RSA Authentication. Refer to Using RSA Authentication of SSH . 2. Create shosts by copying the public RSA key to the file shosts in the directory .ssh , and write [...]

  • Page 815

    The following example shows creating rhosts . admin@Unix_client# ls id_rsa id_rsa.pub rhosts shosts admin@Unix_client# cat rhosts 10.16.127.201 admin Using Client-Based SSH Authentication To SSH from the chassis to the SSH client, use the following command. This method uses SSH version 1 or version 2. If the SSH port is a non-default value, use the[...]

  • Page 816

    VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in the Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 59. VTY Access Authentication Method VTY access-class support? Username access-class support? Remote authorization support? Line YES NO NO Local[...]

  • Page 817

    Example of Configuring VTY Authorization Based on Access Class Retrieved from a Local Database (Per User) Dell(conf)#user gooduser password abc privilege 10 access-class permitall Dell(conf)#user baduser password abc privilege 10 access-class denyall Dell(conf)# Dell(conf)#aaa authentication login localmethod local Dell(conf)# Dell(conf)#line vty 0[...]

  • Page 818

    Dell(config-line-vty)#access-class sourcemac Dell(config-line-vty)#end 818 Security[...]

  • Page 819

    48 Service Provider Bridging Service provider bridging provides the ability to add a second VLAN ID tag in an Ethernet frame and is referred to as VLAN stacking in the Dell Networking OS. VLAN Stacking Virtual local area network (VLAN) stacking is supported on the platform. VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider [...]

  • Page 820

    Figure 107. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLAN- stack-enabled VLAN. • Dell Networking cautions against using [...]

  • Page 821

    Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1. Creating Access and Trunk Ports 2. Assign access and trunk ports to a VLAN ( Creating Access and Trunk Ports ). 3. Enabling VLAN-Stacking for a VLAN . Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Options for Tr[...]

  • Page 822

    ! interface TenGigabitEthernet 2/12 no ip address switchport vlan-stack trunk no shutdown Enable VLAN-Stacking for a VLAN To enable VLAN-Stacking for a VLAN, use the following command. • Enable VLAN-Stacking for the VLAN. INTERFACE VLAN mode vlan-stack compatible Example of Viewing VLAN Stack Member Status To display the status and members of a V[...]

  • Page 823

    To configure trunk ports, use the following commands. 1. Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making it a hybrid port. INTERFACE mode portmode hybrid NOTE: You can add a trunk port to an 802.1Q VLAN as well as a Stacking VLAN only when the TPID 0x8100. 2. Add the port to a 802.1Q VLAN as tagged or un[...]

  • Page 824

    Example of Debugging a VLAN and its Ports The port notations are as follows: • MT — stacked trunk • MU — stacked access port • T — 802.1Q trunk port • U — 802.1Q access port • NU — Native VLAN (untagged) Dell# debug member vlan 603 vlan id : 603 ports : Te 1/47 (MT), Te 2/1(MU), Te 2/25(MT), Te 2/26(MT), Te 2/27(MU) Dell#debug m[...]

  • Page 825

    Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Figure 108. Single and Double-Tag TPID Match Service Provider Bridging 825[...]

  • Page 826

    Figure 109. Single and Double-Tag First-byte TPID Match 826 Service Provider Bridging[...]

  • Page 827

    Figure 110. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility Enable drop eligibility globa[...]

  • Page 828

    Table 60. Drop Eligibility Behavior Ingress Egress DEI Disabled DEI Enabled Normal Port Normal Port Retain CFI Set CFI to 0. Trunk Port Trunk Port Retain inner tag CFI Retain inner tag CFI. Retain outer tag CFI Set outer tag CFI to 0. Access Port Trunk Port Retain inner tag CFI Retain inner tag CFI Set outer tag CFI to 0 Set outer tag CFI to 0 To e[...]

  • Page 829

    Marking Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress. For ingress information, refer to Honoring the Incoming DEI Value . To mark egress packets, use the following command. • Set the DEI value on egress according to the color currently assigned to the packet. INTERFACE mode dei[...]

  • Page 830

    • Option 1: Mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. In this case, you must have other dot1p QoS configurations; this option is classic dot1p marking. • Option 2: Mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p. For example, if frames with C-Tag dot1p values 0, 6, and 7 are mapped to [...]

  • Page 831

    service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly, use the following commands. 1. Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. CONFIGURATION mode cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos [...]

  • Page 832

    Figure 112. VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region. Layer 2 protocol tunneling enables BPDUs to traverse the intermediate network by identifying frames with the Bridge Group Address, rewriting the destination MAC to a user-configured non-reserved addr[...]

  • Page 833

    Figure 113. VLAN Stacking with L2PT Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. • No protocol packets are tunneled when you enable VLAN stacking. • L2PT requires the default CAM profile. Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1. Verify that [...]

  • Page 834

    show cam-profile 2. Enable protocol tunneling globally on the system. CONFIGURATION mode protocol-tunnel enable 3. Tunnel BPDUs the VLAN. INTERFACE VLAN mode protocol-tunnel stp Specifying a Destination MAC Address for BPDUs By default, the system uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To spe[...]

  • Page 835

    The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel Provider Backbone Bridging IEEE 802.1ad—Provider Bridges amends 802.1Q—Virtual Bridged Local Area Networks so that service pr[...]

  • Page 836

    49 sFlow sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high-speed networks with many switches and routers. Overview The Dell Networking OS supports sFlow version 5. sFlow uses two types of sampling: • Statistical packet-[...]

  • Page 837

    Important Points to Remember • The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via snmpset. • By default, sFlow collection is supported only on data ports. If you want to enable sFlow collection through management ports, use the management egress-interface-selection and application sflow-collector commands in[...]

  • Page 838

    INTERFACE mode sflow max-header-size extended By default, the maximum header size of a packet is 128 bytes. When sflow max-header-size extended is enabled, 256 bytes are copied. These bytes are useful for VxLAN, NvGRE, IPv4, and IPv6 tunneled packets. NOTE: Interface mode configuration takes priority. • To reset the maximum header size of a packe[...]

  • Page 839

    sFlow Show Commands You can display sFlow statistics at the switch, interface, and line card level. • Displaying Show sFlow Globally • Displaying Show sFlow on an Interface • Displaying Show sFlow on a Line Card Displaying Show sFlow Global To view sFlow statistics, use the following command. • Display sFlow configuration information and st[...]

  • Page 840

    The following example shows the show running-config interface command. Dell#show running-config interface tengigabitethernet 1/16 ! interface TenGigabitEthernet 1/16 no ip address mtu 9252 ip mtu 9234 switchport sflow enable sflow sample-rate 8192 no shutdown Displaying Show sFlow on a Line Card To view sFlow statistics on a specified line card, us[...]

  • Page 841

    • Change the global default counter polling interval. CONFIGURATION mode or INTERFACE mode sflow polling-interval interval value – interval value : in seconds. The range is from 15 to 86400 seconds. The default is 20 seconds . Back-Off Mechanism If the sampling rate for an interface is set to a very low value, the CPU can get overloaded with fl[...]

  • Page 842

    Global default sampling rate: 4096 Global default counter polling interval: 15 Global extended information enabled: gateway, router, switch 1 collectors configured Collector IP addr: 10.10.10.3, Agent IP addr: 10.10.0.0, UDP port: 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub-samp[...]

  • Page 843

    IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description source and destination IP addresses are learned by different routing protocols, and for cases where is source is reachable over ECMP. BGP BGP Exported Exported Extended gateway data is packed. sFlow 843[...]

  • Page 844

    50 Simple Network Management Protocol (SNMP) The Simple Network Management Protocol (SNMP) is designed to manage devices on IP networks by monitoring device operation, which might require administrator intervention. NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including all Get and a[...]

  • Page 845

    Configuring SNMP version 3 requires configuring SNMP users in one of three methods. Refer to Setting Up User-Based Security (SNMPv3) . Related Configuration Tasks • Managing Overload on Startup • Reading Managed Object Values • Writing Managed Object Values • Subscribing to Managed Object Value Updates using SNMP • Copying Configuration F[...]

