Dell FCX624-S manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Dell FCX624-S, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Dell FCX624-S one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Dell FCX624-S. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Dell FCX624-S should contain:
- informations concerning technical data of Dell FCX624-S
- name of the manufacturer and a year of construction of the Dell FCX624-S item
- rules of operation, control and maintenance of the Dell FCX624-S item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Dell FCX624-S alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Dell FCX624-S, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Dell service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Dell FCX624-S.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Dell FCX624-S item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    53-1 002266-0 1 18 M ar ch 2 0 11 Pow e r C o n n e c t B - S e r i e s F C X Configuration Guide[...]

  • Page 2

    Information in this document is subject to change without notice. © 20 11 Dell Inc. All rights reser ved. Repr o duction of these materials in any manner wha tsoever withou t the written permission of Dell Inc. is strictly forbidden. T rademarks used in this text: Dell , the DELL logo, Dell OpenManage a nd PowerConnect are tradema rks of Dell Inc [...]

  • Page 3

    PowerConnect B-Series FCX Configuration Guide iii 53-1002266-01 Contents About This Document Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix Device nomenclature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix Audience . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 4

    iv PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Chapter 2 Configuring Basic Software Features Configuring basic system parame ters . . . . . . . . . . . . . . . . . . . . . . . . 18 Entering system administration inf orm ation . . . . . . . . . . . . . . . 18 Configuring Sim ple Network Management Prot ocol (SNMP) paramet ers . . . .[...]

  • Page 5

    PowerConnect B-Series FCX Configuration Guide v 53-1002266-01 Loading and sa ving configuration files . . . . . . . . . . . . . . . . . . . . . . . 65 Replacing the startup configu ratio n with the running conf iguration 65 Replacing the running configuration with the startup conf iguration 66 Logging changes t o the star tup-config file . . . . . [...]

  • Page 6

    vi PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Viewing information about sof tware licens es . . . . . . . . . . . . . . . . . . 9 1 Viewing the License ID (LID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1 Viewing the license database . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Viewing sof tware packages[...]

  • Page 7

    PowerConnect B-Series FCX Configuration Guide vii 53-1002266-01 Image mismatches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154 Advanced f eature privileges (Po werConnect B-Series FCX ) . . 154 Configuration mismatch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Memor y allocation failure . . . . .[...]

  • Page 8

    viii PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IPv6 management f eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 IPv6 management A CLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 IPv6 debug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 IPv6 W eb [...]

  • Page 9

    PowerConnect B-Series FCX Configuration Guide ix 53-1002266-01 Error disable recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286 Enabling error disable recovery . . . . . . . . . . . . . . . . . . . . . . . .286 Setting the reco ver y interval . . . . . . . . . . . . . . . . . . . . . . . . . . . 286 Displaying the [...]

  • Page 10

    x PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying and modifying syst em pa rameter default settings . . . . 321 Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 32 1 Displaying syst em parameter def ault values . . . . . . . . . . . . . . 32 1 Modifying syste m parameter default v alues . . . .[...]

  • Page 11

    PowerConnect B-Series FCX Configuration Guide xi 53-1002266-01 Chapter 11 Configuring Uni-Directional Link Detection (UDLD) and Protected Link Groups UDLD ov er view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 UDLD f or tagged por ts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .384 Configu[...]

  • Page 12

    xii PowerConnect B-Series F CX Configuration Guide 53-1002266-01 Dynamic link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1 0 IronStack LA CP trunk group configuration e xample . . . . . . . . 4 11 Examples of valid LA CP trunk gr oups . . . . . . . . . . . . . . . . . . . . 4 11 Configuration note s and limitati[...]

  • Page 13

    PowerConnect B-Series FCX Configuration Guide xiii 53-1002266-01 Configuring IP subnet, IPX netw ork, and prot ocol-based VLANs within por t-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454 Configuring an IPv6 pr otocol VLAN . . . . . . . . . . . . . . . . . . . . . . . . .458 Routing betw een VLANs using vir tu al routing in[...]

  • Page 14

    xiv PowerConnect B-Series F CX Configuration Guide 53-1002266-01 Displaying VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500 Displaying VLANs in alphanumeric or der . . . . . . . . . . . . . . . . .500 Displaying syst em-wide VLAN information . . . . . . . . . . . . . . . . 501 Displaying global VLAN inf ormation . .[...]

  • Page 15

    PowerConnect B-Series FCX Configuration Guide xv 53-1002266-01 Configuration note s and featur e limitations . . . . . . . . . . . . . . . . . .529 Configuration exam ple . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530 Configuring MA C-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531 Using MA C-based VLA[...]

  • Page 16

    xvi PowerConnect B-Series F CX Configuration Guide 53-1002266-01 Preserving user input for ACL T CP/UDP por t numbers . . . . . . . . . . 566 Managing A CL comment tex t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .567 Adding a comment t o an entr y in a numbered A CL . . . . . . . . .567 Adding a comment to an entry in a named ACL. .[...]

  • Page 17

    PowerConnect B-Series FCX Configuration Guide xvii 53-1002266-01 QoS f or stackable device s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .595 QoS profile restrictions in an IronStac k . . . . . . . . . . . . . . . . . .595 QoS behavior f or trusting La yer 2 (802. 1p) in an IronStack . .595 QoS behavior f or trusting La yer 3 (DSC[...]

  • Page 18

    xviii PowerConnect B- Series FCX Configuration Guide 53-1002266-01 A CL statistics and rate limit counting . . . . . . . . . . . . . . . . . . . . . . . 6 19 Enabling A CL statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 19 Enabling ACL statistics with rate limiting traf fic policies . . . . . 620 Viewing ACL and rate limi[...]

  • Page 19

    PowerConnect B-Series FCX Configuration Guide xix 53-1002266-01 Rate limiting in hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .644 How Fix ed rate limiting wor ks . . . . . . . . . . . . . . . . . . . . . . . . . .644 Configuration not es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 45 Configuring[...]

  • Page 20

    xx PowerConnect B-Series FCX Configuration Guide 53-1002266-01 General operating principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 7 Operating modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 7 LLDP packe ts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .688 TL V [...]

  • Page 21

    PowerConnect B-Series FCX Configuration Guide xxi 53-1002266-01 PIM Dense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .733 Initiating PIM multicasts on a netw ork . . . . . . . . . . . . . . . . . . .734 Pruning a multicast tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734 Grafts to a m[...]

  • Page 22

    xxii PowerConnect B- Series FCX Configuration Guide 53-1002266-01 Chapter 26 Configuring IP Basic configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .784 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .784 F ull Lay er 3 suppor t . . . . . . . . . . . . . . . .[...]

  • Page 23

    PowerConnect B-Series FCX Configuration Guide xxiii 53-1002266-01 Chapter 27 Configuring Multicast List ening Discovery (MLD) Snooping on PowerConnect B-Series FCX Switches Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .889 Configuration note s . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 24

    xxiv PowerConnect B- Series FCX Configuration Guide 53-1002266-01 Configuring RIP paramet ers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 0 Enabling RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 10 Configuring metric paramet ers . . . . . . . . . . . . . . . . . . . . . . . . . 9 10 Chang[...]

  • Page 25

    PowerConnect B-Series FCX Configuration Guide xxv 53-1002266-01 Configuring OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .930 Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 1 OSPF paramet ers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 1 E[...]

  • Page 26

    xxvi PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying OSPF information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .966 Displaying general OSPF configurat ion information . . . . . . . . 967 Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . .968 Displaying OSPF area inf o rmation . . .[...]

  • Page 27

    PowerConnect B-Series FCX Configuration Guide xxvii 53-1002266-01 Optional configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 004 Changing the K eep Alive Time and Hold T ime . . . . . . . . . . . 1004 Changing the BGP4 ne xt-hop update timer . . . . . . . . . . . . . 1005 Enabling fast e xternal fallo ver . . . . . . . .[...]

  • Page 28

    xxviii PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring rout e flap dampening . . . . . . . . . . . . . . . . . . . . . . . . 1 054 Globally configuring rout e flap dampening . . . . . . . . . . . . . 1 055 Using a ro ute map to config ure route flap dam pening f or specific rout es . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 29

    PowerConnect B-Series FCX Configuration Guide xxix 53-1002266-01 Configuring basic VRRP paramet ers . . . . . . . . . . . . . . . . . . . . . . 111 3 Configuring the Owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 13 Configuring a Back up. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 13 Configuration rules f o[...]

  • Page 30

    xxx PowerConnect B-Series F CX Configuration Guide 53-1002266-01 Setting up local user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . 1154 Enhancements to username and password . . . . . . . . . . . . 1154 Configuring a local user account . . . . . . . . . . . . . . . . . . . . . 1 158 Create passw ord option . . . . . . . . . . . .[...]

  • Page 31

    PowerConnect B-Series FCX Configuration Guide xxxi 53-1002266-01 T CP Flags - edge port security . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 1 Using TCP Flags in combination with other A CL features . . 1202 Chapter 33 Configuring SSH 2 and SCP SSH v ersion 2 suppor t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1[...]

  • Page 32

    xxxii PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802. 1X por t security . . . . . . . . . . . . . . . . . . . . . . . . . 122 7 Configuring an authenti cation method list for 802. 1X . . . . 122 7 Setting RADIUS parame ters . . . . . . . . . . . . . . . . . . . . . . . . . 1228 Configuring dynamic VLAN assign ment f or [...]

  • Page 33

    PowerConnect B-Series FCX Configuration Guide xxxiii 53-1002266-01 Configuring the MA C por t security f eature . . . . . . . . . . . . . . . . . 1264 Enabling the MA C por t security feature . . . . . . . . . . . . . . . . 1265 Setting the maximum number of secure MA C addresses f or an interface . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 34

    xxxiv PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring multi-de vice por t authentication . . . . . . . . . . . . . . . 12 78 Enabling multi-device por t authenti cation . . . . . . . . . . . . . . 12 78 Specifying the f ormat of the MAC addresses sent to the RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 35

    PowerConnect B-Series FCX Configuration Guide xxxv 53-1002266-01 Configuring web authentication options . . . . . . . . . . . . . . . . . . . 1320 Enabling RADIU S accounting for web authentication . . . . . 1320 Changing the login mode (HTTPS or HTT P) . . . . . . . . . . . . . 132 1 Specifying trust ed por ts. . . . . . . . . . . . . . . . . . . [...]

  • Page 36

    xxxvi PowerConnect B-Series FCX Configuration Guide 53-1002266-01 DHCP snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1349 How DHCP snooping w orks . . . . . . . . . . . . . . . . . . . . . . . . . . 1350 System reboot and the binding database . . . . . . . . . . . . . . .135 1 Configuration notes and feature[...]

  • Page 37

    PowerConnect B-Series FCX Configuration Guide xxxvii 53-1002266-01 Displaying SNMP Inf ormation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 77 Displaying the Engine ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 77 Displaying SNMP gr oups . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 77 Displaying user [...]

  • Page 38

    xxxviii PowerConnect B-Series FCX Configuration Guide 53-1002266-01 sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 27 sFlow v ersion 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 42 7 sFlow support for IPv6 pack ets . . . . . . . . . . . . . . . . . . . . . . . 14[...]

  • Page 39

    PowerConnect B-Series FCX Configuration Guide xxxix 53-1002266-01 About This Document Introduction This guide describes the f ollowing prod uct families from Dell: • Po werConnect B-Series FCX Stackable Switches. This guide includes procedures for configuring the sof tware. The sof tware procedures show ho w to per form tasks using the CLI. This [...]

  • Page 40

    xl PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Document conventions This section describes te xt formatting con venti ons and important notice formats u sed in this document. Text formatting The narrative-t ext formatting con ven tions that are used are as f ollows: For readability , comma nd names in the narrative por tions of this[...]

  • Page 41

    PowerConnect B-Series FCX Configuration Guide xli 53-1002266-01 NOTE A note provides a tip, guidance or advice, em phasizes impor tant information, or provides a ref erence to related inf ormation. CAUTION A Caution stat ement aler ts you to s it ua ti on s t ha t c an be p oten ti al ly ha za rdo u s to you or cause damage to har dware, firm ware,[...]

  • Page 42

    xlii PowerConnect B-Series FCX Configuration Guide 53-1002266-01 NOTE If you do not ha ve an active Int ernet conn ection, you can find contact information on yo u r purchase in voice, packing slip, bill, or Dell product catalog. Dell pro vides several online and telephone-based suppor t and service options. Availability varies b y countr y and pro[...]

  • Page 43

    PowerConnect B-Series FCX Configuration Guide 1 53-1002266-01 Chapter 1 Getting Familiar with Management Applications Ta b l e 3 lists the individual Dell Po werConnect switches and the management application f eatures they support. 16 Using the management port NOTE The management port applies t o Po werConnect B-Series FCX de vices. The management[...]

  • Page 44

    2 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using the management port 1 • No packe t received on a management por t is sent t o any in-band port s, and no pack ets received on in-band ports are sent to a management por t. • A management por t is not par t of any VLAN • Pro tocols are not suppo r ted on the management port. ?[...]

  • Page 45

    PowerConnect B-Series FCX Configuration Guide 3 53-1002266-01 Logging on through the CLI 1 22 packets output, 1540 bytres, 0 underruns Transmitted 0 broadcasts, 6 multicasts, 16 unicasts 0 output errors, 0 collisions T o display the management interface information in brief f orm, enter the show int er faces brief management command. Syntax: show i[...]

  • Page 46

    4 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Logging on through the CLI 1 Y ou can initi ate a local T e lnet or SNMP connection by attaching a cable to a port and specifying the assigned management station IP address. The commands in the CLI are orga nized into the following le vels: • User EXEC – Lets you displa y information[...]

  • Page 47

    PowerConnect B-Series FCX Configuration Guide 5 53-1002266-01 Using stack-unit , slot number, an d port number with CLI commands 1 ipx lock-address logging mac --More--, next page: Space, next line: Return key, quit: Control-c The sof tware pr ovides the f ollowing scrolling options: • Press the Space bar t o display the next pag e (one screen at[...]

  • Page 48

    6 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using stack-unit, slot number, an d port number with CLI co mmands 1 • slot number and por t number • stack-unit, slot number , and por t number The follo wi ng sections show which f ormat is suppo r ted on which devices. The po r ts are labelled on the front pan els of the devices. [...]

  • Page 49

    PowerConnect B-Series FCX Configuration Guide 7 53-1002266-01 Using stack-unit , slot number, an d port number with CLI commands 1 Displaying lines that do no t contain a specified string The following command filters the output of the show who command so it dis plays only lines that do not contain the word “closed”. This command can be used to[...]

  • Page 50

    8 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using stack-unit, slot number, an d port number with CLI co mmands 1 T o display lines containing only a spec ified search string (similar t o the include optio n f or show commands) press the plus sign ke y ( + ) at the -- More-- pr ompt and then enter the sear ch string. The filtered r[...]

  • Page 51

    PowerConnect B-Series FCX Configuration Guide 9 53-1002266-01 Using stack-unit , slot number, an d port number with CLI commands 1 TA B L E 5 Special characters f or regular expressions Character Operation . The period matches on any single charact er , including a blank space. For e xample, the f ollowing regular expr ession matches “aaz”, “[...]

  • Page 52

    10 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using stack-unit, slot number, an d port number with CLI co mmands 1 If you want t o filter for a special charact er instea d of using the spec ial character as describe d in the table abov e, enter “” (backslash) in fr ont of the character . For exam ple, to filter on output conta[...]

  • Page 53

    PowerConnect B-Series FCX Configuration Guide 11 53-1002266-01 Logging o n through the Web Manag ement Interface 1 Configuration notes The follo wing conf iguration notes apply t o this feature: • Y ou cannot include ad ditional paramet ers with th e alias at the command prompt. F or example, af te r yo u cr e ate t he shoro alias, shoro bgp w ou[...]

  • Page 54

    12 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Logging on through the Web Management Interface 1 FIGURE 2 Web Management Int er face login dialog The login username and password you ent e r depends on whether your device is configu red with AAA authentication f or SNMP . If AA A authenticati on for SNMP is not configured, you can us[...]

  • Page 55

    PowerConnect B-Series FCX Configuration Guide 13 53-1002266-01 Logging o n through the Web Manag ement Interface 1 FIGURE 3 First panel for Lay e r 3 Switch features NOTE I f y o u a r e u s i n g I n t e r n e t E x p l o r e r 6 . 0 to v i e w t h e W e b M a n a g e m e n t I n t e r fa c e , m a k e s u r e t h e v e r s i o n you are running i[...]

  • Page 56

    14 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Logging on through the Web Management Interface 1 Using the CLI, yo u can modify the appearance of the W eb Management Inter face with the web -m a na ge me nt command. T o cause the Web Management Interface to displa y the List view b y default, enter the f ollowing command. PowerConne[...]

  • Page 57

    PowerConnect B-Series FCX Configuration Guide 15 53-1002266-01 Logging o n through the Web Manag ement Interface 1 NOTE The tree view is a vailable when you use the Web Management Int er face with Ne tscape 4.0 or higher or Internet Explorer 4.0 or higher brow sers. If y ou use the Web Manag ement Inter face with an older browser , the W eb Managem[...]

  • Page 58

    16 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Logging on through Brocad e Network Advisor 1 Logging on through Brocade Network Advisor Refe r to the Brocade® Netw ork Advisor manual f or information about using Br ocade Network Adv is or.[...]

  • Page 59

    PowerConnect B-Series FCX Configuration Guide 17 53-1002266-01 Chapter 2 Configuring Basic Software Features Ta b l e 6 lists the individual Dell Po werConnect switches and the ba sic sof tware features the y suppor t. TA B L E 6 Suppor ted basic software f eatures Feature PowerConnect B-Series FCX Basic System Parameters System name, cont act, and[...]

  • Page 60

    18 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic system parameters 2 Configuring basic system parameters Dell Po werConnect de vices are configured at the fa ctor y with default param eters that allow you to begin using the basic features of the syst em immedi ately . Howev er , many of the advanced f eatures such as[...]

  • Page 61

    PowerConnect B-Series FCX Configuration Guide 19 53-1002266-01 Configuring basic system parameters 2 PowerConnect(config)# hostname zappa zappa(config)# snmp-server contact Support Services zappa(config)# snmp-server location Centerville zappa(config)# end zappa# write memory Syntax: hostname <string> Syntax: snmp-server contact <s tring&g[...]

  • Page 62

    20 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic system parameters 2 T o specify an SNMP trap receiv er and change the UDP port that will be used to receiv e traps, enter a command such as the fo llowing. PowerConnect(config)# snmp-server host 2.2.2.2 0 mypublic port 200 PowerConnect(config)# write memory Syntax: snm[...]

  • Page 63

    PowerConnect B-Series FCX Configuration Guide 21 53-1002266-01 Configuring basic system parameters 2 T o change the holddown time for SNMP traps, ente r a command such as the following at the global CONFIG lev el of the CLI. PowerConnect(config)# snmp-server enable traps holddown-time 30 The command in this example chan ges the holddown time for SN[...]

  • Page 64

    22 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic system parameters 2 • OSPF • VRRP • VRRPE T o stop link do wn occurrences from being reported, ent er the follo wing. PowerConnect(config)# no snmp-server enable traps link-down Syntax: [ no ] snmp-server enable traps <trap-type> Disabling Syslog messages a[...]

  • Page 65

    PowerConnect B-Series FCX Configuration Guide 23 53-1002266-01 Configuring basic system parameters 2 Syntax: show logging The first message (the one on the bottom) indicates that user “dg” logged in to the CLI User EXEC lev el on October 1 5 at 5:38 PM and 3 seconds ( O ct 1 5 1 7 :38:03). The same user logged int o the Privileged EXEC lev el f[...]

  • Page 66

    24 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic system parameters 2 NOTE Dell Po werConnect de vices do not retain time and dat e information across pow er cycles. Unless you want to reconfigure the system time counte r each time the system is reset, Dell Po werConnect recommends that you use the SNT P feature. T o [...]

  • Page 67

    PowerConnect B-Series FCX Configuration Guide 25 53-1002266-01 Configuring basic system parameters 2 Syntax: show sntp status The follo wing table describes the information displa yed by the show sntp status command. Setting the system clock In addit ion to SNTP suppor t, Dell PowerConnect sw itches and routers also allow you to set the system time[...]

  • Page 68

    26 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic system parameters 2 By default, Dell PowerConnect switches and router s do not change the system time for da ylight sa ving time. T o enable daylight sa ving time, enter the f ollowing command. PowerConnect# clock summer-time Syntax: clock summer -time Although SNTP se[...]

  • Page 69

    PowerConnect B-Series FCX Configuration Guide 27 53-1002266-01 Configuring basic system parameters 2 Syntax: [ no ] clock timezone us <timezone-type> Enter pacific, east ern, central, or mountain for <timezone-type> . This command must be configured on every device that f ollows the US DST . T o verify the change, run a show clock comma[...]

  • Page 70

    28 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic system parameters 2 The <num> variable spe cifies the maximum number of packets per second. It can be an y number that is a multiple of 6553 6, up to a maximum value of 2 14 7 4 181 12. If you enter the multicast limi t command, multicast pack ets are included in[...]

  • Page 71

    PowerConnect B-Series FCX Configuration Guide 29 53-1002266-01 Configuring basic system parameters 2 Syntax: show rate-lim it unknown-unicast Use the sho w rate-limit br oadcast command to displa y the broadcast limit or br oadcast and multicast limit f or each po r t to which it applies. Example Syntax: show rate-limit br oadcast Configuring CLI b[...]

  • Page 72

    30 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic system parameters 2 NOTE If you are using a W eb client to vie w the message of the da y , and your banners are v er y wide, with large borders, y ou may need to se t your PC display resolution to a number great er than the wi dth of your banner . For e xample, if your[...]

  • Page 73

    PowerConnect B-Series FCX Configuration Guide 31 53-1002266-01 Configuring basic system parameters 2 T o enable the requirement t o press the Enter k ey after the MO TD is display ed, enter a command such as the fo llowing. PowerConnect(config)# banner motd require-enter-key Syntax: [ no ] banner motd require-ent er-k ey Use the no f orm of the com[...]

  • Page 74

    32 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 Configuring a local MAC address for Layer 2 management traffic By default, La yer 2 de vices use the MA C address of the first por t as the MAC addre ss for La yer 2 management traffic. For exam ple, when the Dell Pow erConnect device receives an ARP [...]

  • Page 75

    PowerConnect B-Series FCX Configuration Guide 33 53-1002266-01 Configuring basic port parameters 2 Modifying port speed and duplex mode The Gigabit Ethernet copper por ts are designed t o auto-sense and auto-negotiat e the speed and duplex mod e of the connected de vice. If the atta ched de vice does not suppor t this operation, you can manually en[...]

  • Page 76

    34 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 Maximum Por t speed advertisement and Por t speed down-shif t are enhancements t o the auto-negotiation f eature, a mechanism for ac commodating multi-speed netw ork devices by automatically configuring the highest per formanc e mode of int er-operati[...]

  • Page 77

    PowerConnect B-Series FCX Configuration Guide 35 53-1002266-01 Configuring basic port parameters 2 Syntax: [ no ] link-config gig copp er aut oneg-control down-shift ethernet <port> [ ethernet <por t> ] | to <por t>... Specify the <por t> v a ri a b l e i n th e fo l l ow in g fo r m a ts : • Po werConnect B-Series FCX sta[...]