  • Page 846

    To choose a name for the community you create, use the following command. • Choose a name for the community. CONFIGURATION mode snmp-server community name {ro | rw} Example of Creating an SNMP Community To view your SNMP configuration, use the show running-config snmp command from EXEC Privilege mode. Dell(conf)#snmp-server community my-snmp-comm[...]

  • Page 847

    snmp-server group groupname { oid-tree } auth read name write name • Configure an SNMPv3 view. CONFIGURATION mode snmp-server view view-name 3 noauth {included | excluded} NOTE: To give a user read and write privileges, repeat this step for each privilege type. • Configure an SNMP group (with password or privacy privileges). CONFIGURATION mode [...]

  • Page 848

    Examples of Reading Managed Object Values In the following example, the value “4” displays in the OID before the IP address for IPv4. For an IPv6 IP address, a value of “16” displays. > snmpget -v 2c -c mycommunity 10.11.131.161 sysUpTime.0 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (32852616) 3 days, 19:15:26.16 > snmpget -v 2c[...]

  • Page 849

    snmp-server contact text You may use up to 55 characters. The default is None . • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmp-server location text You may use up to 55 characters. The default is None . • (From a management[...]

  • Page 850

    snmp-server host ip-address [traps | informs] [version 1 | 2c |3] [ community-string ] To send trap messages, enter the keyword traps . To send informational messages, enter the keyword informs . To send the SNMP version to use for notification messages, enter the keyword version . To identify the SNMPv1 community string, enter the name of the comm[...]

  • Page 851

    TASK SUSPENDED: SUSPENDED - svce:%d - inst:%d - task:%s SYSTEM-P:CP %CHMGR-2-CARD_PARITY_ERR ABNORMAL_TASK_TERMINATION: CRASH - task:%s %s CPU_THRESHOLD: Cpu %s usage above threshold. Cpu5SecUsage (%d) CPU_THRESHOLD_CLR: Cpu %s usage drops below threshold. Cpu5SecUsage (%d) MEM_THRESHOLD: Memory %s usage above threshold. MemUsage (%d) MEM_THRESHOLD[...]

  • Page 852

    Level 7 VLAN 1000 entity Enable entity change traps Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1487406) 4:07:54.06, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 4 Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1488564) 4:08:05.64, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2[...]

  • Page 853

    MIB Object OID Object Values Description and copySrcFileName. copySrcFileLocation . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.3 1 = flash 2 = slot0 3 = tftp 4 = ftp 5 = scp 6 = usbflash Specifies the location of source file. • If copySrcFileLocation is FTP or SCP, you must specify copyServerAddress, copyUserName, and copyUserPassword. copySrcFileName . 1.3.6[...]

  • Page 854

    MIB Object OID Object Values Description copyServerAddress . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.8 IP Address of the server. The IP address of the server. • If you specify copyServerAddress, you must also specify copyUserName and copyUserPassword. copyUserName . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.9 Username for the server. Username for the FTP, TFTP, or SCP[...]

  • Page 855

    • -c : View the community, either public or private. • -m : View the MIB files for the SNMP command. • -r : Number of retries using the option • -t : View the timeout. • -v : View the SNMP version (either 1, 2, 2d, or 3). The following examples show the snmpset command to copy a configuration. These examples assume that: • the server OS[...]

  • Page 856

    FTOS-COPY-CONFIG-MIB::copySrcFileType.7 = INTEGER: runningConfig(3) FTOS-COPY-CONFIG-MIB::copyDestFileType.7 = INTEGER: startupConfig(2) The following example shows copying configuration files from a UNIX machine using the OID. >snmpset -c public -v 2c 10.11.131.162 .1.3.6.1.4.1.6027.3.5.1.1.1.1.2.8 i 3 .1.3.6.1.4.1.6027.3.5.1.1.1.1.5.8 i 2 SNMP[...]

  • Page 857

    Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system[...]

  • Page 858

    MIB Object OID Values Description 7 = unknown copyEntryRowStatus . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.15 Row status Specifies the state of the copy operation. Uses CreateAndGo when you are performing the copy. The state is set to active when the copy is completed. Obtaining a Value for MIB Objects To obtain a value for any of the MIB objects, use the fo[...]

  • Page 859

    MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory. Table 64. MIB Objects for Displaying the Available Memory Size on Flash via SNMP MIB Object OID De[...]

  • Page 860

    MIB Object OID Description chSysCoresStackUnitNumber 1.3.6.1.4.1.6027.3.25.1.2.8.1.4 Contains information that includes which stack unit or processor the core file was originated from. chSysCoresProcess 1.3.6.1.4.1.6027.3.25.1.2.8.1.5 Contains information that includes the process names that generated each core file. Viewing the Software Core Files[...]

  • Page 861

    Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN. Example of Assigning a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.1107787786 = STRING: "My VL[...]

  • Page 862

    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNMPv2-SMI::mib-2.17.7.1.4.3.1.4.1107787786 = Hex-STRING: 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Example of Adding a Tagged Port to a VLAN usin[...]

  • Page 863

    and 1.3.6.1.4.1.6027.3.18.1.6 Enabling and Disabling a Port using SNMP To enable and disable a port using SNMP, use the following commands. 1. Create an SNMP community on the Dell system. CONFIGURATION mode snmp-server community 2. From the Dell Networking system, identify the interface index of the port for which you want to change the admin statu[...]

  • Page 864

    Table 66. MIB Objects for Fetching Dynamic MAC Entries in the Forwarding Database MIB Object OID MIB Description dot1dTpFdbTable .1.3.6.1.2.1.17.4.3 Q-BRIDGE MIB List the learned unicast MAC addresses on the default VLAN. dot1qTpFdbTable .1.3.6.1.2.1.17.7.1.2. 2 Q-BRIDGE MIB List the learned unicast MAC addresses on non- default VLANs. dot3aCurAggF[...]

  • Page 865

    -------------Query from Management Station---------------------- >snmpwalk -v 2c -c techpubs 10.11.131.162 .1.3.6.1.4.1.6027.3.2.1.1.5 SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.1.1000.0.1.232.6.149.172.1 = INTEGER: 1000 SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.2.1000.0.1.232.6.149.172.1 = Hex- STRING: 00 01 E8 06 95 AC SNMPv2-SMI::enterprises.602[...]

  • Page 866

    For example, the interface index 51528196 for the FortyGigE 0/4 port is 0000 0011 0001 0010 0100 0010 0000 0100 in binary format as shown in the following figure. In this example, if you start from the least significant bit on the right: • The first 14 bits (00001000000010) identify a Z9500 line card. • The next 4 bits (1001) identify a 40-Giga[...]

  • Page 867

    Example of Viewing Status of Learned MAC Addresses If we learn MAC addresses for the LAG, status is shown for those as well. dot3aCurAggVlanId SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.1.1.0.0.0.0.0.1.1 = INTEGER: 1 dot3aCurAggMacAddr SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.2.1.0.0.0.0.0.1.1 = Hex-STRING: 00 00 00 00 00 01 dot3aCurAggIndex SNMPv2-S[...]

  • Page 868

    51 Storm Control Storm control allows you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking OS Behavior : The switch supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic. Configure Storm Control Storm control is supported in INTERFACE mode and CON[...]

  • Page 869

    52 Spanning Tree Protocol (STP) The spanning tree protocol (STP) is a Layer 2 protocol — specified by IEEE 802.1d — that eliminates loops in a bridged topology by enabling only a single path through the network. Protocol Overview By eliminating loops, STP improves scalability in a large network and allows you to implement redundant paths, which[...]

  • Page 870

    • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time. • All ports in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode ar[...]

  • Page 871

    INTERFACE mode no ip address 2. Place the interface in Layer 2 mode. INTERFACE switchport 3. Enable the interface. INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet [...]

  • Page 872

    Figure 115. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1. Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2. Enable STP. PROTOCOL SPANNING TREE mode no disable Examples of Verifying and Viewing Spanning Tree To disable STP globally for all Layer 2 interfaces, use the disable com[...]

  • Page 873

    To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. R2#show spanning-tree 0 Executing IEEE compatible Spanning Tree Protocol Bridge Identifier [...]