  • Page 78

    36 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 T o disa ble select ive auto-negotiation of 100m-auto on por t s 0/1/21 t o 0/1/25 and 0/1/30, en ter the fo llowing. PowerConnect(config)# no link-config gig copper autoneg-control 100m-auto ethernet 0/1/21 to 0/1/25 ethernet 0/1/30 Configuring maxim[...]

  • Page 79

    PowerConnect B-Series FCX Configuration Guide 37 53-1002266-01 Configuring basic port parameters 2 • 10 0 - h a l f • auto (default) Configuring MDI/MDIX Dell Po werConnect de vices suppor t automati c Media Dependent Int er face (MDI) and Media Dependent Int er face Crosso ver (MDIX) det ection on all Gbps Ethernet Copper ports. MD I/M DIX is [...]

  • Page 80

    38 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 Disabling or re-enabling a port A por t can be made inactive (disable) or active (enable) b y selecting t he appropriat e status option. The default value f or a por t is enabled. T o disable por t 8 of a Dell Po werConnect device , enter the fo llowi[...]

  • Page 81

    PowerConnect B-Series FCX Configuration Guide 39 53-1002266-01 Configuring basic port parameters 2 Disabling or re-enabling flow control Y ou can configure the Dell P owerConnect de vice to operat e with or without flow contr ol. Flow contro l is enabled by def ault glob ally and on all full-duplex por t s. Y ou can disable and re-enable flow contr[...]

  • Page 82

    40 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 Displaying flow-control status The show inter face <port> command displays configuration, operation, and negotiation status where applicable. For e xample, on a Pow erConnect Stackable device, issuing the command f o r 1 0/100 /1000M port 0/1/2 [...]

  • Page 83

    PowerConnect B-Series FCX Configuration Guide 41 53-1002266-01 Configuring basic port parameters 2 Symmetric flow control addresses the requirements of a lossless ser vice class in an Internet Small Computer System Interface (iSCSI) envir onment. It is suppor ted on FCX standalone units as well as on all FCX units in an IronStack. About XON and XOF[...]

  • Page 84

    42 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 • The following QoS f eatures are not suppor ted together with symmetric flow control: - Dynamic buffer allocation (CLI commands qd-descript or and qd-buf f er ) - Buffer profiles (CLI command buffer -profile por t-region ) - DSCP-based QoS (CLI com[...]

  • Page 85

    PowerConnect B-Series FCX Configuration Guide 43 53-1002266-01 Configuring basic port parameters 2 Syntax: symmetric-flow-control set 1 | 2 x o f f <%> xon <%> symmetric-flow-contr ol set 1 sets the XOFF and X ON limits for 1G ports. symmetric-flow-contr ol set 2 sets the XOFF and X ON limits for 1 0G por ts. For xof f <%>, the &l[...]

  • Page 86

    44 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 Configuring PHY FIFO Rx and Tx depth PHY devices on PowerConnect B-Series FCX devi ces contain transmit an d receiv e synchronizing FIFOs t o adjust for frequency differences between clocks. The phy-fifo-depth command allows y ou to config ure the dep[...]

  • Page 87

    PowerConnect B-Series FCX Configuration Guide 45 53-1002266-01 Configuring basic port parameters 2 Syntax: [ no ] ipg <value> For val ue , ent er a number in the range fr om 48-120 bit times in multiples of 8. The default is 96. As a result of the abo ve configuration, the ou tput fr om the show interface Ethernet 0/1/2 1 command is as f ollo[...]

  • Page 88

    46 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 Chassis-based and Stackable devices NOTE The f ollowing procedure applies t o Stackable devices and to Chassis-based 1 00/100 0 Fiber interface modules only . The CLI syntax f or enab ling and disabling 10 0B aseFX suppor t on these devic es dif fers [...]

  • Page 89

    PowerConnect B-Series FCX Configuration Guide 47 53-1002266-01 Configuring basic port parameters 2 NOTE When Gbps negotiation mode is turned of f (CLI command gig-default neg- of f ), the Dell device may inadvertently take do wn both ends of a link . This is a hardware limitation f or which there is currently no workar ound. Modifying port priority[...]

  • Page 90

    48 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 Enabling dynamic configuration of a Voice over IP (VoIP) phone Y ou can create a v oice VLAN ID for a port, or for a gr oup of por ts. T o create a v oice VLAN ID for a po r t, ent er commands such as the follo wing. PowerConnect(config)# interface et[...]

  • Page 91

    PowerConnect B-Series FCX Configuration Guide 49 53-1002266-01 Configuring basic port parameters 2 If the port link state toggles from up to down f or a specified number of times within a specified period, the int er face is physically disabled f or th e specified wait perio d. Once the wait period expire s, the por t link state is re-enabled. Howe[...]

  • Page 92

    50 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 PowerConnect(config)# interface ethernet 2/1 PowerConnect(config-if-e10000-2/1)# no link-error-disable 10 3 10 Displaying ports configured with port flap dampening Por ts that hav e bee n disabled du e to the por t flap dampening f eature are iden tif[...]

  • Page 93

    PowerConnect B-Series FCX Configuration Guide 51 53-1002266-01 Configuring basic port parameters 2 Syntax: show link-err or-disable [all ] Example The line “L ink Error Dampening” d isplays “Enabled” if por t flap dampening is enabled on the por t or “Disabled” if the f eature is disabled on the po r t. The f eature is enabled on the po[...]

  • Page 94

    52 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 Port loop detection This feature allo ws the Dell Pow erConnect device t o disable a por t that is on the receiving end of a loop by sending test pack ets. Y ou can conf igure th e time period during which test packets are sent. Strict mode and loose [...]

  • Page 95

    PowerConnect B-Series FCX Configuration Guide 53 53-1002266-01 Configuring basic port parameters 2 loops because S TP cannot pre vent loops across diff erent VLANs. In these instances, the por ts are not block ed and loop detection is able t o send out pr obe packets in one VL AN and receive pack ets in another VLAN. In this wa y, lo op detection r[...]

  • Page 96

    54 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 The abov e command will cause the Dell Pow erConnect device t o automatically re-enable por ts that were disable d because of a loop detection. By def ault, the device will w ait 300 seconds before re-enabling the por ts. Y ou c an optionally change t[...]

  • Page 97

    PowerConnect B-Series FCX Configuration Guide 55 53-1002266-01 Configuring basic port parameters 2 If a por t is errdisabled in Strict mode, it shows “ERR -DISABLE b y itself”. If it is errdisabled due to its associated vlan, it shows “ERR-DISABLE b y vlan ?” The f ollowing command displays the current disa bled ports, including the cause a[...]

  • Page 98

    56 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring basic port parameters 2 Syslog message The follo wing me ssage is logged when a por t is disa bled due to loop de tection. This message also appears on the cons ole. loop-detect: port ??? vlan ?, into errdisable state The Errdisab le function logs a mess age whenever it re[...]

  • Page 99

    PowerConnect B-Series FCX Configuration Guide 57 53-1002266-01 Chapter 3 Operations, Administra tion, and Maintenance Ta b l e 1 2 lists the individual Dell Po werConnect swit ches and the operations, administration, and maintenance f eatures they suppor t. Overview For easy software image management, all Dell Po werConnect de vices suppor t the do[...]

  • Page 100

    58 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Determining the software versions installed and running on a device 3 Y ou can updat e the sof tware cont ained on a flas h module using TFTP t o copy the updat e image from a TFTP ser ver ont o the flash module. In addition, you can cop y sof tware images and configuration files from a[...]

  • Page 101

    PowerConnect B-Series FCX Configuration Guide 59 53-1002266-01 Determining the software versions in stalled and running on a device 3 Determining the boot image version running on the device T o determine the boot imag e running on a device, enter the show flash command at any le vel of the CLI. The f ollowing show s an example output. PowerConnect[...]

  • Page 102

    60 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Determining the software versions installed and running on a device 3 CLI commands Use the f ollowing command syntax to verify the flash image: Syntax: verify md5 | sha1 | crc32 <ASCII s t ring> | primary | secondar y [ <hash code> ] • md5 – Generates a 1 6-byte hash cod[...]

  • Page 103

    PowerConnect B-Series FCX Configuration Guide 61 53-1002266-01 Image file types 3 Image file types This section lists t he boot and flash image file types suppor ted and how to install them on the PowerC on nec t fa mi ly of swi tc hes . For inf ormation abo ut a specific version of code, ref er to the release note s. Viewing the contents of flash [...]

  • Page 104

    62 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using SNMP to upgrade software 3 Syntax: copy flash console < filename > For < filename >, ent er the name of a file stored in flash memor y . Using SNMP to upgrade software Y ou can use a thir d-par ty SNMP management application to upg rade sof tware on a Pow erConnect dev[...]

  • Page 105

    PowerConnect B-Series FCX Configuration Guide 63 53-1002266-01 Changing the block size for TFTP file transfers 3 1. Configure a read-writ e community string on the Dell Pow erConnect device, if one is not already configured. T o configure a read -write community string, enter the f ollowing command fr om the global CONFIG level of the CLI. snmp-ser[...]

  • Page 106

    64 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Rebooting 3 Rebooting Y ou can use boot commands t o immediately initia t e sof tware boots from a sof tware image stored in primar y or secondary flash on a Dell PowerConne ct device or fr om a BootP or TFTP server . Y ou can test ne w versions of code on a Dell Pow erConne ct de vice [...]

  • Page 107

    PowerConnect B-Series FCX Configuration Guide 65 53-1002266-01 Loading and saving configuration files 3 The results of the show run command f or the configured exam ple above appear as follows. PowerConnect #show run Current Configuration: ! ver 7.2.00aT7f1 ! module 1 FCX-48-port-management-module module 2 FCX-xfp-2-port-16g-module module 3 FCX-xfp[...]

  • Page 108

    66 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Loading and saving configuration files 3 T o replace the star tup configuration with the running configuration, enter the f ollowing command at any Enable or CONFIG command pr ompt. PowerConnect#write memory Replacing the running configuration with the startup configuration If you want [...]

  • Page 109

    PowerConnect B-Series FCX Configuration Guide 67 53-1002266-01 Loading and saving configuration files 3 Dynamic configuration loading Y ou can load dynamic configuration commands (com mands that do not require a reload to tak e effect) fr om a file on a TFTP ser ver i nto the running-config on the Dell Pow erConnect device. Y ou can make configurat[...]

  • Page 110

    68 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Loading and saving configuration files 3 NOTE If you cop y -and-paste a configuration into a management session, the CLI ignores the “ ! “ instead of chang ing the CLI to the global CONF IG level. As a result, you might get different results if you copy-and-paste a conf iguration in[...]

  • Page 111

    PowerConnect B-Series FCX Configuration Guide 69 53-1002266-01 Loading and saving configuration files with IPv6 3 • Alwa ys use the end command at the en d of the file . The end command must appear on the last line of the file, by itself. Loading the configuration info rmation into the running-config T o load the file fr om a TFTP ser ver , use e[...]

  • Page 112

    70 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Loading and saving configuration files with IPv6 3 • Copy a file from an IPv6 TFTP server to a specified destination Copying a file to an IPv6 TFTP server Y ou can copy a file from the f ollowing sources t o an IPv6 TFTP ser ver: • Flash memor y • Running configuration • Star tu[...]

  • Page 113

    PowerConnect B-Series FCX Configuration Guide 71 53-1002266-01 Loading and saving configuration files with IPv6 3 • Flash memor y • Running configuration • Star tup configura tion Copying a file to flash memory For e xample, to copy a boot image from an I Pv6 TFTP ser ver t o the primar y or secondar y storage location in the device flash mem[...]

  • Page 114

    72 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Loading and saving configuration files with IPv6 3 • Copy a primar y or sec ondar y boot image from flash memor y to an IPv6 TFTP s er ver . • Copy the running configuratio n to an IPv6 TFTP server . • Copy the star tup conf iguration to an IPv6 TFTP server • Upload various file[...]

  • Page 115

    PowerConnect B-Series FCX Configuration Guide 73 53-1002266-01 Loading and saving configuration files with IPv6 3 • Star tup configura tion. Uploading a primary or secondary boo t image from an IPv6 TFTP server For e xample, to upload a primary or secondary boot image from an IPv6 TFTP server t o a device flash memory, ent er a command such as th[...]

  • Page 116

    74 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Scheduling a system reload 3 1. Configure a read-writ e community string on the Dell Pow erConnect device, if one is not already configured. T o configure a read -write community string, enter the f ollowing command fr om the global CONFIG level of the CLI. snmp-server community <str[...]

  • Page 117

    PowerConnect B-Series FCX Configuration Guide 75 53-1002266-01 Diagnostic error codes and remedies for TFTP transfers 3 Reloading after a specific amount of time T o schedule a system reload to occur af ter a spec ific amount of time has passed on the syst em clock, use reload af ter command. For e xample, t o schedule a system reload fr om the sec[...]

  • Page 118

    76 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Testing network connectivity 3 Testing network connectivity Af ter you install the network cables, you can test netw ork connect ivity to o ther devices by pinging those devices. Y ou also can ob serve the LEDs relat ed to network c onnection and per form trace rou te s. Pinging an IPv4[...]

  • Page 119

    PowerConnect B-Series FCX Configuration Guide 77 53-1002266-01 Testing network connectivity 3 The source < ip addr > specifies an IP address to be used as the origin of the ping packe ts. The count < num > paramet er specifies how many ping pack ets the device sends. Y ou can specify from 1 – 4294967296. The def ault is 1. The timeout[...]

  • Page 120

    78 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Testing network connectivity 3 Tracing an IPv4 route NOTE This section describes the IPv4 tracer oute command. For details about IPv6 tracer oute , ref er to “IPv6 T racerout e” on page 253. Use the tracerout e command to determine the path thr ough which a Dell Pow erConnect device[...]

  • Page 121

    PowerConnect B-Series FCX Configuration Guide 79 53-1002266-01 Chapter 4 Software-based Licensing Ta b l e 1 4 lists the individual Dell PowerConnect swit ches and the software licensing features the y suppor t. Software license terminology This section defines the k ey terms used in this chapter . • Entitlement cer tificate – The pr oo f-of-pu[...]

  • Page 122

    80 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Software-based lic ensing overview 4 Software-based licensing overview With the introduction of softwar e-based licensing , one or more valid software licenses are required to run such licensed features on the device. Dell Po werConnect devic es suppor t sof tware-bas ed licensing will [...]

  • Page 123

    PowerConnect B-Series FCX Configuration Guide 81 53-1002266-01 Licensed features and part numbers 4 For a list of features supported with these image s, refer t o the release notes. Licensed features and part numbers Ta b l e 1 6 lists the suppor ted licensed f eatures, asso ciated image filenames, and related par t numbers. NOTE There are no chang[...]

  • Page 124

    82 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Licensed features and part numbers 4 For e xample, if stack member unit 4 do es not ha ve a license to run BGP whereas the Active contro ller does, unit 4 has an in ferior license and will not be allow ed to join the stack. Likewise, if unit 4 has a license t o run BGP whereas the Ac ti[...]

  • Page 125

    PowerConnect B-Series FCX Configuration Guide 83 53-1002266-01 Configuration tasks 4 Configuration tasks This section describes the configuration tasks for generating and obtaining a sof tware license, then installing it on the Dell PowerConnect de vice. Perform the tasks in the order list ed in Ta b l e 17 . Obtaining a license The procedures in t[...]

  • Page 126

    84 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuration tasks 4 Figure 5 shows the Sof tware Portal Login window . FIGURE 5 Brocade Software Portal Login window[...]

  • Page 127

    PowerConnect B-Series FCX Configuration Guide 85 53-1002266-01 Configuration tasks 4 Figure 6 shows the License Management Welcome window that appears af ter logging in t o the software por tal. F rom this window , mouse ov er the License Management banner , then IP/Ethernet , then click on License Generation with T ransaction k ey . FIGURE 6 Licen[...]

  • Page 128

    86 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuration tasks 4 Figure 7 shows the IP/Ethernet License Generation window f or generating a license using a transaction k ey and LID. FIGURE 7 IP Ethernet License Generation window Enter the required inf ormation in each text box shown in Figure 7. • For a description of the fiel[...]

  • Page 129

    PowerConnect B-Series FCX Configuration Guide 87 53-1002266-01 Configuration tasks 4 Press the Generate butt on to generate the license. Fi gure 8 sho ws the results window , which displays an or der summar y and the results of the license re quest. • If the license request was successful, the “Status” fi eld will indicate Success and the “[...]

  • Page 130

    88 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Deleting a li cense 4 Installing a license file Once you obtain a license f ile, place it on a TFTP or SCP ser ver to which the Dell PowerConnect device has access, then use T FTP or SCP to copy the fi le to the license database of the Dell PowerC on nec t d evic e. Using TFTP to instal[...]

  • Page 131

    PowerConnect B-Series FCX Configuration Guide 89 53-1002266-01 Other licensing options availab le from the Brocade Software Portal 4 Other licensing options available from the Brocade Software Portal This section describes other sof tware licensing ta sks suppor ted from the Brocade software por tal. Viewing software license information Y ou can us[...]

  • Page 132

    90 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Transferring a license 4 Figure 1 0 shows an exam ple of the license query results. FIGURE 1 0 License Quer y results window In this ex ample, the line items f or Leve l 1 display har dware-related information and the line it ems fo r Lev el 2 display software-related inf ormation. If t[...]

  • Page 133

    PowerConnect B-Series FCX Configuration Guide 91 53-1002266-01 Viewing information abo ut software licenses 4 Viewing information about software licenses This section describes the show commands associat ed with sof t ware licensing. These com mands are issued on the Dell P owerConnect de vice, at any lev el of the CLI. NOTE Y ou can also view info[...]

  • Page 134

    92 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Viewing information about so ftware licenses 4 Viewing the license database T o display general inf ormation about all sof twa re licenses in the li cense database, use the show license command. The following sho ws example output. T o display detailed inf orm ation ab out a par ticular[...]

  • Page 135

    PowerConnect B-Series FCX Configuration Guide 93 53-1002266-01 Viewing information abo ut software licenses 4 Viewing software packages installed in the device Use the sho w version command t o view the software packages that are currently installed in the devic e. NOTE The software package name is not the same as the license name. Ta b l e 2 0 lis[...]

  • Page 136

    94 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Viewing information about so ftware licenses 4[...]

  • Page 137

    PowerConnect B-Series FCX Configuration Guide 95 53-1002266-01 Chapter 5 Stackable Devices Ta b l e 2 1 lists the individual Dell Po we rConnect switches and the Iron stack features the y suppor t. IronStack overview This section gives a brief overview of IronStack technology , including IronStack terminology . This section also lists the Pow erCon[...]

  • Page 138

    96 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IronStack overview 5 • Active Controller, Standby Contr o lle r, and member units in a stack • Active Contr oller management of entire stack • Active Controller download of software images to all stack units • Standby Contr oller for stack redundancy • Active Controller mainte[...]

  • Page 139

    PowerConnect B-Series FCX Configuration Guide 97 53-1002266-01 IronStack overview 5 show , stack, and a fe w debug commands. When the stack is f ormed, all local consoles are directed t o the Active Controller, which can access the entire CLI. The last line of output fr om the show version command indicates the role of a unit, unless it is a standa[...]

  • Page 140

    98 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Building an IronStack 5 • Static Configurat ion - A configuration that remains in the da tabase of the Activ e Cont roller e ven if the unit it refers t o is remov ed from the st ack. Static configurations are derived from the star tup configuration file during the boot sequ ence, are[...]

  • Page 141

    PowerConnect B-Series FCX Configuration Guide 99 53-1002266-01 Building an IronStack 5 FIGURE 1 1 P owerConnect B-Series FCX linear and ring stack topologies FIGURE 12 PowerConnect B-FCX-E ring topology stack using SFP+ module por ts 1357 9 1 1 1 3 1 5 1 7 1 9 2 1 2 3 2 4 6 8 10 12 14 16 18 20 22 24 Reset 1 PS 2D i a g Console Mgmt 25 27 29 31 33 3[...]

  • Page 142

    100 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Building an IronStack 5 FIGURE 13 Pow erConnect B-FCX-E linear topology stack using SFP+ module ports FIGURE 1 4 Mixe d linear stack of PowerConnect B-FC X-E devices and P owerConnect B-FCX-S devices Software requirements All units i n an IronStack must be running the same sof tware v [...]

  • Page 143

    PowerConnect B-Series FCX Configuration Guide 101 53-1002266-01 Building an IronStack 5 1. Use the secure-setup utility to f orm your stack. Secure-setup giv es you contr ol over the design of your stack topology and provides security through pa ssword v erificat ion. For the secure-setup procedure, ref er to “Scenario 1 - Conf iguring a three-me[...]

  • Page 144

    102 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Building an IronStack 5 • Authentication of secure-setup packets pr ovides verification that these pack ets are from genuine Dell stack unit. MD5- based por t verification confirms stacking por ts. • Superuser password is required t o allow passwo rd-pr otect ed devices t o become [...]

  • Page 145

    PowerConnect B-Series FCX Configuration Guide 103 53-1002266-01 Building an IronStack 5 5. Ent e r the stack secure-setup co mmand. As s hown In the following example, this com mand triggers a Dell pr oprietar y discovery prot ocol that begins the disco ver y proce s s in both upstream and downstream direct ions. The discovery process prod uces a l[...]

  • Page 146

    104 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Building an IronStack 5 1 S FCX648 active 00e0.52ab.cd00 128 local Ready 2 D FCX624 standby 0012.f2d5.2100 60 remote Ready 3 D FCX624 member 0012.f239.2d40 0 remote Ready active standby +---+ +---+ +---+ -2/1| 1 |3/1--2/1| 2 |3/1--2/2| 3 |2/1- +---+ +---+ +---+ Current stack management[...]

  • Page 147

    PowerConnect B-Series FCX Configuration Guide 105 53-1002266-01 Building an IronStack 5 7 . When the Active Contr oller has finished the auth entication pr ocess, you will see output that shows the suggested assigned stack IDs f or each member . Y ou can accept these recommendations, or y ou can manual ly conf igure stack IDs. Enter the show stack [...]

  • Page 148

    106 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Building an IronStack 5 Follow the st e ps given below to c onfigure a three-m ember IronStack in a ring topology using automatic setup process. 1. P ower on the devices. 2. This pr ocess requires clean devices (e xcept fo r the Active Contr oller) th at do not contain any configuratio[...]

  • Page 149

    PowerConnect B-Series FCX Configuration Guide 107 53-1002266-01 Building an IronStack 5 PowerConnect# show running config Current configuration: ! ver 07.2.00a ! stack unit 1 module 1 FCX-24-port-management-module priority 255 stack unit 2 module 1 FCX-24-port-management-module priority 240 stack unit 3 module 1 FCX-24-port-management-module stack [...]

  • Page 150

    108 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Building an IronStack 5 Scenario 3 - Configuring a three-member IronStack in a ring topology using the manual configuration process NOTE For more detailed information about configuring an Pow erConnect B-Series FCX IronStack, see “Configuring an FCX Ir onStack” on page 109 Follo w [...]

  • Page 151

    PowerConnect B-Series FCX Configuration Guide 109 53-1002266-01 Building an IronStack 5 For more inf ormation abou t cabling the devices, ref er to the appropriat e hardware installation guides. NOTE This method does not guarant ee sequential stack IDs. I f yo u w a n t t o c h a n g e s t a c k I D s t o m a k e t h e m sequential, y ou can use se[...]

  • Page 152

    110 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Building an IronStack 5 NOTE If you are adding PowerCo nnect B-Series FCX-E or P owerConnect B-Series FCX-I devices to a stack containing Pow erConnect B-Seri es FCX-S devices, y ou must reconf igure the stacking por ts on the Po werConnect B-Series FCX-S de vices to be the 1 0 Gbps po[...]

  • Page 153

    PowerConnect B-Series FCX Configuration Guide 111 53-1002266-01 Building an IronStack 5 0 runts, 0 giants 0 packets output, 0 bytes, 0 underruns Transmitted 0 broadcasts, 0 multicasts, 0 unicasts 0 output errors, 0 collisions Relay Agent Information option: Disabled Changing PowerConnect B-Series FC X-S and PowerConnect B-Series FCXS-PowerConnect B[...]

  • Page 154

    112 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Building an IronStack 5 Secure-setup pr obe packets can be receiv ed by a def ault por t whether or not it is acting as a stacking por t. Stacking pack ets can be only receiv ed b y a stacking por t (which is also always a default por t). In ord er to use stacking por ts that are not d[...]

  • Page 155

    PowerConnect B-Series FCX Configuration Guide 113 53-1002266-01 Building an IronStack 5 NOTE Do not connect stacking ports to non-stacking por ts. Stacking por ts have a p roprietar y pack et format that render s them incompat ible with regular ports even when the y are forwarding regular pack ets. In linear topologies, mak e sure that end units ha[...]

  • Page 156

    114 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Building an IronStack 5 If you ent er an incorrect stack por t number , yo u will get an error similar to the f o llowing. PowerConnectconfig-unit-3)# stack-port 3/4/1 Error! port 3/4/1 is invalid PowerConnect(config-unit-3)# stack-port 3/2/1 T o return both por ts to stacking status, [...]

  • Page 157

    PowerConnect B-Series FCX Configuration Guide 115 53-1002266-01 Building an IronStack 5 Stack unit 3 Power supply 1 is up Stack unit 3 Power supply 2 is down Config changed due to add/del units. Do write mem if you want to keep it Election, was active, no role change, assigned-ID=1, total 3 units, my priority=128 PowerConnect# Config changed due to[...]

  • Page 158

    116 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Building an IronStack 5 Use the no form o f t he c omm an d to rever t to th e 4-by te E th ern et pr eam bl e. Verifying an IronStack configuration Verifying an PowerConnect B-Seri es FCX IronStack configuration The follo wing output shows an example configurat ion of an P owerConnect[...]

  • Page 159

    PowerConnect B-Series FCX Configuration Guide 117 53-1002266-01 Building an IronStack 5 P-ENGINE 1: type DB90, rev 01 ========================================================================== UNIT 4: SL 2: FCX-2XGC 2-port 16G Module (2-CX4) ========================================================================== UNIT 4: SL 3: FCX-2XG 2-port 16G [...]

  • Page 160

    118 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 Managing your IronStack Y our IronStack can be managed thr ough a single IP address. Y ou can manage the stack using this IP address ev en if you remo ve the Ac tive Controll er or any member from the stack. Y ou can also connect to the Activ e Controller thro[...]

  • Page 161

    PowerConnect B-Series FCX Configuration Guide 119 53-1002266-01 Managing your IronStack 5 on the Activ e Controller physical console port during a reload will no t be visible on the console ports of the stack members bec ause the remote c onnect ions are not established until the sof tware loading process is c omplete. It is pref erable to co nnect[...]

  • Page 162

    120 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 PowerConnect# rconsole 2 Connecting to unit 2... (Press Ctrl-O X to exit) rconsole-2@PowerConnect#show stack ID Type Role Mac Address Prio State Comment 2 S FCX624P standby 0012.f2e2.ba40 0 local Ready rconsole-2@PowerConnect# exit rconsole-2@PowerConnect> [...]

  • Page 163

    PowerConnect B-Series FCX Configuration Guide 121 53-1002266-01 Managing your IronStack 5 NOTE For hitless stacking failo ver , Dell recommends th at you configure the IronStack MAC address using the stack mac command. Without this configurati on, the MA C address of the stack will change to the new base MA C address of the Active Contr oller . Thi[...]

  • Page 164

    122 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 Fan 1 ok Fan 2 ok --More--, next page: Space, next line: Return key, quit: Control-c NOTE For field descriptions for the sho w chassis command, ref er to “Dis playing chassis inf o rmation” on page 133. Removing MAC address entries Y ou can remove the f ol[...]

  • Page 165

    PowerConnect B-Series FCX Configuration Guide 123 53-1002266-01 Managing your IronStack 5 IronStack unit priority A un it w it h a h igh er pri ori ty i s m ore likel y to b e el ec ted Ac tive Con trol ler . T he p rio rit y va lue can be 0 to 255 with a priority of 255 being the highest. The default priority value assigned t o the Activ e Control[...]

  • Page 166

    124 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 CLI command syntax CLI syntax that ref ers to stack units mu st contain all of the f ollowing parameters: <stack -unit>/<slotnum>/<por tnum> • <stack-unit> - If the device is operating as a standalo ne, the stack-unit wil l be 0 or 1.[...]

  • Page 167

    PowerConnect B-Series FCX Configuration Guide 125 53-1002266-01 Managing your IronStack 5 Stacking mode When a unit is stack-enabled or jo ins a stack either actively or passi vely , it reser ves priority queue 7 for stacking traf f ic control, assigns buffers f or th e stacking por ts, and configures the first two 1 0 Gbps por ts as stacking por t[...]

  • Page 168

    126 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 NOTE The two le f t por ts on the Four -por t 1 0Gbps SFP+ module do not pass regular Eth ernet traf fic by default. The stack disable command must be ente red at the global le vel and the stack disable command must be co nfigured on these two port s in order [...]

  • Page 169

    PowerConnect B-Series FCX Configuration Guide 127 53-1002266-01 Managing your IronStack 5 Available UPSTREAM units Hop(s) Type Mac Address 1 FCX624 0012.f2d5.2100 2 FCX624 001b.ed5d.9940 Available DOWNSTREAM units Hop(s) Type Mac Address 1 FCX624 001b.ed5d.9940 2 FCX624 0012.f2d5.2100 Do you accept the topology (RING) (y/n)?: n Available UPSTREAM u[...]

  • Page 170

    128 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 T o reverse the part itioning, reconnect all of the units into the original stack topology using the stacking por ts. This is the same as merging stacks . If the original Active Contr oller again has the highest priority , it will regain its role. If two part [...]

  • Page 171

    PowerConnect B-Series FCX Configuration Guide 129 53-1002266-01 Managing your IronStack 5 the stack MA C address changes. During this configur ed int er val, if the previo us Active Controller is reinstalled in the stack, the stack continues to use the MA C address of this unit, ev en though it may no longer be the Active Contr oller. If the previo[...]

  • Page 172

    130 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 priority 40 stack enable stack persistent-mac 60 T o display the stack MA C addresses, ent er the show stack command. PowerConnect(config)# show stack alone: standalone, D: dynamic config, S: static config ID Type Role Mac Address Prio State Comment 1 S FCX648[...]

  • Page 173

    PowerConnect B-Series FCX Configuration Guide 131 53-1002266-01 Managing your IronStack 5 • me - unconfigure this unit only • clean - remov es all star tup configu ration files incl uding v4 and v5 and m akes this a clean unit NOTE The stack unconf igure me command is available t o all un its, while stack unconfigure all and stack unconfigure &[...]

  • Page 174

    132 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 Compressed Pri Code size = 3034232, Version 05.0.00T7e1 (FCX05000.bin) Compressed Sec Code size = 2873523, Version 04.2.00aT7e1 (FCX04200a.bin) Compressed BootROM Code size = 403073, Version 03.0.00T7e5 Code Flash Free Space = 24117248 Stack unit 3: Compressed[...]

  • Page 175

    PowerConnect B-Series FCX Configuration Guide 133 53-1002266-01 Managing your IronStack 5 Dynamic memory: 238026752 bytes total, 182820504 bytes free, 23% used Stack unit 8: Total DRAM: 268435456 bytes Dynamic memory: 238026752 bytes total, 182811440 bytes free, 23% used PowerConnect# Syntax: show memory Ta b l e 2 5 describes the fields disp la y [...]

  • Page 176

    134 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 Fan 1 ok Fan 2 ok Exhaust Side Temperature Readings: Current temperature : 31.5 deg-C Warning level.......: 85.0 deg-C Shutdown level......: 90.0 deg-C Intake Side Temperature Readings: Current temperature : 32.0 deg-C Boot Prom MAC: 0012.f2db.e500 Syntax: sho[...]

  • Page 177

    PowerConnect B-Series FCX Configuration Guide 135 53-1002266-01 Managing your IronStack 5 S8:M2 FCX-1XG 1-port 16G Module (1-XFP) OK 1 0012.f2eb.d570 S8:M3 FCX-1XG 1-port 16G Module (1-XFP) OK 1 0012.f2eb.d571 PowerConnect(config)# Syntax: s how module Ta b l e 27 describes the fields displa yed in this output example. Displaying stack resource inf[...]

  • Page 178

    136 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 The show stack command displays general info rm ation abou t an IronStack, for all members, f or a specified member , and with addi tional detail if required. The f ollowing output co vers the ent ire stack. PowerConnect(config)# show stack alone: standalone, [...]

  • Page 179

    PowerConnect B-Series FCX Configuration Guide 137 53-1002266-01 Managing your IronStack 5 Ta b l e 3 0 describes the output fr om the show st ack detail command (in addition to the show sta ck command fields shown in the previous table). Displaying stack flash information Use the show st ack flash command t o display inf ormation abou t flash memor[...]

  • Page 180

    138 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 Syntax: show stack flash Displaying stack rel-IPC statistics Use the show stack rel-ipc stats command to displa y session statistics for stack units. PowerConnect# show stack rel-ipc stats Reliable IPC statistics: Global statistics: Pkts rcvd w/no session: 2 M[...]

  • Page 181

    PowerConnect B-Series FCX Configuration Guide 139 53-1002266-01 Managing your IronStack 5 Msgs sent: 0, Msgs received: 0 Atomic batches sent: 0, Atomic batches received: 0 Pkts sent: 1, Pkts received: 6 Msg bytes sent: 0, Msg bytes received: 0 Pkt bytes sent: 12, Pkt bytes received: 72 Flushes requested: 0, Suspends: 0, Resumes: 0 Packets sent with[...]

  • Page 182

    140 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 Session state: established (last established 31 minutes 11 seconds ago) Connections established: 1 Remote resets: 0, Reset packets sent: 0 Connection statistics (for current connection, if established): Msgs sent: 955, Msgs received: 489 Atomic batches sent: 0[...]

  • Page 183

    PowerConnect B-Series FCX Configuration Guide 141 53-1002266-01 Managing your IronStack 5 Pkts sent: 8, Pkts received: 13 Msg bytes sent: 123, Msg bytes received: 20V Pkt bytes sent: 232, Pkt bytes received: 296 Flushes requested: 2, Suspends: 0, Resumes: 0 Packets sent with data (DAT), ACKs, and window updates (WND) Other: 5, ACK: 1, WND: 0, ACK+W[...]

  • Page 184

    142 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 Other: 1, ACK: 0, WND: 0, ACK+WND: 0 DAT: 0, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0 Data retransmits done: 0, Zero-window probes sent: 0 Dup ACK pkts rcvd: 7, Pkts rcvd w/dup data: 0 Pkts rcvd w/data past window: 0 Session statistics, unit 3, channel 3: Sessio[...]

  • Page 185

    PowerConnect B-Series FCX Configuration Guide 143 53-1002266-01 Managing your IronStack 5 Ta b l e 3 2 describes the output fr om the show st ack neighbors command. Displaying stack port information The show stack stack-por ts command displays inf ormatio n about stack por t status. Syntax: show stack stack-ports Ta b l e 3 3 describes the output f[...]

  • Page 186

    144 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 module 3 FCX-xfp-1-port-16g-module priority 128 stack enable ! Syntax: show runni ng-config Ta b l e 3 4 describes the output fr om the show running-config command. Displaying configur ed stacking ports The stacking por ts may displa y in the output fr om the [...]

  • Page 187

    PowerConnect B-Series FCX Configuration Guide 145 53-1002266-01 Managing your IronStack 5 (3054675 bytes) from Primary FCX05000.bin BootROM: Version 04.0.00T7e5 (FEv2) HW: Chassis FCX648 ========================================================================== STACKID 1: SL 1: FCX-24G 24-port Management Module Serial #: PR11060248 P-ASIC 0: type D[...]

  • Page 188

    146 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 Syntax: show interfaces stack-por ts Ta b l e 3 5 describes the fields displa yed by the sho w i nterfaces stack-por ts comm and. Displaying stacking port statistics The show statistics stack-por ts command displays inf orma tion ab out all stacking por ts in [...]

  • Page 189

    PowerConnect B-Series FCX Configuration Guide 147 53-1002266-01 Managing your IronStack 5 Syntax: show statistics stack-ports Ta b l e 3 6 describes the fields displa yed by the sho w s tatistics stack-por ts command. Adding, removing, or replac ing units in an IronStack The f ollowing sections describe ho w to add, re mo ve, or replace units in an[...]

  • Page 190

    148 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 • If the Activ e Controller has configuration information for a ne w unit, and it matches the base module (module 1) of the new unit, no action is necessar y . If conf iguration information for non-base modules on the ne w unit does not matc h the inf ormati[...]

  • Page 191

    PowerConnect B-Series FCX Configuration Guide 149 53-1002266-01 Managing your IronStack 5 NOTE Adding, removing or replacing a stack unit which is not at the end of linear topology may cause the other units in the stack to reset if these units lo se their path to the Ac tive Controller during the process. A dding or removing a unit in a ring t o po[...]

  • Page 192

    150 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing your IronStack 5 2 6 FCX624 001b.ed5d.9940 Do you accept the unit ids? (y/n)?: n Enter an unused id for the UPSTREAM FCX623 unit a 1 hop(s) (1-8)[5]: 2 Enter an unused id for the UPSTREAM FCX624 unit at 2 hop(s) (1-8) [6]: 3 PowerConnect# Election, was active, no role change, [...]

  • Page 193

    PowerConnect B-Series FCX Configuration Guide 151 53-1002266-01 Troubleshooting an IronStack 5 Syslog, SNMP, and traps Syslog messages from stack units are f or warded t o , and can be vie wed from, the A ctive Contr oller. All stack units suppor t SNMP gets, sets, and traps , which are managed b y the Active Contr oller. An SNMP trap is sent from [...]

  • Page 194

    152 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Troubleshooting an IronStac k 5 Troubleshooting an unsuccessful stack build If you are unable t o build a stack, (for e xample, the show stack command does not display any stack units) , per form the follo wing steps. 1. Ente r t he show run command on each u nit to make sure the confi[...]

  • Page 195

    PowerConnect B-Series FCX Configuration Guide 153 53-1002266-01 Troubleshooting an IronStack 5 If the send message types: field is empty , it means that stack enable has not been configured. If the number of R ecv IPC packets increases, but there are no Recv message types, th en the pack ets are being dropped f or various reasons, in cluding the wr[...]

  • Page 196

    154 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Stack mismatches 5 Stack mismatches When a stack mismatch occurs, the Active Co ntroller can put any stack member int o a non-operational state, which dis ables all of the po r ts except the stacking ports. Stack mismatches can occur for a variety of reasons, which are discussed in thi[...]

  • Page 197

    PowerConnect B-Series FCX Configuration Guide 155 53-1002266-01 Image mismatches 5 Major mismatch A major mismatch indicates an Interprocessor Communications (IPC)-related data structure change, or an election algorithm change, or that a v ersion of the sof tware that does not support stacking is installed on a unit. This can happe n when the softw[...]

  • Page 198

    156 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Image mismatches 5 Configuration mismatches can happen during manual setups, or when moving a unit fr om one stack to another stack. Secure-setup will try to o verw rite a configuration mismatch even if the configuration is stat ic. The ov er write attem pt ma y fail if there are mul t[...]

  • Page 199

    PowerConnect B-Series FCX Configuration Guide 157 53-1002266-01 Image mismatches 5 PowerConnectt# show running config stack unit 1 module 1 FCX-24-port-management-module module 3 FCX-cx4-2-port-16g-module module 4 FCX-xfp-2-port-16g-module priority 128 stack unit 2 module 1 FCX-24-port-management-module module 3 FCX-xfp-2-port-16g-module stack unit[...]

  • Page 200

    158 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 More about IronStack technology 5 If secure-setup times out (this may happen due to inactivity), you will not be able t o make any changes in your confi guration or stack topology until you restar t the session by entering the stack secure-setup com mand. The unit disco ver y process i[...]

  • Page 201

    PowerConnect B-Series FCX Configuration Guide 159 53-1002266-01 More about IronStack technology 5 will recov er their original st a r t up -c o nf i g. tx t files and reboot as standalone device s. If you enter the stack unconfigure all command from the A ctive Contr oller all devices will reco ver their old sta r t up - co nf i g. tx t files and b[...]

  • Page 202

    160 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 More about IronStack technology 5 • Active Controller • Standby Contr oller • Stack member Active Controller The Active Contr oller contains the saved and running configuration files for each stack member . The configuration files include the syst em-level settings for the stack,[...]

  • Page 203

    PowerConnect B-Series FCX Configuration Guide 161 53-1002266-01 More about IronStack technology 5 Example My stack unit ID = 1, bootup role = active My stack unit ID = 3, bootup role = standby Active Controller and St andby Controller elections Whenev er there is a topology change in the stack (a reset, unit failure, or the addition or remo val of [...]

  • Page 204

    162 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Standby Controller election criteria The Standby Co ntroller election is based on the f ollowing criteria. 1. The highest priority 2. Bootup as Active Controller 3. Bootup as Stand by Controller 4. The lowest boot ID 5. The lowest MA C addre[...]

  • Page 205

    PowerConnect B-Series FCX Configuration Guide 163 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Supported events The following ev ents are suppor ted by hitless stac king: • Fai l ove r • Switchov er • Priority change • Rol e ch an ge Non-supported events The f ollowing events are no t suppor ted b y hitless st acking. These ev[...]

  • Page 206

    164 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 TA B L E 37 Hitless-suppor ted services and prot ocols – Po werConnect B-Series FCX Traffic type Supporte d prot ocols and services Impact Lay er 2 switched traf fic, including unicast and multicas t + System-le vel + Lay er 4 • 802. 1p [...]

  • Page 207

    PowerConnect B-Series FCX Configuration Guide 165 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Configuration notes and feature limitations • For hi tless stacking on t he Po werConnect B-Series FCX, Dell recommends that yo u configure the IronStack MA C address using the stack mac command. Without this configuration, the MA C addres[...]

  • Page 208

    166 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 (for e xample, a personal comput er) pinging th e stack might encount er a long dela y depending on the client MAC aging time. The client won’t work until it ages out the old MA C address and sends ARP requests to relearn the ne w stack MA[...]

  • Page 209

    PowerConnect B-Series FCX Configuration Guide 167 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 • Hardware Ab straction Layer (HAL) – This includes the prefix-based routing table, next hop information f or outgo ing interfaces, and tunnel information. • Lay er 3 IP f or warding information – This includes the routing table, IP [...]

  • Page 210

    168 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Standby Controller role in hitless stacking In sof tware releases that do not suppor t hitless stacking, the Standby Contr oller functions as a dummy de vice, meaning it provides limi t ed access to the CLI, such as show , stack , and a fe w[...]

  • Page 211

    PowerConnect B-Series FCX Configuration Guide 169 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 When the Standby Controller is fully synchro n ized, the syst em will be ready for a switcho ver or fai lover. Runtime configuration mismatch In some cases, such as a runtime configuratio n mismatch b etween the A ctive Cont roller and candi[...]

  • Page 212

    170 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Figure 15 illustrates hitless stacking suppor t du ring stack f ormation. Operational stages 1 and 2 are also shown in this illustration. FIGURE 1 5 Hitless stacking s uppor t during stack formation St a ndby become s Active immedi a tely, n[...]

  • Page 213

    PowerConnect B-Series FCX Configuration Guide 171 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Figure 16 illustrates hitless stacking suppor t during a stack m erge. FIGURE 1 6 Hitless stacking suppo rt during a st ack merge Active 1 (pri=30) Standby 2 (pri=20) Member 3 (pri=10) Member 4 (pri=0) Member 1 (pri=30) Member 2 (pri=20) Mem[...]

  • Page 214

    172 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Figure 1 7 illustrates hitless stacking suppor t in a stack split. FIGURE 1 7 Hitless stacking support in a stack split 1 1 The s t a ck s plit s into one oper a ti on a l s t a ck a nd two “orph a n” u nit s . 1 T he s t a ck s plit s i[...]

  • Page 215

    PowerConnect B-Series FCX Configuration Guide 173 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Hitless stacking default behavior Hitless stacking is dis abled by default. When disabled, the follo wing li mitations are in ef fect: • If a failo ver occurs, e ver y unit in the stack will reload • Manual switchov er is not al lowed. I[...]

  • Page 216

    174 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Enabling hitless stacking Hitless stacking is disabled by default. T o enable it, enable hitless failover as described in “Enabling hitless failover” on page 1 75. Displaying hitless stacking status Y ou can use the show stack command to[...]

  • Page 217

    PowerConnect B-Series FCX Configuration Guide 175 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Syntax: show stack Hitless stacking failover Hitless stacking failov er pro vides automatic failo ver from th e Active Contro ller to the Standby Controller without resetting any of the units in th e stack and with sub-second or no packet lo[...]

  • Page 218

    176 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Hitless stacking failover example Figure 18 illustrates hitless stacking failover operation when the Activ e Controller fails. FIGURE 1 8 Hitless stacking f ailover when the Activ e Controller fails Hitless stacking switchover Hitless stacki[...]

  • Page 219

    PowerConnect B-Series FCX Configuration Guide 177 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 For a description this feature’s impact t o major system functions, ref er to Ta b l e 37 on page 1 64. For e xamples of hit less stacking switcho ver operation, ref er to “Hi tless stacking switcho ver exa mp le s” on page 1 78. Execu[...]

  • Page 220

    178 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Hitless stacking switchover examples This section illustrates hitless stacking failov er and switchov er operation during a CLI-driven switchov er or priority chan ge. Figure 19 illustrates a hitless stacking switchov er triggered by the sta[...]

  • Page 221

    PowerConnect B-Series FCX Configuration Guide 179 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Figure 20 illustrates a hitless stacking switchov er when the Active Contr oller goes down then comes back up. The stack in this e x ample has user-configured prio rities. FIGURE 20 Hitless stacking switch over when the A ctive Controller co[...]

  • Page 222

    180 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Figure 21 illustrat es a hitless stacki ng switchov er af ter the netw ork administrator increases the priority value of t he Standby Controller. FIGURE 2 1 Scenario 1 – Hitless stacking sw itchover after a priority chan ge 1 1 1 1 120 s e[...]

  • Page 223

    PowerConnect B-Series FCX Configuration Guide 181 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Figure 22 illustrates a hitless stacking switchov er af ter the netw ork administrator increases the priority value of one of the stack members. FIGURE 22 Scenario 2 – Hitless stacking sw itchover after a priority change 1 1 1 1 Priority 2[...]

  • Page 224

    182 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Figure 23 illustrates a hitless stacking switchov er af ter the netw ork administrator increases the priority value f or two of the stack member s. FIGURE 23 Scenario 3 – Hitless stacking sw itchover after a priority change No t a ll o w e[...]

  • Page 225

    PowerConnect B-Series FCX Configuration Guide 183 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Displaying information about hitless stacking Use the show stack command t o view info rmation per tinent to a hitless stacking switchov er or failo ver . The command output illustrates the Ac tive and Standby Contr ollers, as well as the re[...]