  • Page 874

    spanning-tree 0 To remove a Layer 2 interface from the spanning tree topology, enter the no spanning-tree 0 command. Modifying Global Parameters You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hello- time, and max-age and overwrites the values set on other bridges participating in STP. NOTE: Dell Netw[...]

  • Page 875

    the default is 2 seconds . • Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology). PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds . To view the current values for global parameters, use the show spanning-tree [...]

  • Page 876

    only implement bpduguard , although the interface is placed in an Error Disabled state when receiving the BPDU, the physical interface remains up and spanning-tree drops packets in the hardware after a BPDU violation. BPDUs are dropped in the software after receiving the BPDU violation. CAUTION: Enable PortFast only on links connecting to an end st[...]

  • Page 877

    • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware. • When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware. • When you remove a physical port from a port channel in the Error Disable state, the Error Disabled[...]

  • Page 878

    • disables spanning tree on an interface • drops all BPDUs at the line card without generating a console message Example of Blocked BPDUs Dell(conf-if-te-0/7)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e805.fb07 Root Bridge hello time 2, max age 20, forward delay 15 Bri[...]

  • Page 879

    Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the bridge- priority command) is selected as the root bridge. If two switches have the same priority, th[...]

  • Page 880

    Figure 117. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior : The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface. • Root guard is supported on a p[...]

  • Page 881

    INTERFACE mode or INTERFACE PORT-CHANNEL mode spanning-tree {0 | mstp | rstp | pvst} rootguard – 0 : enables root guard on an STP-enabled port assigned to instance 0. – mstp : enables root guard on an MSTP-enabled port. – rstp : enables root guard on an RSTP-enabled port. – pvst : enables root guard on a PVST-enabled port. To disable STP ro[...]

  • Page 882

    As soon as a BPDU is received on an STP port in a Loop-Inconsistent state, the port returns to a blocking state. If you disable STP loop guard on a port in a Loop-Inconsistent state, the port transitions to an STP blocking state and restarts the max-age timer. Figure 118. STP Loop Guard Prevents Forwarding Loops Configuring Loop Guard Enable STP lo[...]

  • Page 883

    – Rapid Spanning Tree Protocol (RSTP) – Multiple Spanning Tree Protocol (MSTP) – Per-VLAN Spanning Tree Plus (PVST+) • You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed: % Error: R[...]

  • Page 884

    Te 0/2 0 LIS Loopguard Te 0/3 0 EDS (Shut) Bpduguard 884 Spanning Tree Protocol (STP)[...]

  • Page 885

    53 System Time and Date System time and date settings are user-configurable and maintained through the network time protocol (NTP). System times and dates are also set in hardware settings using the Dell Networking OS CLI. Network Time Protocol The network time protocol (NTP) synchronizes timekeeping among a set of distributed time servers and clie[...]

  • Page 886

    time and adjust the local clock accordingly. In addition, the message includes information to calculate the expected timekeeping accuracy and reliability, as well as select the best from possibly several servers. Following conventions established by the telephone industry [BEL86], the accuracy of each server is defined by a number called the stratu[...]

  • Page 887

    Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a Source IP Address for NTP Packets (optional) Enabling NTP NTP is disabled by default. To enable NTP, specify an NTP server to which the Dell Networ[...]

  • Page 888

    Example of Configuring NTP Broadcasts 2w1d11h : NTP: Maximum Slew:-0.000470, Remainder = -0.496884 Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, the system drops any NTP packets sent to that interface. To disable NTP on an interface, use the following command. • Disable NTP [...]

  • Page 889

    Dell Networking OS version in which you have configured ntp authentication-key , the system cannot correctly decrypt the key and cannot authenticate the NTP packets. In this case, re-enter this command and save the running-config to the startup-config. To configure NTP authentication, use the following commands. 1. Enable NTP authentication. CONFIG[...]

  • Page 890

    To configure the switch as NTP Server use the ntp master<stratum> command. stratum number identifies the NTP Server's hierarchy. Examples of Configuring and Viewing an NTP Configuration The following example shows configuring an NTP server. R6_E300(conf)#1w6d23h : NTP: xmit packet to 192.168.1.1: leap 0, mode 3, version 3, stratum 2, ppo[...]

  • Page 891

    NOTE: • Leap Indicator ( sys.leap , peer.leap , pkt.leap ) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover interval) in the day of insertion to be increa[...]

  • Page 892

    Time and Date You can set the time and date in the Dell Networking OS using the CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings. • Setting the Time and Date for the Switch Software Clock • Setting the Timezone • Setting Daylight Saving Time Once • Setting Recurring Daylight [...]

  • Page 893

    – timezone-name : enter the name of the timezone. Do not use spaces. – offset : enter one of the following: * a number from 1 to 23 as the number of hours in addition to UTC for the timezone. * a minus sign (-) then a number from 1 to 23 as the number of hours. Example of the clock timezone Command Dell#conf Dell(conf)#clock timezone Pacific -8[...]

  • Page 894

    00:00:00 pacific Sat Nov 7 2009" Setting Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight saving time on a specific day every year. If you have already set daylight saving for a one-time setting, you can set that date and time as the recurring setting with the clock summer-time time-zone recu[...]

  • Page 895

    Examples of Configuring and Viewing the Clock Summer-Time Recurring Option The following example shows using the clock summer-time recurring command. Dell(conf)#clock summer-time pacific recurring Mar 14 2009 00:00 Nov 7 2009 00:00 ? Dell(conf)#02:02:13: %SYSTEM-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to &q[...]

  • Page 896

    54 Tunneling Tunnel interfaces create a logical tunnel for IPv4 or IPv6 traffic. Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel You can configure a tunnel in IPv6 mode,[...]

  • Page 897

    interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu-3)#tunnel source 5::5 Dell(conf-if-tu-3)#tunnel d[...]

  • Page 898

    Configuring a Tunnel Interface You can configure the tunnel interface using the ip unnumbered and ipv6 unnumbered commands. To configure the tunnel interface to operate without a unique explicit ip or ipv6 address, select the interface from which the tunnel will borrow its address. The following sample configuration shows how to use the tunnel inte[...]

  • Page 899

    Configuring Tunnel source anylocal Decapsulation The tunnel source anylocal command allows a multipoint receive-only tunnel to decapsulate tunnel packets addressed to any IPv4 or IPv6 (depending on the tunnel mode) address configured on the switch that is operationally UP. The source anylocal parameters can be used for packet decapsulation instead [...]

  • Page 900

    • IP tunnel interfaces are supported over ECMP paths to the next hop. ECMP paths over IP tunnel interfaces are supported. ARP and neighbor resolution for the IP tunnel next-hop are supported. 900 Tunneling[...]

  • Page 901

    55 Upgrade Procedures For detailed upgrade procedures, refer to the Dell Networking OS Release Notes for your switch. The release notes describe the requirements and steps to follow to upgrade to a desired OS version. Upgrade Overview To upgrade system software on the switch, follow these general steps: 1. Identify the boot and system images curren[...]

  • Page 902

    local flash. This image contains independent images for the CPUs: Control Processor (CP), Route Processor (RP), and line-card processor (LP). Each separate image runs on a different CPU and are unpacked and downloaded on the appropriate CPU via the party bus. You can use TFTP or FTP to copy images to the local storage of each CPU. 902 Upgrade Proce[...]

  • Page 903

    56 Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. Feature Description A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connect[...]

  • Page 904

    Figure 120. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group . An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interface[...]

  • Page 905

    Figure 121. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the upstream port bandwidth to the downstream port bandw[...]

  • Page 906

    – An uplink-state group is considered to be operationally down if it has no upstream interfaces in the Link-Up state. No uplink-state tracking is performed when a group is disabled or in an Operationally Down state. • You can assign physical port or port-channel interfaces to an uplink-state group. – You can assign an interface to only one up[...]

  • Page 907

    • Port channel: enter port-channel { 1-512 | port-channel-range } Where port-range and port-channel-range specify a range of ports separated by a dash (-) and/or individual ports/port channels in any order; for example: upstream tengigabitethernet 1/1-2,5,9,11-12 downstream port-channel 1-3,5 • A comma is required to separate each port and port[...]