  • Page 226

    184 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 T o view the S y st em log or the traps logged on an SNMP trap rec eiver , enter the show log command at any le vel of the CLI. The following e xample output shows what the lo g might look like after a switchov er or assi gnment of the Stand[...]

  • Page 227

    PowerConnect B-Series FCX Configuration Guide 185 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5 Syntax: debug stacki ng sync_rel_msg < num > PowerConnect# debug stacking sync_rel_msg 4 stk_sync_trunk_mapping:sending trunk mapping... start running config sync sync_cdb:send cdb:sess = 0, pBuf = 2132f068 sync_cdb:send cdb:sess = 0, [...]

  • Page 228

    186 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5[...]

  • Page 229

    PowerConnect B-Series FCX Configuration Guide 187 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5[...]

  • Page 230

    188 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PowerConnect B-Series FCX hitless stacking 5[...]

  • Page 231

    PowerConnect B-Series FCX Configuration Guide 189 53-1002266-01 Chapter 6 Monitoring Hardware Components Ta b l e 3 9 lists the individual Dell Po werConnect swit ches and the har dware monit oring features they support. The procedures in this chapt er describe how to configure the software to monit or hardware components . Virtual cable testing Po[...]

  • Page 232

    190 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual cable testing 6 Syntax: phy cable-diag tdr <port> Specify the <por t> v a ri a b l e i n th e fo l l ow in g fo r m a ts : • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> Viewing the results of the cable analysis T o display[...]

  • Page 233

    PowerConnect B-Series FCX Configuration Guide 191 53-1002266-01 Supported Fiber Optic Transceivers 6 Specify the <por t> v a ri a b l e i n th e fo l l ow in g fo r m a ts : • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> Ta b l e 41 defines the fields shown in the command output. Supported Fiber Opti[...]

  • Page 234

    192 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Digital optical monitoring 6 Digital optical monitoring Y ou can configure your Br ocade device t o monitor op tical transceiv ers in the system, either globally or by spec ified por ts. When this f eature is en abled, the syst em will mo nitor the t emperature and signal power lev els[...]

  • Page 235

    PowerConnect B-Series FCX Configuration Guide 193 53-1002266-01 Digital optical monitoring 6 Use the no f orm of the command t o disa ble digital optical monitoring. Setting the alarm interval Y ou can optionally change the int er val between which alarms and w arning messages are sent. The default int er val is three minutes. T o ch ange the int e[...]

  • Page 236

    194 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Digital optical monitoring 6 Port 24: Type : 1G M-C Port 25: Type : 10G XG-SR(XFP) Vendor: Brocade Communications Inc. Version: 02 Part# : JXPR01SW05306 Serial#: F617604000A3 Port 26: Type : EMPTY Use the show me dia slot command to obtain information about the media device installed i[...]

  • Page 237

    PowerConnect B-Series FCX Configuration Guide 195 53-1002266-01 Digital optical monitoring 6 Normal Normal Normal Normal Syntax: show optic < port-number > NOTE The show optic function tak es advantage of inf ormation st ored and supplied b y the manufacturer of the XFP or SFP transceiver . This information is an optional f eature of the Mult[...]

  • Page 238

    196 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Digital optical monitoring 6 Viewing optical transceiver thre sholds The thresholds that det ermine th e alarm status values for an optical transceiver are set by the manufacturer of the XFP or SFP . T o view the th resholds f or a qualified optical transceiver in a par ticular por t, [...]

  • Page 239

    PowerConnect B-Series FCX Configuration Guide 197 53-1002266-01 Chapter 7 Configuring IPv6 Management on PowerConnect B-Series FCXSwitches Ta b l e 4 5 lists the individual Dell Po werConnect switch es and the IPv6 manage ment features they suppor t. NOTE The following table only shows the IPv6 management f eatu res that are suppor t ed . F ull IPv[...]

  • Page 240

    198 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IPv6 management overview 7 This chapter describes the I Pv6 management features, including command syntax and management examples. IPv6 management overview IPv6 was design ed to replace IPv4, the Internet protocol that is most commo nly used currentl y throughout the world. IPv6 increa[...]

  • Page 241

    PowerConnect B-Series FCX Configuration Guide 199 53-1002266-01 IPv6 management features 7 • The hexadecimal letters in IPv6 addresses are not case-sensitive As shown in Figure 25 , the IPv6 ne twork prefix is c omposed of the left-most bits of the address. As with an IPv4 address, y ou can specify the IPv6 prefix using the <p refix> / <[...]

  • Page 242

    200 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IPv6 management features 7 IPv6 debug The debug ipv6 commands enable the collection of information about IPv6 configuration s f or troubleshooting. Syntax: debug ipv6 <addre ss> <cache> <icmp> <mld> <nd> <packet> <ra> • address - IPv6 addres [...]

  • Page 243

    PowerConnect B-Series FCX Configuration Guide 201 53-1002266-01 IPv6 management features 7 Restricting Web management access to an IPv6 host Y ou can specify a single device with an IPv6 address to ha ve Web management access t o the host devic e. No other de vice except the one with the specified IPv6 address can access the W eb Management Interfa[...]

  • Page 244

    202 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IPv6 management features 7 AAAA DNS records are analogous to the A DNS recor ds used with IPv4. They st ore a complete IPv6 address in each record. AAAA re cords hav e a type value of 28. T o establish an IPv6 DNS entry for th e de vice, enter the f ollowing command. PowerConnect(confi[...]

  • Page 245

    PowerConnect B-Series FCX Configuration Guide 203 53-1002266-01 IPv6 management features 7 • The size <b ytes> paramet er specif ies the size of the ICMP data por tion of the packet. This is the pa yload and does not include the header . Y o u can specify fr om 0 - 1 01 73. The default is 16 . • The no-fragment ke yword turns on the "[...]

  • Page 246

    204 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IPv6 management features 7 Syntax: snmp-s er ver host ipv6 <ipv6-address> The <ipv6-address> you specify must be in hexadecimal format using 1 6-bit values between colons as document ed in RFC 23 73. Secure Shell, SCP, and IPv6 Secure Shell (SSH) is a mechanism th a t a l l[...]

  • Page 247

    PowerConnect B-Series FCX Configuration Guide 205 53-1002266-01 IPv6 management commands 7 IPv6 traceroute The tracerout e command allows you to trace a path from the Dell P owerConnect de vice to an IPv6 host. The CLI displa ys trace rout e information f or each hop as soon as the information is receiv ed. T racer oute requests di splay all resp o[...]

  • Page 248

    206 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IPv6 management commands 7[...]

  • Page 249

    PowerConnect B-Series FCX Configuration Guide 207 53-1002266-01 Chapter 8 Configuring Spanning Tree Protocol (STP) Related Features Ta b l e 4 6 lists the individual Dell Po werConnect swit ches and the S panning T ree Prot ocol (STP) fe atures they suppor t. STP overview The Spanning T re e Prot ocol (STP) eliminates La yer 2 loo ps in networks, b[...]

  • Page 250

    208 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring standard STP parameters 8 Configuring standard STP parameters Lay er 2 Switches and La yer 3 Switches suppor t standard S TP as described in the IEEE 802. 1D specification. STP is enabled by default on La yer 2 Switches but disabled by default on Lay er 3 Switches. By defau[...]

  • Page 251

    PowerConnect B-Series FCX Configuration Guide 209 53-1002266-01 Configuring standard STP parameters 8 NOTE If yo u pl a n to ch a n ge ST P br i d ge t im e r s , D e l l r e c o mmends that you stay within the f ollowing ranges, from section 8. 10.2 of th e IEEE S TP specification. 2 * (f or ward_dela y -1) >= max_age max_age >= 2 * (hel lo_[...]

  • Page 252

    210 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring standard STP parameters 8 NOTE The CLI con ver ts the S TP groups int o topology gr oups when you sa ve the configuration. F or backwar d compatibility , you can still use the S TP group co mmands. Howe ver , the CLI conv er ts the commands into the t opology group syntax. [...]

  • Page 253

    PowerConnect B-Series FCX Configuration Guide 211 53-1002266-01 Configuring standard STP parameters 8 Changing STP bridge p arameters NOTE If yo u pl a n to ch a n ge ST P br i d ge t im e r s , D e l l r e c o mmends that you stay within the f ollowing ranges, from section 8. 10.2 of th e IEEE S TP specification. 2 * (f or ward_dela y -1) >= ma[...]

  • Page 254

    212 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring standard STP parameters 8 Changing STP port parameters T o change the path and priority costs f or a por t, enter commands suc h as the following. PowerConnect(config)#vlan 10 PowerConnect(config-vlan-10)#spanning-tree ethernet 5 path-cost 15 priority 64 Syntax: spa nning-t[...]

  • Page 255

    PowerConnect B-Series FCX Configuration Guide 213 53-1002266-01 Configuring standard STP parameters 8 Enabling STP protection Y ou can enable STP Pr otection on a per -por t basis. T o prevent a n end station from initiating or par ticipating in STP topology changes, ent er the follo wing command at the Inter face le vel of the CLI. PowerConnect#(c[...]

  • Page 256

    214 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring standard STP parameters 8 If you enter the sho w stp-prot ect command f or a por t that does not hav e STP pro tection enabled, the fo llowing message displa ys on the console. Syntax: show stp-pro tect [ ethernet <por t> ] Specify the <por t> v a ri a b l e i n[...]

  • Page 257

    PowerConnect B-Series FCX Configuration Guide 215 53-1002266-01 Configuring standard STP parameters 8 Displaying STP informat ion for an en tire device T o display S TP information, enter the f o llowing command at any le vel of the CLI. Syntax: show span [ vlan <vlan-id> ] | [ p vst-mode ] | [ <num> ] | [ detail [ vlan <vlan-id> [...]

  • Page 258

    216 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring standard STP parameters 8 TA B L E 5 0 CLI display of S TP information This field... Displays... Global STP parameters VLAN ID The port-based VLAN that contains this sp anning tree (instance of S TP). VLAN 1 is the default VLA N. If you have not configured por t-base d VLAN[...]

  • Page 259

    PowerConnect B-Series FCX Configuration Guide 217 53-1002266-01 Configuring standard STP parameters 8 Displaying CPU uti lization statistics Y ou can display CPU utilization statistics fo r STP and the IP pro tocols. T o display CPU utilization statistics for S TP for the previous one-second, one-minute, five-minute, and fifteen-minute int er vals,[...]

  • Page 260

    218 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring standard STP parameters 8 T o display utilization statistics for a specific number of seconds, enter a command such as the following. When you specify ho w many seconds’ worth of statistics you want to displa y , the sof tware selects the sample that most closely matches [...]

  • Page 261

    PowerConnect B-Series FCX Configuration Guide 219 53-1002266-01 Configuring standard STP parameters 8 Syntax: show vlan [ <vlan-id> | ethernet < por t > ] The <vlan-id> parameter specifies a VLAN f or which you want to display the configuration information. The ethernet <p or t> parameter specifies a por t. If you use this p[...]

  • Page 262

    220 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring standard STP parameters 8 If a por t is disabled, the only information shown by this command is “DISABLED”. If a port is enabled, this display sho ws the following information. Syntax: show span detail [ vlan <vlan-id> [ ethernet <por t> | <num> ] The [...]

  • Page 263

    PowerConnect B-Series FCX Configuration Guide 221 53-1002266-01 Configuring standard STP parameters 8 Displaying detailed STP information fo r a single port in a specific VLAN Enter a command s uch as the following to displa y STP info rmation for an individual port in a specific VLAN. Port number and S TP state The internal por t number and the po[...]

  • Page 264

    222 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring standard STP parameters 8 Syntax: show span detail [ vlan <vlan-id> ethernet < port > Specify the <por t> v a ri a b l e i n th e fo l l ow in g fo r m a ts : • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> Display[...]

  • Page 265

    PowerConnect B-Series FCX Configuration Guide 223 53-1002266-01 Configuring STP related features 8 In the e xample above, o nly one por t, 3/11, is forwarding traffic to ward the r oot bridge. Configuring STP related features S TP feat ures ext end the operat ion of standar d ST P , enabling you to fine tune standard STP and av oid some of its limi[...]

  • Page 266

    224 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 • Fast P or t Span eliminates unnecessar y MAC cache aging that can be caused by topol ogy change notifications. Bridgin g devices age out the learned MA C addresses in their MAC caches if the addresses are unrefreshed f or a given pe riod of time ,[...]

  • Page 267

    PowerConnect B-Series FCX Configuration Guide 225 53-1002266-01 Configuring STP related features 8 T o ex clu de a set of ports fr om Fast Por t Span, enter commands such as the f ollowing. PowerConnect(config)#fast port-span exclude ethernet 1 ethernet 2 ethernet 3 PowerConnect(config)#write memory T o ex clude a contig uous (unbr oken) rang e of [...]

  • Page 268

    226 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 NOTE T o avoi d t he pote nt ia l for temp or ar y b rid g ing lo op s, recommends that y ou use the Fast Uplink f eature only for wiring closet switches (switches at the edge of the ne twork cloud). In addition, enable the fe ature only on a group of[...]

  • Page 269

    PowerConnect B-Series FCX Configuration Guide 227 53-1002266-01 Configuring STP related features 8 When the original working trunk group comes back (p ar tially or fully), the transition back to the original t opology is accelerat ed if the cond itions listed above are met. Configuring a Fast Uplink Port Group T o configure a group of ports for Fas[...]

  • Page 270

    228 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 • Classic or legac y 802. 1D STP prot oc ol requires a newly selected Root por t to go through listening and learning stages before traffic co nvergence can be ac hieved. The 802. 1D traf fic conv ergence time is calculat ed using the follo wing for[...]

  • Page 271

    PowerConnect B-Series FCX Configuration Guide 229 53-1002266-01 Configuring STP related features 8 Assignment of port roles At syst em star t-up, all 802. 1W-enabled bridge po rt s assume a Designated r ole. Once star t-up is complete, the 802. 1W algorithm calculates the supe riority or inf eriority of the RST BPDU that is received and transmitt e[...]

  • Page 272

    230 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 26 Simple 802.1W t opology Ports on Switch 1 All por ts on Switch 1, the root bridge, are assigned Designat ed por t roles. Ports on Switch 2 Port2 on Switch 2 directly connects t o the ro ot bridge; the refore, Po r t2 is the R oot por t. The [...]

  • Page 273

    PowerConnect B-Series FCX Configuration Guide 231 53-1002266-01 Configuring STP related features 8 Edge ports and ed ge port roles The Dell implementation o f 802.1 W allows por ts th at are configured as Edge ports to be present in an 802. 1W topolo gy . ( Figure 2 7 ). Edge por ts are por ts of a bridge that connect t o workstations or comput ers[...]

  • Page 274

    232 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 NOTE Configuring shared media or non-point-to-point link s as point-to-point links co uld lead to Layer 2 loops. The topology in Figure 28 is an e xample of shared media th at should no t be configured as point-to-point links. In Figure 28 , a por t o[...]

  • Page 275

    PowerConnect B-Series FCX Configuration Guide 233 53-1002266-01 Configuring STP related features 8 Edge port and non-ed ge port states As soon as a port is configured as an Edg e por t using the CLI, it goes into a f or warding stat e instantly (in less than 1 00 msec). When the link to a por t comes up and 802. 1W detec ts that the por t is an Edg[...]

  • Page 276

    234 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 In contrast to the 802. 1D standard, the 802. 1W stan dard does not hav e any bridge specif ic timers. All timers in the CLI are applied on a per -por t basi s, ev en though they are config ured under bridge parameters. 802. 1W state machines attempt [...]

  • Page 277

    PowerConnect B-Series FCX Configuration Guide 235 53-1002266-01 Configuring STP related features 8 NOTE Proposed will ne ver be asser ted if the por t is connected on a shared media link. In Figure 29 , Port3/Switch 200 is elected as the Ro ot por t FIGURE 29 Proposing and proposed stage • Sync – Once the R oot por t is elected, it sets a sync [...]

  • Page 278

    236 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 30 Sync stage • Synced – Once the Designat ed por t ch anges into a discarding stat e, it asser ts a synced signal. Immediat ely, Alternate p or ts and Back up port s are synced. The Root port monitors the synced signals from all the bridge[...]

  • Page 279

    PowerConnect B-Series FCX Configuration Guide 237 53-1002266-01 Configuring STP related features 8 FIGURE 3 1 Synced stage • Agreed – The Root por t sends back an RST BPDU containing an ag reed flag to its peer Designated po r t and mo ves into the forwarding stat e. When the peer Designated po r t receives the RST BPDU, it rapidly transitions [...]

  • Page 280

    238 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 32 Agre e st age At this point, the handshak e mechanism is comp lete be tween Switch 1 00, the root bridge, and Switch 200. Switch 200 updates the inf ormat ion on the Swit ch 200 Designat ed por ts (Port2 and Por t3) and identifies the new r [...]

  • Page 281

    PowerConnect B-Series FCX Configuration Guide 239 53-1002266-01 Configuring STP related features 8 FIGURE 33 Addition of a new root bridge The handshak e that occurs between Switch 60 and Switch 100 f o llows the one described in the previous section ( “Handshak e when no root port is elected” on page 234). The former r oot bridge becomes a non[...]

  • Page 282

    240 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 34 New root bridge sending a proposal f lag • Sync and Reroot – The Roo t por t then asser ts a sync and a rer oot signal on all the por ts on the bridge. The signal t ells the por ts that a new R oot por t has been assigned and they are to[...]

  • Page 283

    PowerConnect B-Series FCX Configuration Guide 241 53-1002266-01 Configuring STP related features 8 FIGURE 35 Sync and reroot • Sync and R erooted – When the por ts on Switch 200 ha ve comple ted the rer oot phase, the y assert their reroo ted signals and continue to asser t their sync sign als as they co ntinue in their discarding stat es. They[...]

  • Page 284

    242 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 36 Sync and rerooted • Synced and Agree – When all the ports on the bridge asser t their synced signals, the new R oot por t asser ts its own synced signal and sends an RST B PDU to Port4/Switch 60 that contains an agreed flag ( Figure 36 )[...]

  • Page 285

    PowerConnect B-Series FCX Configuration Guide 243 53-1002266-01 Configuring STP related features 8 FIGURE 3 7 Rer ooted, sy nced, and agreed The old Root por t on Switch 2 00 becomes an Al ternat e Por t ( Figure 38 ). Other por ts on that bridge are elect ed to appropriat e roles. The Designat ed por t on Switch 60 goes into a forwarding stat e on[...]

  • Page 286

    244 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 38 Handshake comple ted after election of new root port Recall that Switch 200 sent the ag reed flag t o Por t4/Switch 60 and no t to Port1/Switch 100 (the por t that connects Switch 1 00 to Switch 20 0). Therefore, P or t1/Switch 100 does not [...]

  • Page 287

    PowerConnect B-Series FCX Configuration Guide 245 53-1002266-01 Configuring STP related features 8 FIGURE 39 Convergence between two bridges At po wer up, all por ts on Switch 2 and Switch 3 a ssume Designat ed por t roles and are at discar ding states bef ore they receive an y RST BPDU . Port3/Switch 2, with a Designated r ole, transm its an RST B[...]

  • Page 288

    246 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 40 Simple Layer 2 t opology The point-to-point co nnections between the three bridges are as follows: • Port2/Switch 1 and Por t2/Switch 2 • Port4/Switch 1 and Por t4/Switch 3 • Port3/Switch 2 and Por t3/Switch 3 Ports 3 and 5 on Switch 1[...]

  • Page 289

    PowerConnect B-Series FCX Configuration Guide 247 53-1002266-01 Configuring STP related features 8 Now , Port 3/Switch 3 is currently in a discarding state and is negotiating a port role. It receiv ed RST BPDUs from Por t3/Switch 2. The 802.1W algorithm determines that the RST BPDUs Por t3/Switch 3 received are superior to those it can trans mit; h[...]

  • Page 290

    248 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 42 Link failure in the topology Switch 1 sets its Port2 into a discarding state. At the same time, Switch 2 assumes the role of a r oot bridge since it s root port failed and it has no operational Alternat e por t. Por t3/Switch 2, whic h curre[...]

  • Page 291

    PowerConnect B-Series FCX Configuration Guide 249 53-1002266-01 Configuring STP related features 8 When Port2/Switch 2 receives the RS T BPDUs, 8 02. 1W algorithm determines that the RS T BPDUs the por t receiv ed are better than those receiv ed on Port3/Switch 3; therefore, P or t2/Switch 2 is given the r ole of a Roo t por t. All the por ts on Sw[...]

  • Page 292

    250 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 Convergence in a complex 802.1W topology The following is an e xampl e of a complex 802. 1W topology . FIGURE 43 Complex 802.1W t opology In Figure 43 , Switch 5 is selected as the root bridge sinc e it is the bridge with the highest priority . Lines [...]

  • Page 293

    PowerConnect B-Series FCX Configuration Guide 251 53-1002266-01 Configuring STP related features 8 Next Switc h 2 sends RST BPDUs wi th a proposal fl ag t o Por t3/Switch 4. Po r t3 becomes the Roo t por t for th e bridge; all other por ts are given a Designated por t role with discarding stat es. Port3/Switch 4 sends an RST BPDU with an agr eed fl[...]

  • Page 294

    252 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 44 Active Layer 2 path in com plex topology Propagation of topology change The T opology Change state machine generates and propagates the t opology change notification messages on each port. When a Root port or a De signated po r t goes int o [...]

  • Page 295

    PowerConnect B-Series FCX Configuration Guide 253 53-1002266-01 Configuring STP related features 8 FIGURE 45 Beginning of topology change notice Switch 2 then star ts the TCN timer on the Desi gnat ed por ts and sends RST BPDUs that contain the T CN as follows ( Figure 46 ): • Port5/Switch 2 sends the TC N to Port2/Switch 5 • Port4/Switch 2 sen[...]

  • Page 296

    254 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 46 Sending TCN t o bridges connected to Switch 2 Then Switch 1, Switch 5, and Switch 6 send RST BPDUs that contain the TCN to Switch 3 and Switch 4 to complet e the TCN pr opagation ( Figure 4 7 ). Bridge prior ity = 1000 Bridge prior ity = 200[...]

  • Page 297

    PowerConnect B-Series FCX Configuration Guide 255 53-1002266-01 Configuring STP related features 8 FIGURE 4 7 Completing the T CN propagation Compatibility of 80 2.1W with 802.1D 802. 1W-en abled bridges are backward compatible wi th IEEE 802. 1D b ridges. This compatibility is managed on a per-port basis by the Port Migration state machine. How ev[...]

  • Page 298

    256 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 48 802.1W bridges with an 802.1D bridge Once Switch 20 is removed fr om the LAN, Swi tch 1 0 and Sw itch 30 receive and transmit BPDUs in the STP f ormat to and fr om each other . This stat e will continue until the administrator enables the f [...]

  • Page 299

    PowerConnect B-Series FCX Configuration Guide 257 53-1002266-01 Configuring STP related features 8 Enabling or disabling 802 .1W in a port-based VLAN Use the f ollowing procedure t o disable or enable 802. 1W on a device on which y ou hav e configured a por t-based VLAN. Changing the 802. 1W st ate in a VLAN affects only that VLAN. T o enable 80 2.[...]

  • Page 300

    258 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 Once 802. 1W is enabled on a por t, it can be disabl ed on individual por ts. 802. 1W that hav e been disabled on individual por ts can then be enabled as required. NOTE If you change the 802. 1W state of the primar y por t in a trunk group, the chan [...]

  • Page 301

    PowerConnect B-Series FCX Configuration Guide 259 53-1002266-01 Configuring STP related features 8 The priority <value> parameter spec ifies the priority of the bridge. Y ou can enter a v alue from 0 – 65535. A lo wer numerical value means the bridge ha s a higher priority . Thus, the highest priority is 0. The defa ult is 32 7 68. Y ou can[...]

  • Page 302

    260 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 Set the admin-p t2pt-mac to enabled or d isabled. If set to enabled, then a port is connected t o another port thr ough a point-to-point link. The point-to -point link increases the speed of conv ergence. This paramet er , howe ver , does not auto-det[...]

  • Page 303

    PowerConnect B-Series FCX Configuration Guide 261 53-1002266-01 Configuring STP related features 8 Bridge IEEE 802. 1W parame ter s Bridge Id entifier The ID of the brid ge. Bridge Max Age The config ured max age for this bridge. The d efault is 20. Bridge Hel lo The conf igured hello time for this bridge.T he default is 2. Bridge Fwd Dly The conf [...]

  • Page 304

    262 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 T o display detailed inf ormatio n about 802-1W , using the following command. Hello The hello value deriv ed from the Roo t por t. It is the number of seconds between tw o Hello packets. Por t IEEE 802. 1W par ameter s Port Num The port number shown [...]

  • Page 305

    PowerConnect B-Series FCX Configuration Guide 263 53-1002266-01 Configuring STP related features 8 Syntax: show 802-1w detail [ vlan <vlan-id> ] The vlan <vlan-id> parameter displa ys 802.1W inf ormatio n for the specified port-based VLAN. The show 802. 1W comm and shows the follo wing information. TA B L E 5 4 CLI display of show spann[...]

  • Page 306

    264 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 State The port current 802.1W stat e. A por t can have one of the fol lowing states: • For wa rdin g • Discardi ng • Learning • Disabled Refer to “Bridge p or t states” on page 232 and “Edge p or t and non-edge port states” on page 233[...]

  • Page 307

    PowerConnect B-Series FCX Configuration Guide 265 53-1002266-01 Configuring STP related features 8 802.1W Draft 3 As an alternativ e to full 802. 1W , you can configure 802. 1W Draf t 3. 802. 1W Draft 3 pro vides a subset of the RSTP capabilities descr ibed in the 802.1W S TP specification. 80 2 .1W D ra f t 3 s u p po r t is d i sa b l e d by d e [...]

  • Page 308

    266 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 FIGURE 49 802.1W Draft 3 RSTP ready for failov er If the root port on a Switch becomes unav ailabl e, 802. 1W Draf t 3 immediat ely fails ov er to the alternat e por t, as shown in Figure 50 . Switch 1 Switch 2 Switch 4 Switch 3 Root Bridge Bridge pri[...]

  • Page 309

    PowerConnect B-Series FCX Configuration Guide 267 53-1002266-01 Configuring STP related features 8 FIGURE 50 802.1W Draft 3 RSTP failov er to alt ernate root port In this ex ample, por t 3/3 on Switch 3 has become una vailable. In standar d STP (802. 1D), if the root port beco mes unav ailabl e, the Switch must go through the list ening and learnin[...]

  • Page 310

    268 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 Once a failov er occurs, the Switch no longer has an alternate r oot por t. If the por t that was an al te r na te p or t bu t be c a me t he ro ot p o r t fa i ls , st a n da rd ST P i s u se d to re c onv er g e w i th t h e n e two r k . Y ou can m[...]

  • Page 311

    PowerConnect B-Series FCX Configuration Guide 269 53-1002266-01 Configuring STP related features 8 Enabling 802.1W Draft 3 802. 1W Draft 3 is disabled by default. The proced ure for enabling the f eature dif fers depending on whether single STP is enabled on the de vice. NOTE STP must be enabled before y ou can enable 802. 1W Draf t 3. Enabling 802[...]

  • Page 312

    270 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 Alternatively , you can configure a Dell Pow erConnect device to run a single spanning tree acr oss all por ts and VLAN s on the device. The Sin gle STP f eatur e (SSTP) is especially useful for connecting a Dell PowerConnect device to third-par ty de[...]

  • Page 313

    PowerConnect B-Series FCX Configuration Guide 271 53-1002266-01 Configuring STP related features 8 PowerConnect(config) spanning-tree single priority 2 This command changes the STP priority for all por ts to 2. T o change an STP paramet er for a specific por t, enter commands such as the f ollowing. PowerConnect(config) spanning-tree single etherne[...]

  • Page 314

    272 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 • Single STP – S i n g l e ST P a l l ow s a l l t h e V L A N s to r u n ST P , b u t e a c h V L A N r u n s t he sa m e i n s t a n c e of ST P , r esu lt ing in n um erous bl ocked por ts t ha t do not pas s a ny Layer 2 tra f f ic. STP pe r V[...]

  • Page 315

    PowerConnect B-Series FCX Configuration Guide 273 53-1002266-01 Configuring STP related features 8 Here are the CLI commands f o r implementing th e S TP per VLAN group configuration shown in Figure 5 1 . The follo wing commands configure the member VLANs (3, 4, 1 3, and 14) and the master VLANs (2 and 12). Notice that changes t o STP paramet ers a[...]

  • Page 316

    274 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring STP related features 8 Configuration exampl e for STP load sharing Figure 52 shows another e xample of a STP per VLAN group implementation. FIGURE 52 More complex STP per VLA N group example In this ex ample, each of the devices in the core is configured with a common set o[...]

  • Page 317

    PowerConnect B-Series FCX Configuration Guide 275 53-1002266-01 PVST/PVST+ compatibility 8 PowerConnect(config-vlan-201)#tag ethernet 1/2 ethernet 5/1 to 5/3 PowerConnect(config-vlan-201)#vlan 401 PowerConnect(config-vlan-401)#spanning-tree priority 3 PowerConnect(config-vlan-401)#tag ethernet 1/3 ethernet 5/1 to 5/3 ... PowerConnect(config-vlan-36[...]

  • Page 318

    276 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PVST/PVST+ compatibility 8 NOTE Dell Po werConnect por ts automatically dete ct PV ST+ BPDUs and enable supp or t for the BPDUs once det ected. Y ou do not need t o per form an y configuration steps t o enable PVST+ support. Howe ver , to support the IEEE 802. 1Q BPDUs, you migh t need[...]

  • Page 319

    PowerConnect B-Series FCX Configuration Guide 277 53-1002266-01 PVST/PVST+ compatibility 8 FIGURE 53 Interaction of IEEE 802 .1Q, PVST , and PVST+ regions VLAN tags an d dual mode The dual-mode feature enables a port to send and receive both tagged and untagged frames. When the dual-mode f eature is en abled on a port, the por t is an untagged memb[...]

  • Page 320

    278 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PVST/PVST+ compatibility 8 Configuring PVST+ support PVST+ suppor t is automatically enabled when the por t receives a PVST BPDU. Y ou can manually enable the suppor t at any time or disable the suppor t if desired. If you w ant a tagged por t to also suppor t IEEE 802. 1Q BPDUs, you n[...]

  • Page 321

    PowerConnect B-Series FCX Configuration Guide 279 53-1002266-01 PVST/PVST+ compatibility 8 Syntax: show span pvst-mode This command displa ys the following information. Configuration examples The following e xamples show configuration examples f or two common configurations: • Untagged IEEE 8 02.1 Q BPDUs on VLAN 1 and tagged PVS T+ BPDUs on othe[...]

  • Page 322

    280 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PVST/PVST+ compatibility 8 Commands on the Dell Po werConnect Device PowerConnect(config)#vlan-group 1 vlan 2 to 4 PowerConnect(config-vlan-group-1)#tagged ethernet 1/1 PowerConnect(config-vlan-group-1)#exit PowerConnect(config)#interface ethernet 1/1 PowerConnect(config-if-1/1)#dual-m[...]

  • Page 323

    PowerConnect B-Series FCX Configuration Guide 281 53-1002266-01 PVST/PVST+ compatibility 8 These command s change th e default VLAN ID, conf igure por t 1/1 as a tagged member of VLA Ns 1 and 2, and enable the dual-mode f eature and PVST+ support on por t 1/1. Since V LAN 1 is tagged in this configuration, the default VLAN ID must be changed from V[...]

  • Page 324

    282 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PVRST compatibility 8 PVRST compatibility PVRST , the "rapid" version of per -VLAN spanning tree (PVS T), is a Cisco proprietary prot ocol. PVRST corresponds to the Dell Po werConne ct full implementation of IEEE 802. 1w (RSTP). Lik ewise, PVST , also a Cisco proprietary prot[...]

  • Page 325

    PowerConnect B-Series FCX Configuration Guide 283 53-1002266-01 BPDU guard 8 Re-enabling ports disabled by BPDU guard When a BPSU Guard- enabled por t is disabled by BPDU Guar d, the Dell PowerConnect de vice will place the port in errdisable stat e and display a message on the console indicating that the por t is errdisabled (ref er to “Example [...]

  • Page 326

    284 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Root guard 8 STP configured to ON, priority is level0, flow control enabled mirror disabled, monitor disabled Not member of any active trunks Not member of any configured trunks No port name IPG MII 96 bits-time, IPG GMII 96 bits-time IP MTU 1500 bytes 300 second input rate: 8 bits/sec[...]

  • Page 327

    PowerConnect B-Series FCX Configuration Guide 285 53-1002266-01 Root guard 8 Configure roo t guard on all por ts where the r oot bridge should not appear . This establishes a pro tective network perimeter ar ound the core bridg ed netwo rk, cutting it of f from the user network. NOTE Roo t guard may pre vent netw ork connectivity if it is im proper[...]

  • Page 328

    286 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Error disable recovery 8 Error disable recovery In case a BPDU guard violation occu rs, a port is placed into an errdisable state which is functionally equiv alent to a Disable state. Once in an errdiabl e stat e, it remains in that state until one of the follo wing methods is used to [...]

  • Page 329

    PowerConnect B-Series FCX Configuration Guide 287 53-1002266-01 Error disable recovery 8 Displaying the error disable recovery state by interface The por t status of errdisabled d isplays in the output of the show int er face and the show inter face brief commands. In this exam ple, errdisable is enab led on int er face ethernet 1 and errdisable is[...]

  • Page 330

    288 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 802.1s Multiple Spanning Tree Protocol 8 Syntax: show errdisable summary Errdisable Syslog messages When the system p laces a por t into an errdis abled stat e for BPDU guard, a log message is generat ed. When the errdisable reco very timer e xpires, a log message is also generat ed. A[...]

  • Page 331

    PowerConnect B-Series FCX Configuration Guide 289 53-1002266-01 802.1s Multiple Spanni ng Tree Protocol 8 FIGURE 56 MSTP configured network The follo wing def initions describe the STP instances that define an MSTP configuration. Common Spanning (CST) – CS T is defined in 802. 1q and a ssumes one spannin g-tree instance for the entire bridged net[...]

  • Page 332

    290 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 802.1s Multiple Spanning Tree Protocol 8 Configuration notes When configuring MSTP , note the f ollowing: • With MS TP running, enabli ng st atic trunk on por ts that are me mbers of many VLANs (4000 or more VLANs) will keep the syst em busy for 20 to 25 seconds. Configuring MSTP mod[...]

  • Page 333

    PowerConnect B-Series FCX Configuration Guide 291 53-1002266-01 802.1s Multiple Spanni ng Tree Protocol 8 NOTE Once under MS TP mode, CIST alwa ys controls all port s in the system. If you do not w ant a por t to run MSTP , configure the no spanning-tree command under the specifi ed interface configuration. Using the [ no ] option on a system that [...]

  • Page 334

    292 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 802.1s Multiple Spanning Tree Protocol 8 Deleting a VLAN to MSTI mapping Y ou can optionally remov e a VLAN to MS TI mapping using the no mstp instance command. T o do so, enter a command such as the f ollowing. PowerConnect(config)#no mstp instance 7 vlan 4 to 7 This command delet es [...]

  • Page 335

    PowerConnect B-Series FCX Configuration Guide 293 53-1002266-01 802.1s Multiple Spanni ng Tree Protocol 8 The instance parameter defines the numbe r for the in stance of MS TP that you are deleting. The vlan parameter identifies one or more VLANs or a range of VLANs to the instance defined in this command. The vlan-group paramet er identifies one o[...]

  • Page 336

    294 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 802.1s Multiple Spanning Tree Protocol 8 • “For cing por ts to transmit an MS TP BPDU” • “ Activating MSTP on a switch” Setting the MSTP name Each switch that is running MSTP is configured with a name. It applies to the switch which can hav e many dif ferent VLANs that can [...]

  • Page 337

    PowerConnect B-Series FCX Configuration Guide 295 53-1002266-01 802.1s Multiple Spanni ng Tree Protocol 8 The no option mov es a VLAN or VLAN group from its assigned MS TI back into the CIS T . NOTE The system doe s not allow an MSTI without an y VLANs mapped to it. Consequently , removing all VLANs from an MS TI, deletes the MSTI from the syst em [...]

  • Page 338

    296 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 802.1s Multiple Spanning Tree Protocol 8 The max-hops <value> parameter specifies the maximum hop count. Y ou can specify a v alue from 1 – 40 hops. The d efault value is 20 hops. Setting ports to be operational edge ports Y o u c a n d e f i n e s p e c i f i c p or ts a s e d[...]

  • Page 339

    PowerConnect B-Series FCX Configuration Guide 297 53-1002266-01 802.1s Multiple Spanni ng Tree Protocol 8 • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> When a por t is disabled for MS TP , it behaves as bloc king f or a ll the VLAN traf fic that is controlled by MSTIs and the CIS T . Forcing ports to tran[...]

  • Page 340

    298 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 802.1s Multiple Spanning Tree Protocol 8 FIGURE 5 7 Sample MSTP configuration RTR1 configuration PowerConnect(config-vlan-4093)#tagged ethernet 10/1 to 10/2 PowerConnect(config-vlan-4093)#exit PowerConnect(config)#mstp scope all PowerConnect(config)#mstp name Reg1 PowerConnect(config)#[...]

  • Page 341

    PowerConnect B-Series FCX Configuration Guide 299 53-1002266-01 802.1s Multiple Spanni ng Tree Protocol 8 Core2 configuration PowerConnect(config)#trunk ethernet 3/5 to 3/6 ethernet 3/17 to 3/20 PowerConnect(config)#vlan 1 name DEFAULT-VLAN by port PowerConnect(config-vlan-1)#exit PowerConnect(config)#vlan 20 by port PowerConnect(config-vlan-20)#ta[...]

  • Page 342

    300 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 802.1s Multiple Spanning Tree Protocol 8 Syntax: show mstp <instance-number> The <instance-number> variable specifies the MSTP instance that you w ant to display inf ormation fo r . TA B L E 5 6 Output from Sho w MSTP This field... Displays... MSTP Instance The ID of the MS[...]

  • Page 343

    PowerConnect B-Series FCX Configuration Guide 301 53-1002266-01 802.1s Multiple Spanni ng Tree Protocol 8 Displaying MSTP information for a specified instance The follo wing example displays MS TP info rmation specified for an MSTP instance. ExtPath Cost The configured path cost on a link connected t o this por t to an ext ernal MSTP region. Region[...]

  • Page 344

    302 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 802.1s Multiple Spanning Tree Protocol 8 Refe r to Ta b l e 5 6 for details about the display paramet er s. Displaying MSTP informat ion for CIST instance 0 Instance 0 is the Common and Internal Spann ing T ree Instanc e (CIST). When you display information f or this instance there are[...]

  • Page 345

    PowerConnect B-Series FCX Configuration Guide 303 53-1002266-01 802.1s Multiple Spanni ng Tree Protocol 8 Refe r to Ta b l e 5 6 for ex pla nation about the paramet er s in the output. Syntax: show mstp [ <ms tp-id> | configurati on | detail ] [ | begin <s tring> | exclude <s tring> | include <string> ] Enter an MS TP ID for[...]

  • Page 346

    304 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 802.1s Multiple Spanning Tree Protocol 8[...]

  • Page 347

    PowerConnect B-Series FCX Configuration Guide 305 53-1002266-01 Chapter 9 Configuring Basic Layer 2 Features Ta b l e 57 lists the individual Dell Po werConnect sw itches and the basic Lay er 2 featur es they suppor t. The procedures in this chapt er describe ho w to configure basic Lay er 2 paramet ers. Dell Po werConnect de vices are configured a[...]

  • Page 348

    306 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 About port regions 9 • For inf ormation about configuring IP addresses, DNS resolver , DHCP assist, and other IP-related paramet ers, refer to Chapter 26, “Configuring IP” . • For inf ormation about the Syslog buffer and messages, ref er to Chapter 4 1, “Using Syslog” . Abo[...]

  • Page 349

    PowerConnect B-Series FCX Configuration Guide 307 53-1002266-01 MAC learning rate control 9 Y ou can also enable and disable spanning tree on a por t-based VLAN and on an individual por t basis, and enable advanced S TP f eatures. Ref er to Chapt er 8, “Configu ring Spanning T ree Protocol (STP) R elated Features” . Modifying STP bridge and por[...]

  • Page 350

    308 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring static MAC entries 9 Disabling the automatic learning of MAC addresses By default, when a pack et with an unknown Sour ce MAC address is rece ived on a por t, the Dell Po werConnect device learns this MAC address on the port. Y ou can prevent a physical port from learning M[...]

  • Page 351

    PowerConnect B-Series FCX Configuration Guide 309 53-1002266-01 Configuring static MAC entries 9 NOTE Dell Pow erConnect devices running La yer 3 code al so suppor t the assignment of st atic IP Rout es, static ARP , and static RARP entries. For details on configuring these types of static entries, refer t o “Configuring static rout es” on page[...]

  • Page 352

    310 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring VLAN-based static MAC entries 9 or Syntax: [ no ] static-mac-address <mac-addr> ethernet [ <slo tnum> / ] <por tnum> to ethernet [ <slotnum> ] <por tnum> [ priority <num> ] The <slotnum> paramet er is required on chassis devices. Th[...]

  • Page 353

    PowerConnect B-Series FCX Configuration Guide 311 53-1002266-01 Flow-based MAC address learning 9 For e xample, to remove entries f or the MAC address 000d.cd80.00d0 in all VLANs, ent er the follo wing command at the Privilege EXEC level of the CLI. PowerConnect#clear mac-address 000d.cb80.00d0 Syntax: clear mac-address <mac-address> | et her[...]

  • Page 354

    312 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Flow-based MAC address learning 9 How flow-based learning works When a pack et processor , let call it PP 1 , receives an incoming packet with source MAC address X , it sends a new address message to the CPU. The system learns MAC address X by adding it t o the sof tware MA C table in [...]

  • Page 355

    PowerConnect B-Series FCX Configuration Guide 313 53-1002266-01 Flow-based MAC address learning 9 • A source MA C address is learned only on the ingress (source) pack et processor . The MA C address is added to ot her packet pr ocessors as needed by their incoming traffic flows. During a brief period until the destination MA C addre ss is success[...]

  • Page 356

    314 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Enabling port-based VLANs 9 Syntax: system -max mac <max-flow-MACs> The <max-flow-MACs> parameter specifies the maximum number of MAC addresses in the MAC table. For flo w -based MACs, the minimum valu e is 1 6K and the maximum value is 32K. The default is 1 6K. Use the com[...]

  • Page 357

    PowerConnect B-Series FCX Configuration Guide 315 53-1002266-01 Enabling port-based VLANs 9 Syntax: vlan <num> by po r t Syntax: vlan <num> name <string> The <num> parameter specifies the VLAN ID. The v ali d range fo r VLAN IDs star ts at 1 on all systems but the upper limit of the range differs depending on the device. In [...]

  • Page 358

    316 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Defining MAC address filters 9 Defining MAC address filters MAC la yer filtering enables you t o build access lis ts based on MAC la yer headers in the Ethernet/IEEE 802.3 frame. Y ou can filter on the source and destination MA C addresses. The filters apply to incoming traf fic only .[...]

  • Page 359

    PowerConnect B-Series FCX Configuration Guide 317 53-1002266-01 Defining MAC address filters 9 PowerConnect(config)# mac filter 3 deny any 0180.c200.0000 ffff.ffff.fff0 PowerConnect(config)# mac filter 4 deny any 0000.1234.5678 ffff.ffff.ffff PowerConnect(config)# mac filter 5 deny any 0000.2345.6789 ffff.ffff.ffff PowerConnect(config)# mac filter [...]

  • Page 360

    318 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Defining MAC address filters 9 When a MA C address filter is appl ied to or remov ed from an int er f ace, a Syslog message such as the fo llowing is generated. SYSLOG: <14>Jan 1 00:00:00 10.44.9.11 MAC Filter applied to port 0/1/2 by tester from telnet session (filter id=5 ). SY[...]

  • Page 361

    PowerConnect B-Series FCX Configuration Guide 319 53-1002266-01 Defining MAC address filters 9 PowerConnect(config)#int ethernet 1 PowerConnect(config-if-e1000-1)#mac filter-group log-enable PowerConnect(config-if-e1000-1)#int ethernet 3 PowerConnect(config-if-e1000-3)#mac filter-group log-enable PowerConnect(config-if-e1000-3)#write memory Syntax:[...]

  • Page 362

    320 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Locking a port to restrict addresses 9 The <src-mac> <mask> | an y parameter spe cifies the source MAC add ress. Y ou can enter a specific address value and a co mparison ma sk, or the keyw ord any t o filter on al l MAC addresse s. Specify the mask using f (ones) and zeros[...]

  • Page 363

    PowerConnect B-Series FCX Configuration Guide 321 53-1002266-01 Displaying and modifying syst em parameter default settings 9 Syntax: lock-address ethernet [ <port> [ addr -count <num> ] Specify the <por t> v a ri a b l e i n th e fo l l ow in g fo r m a ts : • Po werConnect B-Series FCX stackable switches – <s tack-unit/sl[...]

  • Page 364

    322 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying and modifying syst em parameter default settings 9 The follo wing shows an exam ple output of the show default values command on a Po werConnect Layer 2 device. PowerConnect#show default values sys log buffers:50 mac age time:300 sec telnet sessions:5 System Parameters Defau[...]

  • Page 365

    PowerConnect B-Series FCX Configuration Guide 323 53-1002266-01 Displaying and modifying syst em parameter default settings 9 The follo wing shows an exam ple output on a Powe rC onnect IPV4 de vice ru nning Lay er 3 sof tware. PowerConnect#show default values sys log buffers:50 mac age time:300 sec telnet sessions:5 ip arp age:10 min bootp relay m[...]

  • Page 366

    324 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying and modifying syst em parameter default settings 9 The follo wing shows an exam ple output on a Po werConnect B-Series FCX de vices ser ving as a management host in an IPv6 netw ork and running the La yer 3 sof tware image. Ta b l e 5 8 defines the system paramet ers in the [...]

  • Page 367

    PowerConnect B-Series FCX Configuration Guide 325 53-1002266-01 Displaying and modifying syst em parameter default settings 9 Modifying system parameter default values In fo r m a ti o n fo r t he c o n f i gu r a b l e t a bles appears under the columns th at are sho wn in bold type in the abov e examples. T o simplify configuration, the command p[...]

  • Page 368

    326 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 TDynamic Buffer Allocation for an IronStack 9 PowerConnect(config)#system-max ip-route 120000 PowerConnect(config)#write memory PowerConnect(config)#exit PowerConnect#reload Syntax: system-max ip-r oute <num> The <num> parameter specifies the maximum number of routes in the[...]