  • Page 908

    Clearing a UFD-Disabled Interface You can manually bring up a downstream interface in an uplink-state group that UFD disabled and is in a UFD-Disabled Error state. To re-enable one or more disabled downstream interfaces and clear the UFD-Disabled Error state, use the following command. • Re-enable a downstream interface on the switch/router that [...]

  • Page 909

    down: Te 0/47 02:37:29: %SYSTEM-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 0/47 02:37:29 : UFD: Group:3, UplinkState: DOWN 02:37:29: %SYSTEM-P:CP %IFMGR-5-OSTATE_DN: Changed uplink state group state to down: Group 3 02:37:29: %SYSTEM-P:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Fo 1/0 02:37:29: %SYSTEM-[...]

  • Page 910

    If a downstream interface in an uplink-state group is disabled (Oper Down state) by uplink-state tracking because an upstream port is down, the message error-disabled[UFD] displays in the output. • Display the current configuration of all uplink-state groups or a specified group. EXEC mode or UPLINK-STATE-GROUP mode (For EXEC mode) show running-c[...]

  • Page 911

    Interface index is 280544512 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:25:46 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 ove[...]

  • Page 912

    • Add a text description for the group. • Verify the configuration with various show commands. Example of Configuring UFD (S50) Dell(conf)# uplink-state-group 3 00:08:11: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed uplink state group Admin state to up: Group 3 Dell(conf-uplink-state-group-3)# downstream tengigabitethernet 0/1-2,5,9,11-12 Dell(co[...]

  • Page 913

    57 Virtual LANs (VLANs) Virtual LANs (VLANs) are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices. The system supports up to 4093 port-ba[...]

  • Page 914

    By default, VLAN 1 is the Default VLAN. To change that designation, use the default vlan-id command in CONFIGURATION mode. You cannot delete the Default VLAN. NOTE: You cannot assign an IP address to the Default VLAN. To assign an IP address to a VLAN that is currently the Default VLAN, create another VLAN and assign it to be the Default VLAN. For [...]

  • Page 915

    preserved as the frame moves through the network. The following example shows the structure of a frame with a tag header. The VLAN ID is inserted in the tag header. Figure 122. Tagged Frame Format The tag header contains some key information that the system uses: • The VLAN protocol identifier identifies the frame as tagged according to the IEEE [...]

  • Page 916

    • Configure a port-based VLAN (if the VLAN-ID is different from the Default VLAN ID) and enter INTERFACE VLAN mode. CONFIGURATION mode interface vlan vlan-id To activate the VLAN, after you create a VLAN, assign interfaces in Layer 2 mode to the VLAN. Example of Verifying a Port-Based VLAN To view the configured VLANs, use the show vlan command i[...]

  • Page 917

    The following example shows the steps to add a tagged interface (in this case, port channel 1) to VLAN 4. To view the interface’s status. Interface (po 1) is tagged and in VLAN 2 and 3, use the show vlan command. In a port-based VLAN, use the tagged command to add the interface to another VLAN. The show vlan command output displays the interface?[...]

  • Page 918

    untagged interface This command is available only in VLAN interfaces. Move an Untagged Interface to Another VLAN The no untagged interface command removes the untagged interface from a port-based VLAN and places the interface in the Default VLAN. You cannot use the no untagged interface command in the Default VLAN. The following example shows the s[...]

  • Page 919

    NOTE: You cannot assign an IP address to the Default VLAN (VLAN 1). To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command. You can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic. For more information, refer to Bulk Configuration . To assign an IP address, use the followin[...]

  • Page 920

    switchport 4. Add the interface to a tagged or untagged VLAN. VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to [...]

  • Page 921

    58 Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist withi[...]

  • Page 922

    Figure 123. VRF Network Example VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network device may have the[...]

  • Page 923

    Dell Networking OS uses both the VRF name and VRF ID to manage VRF instances. The VRF name and VRF ID number are assigned using the ip vrf command. The VRF ID is displayed in show ip vrf command output. The VRF ID is not exchanged between routers. VRF IDs are local to a router. VRF supports some routing protocols only on the default VRF (default-vr[...]

  • Page 924

    Feature/Capability Support Status for Default VRF Support Status for Non-default VRF NOTE: ACLs supported on all VRF VLAN ports. IPv4 ACLs are supported on non- default-VRFs also. IPv6 ACLs are supported on default- VRF only. PBR supported on default-VRF only. QoS not supported on VLANs. Layer 3 (IPv4/IPv6) ACLs, TraceLists, PBR, QoS on physical in[...]

  • Page 925

    DHCP DHCP requests are not forwarded across VRF instances. The DHCP client and server must be on the same VRF instance. VRF Configuration The VRF configuration tasks are: 1. Enabling VRF in Configuration Mode 2. Creating a Non-Default VRF 3. Assign an Interface to a VRF You can also: • View VRF Instance Information • Connect an OSPF Process to [...]

  • Page 926

    Task Command Syntax Command Mode Assign an interface to a VRF instance. ip vrf forwarding vrf- name INTERFACE Assigning a Front-end Port to a Management VRF Starting in 9.7(0.0) release, you can assign a front-end port to a management VRF and make the port to act as a host interface. NOTE: You cannot assign loop-back and port-channel interfaces to [...]

  • Page 927

    Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. Refer to Open Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance . Return to CONFIGURATION mode to enable the OSPF process. The OSPF Process ID is the identifying number assigned to the OSPF pro[...]

  • Page 928

    Task Command Syntax Command Mode View VRRP command output for the VRF vrf1 show vrrp vrf vrf1 ------------------ TenGigabitEthernet 1/13, IPv4 VRID: 10, Version: 2, Net: 10.1.1.1 VRF: 2 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 43, Gratuitous A[...]

  • Page 929

    Task Command Syntax Command Mode Configure a static neighbor. ipv6 neighbor vrf management 1::1 tengigabitethernet 1/1 xx:xx:xx:xx:xx:xx CONFIGURATION Sample VRF Configuration The following configuration illustrates a typical VRF set-up. Figure 124. Setup OSPF and Static Routes Virtual Routing and Forwarding (VRF) 929[...]

  • Page 930

    Figure 125. Setup VRF Interfaces The following example relates to the configuration shown in Figure1 and Figure 2 . Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1 ip vrf forwarding blue ip address 10.0.0.1/24 no shutdown ! 930 Virtu[...]

  • Page 931

    interface TenGigabitEthernet 1/2 ip vrf forwarding orange ip address 20.0.0.1/24 no shutdown ! interface TenGigabitEthernet 1/3 ip vrf forwarding green ip address 30.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip addres[...]

  • Page 932

    interface TenGigabitEthernet 2/2 ip vrf forwarding orange ip address 21.0.0.1/24 no shutdown ! interface TenGigabitEthernet 2/3 ip vrf forwarding green ip address 31.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown interface Vlan 192 ip vrf forwarding orange ip address [...]

  • Page 933

    orange 2 Te 1/2, Vl 192 green 3 Te 1/3, Vl 256 Dell#show ip ospf 1 neighbor Neighbor ID Pri State Dead Time Address Interface Area 1.0.0.2 1 FULL/DR 00:00:32 1.0.0.2 Vl 128 0 Dell#sh ip ospf 2 neighbor Neighbor ID Pri State Dead Time Address Interface Area 2.0.0.2 1 FULL/DR 00:00:37 2.0.0.2 Vl 192 0 Dell#show ip route vrf blue Codes: C - connected,[...]

  • Page 934

    O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/M[...]

  • Page 935

    L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- C 1.0.0.0/24 Direct, Vl 128 0/0 00:27:21 O 10.0.0.0/24 via 1.0.0.1, Vl 128 110/2 00:14:24 C 11.0.0.0/24 Direct, Te 2/1 [...]

  • Page 936

    0/0 00:20:19 Dell# Route Leaking VRFs Static routes can be used to redistribute routes between non-default to default/non-default VRF and vice-versa. You can configure route leaking between two VRFs using the following command: ip route vrf x.x.x.x s.s.s.s nh.nh.nh.nh vrf default. This command indicates that packets that are destined to x.x.x.x/s.s[...]

  • Page 937

    After the target VRF learns routes that are leaked by the source VRF, the source VRF in turn can leak the export target corresponding to the destination VRFs that have imported its routes. The source VRF learns the export target corresponding to the destinations VRF using the ip route-import tag or ipv6 route-import tag command. This mechanism enab[...]