  • Page 369

    PowerConnect B-Series FCX Configuration Guide 327 53-1002266-01 TDynamic Buffer Allocation for an IronStack 9 Fo r ex a mp l e , fo r an 8 - un i t st a c k o f 4 8 p o r ts , th e p a cke t p ro c e s so r n um b e ri n g s c h e me i s as fo ll o ws : . Stack unit 1 - packet processors 0 and 1 Stack unit 2 - packet processors 2 and 3 Stack unit 3[...]

  • Page 370

    328 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 TDynamic Buffer Allocation for an IronStack 9 PowerConnect#qd-buffer 1 2 76 2 Syntax: qd-buffer <DeviceNum> <PortTypeVal> <NumBuffers> <PriorityQueue> "DeviceNum: 0-x "PortTypeVal: 1 for 1 Gbps or 2 for 10 Gbps "NumBuffers: Number of buffers to al[...]

  • Page 371

    PowerConnect B-Series FCX Configuration Guide 329 53-1002266-01 Remote Fault Notification (RF N) on 1G fiber con nections 9 qd-buffer 0 1 4095 0 qd-buffer 1 1 4095 0 qd-buffer 2 1 4095 0 qd-buffer 4 1 4095 0 qd-buffer 5 1 4095 0 qd-buffer 6 1 4095 0 qd-buffer 0 2 4095 0 qd-buffer 1 2 4095 0 qd-buffer 2 2 4095 0 qd-buffer 4 2 4095 0 qd-buffer 5 2 40[...]

  • Page 372

    330 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Link Fault Signaling (LFS ) for 10G 9 For fi ber-optic conne ctions, you can optionally c onfigure a transmit por t to no tify the receive por t on the remot e device whenev er the transmit port becomes disabled. When you enable this f eature, the transmit por t notifies the remote por[...]

  • Page 373

    PowerConnect B-Series FCX Configuration Guide 331 53-1002266-01 Jumbo frame support 9 PowerConnect(config)#interface e 1/1 PowerConnect(config-if-e1000-1/1)#link-fault-signal Syntax: [ no ] link-fault-signal Use the no for m o f t h e c om m a n d to disable LFS. LFS is OFF by def ault. Viewing the status of LFS-enabled links The status of an LFS-e[...]

  • Page 374

    332 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Jumbo frame support 9[...]

  • Page 375

    PowerConnect B-Series FCX Configuration Guide 333 53-1002266-01 Chapter 10 Configuring Metro Features Ta b l e 5 9 lists the individual Dell Po werConnect sw itches and the metro f eatures they suppor t. T Topology groups A topology gr oup is a named set of VLANs that shar e a Layer 2 topology . T opology groups simplify configuration and enhance s[...]

  • Page 376

    334 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Topology groups 10 Master VLAN and member VLANs Each topology group contains a master VLAN and can contain one or more member VLA Ns and VLAN groups: • Mast er VLAN – The master VLAN contains the configuration information f or the Lay er 2 pro tocol. For e xample, if you plan t o u[...]

  • Page 377

    PowerConnect B-Series FCX Configuration Guide 335 53-1002266-01 Topology groups 10 • If you remo ve the master VLAN (b y entering no mast er-vlan < vlan-id >), the software selects the new master VLAN fr om member VLANs. A new ca ndidat e m aster VLAN will be in configured order t o a member VLAN so that the first added member VLAN will be [...]

  • Page 378

    336 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Topology groups 10 NOTE Once you add a V LAN or VLAN group as a member of a topology gr oup, all the La yer 2 pr otocol configuration information for the VLAN or gr oup is deleted. F o r e xample, if STP is configured on a VLAN and you add the VLAN t o a topology group, the S TP conf i[...]

  • Page 379

    PowerConnect B-Series FCX Configuration Guide 337 53-1002266-01 Metro Ring Protocol (MRP) 10 Metro Ring Protocol (MRP) MRP is a Dell pr oprietar y pro tocol that prev ents Lay er 2 loops and pro vides fast recon vergence in Lay er 2 ring topologies. It is an alt ernative to STP and is especially usef ul in Metr opolitan Area Networ ks (MANs) where [...]

  • Page 380

    338 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Metro Ring Protocol (MRP) 10 FIGURE 58 Metro ri ng – normal stat e Th e r in g in th i s ex amp l e c on si s ts of fou r M R P n o des (Dell Pow erConnect sw itches). Each node has two interfaces with the ring. Each node also is connected t o a separate cust omer network. The nodes [...]

  • Page 381

    PowerConnect B-Series FCX Configuration Guide 339 53-1002266-01 Metro Ring Protocol (MRP) 10 Configuration notes • When you configure MRP , Dell recommends that yo u disable one of the ri ng interfaces bef ore beginning the ring configurat ion. Disabling an inter face prev ents a Layer 2 loop fr om occurring while you are configuring MRP on the r[...]

  • Page 382

    340 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Metro Ring Protocol (MRP) 10 MRP rings with shared in terfaces (MRP Phase 2) With MRP Phase 2, MRP rings can be configured to share the same int er faces as long as the inte r f ac es bel on g to th e s ame VL AN . Figure 60 shows examples of multiple MRP rings that share the same inte[...]

  • Page 383

    PowerConnect B-Series FCX Configuration Guide 341 53-1002266-01 Metro Ring Protocol (MRP) 10 For ex a mp l e, i n Fi gure 6 1 , the ID of all interfaces on all nodes on Ring 1 is 1 and all int er faces on all nodes on Ring 2 is 2. Port 1/1 on node S1 and Port 2/2 on S2 hav e the IDs of 1 and 2 since the interfaces are shared by Rings 1 and 2. The r[...]

  • Page 384

    342 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Metro Ring Protocol (MRP) 10 FIGURE 62 Metro ring – initial stat e MRP uses Ring Health Packets (RHPs) t o monitor the health of the ring. An R HP is an MRP prot ocol pack et. The source ad dress is the MAC addre ss of the master node and the destination MA C address is a pro tocol a[...]

  • Page 385

    PowerConnect B-Series FCX Configuration Guide 343 53-1002266-01 Metro Ring Protocol (MRP) 10 • For wa rd i n g ( F ) – The int er face can forwar d data as well as RHPs. An interface changes from Preforwarding t o Forwarding when the por t preforwarding time expires. This occur s if the por t does not receiv e an RHP from the Mast er , or if th[...]

  • Page 386

    344 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Metro Ring Protocol (MRP) 10 FIGURE 63 Metro ring – from preforwarding to forwarding Each RHP a lso has a s equence num ber . MRP ca n use the sequence number t o determine the round-trip time for RHPs in the ring. Ref er to “Using MRP diagnostics” on page 352. C us tomer A C us [...]

  • Page 387

    PowerConnect B-Series FCX Configuration Guide 345 53-1002266-01 Metro Ring Protocol (MRP) 10 RHP processing in MRP Phase 2 Figure 6 4 shows an exam ple of how RHP packets are pr ocessed normally in MRP rings with shared interfaces. FIGURE 64 Flow of RHP pac kets on MRP rings with shared int er faces Port 2/1 on Ring 1 master node is the primary int[...]

  • Page 388

    346 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Metro Ring Protocol (MRP) 10 How ring breaks are detected and healed Figure 65 shows ring interface states f ollowing a li nk break. MRP quickly heals the ring and preserves connectivity among the customer networks. FIGURE 65 Metro ring – ring bre ak If a break in the ring occurs, MR[...]

  • Page 389

    PowerConnect B-Series FCX Configuration Guide 347 53-1002266-01 Metro Ring Protocol (MRP) 10 • If the interface receiv es an RHP , the int er f ace changes back t o the Blocking stat e and resets the dead timer . • If the interface does not receive an RHP f or it s ring before the Pref or ward in g ti me ex pi re s, the interface changes to the[...]

  • Page 390

    348 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Metro Ring Protocol (MRP) 10 Master VLANs and customer VLANs All the ring ports must be in the same VLAN. Placing the ring ports in the same VLAN pr ovides Lay er 2 connectivity for a given customer acr oss the ri ng. Figure 67 shows an example. FIGURE 67 Metro ring – ring VLAN and c[...]

  • Page 391

    PowerConnect B-Series FCX Configuration Guide 349 53-1002266-01 Metro Ring Protocol (MRP) 10 A topology gr oup enables you t o control f or war ding in multiple VLANs using a single instance of a Lay e r 2 prot o col such as M RP . A topology group contai ns a master VLAN and me mber VLANs. The mast er VLAN contains all the c o nfiguration paramete[...]

  • Page 392

    350 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Metro Ring Protocol (MRP) 10 Adding an MRP ring to a VLAN T o add an MRP ring to a VLAN, enter commands such as the f ollowing. NOTE If you plan to use a t opology gr oup t o add VLANs to the ring, mak e sure you configure MRP on the topology gr oup master VLAN. PowerConnect(config)#vl[...]

  • Page 393

    PowerConnect B-Series FCX Configuration Guide 351 53-1002266-01 Metro Ring Protocol (MRP) 10 Configures this node as the master node f or the ri ng. Enter this command only on one node in the ring. The node is a member (non-master) node b y default. Syntax: [ no ] ring-interface ethern et <primary -if> ethernet <secondar y-if> The ether[...]

  • Page 394

    352 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Metro Ring Protocol (MRP) 10 Using MRP diagnostics The MRP diagnostics feature calculat es how long it tak es for RHP pack ets to tra vel thr ough the ring. When you enable MRP diagnostic s, the sof tware tracks RHP packets accor ding to their sequence numbers and calculates ho w long [...]

  • Page 395

    PowerConnect B-Series FCX Configuration Guide 353 53-1002266-01 Metro Ring Protocol (MRP) 10 If the recommended hello time and preforwarding ti me are different from the actual se ttings and you w ant to change them, ref er to “Configuring MRP” on page 349. Displaying MRP information Y ou can display the fo l lowing MRP inf ormatio n: • T opo[...]

  • Page 396

    354 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Metro Ring Protocol (MRP) 10 TA B L E 6 2 CLI displa y of MRP ring information This field... Displays... Ring id The ring ID State The state of MRP . Th e state can be one of the following: • enabled – MRP is enabled • disabled – MRP is disabled Ring ro le Whether thi s node is[...]

  • Page 397

    PowerConnect B-Series FCX Configuration Guide 355 53-1002266-01 Metro Ring Protocol (MRP) 10 MRP CLI example The f ollowing examples sho w the CLI commands required t o implement the MRP configuration shown in Figure 67 on page 348. NOTE For simplicity , the f igure shows the VLANs on only two switches. The CLI examples implement the ring on all f [...]

  • Page 398

    356 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Metro Ring Protocol (MRP) 10 The f ollowing commands configure the cust omer VL ANs. The cu stomer VLANs must contain b oth the ring interfaces as well as the customer interfaces. PowerConnect(config)#vlan 30 PowerConnect(config-vlan-30)#tag ethernet 1/1 to 1/2 PowerConnect(config-vlan[...]

  • Page 399

    PowerConnect B-Series FCX Configuration Guide 357 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 PowerConnect(config)#vlan 30 PowerConnect(config-vlan-30)#tag ethernet 1/1 to 1/2 PowerConnect(config-vlan-30)#tag ethernet 2/1 PowerConnect(config-vlan-30)#exit PowerConnect(config)#vlan 40 PowerConnect(config-vlan-40)#tag ethernet 1/1 to 1[...]

  • Page 400

    358 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 FIGURE 68 VSRP mesh – redundant paths for Layer 2 and Layer 3 traffic In this example, two Dell Pow erCo n nect device s are configured as redundant paths for VRID 1. On each of the de vices, a Vir tual Rout er ID (VRID) is configured on[...]

  • Page 401

    PowerConnect B-Series FCX Configuration Guide 359 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 Layer 2 and Layer 3 redundancy Y ou can configure VSRP to pr ovide redundancy f or Layer 2 only or also for Lay er 3: • La yer 2 only – The La yer 2 links are back ed up but specific IP addresses are not backed up. • Layer 2 an d L aye[...]

  • Page 402

    360 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 • If the Back up does not receive a Hello message wi th a higher priority than its own by the time the hold-down timer e xpires, the Back up becomes the new Mast er and star ts forwarding L ayer 2 traf fic on all por ts. If you increase [...]

  • Page 403

    PowerConnect B-Series FCX Configuration Guide 361 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 FIGURE 70 VSRP priority recalculation Y ou can reduce the sensitivity of a VSRP de vice to failov er by increasing its configured VSRP priority . For e xample, y ou can increase the config ured prio rity of the VSRP device on the left in Fig[...]

  • Page 404

    362 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 When you configure a track port, you assign a priority value to the po r t. If the por t goes down, VSRP subtracts the track por t priority value fr om the co nfigured VSRP priority . For e xample, if the you configure a track por t with p[...]

  • Page 405

    PowerConnect B-Series FCX Configuration Guide 363 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 FIGURE 73 T rack por t priority subtract ed during priority calculation MAC address failover on VSRP-aware devices VSRP-aw are devices maintain a record of each VR ID and its VLAN. When the de vice has received a Hello message for a VRID in [...]

  • Page 406

    364 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 Timer scale The VSRP Hello int er val, Dead int er val, Back up He llo interval, and Hold-down int er val timers are individually configurabl e. Y ou also can easily change all the timer s at the same time while preserving the ratios among[...]

  • Page 407

    PowerConnect B-Series FCX Configuration Guide 365 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 Interface parameters Authentication type The type of authentication th e VSRP devices use to validate VSRP packets. On Layer 3 Switches , the authenti cation type mus t match the authe ntication type th e VRID por t uses with other routing p[...]

  • Page 408

    366 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 Pref erence of timer source When you save a Backup configurat ion, the sof tware can sav e the configured VSRP timer v alues or the VSRP timer v alues received fr om the Master . Sav ing the current timer v alues instead of th e configured[...]

  • Page 409

    PowerConnect B-Series FCX Configuration Guide 367 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 Configuring basic VSRP parameters T o configure VSRP , per form the f ollowing required tasks: • Configure a port -based VLAN containing the p or ts for which y ou want to provide VSRP ser vice. NOTE If you already ha ve a port-based VLAN [...]

  • Page 410

    368 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 Syntax: enable | disable Configuring optional VSRP parameters The f ollowing sections describe ho w to configure optional VSRP parameters. Disabling or re -enabling VSRP VSRP is enabled b y default on La yer 2 Switches an d La yer 3 Switch[...]

  • Page 411

    PowerConnect B-Series FCX Configuration Guide 369 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 T o change the timer scale, en ter a command such as the f ollowing at th e g l o b a l C O N F I G le ve l o f t h e CLI. PowerConnect(config)# scale-timer 2 This command changes the scale t o 2. All VSRP , VRRP , and VRRP-E timer va lues w[...]

  • Page 412

    370 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 Specifying no authentication for VSRP hello packets The following configuration specifies no a uthenti cation as the preferred V SRP-aware security method. In this case, the VSRP de vice will not a ccept incoming pack ets that have authent[...]

  • Page 413

    PowerConnect B-Series FCX Configuration Guide 371 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 VSRP does no t require you t o specify an IP address. If y ou do not specify an address, VSRP pro vides Lay er 2 redundancy . If you do spec ify an address, VSRP pro vides La yer 2 and Lay er 3 redundancy . The Lay er 3 redundancy suppor t i[...]

  • Page 414

    372 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 • Hold-down int er val By default, e a ch Back up sa ves the configured timer v a lues to its startup-config file when you sav e the device configuration. Y ou can configure a Back up to instead sa ve the current timer values re ceived f[...]

  • Page 415

    PowerConnect B-Series FCX Configuration Guide 373 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 NOTE The default Dead int er val is three times the Hello in terval plus one-ha lf second. General ly , if you change the Hello interval, you also should change the Dead int er val on the Back ups. NOTE If you change the timer scale, the cha[...]

  • Page 416

    374 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 Changing the hold-down interval The hold-down interval prevents Lay er 2 lo ops from occurring during f ailov er , by dela ying the new Master from f or warding traff ic long enough to ensure that the failed Master is really unavailable. T[...]

  • Page 417

    PowerConnect B-Series FCX Configuration Guide 375 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 NOTE The priority <num> option changes the priority of the s pecif ied int er face, overriding the def ault track por t priority . T o change the default track port priority , use the backup track -priority <num> command. Disabli[...]

  • Page 418

    376 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 VSRP-aware interoperablilty The vsrp-aw are tc-vlan-flush command should be used in netwo rk configurations in which the Dell Po werConnect switch operates as the VSRP-Aw are device connecting to a oth er devices as a VSRP Master . The com[...]

  • Page 419

    PowerConnect B-Series FCX Configuration Guide 377 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 This display sho w s the f ollowing information when you use the vrid <num> or vlan <vlan-id > paramet er . For inf ormation about the displa y when you use the aw ar e parameter , ref er to “Displaying the activ e inter faces [...]

  • Page 420

    378 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 Displaying the active interfaces for a VRID On a VSRP-aw are device, y ou can display VLAN an d por t inf orma tion fo r the connections to t he VSRP devices (Mast er and Backups). T o display the activ e VRID interfaces, enter th e follow[...]

  • Page 421

    PowerConnect B-Series FCX Configuration Guide 379 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 VSRP fast start VSRP fast start allows non-Dell P owerConnect or non-VSRP aware de vices that are connected to a Dell Po werConnect de vice that is the VSRP Master t o quickly switchover t o the new Master when a VSRP failo ver occurs This f[...]

  • Page 422

    380 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10 The "Restar t por ts:" line lists the por ts that ha ve the VSRP fast start enabled, and the downtime f or each por t. Ref er to Ta b l e 6 4 on page 3 77 t o interpret the remaining information on the display . VSRP and MRP sign[...]

  • Page 423

    PowerConnect B-Series FCX Configuration Guide 381 53-1002266-01 Virtual Switch Redundancy Protocol (VSRP) 10 FIGURE 75 VSRP on MRP rings th at failed over A signaling process f or the interaction between VS RP and MRP ensure s that MRP is informed of the topology change and achie ves conv ergence rapidly . When a VSRP node fails, a new VSRP mast er[...]

  • Page 424

    382 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Virtual Switch Redund ancy Protocol (V SRP) 10[...]

  • Page 425

    PowerConnect B-Series FCX Configuration Guide 383 53-1002266-01 Chapter 11 Configuring Uni-Directional Link Detection (UDLD) and Protected Link Groups Ta b l e 6 6 lists the individual Dell Po werConnect swit ches and the UDLD and prot ected link gr oup f eatures they suppor t. These features are supported in the Layer 2, base Layer 3, edge La yer [...]

  • Page 426

    384 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 UDLD overview 11 Normally , a Dell Po werConnect device load balances traffic across the por ts in a trunk group. In this example, each Dell P owerConnect de vice load balances traf fic across two ports. Withou t the UDLD f eature, a link failure on a link that is no t directly attache[...]

  • Page 427

    PowerConnect B-Series FCX Configuration Guide 385 53-1002266-01 UDLD overview 11 Enabling UDLD NOTE This section shows how to configure UDLD for un tagged contr ol packets. T o configure UDLD f or tagged control pack ets, refer t o “Enabling UDLD f or tagged por ts” . T o enable UDLD on a por t, enter a command such as the f ollowing at the glo[...]

  • Page 428

    386 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 UDLD overview 11 Changing the Keepalive retries By default, a por t waits one second to receive a health-check reply packet fr om the por t at the other end of the link. If the port does not receive a reply , the por t tries fo ur more times by sending up to f our more health-check pac[...]

  • Page 429

    PowerConnect B-Series FCX Configuration Guide 387 53-1002266-01 UDLD overview 11 If a por t is disabl ed by UDLD, the change also is indicated in the output of the show inter faces brief command. An example is giv en below . If the por t was already down be fore you enabled UDLD f or the por t, the por t state is listed as None. Syntax: show interf[...]

  • Page 430

    388 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Protected link groups 11 The show int er face ethernet command also displa ys the UDLD st ate f or an individual port. In addition, the line pr otocol stat e li sted in the first line will sa y “down” if UDLD has brought the port down. An e xample is giv en below . In this ex ample[...]

  • Page 431

    PowerConnect B-Series FCX Configuration Guide 389 53-1002266-01 Protected link groups 11 About active ports When you creat e a prot ected link gr oup, you can optionally specify which port in the prot ected link group is the active port. If you do not explicit ly configure an active port, the Dell Pow erConnect device dynamically assigns on e. A dy[...]

  • Page 432

    390 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Protected link groups 11 The configuration for the above il lustration is as follows. Switch 1 PowerConnect(config)# protected-link-group 1 e 1/3 e 1/6 PowerConnect(config)# protected-link-group 1 active-port e 1/3 Switch 2 PowerConnect(config)# protected-link-group 1 e 1/12 e 1/15 Pow[...]

  • Page 433

    PowerConnect B-Series FCX Configuration Guide 391 53-1002266-01 Protected link groups 11 The <group-ID> paramet er specifies the prot ected link gr oup number . Enter a number from 1 – 32. The activ e-por t ethernet < por t > defines the activ e por t. Specify the <port> variable in the following fo rm a t s : • Po werConnect [...]

  • Page 434

    392 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Protected link groups 11 In the abov e output, the por t state is pro tected-link -inactive which means por t 3 is an inactive por t in a pro tected link group. Syntax: show interface ethernet < port> Specify the <por t> v a ri a b l e i n th e fo l l ow in g fo r m a ts : [...]

  • Page 435

    PowerConnect B-Series FCX Configuration Guide 393 53-1002266-01 Chapter 12 Configuring Trunk Groups and Dynamic Link Aggregation Ta b l e 7 0 lists the individual Dell Po werConnect swit ches and the trunk gr oups and dynamic link aggregation features the y suppor t. Trunk group overview The T runk group f eature allows you t o manually co nfigure [...]

  • Page 436

    394 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Trunk group overview 12 FIGURE 78 T runk group application within a P owerConnect network NOTE The por ts in a trunk group make a si ngle logical link. Therefore, all the por ts in a trunk group must be connect ed to the same de vice at the other end. Trunk group connectivity to a serv[...]

  • Page 437

    PowerConnect B-Series FCX Configuration Guide 395 53-1002266-01 Trunk grou p overview 12 FIGURE 79 T runk group between a server and a compact Lay er 2 Switch or Lay er 3 Switch Trunk group rules Ta b l e lists the max imum number of trunk g roups yo u can configure on a Dell PowerConnect de vice and the valid number of ports in a trunk group. The [...]

  • Page 438

    396 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Trunk group overview 12 • statically configured por t speed and duplex • QoS priority T o chang e por t parameters, you must change them on the primar y por t. The sof tware automatically applies the changes t o the other por ts in the trunk group. Configuration notes fo r Dell Pow[...]

  • Page 439

    PowerConnect B-Series FCX Configuration Guide 397 53-1002266-01 Trunk grou p overview 12 FIGURE 80 Examples of 2-port and 3-port trunk groups Figure 81 sho ws two IronStacks connected by multi-slot trunk groups. 424F 42XG Lnk Act Lnk Act 12 424C 424C 424C 424C 424F 424C 8X-12GM-4 Console Pwr Lnk Odd Even SYS EJECT DC OK ALM AC OK DC OK ALM AC OK SY[...]

  • Page 440

    398 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Trunk group overview 12 FIGURE 8 1 T wo IronStacks connected b y multi-slot trunk groups Support for flexible trunk group membership Po werConnect devices support flexible trunk group membership, which eliminates the requirement f or por t membership to be consec utiv e, and allows the[...]

  • Page 441

    PowerConnect B-Series FCX Configuration Guide 399 53-1002266-01 Trunk grou p overview 12 Load sharing for unknown unicast, multicast, and br oadcast traffic Dell P owerConnec t devices load b alance unknown unicast, mu lticast, and broadcast traffic ba sed on the source port and VLAN ID and not on any source or destination information in the packet[...]

  • Page 442

    400 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring a trunk group 12 4. IPv6 T CP/UDP: Source IP , Destination IP , Fl ow Label, Sour ce TCP/UDP Por t, Destination TC P / U D P Po r t , Source MA C, Destination MAC 5. IPv6 Non- TCP/UDP: Sour ce IP , Destination IP , Flow Label, Source MA C, Destination MAC Syntax: [ no ] tru[...]

  • Page 443

    PowerConnect B-Series FCX Configuration Guide 401 53-1002266-01 Configuring a trunk group 12 Syntax: trunk deploy Each ethernet paramet er introduces a port group. The <primar y-por t> variable specifies the primar y por t. No tice that each por t group must begin with a primary por t.. The primary por t of the f irs t port group specified (w[...]

  • Page 444

    402 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring a trunk group 12 NOTE The te xt shown in italics in the CLI example below sho w s messages echo ed to the screen in answer to the CLI co mmands entered. PowerConnect(config)#trunk e 1/5 to 1/8 Trunk will be created in next trunk deploy PowerConnect(config)#write memory Powe[...]

  • Page 445

    PowerConnect B-Series FCX Configuration Guide 403 53-1002266-01 Configuring a trunk group 12 Example 3: Configuring a multi-slot trunk group with one port per module Y ou can select one por t per module in a multi-sl ot trunk gr oup. This f eature is suppor ted on GbE and 1 0-GbE por ts, as well as on static and LACP tr unk ports. For multi-slot tr[...]

  • Page 446

    404 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring a trunk group 12 Additional trunking options The follo wing trunking opti ons can be per f ormed on por ts in deploy ed trunks. These options are suppor ted on static trunk ports. Except where no ted, these opti ons are also supported on dynamic (LA C P) trunk por ts on Pow[...]

  • Page 447

    PowerConnect B-Series FCX Configuration Guide 405 53-1002266-01 Configuring a trunk group 12 • Setting the sFlow sampling rate on an individual por t in a trunk NOTE Depending on the operational stat e of LACP-enable d por ts, at any time, these por ts may join a trunk group, change trunk group membership, exit a trun k group, or possibly ne ve r[...]

  • Page 448

    406 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring a trunk group 12 NOTE If you enter no config-trunk-ind , all port conf iguration commands are remov ed from the individual por ts and the configuration of the primar y por t is applied to all the por ts. Also, once you enter the no config-trunk -ind command, the enable , di[...]

  • Page 449

    PowerConnect B-Series FCX Configuration Guide 407 53-1002266-01 Configuring a trunk group 12 The to keyw ord indicat es that you are specifying a range. Specify the low er por t number in the range first, then to , then the higher por t number in the range. Deleting a static trunk group Use the command in this section to delet e a static trunk grou[...]

  • Page 450

    408 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying trunk group configuration informat ion 12 • The disable module command can be used t o disable the por ts on a module. How ever , on 10 Gbps modules, the disable module command does not cause the remote c onnection to be dropped. If a trunk group consists of 1 0 Gbps por t[...]

  • Page 451

    PowerConnect B-Series FCX Configuration Guide 409 53-1002266-01 Displaying trunk group configuration inform ation 12 NOTE The show trunk command does not display any f orm of trunk when links are up. Ta b l e 7 3 describes the information displa yed b y the show tru nk command. Viewing the first and last ports in a trunk group Output for many of th[...]

  • Page 452

    410 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Dynamic link aggregation 12 PowerConnect#show mac Total active entries from all ports = 1 MAC-Address Port Type Index 0007.e910.c201 1/1/7*1/1/21 Dynamic 2920 For a trunk gr oup with members 1/1/7 to 1/1/9 , the output from the show mac co mmand resembles the follo wing. PowerConnect#s[...]

  • Page 453

    PowerConnect B-Series FCX Configuration Guide 411 53-1002266-01 Dynamic link aggregation 12 • With LACP trunk conf igurations, the LA CP system id is the MA C address of the Activ e Controller . If the LA CP system id changes, the entire trunk flaps and an S TP re-convergence occurs. • Link aggregation can be used t o form multi-slot aggregate [...]

  • Page 454

    412 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Dynamic link aggregation 12 FIGURE 82 Examples of valid ag gregate links In this ex ample, assume that link aggregation is enabled on all of the links betw een the Dell Po werConnect device on the lef t and the devi ce on the right (which can be either a Del l Po werConnect device or a[...]

  • Page 455

    PowerConnect B-Series FCX Configuration Guide 413 53-1002266-01 Dynamic link aggregation 12 FastIron Stacka ble devices The follo wi ng not es an d f e ature limitations appl y to the P owerConnect B-Series FCX de vices. • The dynamic link aggregation ( 802.3ad) implemen tation allows an y number of por ts up to eight to be ag gregated into a lin[...]

  • Page 456

    414 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Dynamic link aggregation 12 Figure 83 shows an exam ple of 2-por t groups in a rang e of f our por t s on which link aggregation is enabled. Based on the states of the ports, some or all of them will be eligible t o be used in an aggregate link. FIGURE 83 T wo-por t groups used t o det[...]

  • Page 457

    PowerConnect B-Series FCX Configuration Guide 415 53-1002266-01 Dynamic link aggregation 12 NOTE Configuration commands for link aggregation differ depending on whe ther you are using the default link aggregation ke y automatically assigned by th e software, or if you are assigning a dif ferent, unique k ey . Follo w the commands below , according [...]

  • Page 458

    416 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Dynamic link aggregation 12 NOTE For more information about k eys , including details about the syntax shown abov e, refer to “K ey” on page 4 1 7. How changing the VLAN membership of a port affects trunk groups and dynamic keys When you change a port VLAN membership and the port i[...]

  • Page 459

    PowerConnect B-Series FCX Configuration Guide 417 53-1002266-01 Dynamic link aggregation 12 NOTE If you are co nnecting the Dell Pow erConnect de vice t o another vendor de vice and the link aggregation feature is not working, set the syst em priority on the Dell Pow erConnect device to a l o w e r p r i o r i t y ( a h i g h e r p r i o r i t y v [...]

  • Page 460

    418 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Dynamic link aggregation 12 FIGURE 84 Ports with the same k ey in different aggregat e links Notice that the k eys betw een one device and anot he r do not need to match. The only req uirement for key matching is that all the ports within an a ggregate link on a giv en device must hav [...]

  • Page 461

    PowerConnect B-Series FCX Configuration Guide 419 53-1002266-01 Dynamic link aggregation 12 FIGURE 85 Multi-slot aggregate link By default, the device por ts are divided int o 4- por t groups. The software dynamically assigns a unique k ey to each 4-port group. If yo u need to di vide a 4-port group into two 2-port groups, change the k ey in one of[...]

  • Page 462

    420 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Dynamic link aggregation 12 Syntax: show link -aggregate [ ethernet <por t> ] Specify the <por t> v a ri a b l e i n th e fo l l ow in g fo r m a ts : • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> Configuring link a ggregation par[...]

  • Page 463

    PowerConnect B-Series FCX Configuration Guide 421 53-1002266-01 Displaying and determining th e status of aggregate links 12 PowerConnect(config-mif-1/1-1/4)#interface ethernet 3/5 to 3/8 PowerConnect(config-mif-3/5-3/8)#link-aggregate off PowerConnect(config-mif-3/5-3/8)#link-aggregate configure key 10000 PowerConnect(config-mif-3/5-3/8)#link-aggr[...]

  • Page 464

    422 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying and determining th e status of aggregate links 12 Events that affect the status of ports in an aggregate link Dell Pow erConn ect devices can block traf fic o n a por t or shut do wn a por t that is par t of a trunk group or aggregate link, when a port joins a trunk group an[...]

  • Page 465

    PowerConnect B-Series FCX Configuration Guide 423 53-1002266-01 Displaying and determining th e status of aggregate links 12 NOTE Ports that are configured as par t of an aggregat e link mu st also ha ve the same ke y . For more information about assigning keys, ref er to the section “Link aggregation paramet ers ” on page 4 16. The show link-a[...]

  • Page 466

    424 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying and determining th e status of aggregate links 12 Displaying link aggregation and port st atus information for PowerConnect Stackable devices T o display link aggregation information f or devices in an Ir onStack, enter the sho w link-aggregate command. The o utput for an Ir[...]

  • Page 467

    PowerConnect B-Series FCX Configuration Guide 425 53-1002266-01 Clearing the negotiat ed aggregate lin ks table 12 Clearing the negotiated aggregate links table When a group o f por ts negotiates a trunk gr oup configuration, the software stores the neg otiated configuration in a table. Y ou can clear the negoti ated link aggregation configurations[...]

  • Page 468

    426 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring single link LACP 12 If si ngleton is configured on the port, the “Ke y” column displays “ singleton”. Ref er to “CLI display of link aggregation info rmation” on page 423 to inter pret the information on the displa yed output. Also, when por ts are logically br [...]

  • Page 469

    PowerConnect B-Series FCX Configuration Guide 427 53-1002266-01 Chapter 13 Configuring Virtual LANs (VLANs) Ta b l e 76 lists the individual Dell Pow erConnect PowerC o nnect switches and the VLAN f eatures they suppor t. VLAN overview The follo wing sections pro vide details about th e VLAN types and features suppor ted on the Po werConnect family[...]

  • Page 470

    428 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VLAN overview 13 • La yer 3 prot ocol VLANs – a subset of por ts within a por t -based VLAN that share a common, ex clusive broad cast domain for La yer 3 br oadcasts of the specified pro tocol type • IP subnet VLANs – a subset of ports in a por t-based VLAN that share a common[...]

  • Page 471

    PowerConnect B-Series FCX Configuration Guide 429 53-1002266-01 VLAN overview 13 NOTE VLAN IDs 408 7, 4090, and 4093 are reserved for Del l internal use only . VLAN 4094 is reser ved f or use by Single S TP . Also, if you are running an earlier release, VLAN IDs 409 1 and 4092 ma y be reserved for De ll internal use only . If you want t o use VLANs[...]

  • Page 472

    430 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VLAN overview 13 FIGURE 86 De ll Power Co n nec t device conta ining user-defi ned Lay er 2 port-based VLAN Layer 3 protocol-based VLANs If you w ant some or all of the por ts within a po r t-based VLAN to be organized according t o Lay er 3 protoc ol , yo u mu st co nf ig ur e a Layer[...]

  • Page 473

    PowerConnect B-Series FCX Configuration Guide 431 53-1002266-01 VLAN overview 13 • Other – The devic e sends broadcasts f or all protocol types o ther than those listed above t o all por ts with in the VLAN . Figure 87 sho ws an example of Lay er 3 prot ocol VLANs configured within a La yer 2 port-based VLAN. FIGURE 8 7 Lay er 3 protocol VLANs [...]

  • Page 474

    432 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VLAN overview 13 Integrated Switch Routing (ISR) The Dell Integrat ed Switch Routing (ISR) feature enables VLANs c onfig ured on Layer 3 Switc hes to ro ute La yer 3 traffic from one prot ocol VLAN or IP subnet, IPX networ k, or AppleT alk cable VLAN to another . Normally , to rout e t[...]

  • Page 475

    PowerConnect B-Series FCX Configuration Guide 433 53-1002266-01 VLAN overview 13 NOTE The Lay er 3 Switch routes packets betw een VLANs of the same protocol. The La yer 3 Switch cannot rout e from one pr otocol t o another . NOTE IP subnet VLANs are not the same th ing as IP protocol VLANs. An IP protocol VLAN sends all IP broadcasts on the ports w[...]

  • Page 476

    434 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VLAN overview 13 When you configure a port-based VLAN, one of the co nfiguration items you pr ovide is the po r ts that are in the VLAN. When you configure the VLAN , the Dell P owerConnect de vice automatically remov es the por ts that you place i n the VLAN from DEF AUL T -VLAN. By r[...]

  • Page 477

    PowerConnect B-Series FCX Configuration Guide 435 53-1002266-01 VLAN overview 13 FIGURE 89 Packe t containing a Dell 802. 1Q VLAN tag If you configure a VLAN that spans multiple de vi ces, you need t o use tagging only if a por t connecting one of the devices t o the other is a memb er of more than one por t-based VLAN. If a por t connecting one de[...]

  • Page 478

    436 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VLAN overview 13 FIGURE 90 VLANs configured across multiple devices Support for 802.1Q-in-Q tagging Dell Po werConnect devices pr ovide finer granularit y for configuring 802. 1Q tagging, enabling you t o configure 802. 1Q tag-types on a gr oup of por ts, thereby enabling the creation [...]

  • Page 479

    PowerConnect B-Series FCX Configuration Guide 437 53-1002266-01 VLAN overview 13 T o direct individual por ts or on a range of ports to this tag pr ofile, enter commands similar to the following. PowerConnect(config)# interface ethernet 1/1/1 PowerConnect(config-if-e1000-1/1/1)# tag-profile enable PowerConnect(config-mif-1/1/1,1/2/1)# tag-profile e[...]

  • Page 480

    438 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VLAN overview 13 If you want the device t o be able to send La yer 3 traf fic fr om one prot ocol VLAN t o another , you must configur e a vir tual routing interface on each protocol VLAN, then configure routing parameters on the vir tual r outing inter faces. For ex ample, to enable a[...]

  • Page 481

    PowerConnect B-Series FCX Configuration Guide 439 53-1002266-01 VLAN overview 13 VLAN and virtual routing interface groups Dell Pow erC onnect devices suppor t the con figuration of VLAN groups. T o simplify confi guration, you can configure VLAN gr oups and vir tual routing inter face gr oups. When you create a VLAN group, the VLAN parameters y ou[...]

  • Page 482

    440 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VLAN overview 13 FIGURE 92 VLAN with dynamic port s—all ports are active when you creat e the VLAN SUBNET Ports in a new pro tocol VLAN that do not receiv e traf fic for the VLAN pr otocol age out af ter 1 0 minutes an d become candidate por ts. Figure 93 shows what happens if a cand[...]

  • Page 483

    PowerConnect B-Series FCX Configuration Guide 441 53-1002266-01 VLAN overview 13 Static ports Static por ts are permanent members of the prot oc ol VLAN. The por ts remain active members of the VLAN regardless of whe ther the por ts receive tr affi c f o r the VLAN prot ocol . Y ou must explicitly identify the por t as a static por t when you add i[...]

  • Page 484

    442 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VLAN overview 13 Summary of VLAN configuration rules A hierarch y of VLANs exists between the La yer 2 and La yer 3 pr otocol-based VLANs: • Port-based VLANs are at the lowest lev el of the hierarch y. • Lay er 3 protocol- based VLANs, IP , IPv6, IPX, Appl eT alk, Decnet, and NetB [...]

  • Page 485

    PowerConnect B-Series FCX Configuration Guide 443 53-1002266-01 Routing between VLANs 13 Routing between VLANs Lay er 3 Switches can locally r oute IP , IPX, and Appletalk betw een VLANs defined within a single rout er . All other r outable prot ocols or pro tocol VLANs (f or exam ple, DecNet) must be r outed by another ext ernal router capable of [...]

  • Page 486

    444 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Routing between VLANs 13 If your backbone consists of vir tual routing interfaces all within the same STP domain, it is a bridged backbone, not a r outed one. This means that the set of backbone interfaces that are blocke d by STP will be block ed for r outed pr otocols as well. The ro[...]

  • Page 487

    PowerConnect B-Series FCX Configuration Guide 445 53-1002266-01 Routing between VLANs 13 NOTE does not change the pr oper ties of the default VLAN. Changing the name allows yo u to use the VLAN ID “1” as a configurable VLAN. Assigning different VLAN IDs to reserved VLANs 4091 and 4092 If you w ant to use VLANs 409 1 and 4092 as config urable VL[...]

  • Page 488

    446 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Routing between VLANs 13 Assigning trunk group ports When a “lead” trunk gr oup por t is assigned to a VLAN, all other members of the trunk group are automatically added t o that VLAN. A lead port is the first port of a trunk group por t range; fo r exam ple, “1” in 1 – 4 or [...]

  • Page 489

    PowerConnect B-Series FCX Configuration Guide 447 53-1002266-01 Routing between VLANs 13 FIGURE 94 Port-based VLANs 222 and 333 T o create the tw o por t-based VLANs shown in Figu re 94 , enter the f ollowing com mands. PowerConnect(config)# vlan 222 by port PowerConnect(config-vlan-222)# untagged ethernet 1 to 8 PowerConnect(config-vlan-222)# vlan[...]

  • Page 490

    448 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Routing between VLANs 13 FIGURE 95 More complex port-based VLAN T o configure the Port-based VLAN s on the La yer 2 Switches in Figure 95 , use the following method. Configuring device-A En ter the foll owi ng co mm an ds to co nf ig ur e d evi ce- A . PowerConnect> enable PowerConn[...]

  • Page 491

    PowerConnect B-Series FCX Configuration Guide 449 53-1002266-01 Routing between VLANs 13 Configuring device-B En ter the foll owi ng co mm an ds to co nf ig ur e d evi ce- B. PowerConnect> en PowerConnect# configure terminal PowerConnect(config)# hostname PowerConnect-B PowerConnect-B(config)# vlan 2 name BROWN PowerConnect-B(config-vlan-2)# unt[...]

  • Page 492

    450 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Routing between VLANs 13 Modifying a port-based VLAN Y ou can make the follo wing modifications to a por t-based VLAN: • Add or delet e a VLAN port. • Enable or disable S TP . Removing a port-based VLAN Suppose you w ant to remov e VLAN 5 from the e xample in Figure 95 . T o do so,[...]

  • Page 493

    PowerConnect B-Series FCX Configuration Guide 451 53-1002266-01 Routing between VLANs 13 4. En ter th e fo ll owi ng co mm an ds to ex it th e V LA N CONFIG mode and sav e the configuration to the syst em-config file on f lash memory. PowerConnect-A(config-vlan-4)# PowerConnect-A(config-vlan-4)# end PowerConnect-A# write memory Y ou can remove all [...]

  • Page 494

    452 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP subnet, IPX ne twork and protocol-based VLANs 13 T o configure a specific path-cost or priority valu e fo r a given por t, enter tho se values using the ke y wor ds in the brack ets [ ] shown in the syntax summar y below . If you do not want to specify values for an y gi[...]

  • Page 495

    PowerConnect B-Series FCX Configuration Guide 453 53-1002266-01 Configuring IP subnet, IPX network and protocol-b ased VLANs 13 FIGURE 96 Protocol-based (La yer 3) VLANs T o configure the V LANs shown in Figure 96 , use the f ollowing pr ocedure. 1. T o permanently assign por ts 1 – 8 and por t 25 to IP subnet VLAN 1.1 . 1.0, enter the f ollowing[...]

  • Page 496

    454 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP subnet, IPX network, and pr otocol-based VLANs within port-base d VLANs 13 PowerConnect(config-ipx-proto)# atalk-proto name Red PowerConnect(config-atalk-proto)# no dynamic PowerConnect(config-atalk-proto)# static ethernet 13 to 25 PowerConnect(config-atalk-proto)# end P[...]

  • Page 497

    PowerConnect B-Series FCX Configuration Guide 455 53-1002266-01 Configuring IP subnet, IPX network, and pr otocol-b ased VLANs w ithin port-based VLAN s 13 FIGURE 9 7 More prot ocol-based VLANs T o configure t he Lay er 3 VLANs on the Layer 2 Switches in Figure 9 7 , use the follo wing procedure. Configuring device-A En ter the foll owi ng co mm an[...]

  • Page 498

    456 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP subnet, IPX network, and pr otocol-based VLANs within port-base d VLANs 13 4. T o prev ent machines with non-IP pro tocols from getting into the IP por tion of VLAN 2, creat e another La yer 3 pr otocol VLAN t o excl ude all other pro tocols fr om the por ts that contain[...]

  • Page 499

    PowerConnect B-Series FCX Configuration Guide 457 53-1002266-01 Configuring IP subnet, IPX network, and pr otocol-b ased VLANs w ithin port-based VLAN s 13 PowerConnect-B(config-vlan-ipx-proto)# static e5 to 8 e25 to 26 PowerConnect-B(config-vlan-ipx-proto)# exclude e1 to 4 PowerConnect-B(config-vlan-other-proto)# vlan 3 name IP-Sub_IPX-Net_VLANs P[...]

  • Page 500

    458 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring an IPv6 protocol VLAN 13 Configuring an IPv6 protocol VLAN Y ou can configure a pro tocol-based VLAN as a broadc ast domai n for IPv6 traffic. When the Lay er 3 Switch receives an IPv6 multicast packet (a pack et with 06 in the v ersion field and 0xFF as the beginning of th[...]

  • Page 501

    PowerConnect B-Series FCX Configuration Guide 459 53-1002266-01 Routing between VLANs using virtual routin g interfaces (Layer 3 Switches only) 13 Example Suppose you want to mo ve routing out to each of three buildings in a network. R emember that the only pro tocols present on VLAN 2 and VLAN 3 are IP and IPX. Theref ore, you can eliminate tagged[...]

  • Page 502

    460 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) 13 PowerConnect>en No password has been assigned yet... PowerConnect# configure terminal PowerConnect(config)# hostname PowerConnect-A PowerConnect-A(config)# router ospf PowerConnect-A(config-ospf-router[...]

  • Page 503

    PowerConnect B-Series FCX Configuration Guide 461 53-1002266-01 Routing between VLANs using virtual routin g interfaces (Layer 3 Switches only) 13 PowerConnect-A(config-vlan-ip-subnet)# ipx-network 1 ethernet_802.3 PowerConnect-A(config-vlan-ipx-network)# static ethernet 13 to 16 PowerConnect-A(config-vlan-ipx-network)# router-interface ve4 PowerCo[...]

  • Page 504

    462 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Routing between VLANs using virtual routing interfaces (Layer 3 Switches only) 13 This completes the configuration for device-A. The conf iguration for de vice-B and C is very similar ex cept for a f ew issues which are as follows: • IP subnets and IPX networks configur ed on device-[...]

  • Page 505

    PowerConnect B-Series FCX Configuration Guide 463 53-1002266-01 Routing between VLANs using virtual routin g interfaces (Layer 3 Switches only) 13 PowerConnect-B(config-vif-4)# ipx network 7 ethernet_802.3 PowerConnect-B(config-vif-4)# vlan 4 name Bridged_ALL_Protocols PowerConnect-B(config-vlan-4)# untagged ethernet 17 to 24 PowerConnect-B(config-[...]

  • Page 506

    464 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring protocol VLANs wi th dynamic ports 13 PowerConnect-C(config-vlan-ip-subnet)# ipx-network 10 ethernet_802.3 PowerConnect-C(config-vlan-ipx-network)# static ethernet 13 to 16 PowerConnect-C(config-vlan-ipx-network)# router-interface ve4 PowerConnect-C(config-vlan-ipx-network)[...]

  • Page 507

    PowerConnect B-Series FCX Configuration Guide 465 53-1002266-01 Configuring protoco l VLANs with dynamic ports 13 Aging of dynamic ports When you add the port s to the VLAN, the softwa re automatically adds them all to the VLAN. How ever , dynamically added por ts age out. If the age time for a dynamic port expires, the software remov es the por t [...]