  • Page 938

    ! ip vrf VRF-Blue ip route-export 3:3 ip route-import 1:1 ! ip vrf VRF-Green ! ip vrf VRF-shared ip route-export 1:1 ip route-import 2:2 ip route-import 3:3 Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red O 11.1.1.1/32 via 111.1.1.1 110/0 00:00:10 C 111.1.1.0/24 D[...]

  • Page 939

    C 133.3.3.0/24 Direct, Te 1/13 0/0 22:39:61 Dell# show ip route vrf VRF-Shared O 11.1.1.1/32 via VRF-Red:111.1.1.1 110/0 00:00:10 C 111.1.1.0/24 Direct, VRF-Red:Te 1/11 0/0 22:39:59 O 22.2.2.2/32 via VRF-Blue:122.2.2.2 110/0 00:00:11 C 122.2.2.0/24 Direct, VRF-Blue:Te 1/22 0/0 22:39:61 O 44.4.4.4/32 via 144.4.4.4 110/0 00:00:11 C 144.4.4.0/24 Direc[...]

  • Page 940

    route-map import_ospf_protocol and then specify the match criteria as OSPF using the match source- protocol ospf command. You can then use the ip route-import route-map command to import routes matching the filtering criteria defined in the import_ospf_protocol route-map. For a reply communication, VRF-blue is configured with a route-export tag. Th[...]

  • Page 941

    The show VRF commands displays the following output: Dell# show ip route vrf VRF-Blue C 122.2.2.0/24 Direct, Te 1/22 0/0 22:39:61 O 22.2.2.2/32 via 122.2.2.2 110/0 00:00:11 O 44.4.4.4/32 via vrf-red:144.4.4.4 0/0 00:32:36 << only OSPF and BGP leaked from VRF-red Important Points to Remember • Only Active routes are eligible for leaking. For[...]

  • Page 942

    59 Virtual Link Trunking (VLT) Virtual link trunking (VLT) allows physical links between two chassis to appear as a single virtual link to the network core or other switches such as Edge, Access, or top-of-rack (ToR). Overview VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separat[...]

  • Page 943

    Figure 126. Example of VLT Deployment VLT on Core Switches You can also deploy VLT on core switches. Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing. This set up requires “horizontal” stacking at the access layer and VLT at the aggregation lay[...]

  • Page 944

    Figure 127. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages between the VL[...]

  • Page 945

    Configure Virtual Link Trunking VLT requires that you enable the feature and then configure the same VLT domain, backup link, and VLT interconnect on both peer switches. Important Points to Remember • VLT port channel interfaces must be switch ports. • If you include RSTP on the system, configure it before VLT. Refer to Configure Rapid Spanning[...]

  • Page 946

    If this scenario occurs, use the clear mac-address-table sticky all command on the primary or secondary peer to correctly sync the MAC addresses. • If static ARP is enabled on only one VLT peer, entries may be overwritten during bulk sync. Configuration Notes When you configure VLT, the following conditions apply. • VLT domain – A VLT domain [...]

  • Page 947

    – If you shut down the port channel used in the VLT interconnect on a peer switch in a VLT domain in which you did not configure a backup link, the switch’s role displays in the show vlt brief command output as Primary instead of Standalone. – When you change the default VLAN ID on a VLT peer switch, the VLT interconnect may flap. – In a VL[...]

  • Page 948

    – VLT allows multiple active parallel paths from access switches to VLT chassis. – VLT supports port-channel links with LACP between access switches and VLT peer switches. Dell Networking recommends using static port channels on VLTi. – If VLTi connectivity with a peer is lost but the VLT backup connectivity indicates that the peer is still a[...]

  • Page 949

    the master or backup for all VRRP groups configured on its interfaces. For more information, refer to Setting VRRP Group (Virtual Router) Priority . – To verify that a VLT peer is consistently configured for either the master or backup role in all VRRP groups, use the show vrrp command on each peer. – Also configure the same L3 routing (static [...]

  • Page 950

    RSTP and VLT VLT provides loop-free redundant topologies and does not require RSTP. RSTP can cause temporary port state blocking and may cause topology changes after link or node failures. Spanning tree topology changes are distributed to the entire layer 2 network, which can cause a network-wide flush of learned MAC and ARP addresses, requiring th[...]

  • Page 951

    • VLT Sync — Entries learned on the VLT interface are synced on both VLT peers. • Non-VLT Sync — Entries learned on non-VLT interfaces are synced on both VLT peers. • Tunneling — Control information is associated with tunnel traffic so that the appropriate VLT peer can mirror the ingress port as the VLT interface rather than pointing to[...]

  • Page 952

    Figure 128. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches. This ens[...]

  • Page 953

    To route traffic to and from the multicast source and receiver, enable PIM on the L3 side connected to the PIM router using the ip pim sparse-mode command. Each VLT peer runs its own PIM protocol independently of other VLT peers. To ensure the PIM protocol states or multicast routing information base (MRIB) on the VLT peers are synced, if the incom[...]

  • Page 954

    Layer 3 on the other node. Configuration mismatches are logged in the syslog and display in the show vlt mismatch command output. If you enable VLT unicast routing, the following actions occur: • L3 routing is enabled on any new IP or IPv6 address configured for a VLAN interface that is up. • L3 routing is enabled on any VLAN with an admin stat[...]

  • Page 955

    Important Points to Remember • You cannot configure a VLT node as a rendezvous point (RP), but any PIM-SM compatible VLT node can serve as a designated router (DR). • You can only use one spanned VLAN from a PIM-enabled VLT node to an external neighboring PIM router. • If you connect multiple spanned VLANs to a PIM neighbor, or if both spanne[...]

  • Page 956

    RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the VLT startup phase. You may also use RSTP for loop prevention in the network outside of the VLT port channel. For information about how to configure RSTP, Rapid Spanni[...]

  • Page 957

    In the case of a primary VLT switch failure, the secondary switch starts sending BPDUs with its own bridge ID and inherits all the port states from the last synchronization with the primary switch. An access device never detects the change in primary/secondary roles and does not see it as a topology change. The following examples show the RSTP conf[...]

  • Page 958

    no ip address 3. Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface : specify one of the following interface types: • 1-Gigabit Ethernet: Enter gigabitethernet slot/port . • 10-Gigabit Ethernet: Enter tengigabitethernet slot/port . • 40-Gigabit Ethernet: Enter fortyGigE slot/por[...]

  • Page 959

    lacp ungroup member-independent {vlt | port-channel port-channel-id } LACP on VLT ports (on a VLT switch or access device), which are members of the virtual link trunk, is not brought up until the VLT domain is recognized on the access device. 5. Repeat Steps 1 to 4 on the VLT peer switch to configure the IP address of this switch as the endpoint o[...]

  • Page 960

    Reconfiguring the Default VLT Settings (Optional) To reconfigure the default VLT settings, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2. (Optional) After you configure the VLT domain on each peer switch on both side[...]

  • Page 961

    Connecting a VLT Domain to an Attached Access Device (Switch or Server) To connect a VLT domain to an attached access device, use the following commands. On a VLT peer switch : To connect to an attached device, configure the same port channel ID number on each peer switch in the VLT domain. 1. Configure the same port channel to be used to connect t[...]

  • Page 962

    Configuring a VLT VLAN Peer-Down (Optional) To configure a VLT VLAN peer-down, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATIO[...]

  • Page 963

    vlt domain domain-id The range of domain IDs is from 1 to 1000. 4. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number The range is from 1 to 128. 5. Configure the IP address of the management interface on the remote VLT peer to be used as the endpoint of the VLT backup l[...]

  • Page 964

    9. Place the interface in Layer 2 mode. INTERFACE PORT-CHANNEL mode switchport 10. Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device. INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number Valid port-channel ID numbers are from 1 to 128. 11. Ensure that the port channe[...]

  • Page 965

    interface port-channel port-channel id NOTE: To benefit from the protocol negotiations, Dell Networking recommends configuring VLTs used as facing hosts/switches with LACP. Ensure both peers use the same port channel ID. 4. Configure the peer-link port-channel in the VLT domains of each peer unit. INTERFACE PORTCHANNEL mode channel-member 5. Config[...]

  • Page 966

    Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. Dell-2(conf)#vlt domain 5 Dell-2(conf-vlt-domain)# Dell-4(conf)#vlt domain 5 Dell-4(conf-vlt-domain)# Configure the VLTi between VLT peer 1 and VLT peer 2. 1. You can configure the LACP/static LAG between the peer units (not shown). 2. Configure the peer-link port-channel in th[...]

  • Page 967

    ! port-channel-protocol LACP port-channel 2 mode active no shutdown Dell-2#show running-config interface port-channel 2 ! interface Port-channel 2 no ip address switchport vlt-peer-lag port-channel 2 no shutdown Dell-2#show interfaces port-channel 2 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 2 L2L3 up 03:33:14 Te 0/40 (Up) In[...]

  • Page 968

    Role Priority: 32768 ICL Link Status: Up HeartBeat Status: Up VLT Peer Status: Up Local System MAC address: 00:01:e8:8c:4d:08 Remote System MAC address: 00:01:e8:8c:4d:1c Dell-2#show vlt detail Local LAG Id Peer LAG Id Local Status Active VLANs ------------ ----------- ------------ ------------ 2 2 Up 1000-1199 Verify that the VLT LAG is up in both[...]

  • Page 969

    Configure PVST+ on VLT Peers to Prevent Forwarding Loops (VLT Peer 2) Dell_VLTpeer2(conf)#protocol spanning-tree pvst Dell_VLTpeer2(conf-pvst)#no disable Dell_VLTpeer2(conf-pvst)#vlan 1000 bridge-priority 4096 Configure both ends of the VLT interconnect trunk with identical PVST+ configurations. When you enable VLT, the show spanning-tree pvst brie[...]

  • Page 970

    Figure 129. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer1(conf)#vlt domain 1000 Domain_1_Peer1(conf-vlt-domain)# peer-link[...]

  • Page 971

    Domain_1_Peer2(conf-vlt-domain)# back-up destination 10.16.130.12 Domain_1_Peer2(conf-vlt-domain)# system-mac mac-address 00:0a:00:0a:00:0a Domain_1_Peer2(conf-vlt-domain)# unit-id 1 Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-[...]

  • Page 972

    Configure eVLT on Peer 4. Domain_2_Peer4(conf)#interface port-channel 100 Domain_2_Peer4(conf-if-po-100)# switchport Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4. Domain_2_Peer4(conf)#interface range tengigabitethernet 0/31 - 32 Domain_2_Peer4([...]

  • Page 973

    VLT_Peer2(conf-if-vl-4001)#exit VLT_Peer2(conf)#end Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode show vlt backup-link • Display general status informat[...]

  • Page 974

    Examples of the show vlt and show spanning-tree rstp Commands The following example shows the show vlt backup-link command. Dell_VLTpeer1# show vlt backup-link VLT Backup Link ----------------- Destination: 10.11.200.18 Peer HeartBeat status: Up HeartBeat Timer Interval: 1 HeartBeat Timeout: 3 UDP Port: 34998 HeartBeat Messages Sent: 1026 HeartBeat[...]

  • Page 975

    The following example shows the show vlt detail command. Dell_VLTpeer1# show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active VLANs ------------ ----------- ------------ ----------- ------------- 100 100 UP UP 10, 20, 30 127 2 UP UP 20, 30 Dell_VLTpeer2# show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active VLA[...]

  • Page 976

    Dell_VLTpeer2# show vlt statistics VLT Statistics ---------------- HeartBeat Messages Sent: 994 HeartBeat Messages Received: 978 ICL Hello's Sent: 89 ICL Hello's Received: 89 The following example shows the show spanning-tree rstp command. The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is use[...]

  • Page 977

    Configuring Virtual Link Trunking (VLT Peer 1) Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi). Dell_VLTpeer1(conf)#vlt domain 999 Dell_VLTpeer1(conf-vlt-domain)# peer-link port-channel 100 Dell_VLTpeer1(conf-vlt-domain)# back-up destination 10.11.206.35 Dell_VLTpeer1(conf-vlt-domain)#exit Configure the backup li[...]

  • Page 978

    Configure the backup link. Dell_VLTpeer2(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer2(conf-if-ma-0/0)# ip address 10.11.206.35/ Dell_VLTpeer2(conf-if-ma-0/0)#no shutdown Dell_VLTpeer2(conf-if-ma-0/0)#exit Configure the VLT interconnect (VLTi). Dell_VLTpeer2(conf)#interface port-channel 100 Dell_VLTpeer2(conf-if-po-100)#no ip address Dell_VL[...]

  • Page 979

    Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 70. Troubleshooting VLT Description Behavior at Peer Up Behavior During Run Time Action to Take Bandwidth monitoring A syslog[...]

  • Page 980

    Description Behavior at Peer Up Behavior During Run Time Action to Take that the MAC address is the same on both units. Unit ID mismatch The VLT peer does not boot up. The VLTi is forced to a down state. A syslog error message is generated. The VLT peer does not boot up. The VLTi is forced to a down state. A syslog error message is generated. Verif[...]

  • Page 981

    Specifying VLT Nodes in a PVLAN You can configure VLT peer nodes in a private VLAN (PVLAN). VLT enables redundancy without the implementation of Spanning Tree Protocol (STP), and provides a loop-free network with optimal bandwidth utilization. Because the VLT LAG interfaces are terminated on two different nodes, PVLAN configuration of VLT VLANs and[...]

  • Page 982

    not validated if you associate an ICL to a PVLAN. Similarly, if you dissociate an ICL from a PVLAN, although the PVLAN parity exists, ICL is removed from that PVLAN. Association of VLTi as a Member of a PVLAN If a VLAN is configured as a non-VLT VLAN on both the peers, the VLTi link is made a member of that VLAN if the VLTi link is configured as a [...]

  • Page 983

    PVLAN Operations When a VLT Peer is Restarted When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back online, a verification is performed with the newly received PVLAN configuration from the peer. If any differences are identified, the VLTi link is either added or removed from the VLAN[...]

  • Page 984

    VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 Promiscuo us Trunk Primary Primary Yes No Trunk Access Primary Secondary No No Promiscuo us Promiscuo us Primary Primary Yes Yes Promiscuo us Access Primary Secondary No No Promiscuo us Promiscuo us Primary Primary Yes Yes - Secondary (Community) - S[...]

  • Page 985

    VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 Access Access Secondary (Community) Secondary (Community) No No - Primary VLAN Y - Primary VLAN X No No Promiscuo us Access Primary Secondary No No Trunk Access Primary/Normal Secondary No No Configuring a VLT VLAN or LAG in a PVLAN You can configure[...]

  • Page 986

    4. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 5. To configure the VLT interconnect, repeat Steps 1–4 on the VLT peer switch. 6. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 7. Enter the port-channel number tha[...]

  • Page 987

    interface vlan vlan-id 6. Enable the VLAN. INTERFACE VLAN mode no shutdown 7. To obtain maximum VLT resiliency, configure the PVLAN IDs and mappings to be identical on both the VLT peer nodes. Set the PVLAN mode of the selected VLAN to primary. INTERFACE VLAN mode private-vlan mode primary 8. Map secondary VLANs to the selected primary VLAN. INTERF[...]

  • Page 988

    request for 20.1.1.1 reaches node 1, node 1 will not perform the ARP request for 20.1.1.2. Proxy ARP is supported only for the IP address belongs to the received interface IP network. Proxy ARP is not supported if the ARP requested IP address is different from the received interface IP subnet. For example, if VLAN 100 and 200 are configured on the [...]

  • Page 989

    VLT Nodes as Rendezvous Points for Multicast Resiliency You can configure virtual link trunking (VLT) peer nodes as rendezvous points (RPs) in a Protocol Independent Multicast (PIM) domain. PIM uses a VLT node as the RP to distribute multicast traffic to a multicast group. Messages to join the multicast group (Join messages) and data are sent towar[...]

  • Page 990

    vlan-stack {access | trunk} 2. Configure VLAN as VLAN-stack compatible on both the peers. INTERFACE VLAN mode vlan-stack compatible 3. Add the VLT LAG as a member to the VLAN-stack on both the peers. INTERFACE VLAN mode member port-channel port—channel ID 4. Verify the VLAN-stack configurations. EXEC Privilege show running-config Sample configura[...]

  • Page 991

    Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 ! interface Port-channel 20 no ip address switchport vlan-stack trunk vlt-peer-lag port-channel 20 no shutdown Dell# Configure VLAN as VLAN-Stack VLAN[...]

  • Page 992

    vlt domain 1 peer-link port-channel 1 back-up destination 10.16.151.115 system-mac mac-address 00:00:00:11:11:11 unit-id 1 Dell# Configure VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-[...]

  • Page 993

    Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C - Community, I - Isolated O - Openflow Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged o - OpenFlow untagged, O - OpenFlow tagged G - GVRP tagged, M - Vlan-stack i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged NUM S[...]

  • Page 994

    60 VLT Proxy Gateway You can configure a proxy gateway in VLT domains. A proxy gateway enables you to locally route the packets that are destined to a L3 endpoint in another VLT domain. Proxy Gateway in VLT Domains Using a proxy gateway, the VLT peers in a domain can route the L3 packets destined for VLT peers in another domain as long as they have[...]

  • Page 995

    When the routing table across DCs is not symmetrical, there is a possibility of a routing miss by a DC that do not have the route for the L3 traffic. Since routing protocols will enabled and both the DC’s comes in same subnet there will not be route asymmetry dynamically. But if static route is configured on one DC and not on the other, it will r[...]

  • Page 996

    8. LLDP port channel interface can’t be changed to legacy lag when proxy gateway is enabled. 9.“vlt-peer-mac transmit” is recommended only for square VLT without any diagonal links. 10. VRRP and IPv6 routing is not supported now. 11. With the existing hardware capabilities, only 512 my_station_tcam entries can be supported. 12. PVLAN not supp[...]

  • Page 997

    • There are only a couple of MACs for each unit to be transmitted so that all current active MACs can definitely be carried on the newly defined TLV. • This TLV is recognizable only by FTOS devices with this feature support. Other device will ignore this field and should still be able to process other standard TLVs. The LLDP organizational TLV [...]

  • Page 998

    2. Trace route across VLT domains may show extra hops. 3. IP route symmetry must be maintained across the VLT domains. Assume if the route to a destination is not available at C2, though the packet hits the MY_STATION_TCAM and routing is enabled for that VLAN, if there is no entry for that prefix in the routing table it will dropped to CPU. By defa[...]

  • Page 999

    8. Packet duplication – Assume exclude-vlan (say VLAN 10) is configured on C2/D2 for C1’s MAC. If packets for VLAN 10 with C1’s MAC get a hit at C2, they will be switched to both D2 (via ICL) and C1 via inter DC link. This could lead to packet duplication. So, if C1’s MAC is learnt at C2 then the packet would not have flooded (to D2) and on[...]

  • Page 1000

    61 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP Overview VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN). The MASTER router is chosen from the virtual [...]

  • Page 1001

    Figure 130. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation W[...]

  • Page 1002

    decreases based on the dynamics of the network, the advertisement intervals may increase or decrease accordingly. CAUTION: Increasing the advertisement interval increases the VRRP Master dead interval, resulting in an increased failover time for Master/Backup election. Take caution when increasing the advertisement interval, as the increased dead i[...]

  • Page 1003

    • Create a virtual router for that interface with a VRID. INTERFACE mode vrrp-group vrid The VRID range is from 1 to 255. NOTE: The interface must already have a primary IP address defined and be enabled, as shown in the second example. • Delete a VRRP group. INTERFACE mode no vrrp-group vrid Examples of Configuring Verifying a VRRP Configurati[...]

  • Page 1004

    You can use the version both command in INTERFACE mode to migrate from VRRPv2 to VRRPv3. When you set the VRRP version to both , the switch sends only VRRPv3 advertisements but can receive VRRPv2 or VRRPv3 packets. To migrate an IPv4 VRRP group from VRRPv2 to VRRPv3: 1. Set the switches with the lowest priority to “both”. 2. Set the switch with[...]

  • Page 1005

    group and the interface’s physical MAC address is changed to that of the owner VRRP group’s MAC address. • If you configure multiple VRRP groups on an interface, only one of the VRRP Groups can contain the interface primary or secondary IP address. Configuring a Virtual IP Address To configure a virtual IP address, use the following commands.[...]

  • Page 1006

    Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.10 Authentication: (none) ------------------ TenGigabitEthernet 1/2, VRID: 111 , Net: 10.10.2.1 State: Master, Priority: 100, Master: 10.10.2.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 27, Gratu[...]

  • Page 1007

    TenGigabitEthernet 1/2, VRID: 111, Net: 10.10.2.1 State: Master, Priority: 125, Master: 10.10.2.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 601, Gratuitous ARP sent: 2 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.2.2 10.10.2.3 Authentication: (none) Dell(conf)# Configuring VR[...]

  • Page 1008

    NOTE: You must configure all virtual routers in the VRRP group the same: you must configure all with preempt enabled or configure all with preempt disabled. Because preempt is enabled by default, disable the preempt function with the following command. • Prevent any BACKUP router with a higher priority from becoming the MASTER router. INTERFACE-V[...]

  • Page 1009

    To change the advertisement interval in seconds or centisecs, use the following command. A centisecs is 1/100 of a second. • Change the advertisement seconds interval setting. INTERFACE-VRID mode advertise-interval seconds The range is from 1 to 255 seconds. The default is 1 second . • For VRRPv3, change the advertisement centisecs interval set[...]

  • Page 1010

    default value of 10 (also known as cost ). If the tracked interface’s state goes up, the VRRP group’s priority increases by 10. The lowered priority of the VRRP group may trigger an election. As the Master/Backup VRRP routers are selected based on the VRRP group’s priority, tracking features ensure that the best VRRP router is the Master for [...]

  • Page 1011

    • (Optional) Display the configuration of tracked objects in VRRP groups on a specified interface. EXEC mode or EXEC Privilege mode show running-config interface interface Example of Configuring and Verifying the Tracking Configuration The following example shows configuring VRRP tracking. Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-v[...]

  • Page 1012

    Virtual IP address: 2007::1 fe80::1 Tracking states for 2 resource Ids: 2 - Up IPv6 route, 2040::/64, priority-cost 20, 00:02:11 3 - Up IPv6 route, 2050::/64, priority-cost 30, 00:02:11 The following example shows viewing the VRRP configuration on an interface. Dell#show running-config interface tengigabitethernet 2/30 interface TenGigabitEthernet [...]

  • Page 1013

    The seconds range is from 0 to 900. The default is 0 . Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP [...]

  • Page 1014

    Figure 131. VRRP for IPv4 Topology Example of Configuring VRRP for IPv4 Router 2 R2(conf)#int te 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf ! interface TenGiga[...]

  • Page 1015

    no shutdown R2(conf-if-te-2/31)#end R2#show vrrp ------------------ TenGigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.[...]

  • Page 1016

    Figure 132. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. Example of Configuring VRRP for IPv6 Router 2 and Router 3 Configure [...]

  • Page 1017

    Although R2 and R3 have the same default, priority (100), R2 is elected master in the VRRPv3 group because the TenGigE 0/0 interface has a higher IPv6 address than the TenGigE 1/0 interface on R3. Router 2 R2(conf)#interface tengigabitethernet 0/0 R2(conf-if-te-0/0)#no ip address R2(conf-if-te-0/0)#ipv6 address 1::1/64 R2(conf-if-te-0/0)#vrrp-group[...]

  • Page 1018

    VRRP in a VRF Configuration The following example shows how to enable VRRP operation in a VRF virtualized network for the following scenarios. • Multiple VRFs on physical interfaces running VRRP. • Multiple VRFs on VLAN interfaces running VRRP. To view a VRRP in a VRF configuration, use the show commands described in Displaying VRRP in a VRF Co[...]

  • Page 1019

    Figure 133. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 2/1 S1(conf-if-te-2/1)#ip vrf forwarding VRF-1 S1(conf-if-te-2/1)#ip address 10.10.1.5/24[...]

  • Page 1020

    ! S1(conf)#interface TenGigabitEthernet 2/3 S1(conf-if-te-2/3)#ip vrf forwarding VRF-3 S1(conf-if-te-2/3)#ip address 20.1.1.5/24 S1(conf-if-te-2/3)#vrrp-group 15 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-te-2/3-vrid-105)#priority 255 S1(conf-if-te-2/3-vrid-105)#virtual-address 20.1.1.5 S1(conf-if-te-2/3)#no shutdow[...]

  • Page 1021

    VRRP in VRF: Switch-1 VLAN Configuration VRRP in VRF: Switch-2 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 2/4 S1(conf-if-te-2/4)#no ip address S1(conf-if-te-2/4)#switchport S1(conf-if-te-2/4)#no shutdown ! S1(conf-if-te-2/4)#interface vlan 100 S1(co[...]

  • Page 1022

    S2(conf-if-vl-100-vrid-101)#priority 255 S2(conf-if-vl-100-vrid-101)#virtual-address 10.10.1.2 S2(conf-if-vl-100)#no shutdown ! S2(conf-if-te-2/4)#interface vlan 200 S2(conf-if-vl-200)#ip vrf forwarding VRF-2 S2(conf-if-vl-200)#ip address 10.10.1.2/24 S2(conf-if-vl-200)#tagged tengigabitethernet 12/4 S2(conf-if-vl-200)#vrrp-group 11 % Info: The VRI[...]

  • Page 1023

    192.168.0.254 Authentication: (none) Virtual Router Redundancy Protocol (VRRP) 1023[...]

  • Page 1024

    62 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click “Browse a[...]

  • Page 1025

    SFF-8431 SFP+ Direct Attach Cable (10GSFP+Cu) MTU 9,252 bytes RFC and I-D Compliance The system supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of the Dell Networking OS first supports the standard. General Internet Protocols The following table lists th[...]

  • Page 1026

    RFC# Full Name S-Series/Z- Series C-Series E-Series TeraScale E-Series ExaScale Services Field (DS Field) in the IPv4 and IPv6 Headers 2615 PPP over SONET/SDH √ 2698 A Two Rate Three Color Marker √ 8.1.1 3164 The BSD syslog Protocol 7.6.1 7.5.1 √ 8.1.1 draft-ietf-bfd - base-03 Bidirectional Forwarding Detection 7.6.1 √ 8.1.1 Border Gateway [...]

  • Page 1027

    RFC# Full Name S-Series/Z-Series draft-ietf-idrrestart- 06 Graceful Restart Mechanism for BGP 7.8.1 General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 75. General IPv4 Protocols RFC# Full Name S-Series/Z- Series C-Series E-Series TeraScale E-Series ExaScale 791 Internet Pro[...]

  • Page 1028

    RFC# Full Name S-Series/Z- Series C-Series E-Series TeraScale E-Series ExaScale 1812 Requirements for IP Version 4 Routers 7.6.1 7.5.1 √ 8.1.1 2131 Dynamic Host Configuration Protocol 7.6.1 7.5.1 √ 8.1.1 2338 Virtual Router Redundancy Protocol (VRRP) 7.6.1 7.5.1 √ 8.1.1 3021 Using 31-Bit Prefixes on IPv4 Point-to-Point Links 7.7.1 7.5.1 7.7.1[...]

  • Page 1029

    RFC# Full Name S-Series/Z- Series C-Series E-Series TeraScale E-Series ExaScale 2675 IPv6 Jumbograms 7.8.1 7.8.1 √ 8.2.1 2711 IPv6 Router Alert Option 8.3.12.0 3587 IPv6 Global Unicast Address Format 7.8.1 7.8.1 √ 8.2.1 4007 IPv6 Scoped Address Architecture 8.3.12.0 4291 Internet Protocol Version 6 (IPv6) Addressing Architecture 7.8.1 7.8.1 √[...]

  • Page 1030

    RFC# Full Name S-Series C-Series E-Series TeraScale E-Series ExaScale Mechanism for IS- IS 2966 Domain-wide Prefix Distribution with Two-Level IS- IS √ 8.1.1 3373 Three-Way Handshake for Intermediate System to Intermediate System (IS-IS) Point-to-Point Adjacencies √ 8.2.1 3567 IS-IS ACruythpetongtirca apthioicn √ 8.1.1 3784 Intermediate Syste[...]

  • Page 1031

    Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 78. Network Management RFC# Full Name S4810 S4820T Z-Series 1155 Structure and Identification of Management Information for TCP/IP-based Internets 7.6.1 1156 Management Information Base for Network Management of TCP/IP- ba[...]

  • Page 1032

    RFC# Full Name S4810 S4820T Z-Series 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2 7.6.1 2024 Definitions of Managed Objects for Data Link Switching using SMIv2 7.6.1 2096 IP Forwarding Table MIB 7.6.1 2558 Definitions of Managed Objects for the Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/ S[...]

  • Page 1033

    RFC# Full Name S4810 S4820T Z-Series 2578 Structure of Management Information Version 2 (SMIv2) 7.6.1 2579 Textual Conventions for SMIv2 7.6.1 2580 Conformance Statements for SMIv2 7.6.1 2618 RADIUS Authentication Client MIB, except the following four counters: radiusAuthClientInvalidSer verAddresses radiusAuthClientMalforme dAccessResponses radius[...]

  • Page 1034

    RFC# Full Name S4810 S4820T Z-Series 2865 Remote Authentication Dial In User Service (RADIUS) 7.6.1 3273 Remote Network Monitoring Management Information Base for High Capacity Networks (64 bits): Ethernet Statistics High-Capacity Table, Ethernet History High- Capacity Table 7.6.1 3416 Version 2 of the Protocol Operations for the Simple Network Man[...]

  • Page 1035

    RFC# Full Name S4810 S4820T Z-Series ANSI/TIA-1057 The LLDP Management Information Base extension module for TIA-TR41.4 Media Endpoint Discovery information 7.7.1 draft-grant-tacacs -02 The TACACS+ Protocol 7.6.1 draft-ietf-idr-bgp4 -mib-06 Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol (BGP-4) using SMIv2 7.8.[...]

  • Page 1036

    RFC# Full Name S4810 S4820T Z-Series (LLDP DOT1 MIB and LLDP DOT3 MIB) IEEE 802.1AB The LLDP Management Information Base extension module for IEEE 802.3 organizationally defined discovery information. (LLDP DOT1 MIB and LLDP DOT3 MIB) 7.7.1 ruzin-mstp-mib-0 2 (Traps) Definitions of Managed Objects for Bridges with Multiple Spanning Tree Protocol 7.[...]

  • Page 1037

    RFC# Full Name S4810 S4820T Z-Series FORCE10- LINKAGG-MIB Force10 Enterprise Link Aggregation MIB 7.6.1 FORCE10- CHASSIS-MIB Force10 E-Series Enterprise Chassis MIB FORCE10-COPY- CONFIG-MIB Force10 File Copy MIB (supporting SNMP SET operation) 7.7.1 FORCE10-MONMIB Force10 Monitoring MIB 7.6.1 FORCE10- PRODUCTS-MIB Force10 Product Object Identifier [...]

  • Page 1038

    RFC# Full Name S-Series C-Series E-Series TeraScale E-Series ExaScale 3569 An Overview of Source-Specific Multicast (SSM) 7.8.1 SSM for IPv4 7.7.1 SSM for IPv4 7.5.1 SSM for IPv4/IPv6 8.2.1 SSM for IPv4 3618 Multicast Source Discovery Protocol (MSDP) √ 8.1.1 3810 Multicast Listener Discovery Version 2 (MLDv2) for IPv6 √ 8.2.1 3973 Protocol Inde[...]

  • Page 1039

    RFC# Full Name S-Series/Z-Series 2740 OSPF for IPv6 9.1(0.0) 3623 Graceful OSPF Restart 7.8.1 4222 Prioritized Treatment of Specific OSPF Version 2 Packets and Congestion Avoidance 7.6.1 Routing Information Protocol (RIP) The following table lists the Dell Networking OS support per platform for RIP protocol. Table 81. Routing Information Protocol ([...]