  • Page 508

    466 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring protocol VLANs wi th dynamic ports 13 Configuration guidelines • Y ou cannot dynamically add a port to a pro tocol VLAN if the por t has any r outin g configuratio n parameters. F or example, the port cannot hav e a vir tual r outing int er face, IP su bnet address, IPX n[...]

  • Page 509

    PowerConnect B-Series FCX Configuration Guide 467 53-1002266-01 Configuring protoco l VLANs with dynamic ports 13 PowerConnect(config)# vlan 10 by port name IP_VLAN PowerConnect(config-vlan-10)# untagged ethernet 1/1 to 1/6 added untagged port ethe 1/1 to 1/6 to port-vlan 10. PowerConnect(config-vlan-10)# ip-subnet 1.1.1.0/24 name Mktg-LAN PowerCon[...]

  • Page 510

    468 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring uplink ports within a port-based VLAN 13 Syntax: ipx-network <netw ork-addr> et hernet_ii | ethernet_802.2 | ethernet_802.3 | ethernet_snap [ name <string> ] Syntax: dynamic Configuring uplink ports within a port-based VLAN Y ou can configure a s ubset of the po[...]

  • Page 511

    PowerConnect B-Series FCX Configuration Guide 469 53-1002266-01 Configuring the same IP subnet addr ess on mult iple port-based VLANs 13 Configuring the same IP subnet address on multiple port-based VLANs For a De ll Power C on ne ct d evi ce to ro u te b et wee n po r t - ba se d V L AN s, you m us t a dd a vi r t u al rou ti ng interface to each [...]

  • Page 512

    470 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the same IP subnet addr ess on m ultiple port-based VLANs 13 FIGURE 1 00 Multiple port-based VLANs with the same prot ocol address Each VLAN st ill requires a separate vir tual routin g interface. Howe ver , all three VLANs now use the same IP subnet address. In addition to[...]

  • Page 513

    PowerConnect B-Series FCX Configuration Guide 471 53-1002266-01 Configuring the same IP subnet addr ess on mult iple port-based VLANs 13 NOTE If the Dell P owerConnect de vice ARP table do es not contain the requested host, the Dell Po werConnect device f or wards the ARP req uest on La yer 2 to the same VLAN as the one that received the ARP req ue[...]

  • Page 514

    472 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring VLAN groups and virtu al routing interface groups 13 NOTE Because vir tual routing inter faces 2 and 3 do not hav e their own IP sub net addresses but instead are “follo wing” vir tual routing interface a IP addr ess, you still can configure an IPX or AppleT alk interfa[...]

  • Page 515

    PowerConnect B-Series FCX Configuration Guide 473 53-1002266-01 Configuring VLAN groups and virtual routing interface groups 13 The first command in this example begins configuration for VLAN group 1 , and assigns VLANs 2 through 25 7 to the group. The sec ond command ad ds por ts 1/1 and 1/2 as tagged ports. Because all the VLANs in the gr oup sha[...]

  • Page 516

    474 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring VLAN groups and virtu al routing interface groups 13 Syntax: show vlan-group [ <group-id> ] The <group-id> specifies a VLAN group. If y ou do not use this parameter , the configuration inf ormation for all the configured VL AN groups is displa yed. Configuring a[...]

  • Page 517

    PowerConnect B-Series FCX Configuration Guide 475 53-1002266-01 Configuring VLAN groups and virtual routing interface groups 13 The r outer -inter face-group command enables a VLAN gr oup to us e a virtual routing interface group. Enter this command at the configura tion lev el fo r the VLAN group. This command co nfigures the VLAN group t o use th[...]

  • Page 518

    476 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring VLAN groups and virtu al routing interface groups 13 Allocating memory for more VLANs or virtual routing interfaces Lay er 2 and Lay er 3 Switches suppor t up to 4095 VL ANs. In addition, La yer 3 switches support up to 5 12 vir tual routing interfaces. The number of VLANs [...]

  • Page 519

    PowerConnect B-Series FCX Configuration Guide 477 53-1002266-01 Configuring super aggregated VLAN s 13 The <num> parameter indicat es the maximum number of vir tual routing int er faces. The range of valid v alues depends on the device y ou are configuring. Ref er to Ta b l e 7 8 . Configuring super aggregated VLANs Y ou can aggregate multipl[...]

  • Page 520

    478 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring super aggregated VLANs 13 FIGURE 1 0 1 Conceptual model of the super aggregat ed VLAN application Each client connect ed to the edge de vice is in its own port-b ased VLAN, which is like an A TM channel. All the clients’ VL ANs are aggregated by th e edge device int o a s[...]

  • Page 521

    PowerConnect B-Series FCX Configuration Guide 479 53-1002266-01 Configuring super aggregated VLAN s 13 FIGURE 1 02 Example of a super aggregat ed VLAN application In this example, a collocation ser vice pro vides pr ivate channels f or multiple clients. A lthough the same devices are used f or all the clients, the VLANs ensure that each client rece[...]

  • Page 522

    480 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring super aggregated VLANs 13 Configuration notes • Super Aggregated VL ANs and VSRP are not supported toge ther on the same device. Configuring aggregated VLANs T o configure aggregat ed VLANs, per form the f ollowing tasks: • On each edge device, co nfigure a separate por[...]

  • Page 523

    PowerConnect B-Series FCX Configuration Guide 481 53-1002266-01 Configuring super aggregated VLAN s 13 PowerConnect(config-vlan-104)# tagged ethernet 2/1 PowerConnect(config-vlan-104)# untagged ethernet 1/4 PowerConnect(config-vlan-104)# exit PowerConnect(config)# vlan 105 by port PowerConnect(config-vlan-105)# tagged ethernet 2/1 PowerConnect(conf[...]

  • Page 524

    482 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring super aggregated VLANs 13 NOTE In these exam ples, the configurations of the edg e de vices (A, B, E, and F) are identical. The configuratio ns of the core devices (C and D) also are identical. The aggreg ated VLAN configurations of the edge and core de vices on one side mu[...]

  • Page 525

    PowerConnect B-Series FCX Configuration Guide 483 53-1002266-01 Configuring super aggregated VLAN s 13 PowerConnectB(config)# vlan 105 by port PowerConnectB(config-vlan-105)# tagged ethernet 2/1 PowerConnectB(config-vlan-105)# untagged ethernet 1/5 PowerConnectB(config-vlan-105)# exit PowerConnectB(config)# write memory Commands for device C Becaus[...]

  • Page 526

    484 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1Q-in-Q tagging 13 PowerConnectE(config)# vlan 104 by port PowerConnectE(config-vlan-104)# tagged ethernet 2/1 PowerConnectE(config-vlan-104)# untagged ethernet 1/4 PowerConnectE(config-vlan-104)# exit PowerConnectE(config)# vlan 105 by port PowerConnectE(config-vlan-10[...]

  • Page 527

    PowerConnect B-Series FCX Configuration Guide 485 53-1002266-01 Configuring 802.1Q-in-Q tagging 13 FIGURE 1 03 802.1Q-in-Q configuration e xample In Figure 1 03 , the untagged por ts (to customer interfaces) accept frames that hav e any 802. 1Q tag other than the configured tag-type 9 1 00. These packets are considered untagged on this incoming por[...]

  • Page 528

    486 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1Q-in-Q tagging 13 PowerConnect(config)# tag-type 9100 ethernet 11 to 12 PowerConnect(config)# aggregated-vlan Note that because ports 11 and 12 belong t o the por t region 1 – 12, the 802.1Q tag ac tually applies to ports 1 – 12. Syntax: [ no ] tag-type <num>[...]

  • Page 529

    PowerConnect B-Series FCX Configuration Guide 487 53-1002266-01 Configuring 802.1Q-in-Q tagging 13 Example configuration Figure 104 sho ws an example 802. 1Q-in-Q configuration. FIGURE 1 04 Example 802.1Q-in-Q conf iguration Client 1 Port1 VLAN 101 Client 3 Port3 VLAN 103 Client 5 Port5 VLAN 105 ... ... Client 1 192.168.1.69/24 Client 5 209.157.2.1[...]

  • Page 530

    488 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring private V LANs 13 Configuring 802.1Q-in-Q tag profiles The 802. 1Q-in-Q tagging f eature suppor ts a tag-profile command that allo ws you to add a tag profile with a v alue of 0 to 0xff f f in addition t o the default tag-type 0x8 1 00. This enhancement also allows y ou to [...]

  • Page 531

    PowerConnect B-Series FCX Configuration Guide 489 53-1002266-01 Configuring private VLANs 13 FIGURE 1 05 PVLAN used t o secure communication between a wor kstation and ser vers This exam ple uses a PVLA N to secure t raff ic between hosts and the rest of the network thr ough a fir ewall. Five p or ts in thi s exam ple a re m emb er s of a PV LAN. T[...]

  • Page 532

    490 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring private V LANs 13 • Community – Bro adcasts and unkn own unicasts received on community por ts are sent to the primar y por t and also are flooded to th e other por ts in the community VLAN. Each PVLAN must hav e a primar y VLAN. The primar y VLAN is the inter face betw[...]

  • Page 533

    PowerConnect B-Series FCX Configuration Guide 491 53-1002266-01 Configuring private VLANs 13 F I G U R E 107 Example PVLAN netw ork with tagged ports Ta b l e 7 9 lists the dif f erences between PVLANs and standar d VLANs. Configuration notes • PVLANs are supported on untagged ports on all Po werConnect platforms. PVLANs are also suppor ted on ta[...]

  • Page 534

    492 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring private V LANs 13 Po werConnect de vice will flood unkno wn unicas t, unregistere d multicast, and broadcast pack ets in sof tware. The floodi ng of broadcast or unkno wn unicast from the community or isolated VLANs t o other secondary VLANs will be governed b y the PVLAN f[...]

  • Page 535

    PowerConnect B-Series FCX Configuration Guide 493 53-1002266-01 Configuring private VLANs 13 T o map the secondar y VLANs to the primary VLAN and t o configure the tagged switch link por t, enter c ommands such as th e following. PowerConnect(config)# vlan 100 PowerConnect(config-vlan-100)# tagged ethernet 1/1/10 to 1/1/11 PowerConnect(config-vlan-[...]

  • Page 536

    494 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring private V LANs 13 • An isolated VLAN must be associ ated with the primar y VLAN for traffic from the isolated port to be switched. An isolated VLAN is associated wi th only one primar y VLAN and to the same primar y VLAN in the entire switched network. • An isolated por[...]

  • Page 537

    PowerConnect B-Series FCX Configuration Guide 495 53-1002266-01 Configuring private VLANs 13 Enabling broadcast or unknown unicast traffic to the PVLAN T o enhance PVLAN security , the primar y PVLAN does not f or war d broadcast or unknown unicast pack et s to its community and isolated VLANs, and other ports in the primar y VLAN. For example, if [...]

  • Page 538

    496 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring private V LANs 13 CLI example for a general PVLAN network T o conf igure the PVLANs shown in Figure 1 05 on page 489, en ter the f ollowing comman ds. PowerConnect(config)# vlan 901 PowerConnect(config-vlan-901)# untagged ethernet 3/5 to 3/6 PowerConnect(config-vlan-901)# p[...]

  • Page 539

    PowerConnect B-Series FCX Configuration Guide 497 53-1002266-01 Dual-mode VLAN ports 13 PowerConnect(config)# vlan 100 by port PowerConnect(config-vlan-100)# tagged ethernet 1/1/10 to 1/1/11 PowerConnect(config-vlan-100)# pvlan type primary PowerConnect(config-vlan-100)# pvlan pvlan-trunk 102 ethernet 1/1/10 to 1/1/11 PowerConnect(config-vlan-100)#[...]

  • Page 540

    498 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Dual-mode VLAN ports 13 FIGURE 1 08 Dual-mode VLAN por t example T o enable the dual-mode feature on por t 2/11 in Figure 108 ,ent er the follo wing commands. PowerConnect(config)# vlan 20 PowerConnect(config-vlan-20)# tagged ethernet 2/11 PowerConnect(config-vlan-20)# tagged ethernet [...]

  • Page 541

    PowerConnect B-Series FCX Configuration Guide 499 53-1002266-01 Dual-mode VLAN ports 13 FIGURE 1 09 Specifying a default VLAN ID for a dual-mode port In Figure 109 , tagged por t 2/11 is a dual-mode port be longing to VLANs 1 0 and 20. The default VLAN assigned to this dual-mode por t is 1 0. This means that the por t transmits tagged traf fic on V[...]

  • Page 542

    500 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying VLAN informa tion 13 The show vlan command displays a separat e row for dual-mode po r ts on each VLAN. Example Displaying VLAN information Af ter y ou conf igure the VLANs, you can v erify the configuration using the sho w commands described in this sect ion. NOTE If a VLAN[...]

  • Page 543

    PowerConnect B-Series FCX Configuration Guide 501 53-1002266-01 Displaying VLAN information 13 Displaying system-wide V LAN information Use the sho w vlans command to displa y VLAN information for all the VLANs configured on the devic e. The fo llowing example shows the displa y for the IP subnet and IPX network VLANs configured in the exa mp le s [...]

  • Page 544

    502 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying VLAN informa tion 13 Syntax: show vlans [ <vlan-id> | ethernet [ <slotnum> / ] <po r tnum> ] The <vlan-id> parameter specifies a VLAN f or which you want to display the configuration information. The <slotnum> paramet er is required on chassis d[...]

  • Page 545

    PowerConnect B-Series FCX Configuration Guide 503 53-1002266-01 Displaying VLAN information 13 Syntax: show vlans [ <vlan-id> | ethernet [ <slotnum> / ] <po r tnum> The <vlan-id> parameter specifies a VLAN f or which you want to display the configuration information. The <slotnum> paramet er is required on chassis devi[...]

  • Page 546

    504 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying VLAN informa tion 13 • For untag ged por ts, the PVID is the VLAN ID number . • For dual-mode por ts, the PVID is the dual-mode VLAN ID number . • For tagged po r ts without dual-mode, th e PVID is always No t Applicable (NA). Syntax: show interfaces brief [ ethernet [[...]

  • Page 547

    PowerConnect B-Series FCX Configuration Guide 505 53-1002266-01 Chapter 14 Configuring GARP VLAN Registration Protocol (GVRP) Ta b l e 8 1 lists the individu al Dell Pow e rConnect swit ches and the GVRP f eatures they support. GVRP overview GARP VLAN Regi stration Protoc ol (GVRP) i s a Generic Attribute Registration Pro tocol (GARP) application t[...]

  • Page 548

    506 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Application examples 14 • IEEE draf t P802. 1t/D1 0, N ov ember 20, 2000 Application examples Figure 11 0 shows an example of a network that uses GVRP . This section describes various ways you can use G VRP in a network such as this one. “CLI examples” on page 522 lists the CLI c[...]

  • Page 549

    PowerConnect B-Series FCX Configuration Guide 507 53-1002266-01 Application examples 14 In this configuration, the edge devices are statical ly (manu ally) configured with VLAN information. The core device dynamically conf igures itself to be a member of each of the edge device VLANs. The operation of GVRP on the core device results in the f ollowi[...]

  • Page 550

    508 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VLAN names 14 Fixed core and dynamic edge G VRP learning is enabled on the edge devices. The VLANs on the c ore device are statically configur ed, and the core device is enabled to ad vertise its VLANs but not to learn VL ANs. The edge devices learn the VLANs fr om the core. Fixed core[...]

  • Page 551

    PowerConnect B-Series FCX Configuration Guide 509 53-1002266-01 Configuration notes 14 • Single STP must be e nabled on the device. Dell im plementation of GVRP requires Single S TP . If you do no t have an y statically configured VLAN s on the device, you can enable Single STP as follows. PowerConnect(config)#vlan 1 PowerConnect(config-vlan-1)#e[...]

  • Page 552

    510 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring GVRP 14 Configuring GVRP T o configure a device f or GVRP , globally enable su pport for the f eature, then enable the f eature on specific por ts. Optionally, you ca n disable VLAN learning or adver tising on specific inter faces. Y ou can also change the pro tocol timers [...]

  • Page 553

    PowerConnect B-Series FCX Configuration Guide 511 53-1002266-01 Configuring GV RP 14 Enabling GVRP T o enable GV RP , enter c ommands such as the following at the global CONFIG lev el of the C LI. PowerConnect(config)#gvrp-enable PowerConnect(config-gvrp)#enable all The first command globally enables suppor t for the f eature and changes the CLI to[...]

  • Page 554

    512 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring GVRP 14 Disabling VLAN learning T o disable VLAN learning on a por t enabled for G VRP , enter a command such as the following at the G VRP co nfiguration level. PowerConnect(config-gvrp)#block-learning ethernet 6/24 This command disables learning of VLAN inf orm ation on p[...]

  • Page 555

    PowerConnect B-Series FCX Configuration Guide 513 53-1002266-01 Configuring GV RP 14 • Leav eall – The min imum interval at wh ich GVRP sends Lea veall messages on all G VRP interfaces. Leav eall mess ages ensure that the G VRP VLA N membership information is current by aging out stale VLAN inf ormat ion and adding information f or new VLAN mem[...]

  • Page 556

    514 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Converting a VLAN created by GVRP into a statical ly-configured VLAN 14 • Lea ve – 600 ms • Leav eall – 1 0000 ms Converting a VLAN created by GVRP into a statically-configured VLAN Y ou cannot configure VLAN parame ters on VLAN s created by G V RP . Moreover , VLAN s and VLAN [...]

  • Page 557

    PowerConnect B-Series FCX Configuration Guide 515 53-1002266-01 Displaying GVRP information 14 • CPU utilization statistics • G V RP diagnostic information Displaying GVRP configuration information T o display G VRP conf iguration information, enter a command such as the f ollowing. Syntax: show gvrp [ ethernet <por t> ] Specify the <p[...]

  • Page 558

    516 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying GVRP information 14 T o display detailed G VRP inf ormation for an indivi dual port, enter a command suc h as the following. G VRP Join Timer The value of the Join timer . NO TE: F o r d e sc r i p t i o n s o f th e J o i n , L e a v e , a n d L e a v e a l l t i m e r s o [...]

  • Page 559

    PowerConnect B-Series FCX Configuration Guide 517 53-1002266-01 Displaying GVRP information 14 This display sho w s the f ollowing information. Displaying GVRP VLAN information T o display inf ormation about all the VLANs on the de vice, enter the f ollowing command. TA B L E 8 3 CLI displa y of detailed GVRP inf ormation for a po r t This field...[...]

  • Page 560

    518 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying GVRP information 14 Syntax: show gvrp vlan all | brief | <vlan-id> This display sho w s the f ollowing information. T o display detailed inf orm ation for a specific VLAN, enter a command such as the f ollowing. TA B L E 8 4 CLI display of summary VLAN information f or[...]

  • Page 561

    PowerConnect B-Series FCX Configuration Guide 519 53-1002266-01 Displaying GVRP information 14 This display sho w s the f ollowing information. T o display detaile d information f or all VLANs, enter the sho w gvrp vlan all com mand. Displaying GVRP statistics T o display G VRP statistics for a port, enter a command such as the f ollowing. Syntax: [...]

  • Page 562

    520 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying GVRP information 14 • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> This display sho ws the following inf orma tion fo r the por t. T o display G VRP statistics for all ports, enter the show gvrp statistics all comman d. Displaying C[...]

  • Page 563

    PowerConnect B-Series FCX Configuration Guide 521 53-1002266-01 Displaying GVRP information 14 If the soft ware has been running less than 15 minutes (the maximum interval for utilization statistics), the command indicat es how long the software has been ru nning. An example is given below . T o display utilization statistics for a specific number [...]

  • Page 564

    522 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Clearing GVRP statistics 14 Displaying GVRP dia gnostic information T o display diagnostic inf ormatio n, enter the follo wi ng command. Syntax: debug gvrp packe ts Clearing GVRP statistics T o clear the GV RP statistics counters, enter a command such as the following. PowerConnect#cle[...]

  • Page 565

    PowerConnect B-Series FCX Configuration Guide 523 53-1002266-01 CLI examples 14 Dynamic core and fixed edge In this configura tion, the edge devices adv er tis e their statically configured VLANs to the co re devic e. The core device does not have an y static ally configured VLANs but learns the VLANs from the edge de vices. Enter the f ollowing co[...]

  • Page 566

    524 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 CLI examples 14 PowerConnect(config-vlan-40)#exit PowerConnect(config)#gvrp-enable PowerConnect(config-gvrp)#enable ethernet 4/1 PowerConnect(config-gvrp)#block-learning ethernet 4/1 Dynamic core and dynamic edge In this configuration, the core and edge device s hav e no statically con[...]

  • Page 567

    PowerConnect B-Series FCX Configuration Guide 525 53-1002266-01 CLI examples 14 Fixed core and fixed edge The VLANs are statically configured on the core and edge devices. On each edge device, VL AN advertisin g is enabled but learning is disabled. GVRP is not configured on the core device. This configuration enables the devices in the edge c l oud[...]

  • Page 568

    526 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 CLI examples 14[...]

  • Page 569

    PowerConnect B-Series FCX Configuration Guide 527 53-1002266-01 Chapter 15 Configuring MAC-based VLANs Ta b l e 8 7 lists the individual Dell Pow erConnect swit ches and the MA C-based VLAN f eatures the y suppor t. Overview The MA C-based VLAN feature contr ols network a ccess by authenticating a host source MA C address, and mapping the incoming [...]

  • Page 570

    528 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Dynamic MAC-based VLAN 15 • Source MAC Address Auth entication • Policy-Based Classifi cation and F or warding Source MAC addre ss authentication Source MAC address authentication is per formed by a central RADIUS ser ver when it rec eives a P AP request with a username and passwor[...]

  • Page 571

    PowerConnect B-Series FCX Configuration Guide 529 53-1002266-01 Configuration notes and feature limitations 15 When this feature is no t enabled, the physical por t is statically added to the har dware table, regardless of the outcome of the authentication pr ocess. This f eature prevents the addition of un-authenticated ports to the VLAN table. F [...]

  • Page 572

    530 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuration notes a nd feature limitations 15 Configuration example The follo wi ng exam ple shows a MAC-based VLAN configuration. PowerConnect#show run Current configuration: ver 7.2.00aT7f1 fan-threshold mp speed-3 35 100 module 1 FCX-24-port-management-module module 4 FCX-xfp-2-po[...]

  • Page 573

    PowerConnect B-Series FCX Configuration Guide 531 53-1002266-01 Configuring MAC-base d VLANs 15 mac-authentication auth-fail-vlan-id 666 interface ethernet 0/1/1 mac-authentication mac-vlan max-mac-entries 5 mac-authentication mac-vlan 0030.4888.b9fe vlan 1 priority 1 mac-authentication mac-vlan enable interface ethernet 0/1/2 mac-authentication ma[...]

  • Page 574

    532 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring MAC-based VLANs 15 When both f eatu res are configured on a port, a device connect ed to the port is authenticated as follows. 1. MAC-based VLAN is per formed on the d evice to authenticat e the device MA C address. 2. If MAC-based VLAN is successful, the de vice then check[...]

  • Page 575

    PowerConnect B-Series FCX Configuration Guide 533 53-1002266-01 Configuring MAC-base d VLANs 15 Aging for MAC-based VLAN The aging pro cess for MA C-based VLAN works as described belo w. For permitted h osts For permitt ed ho sts, as long as the Dell Po werConnect device is receiving traffic aging does not occur . The age column in the output of th[...]

  • Page 576

    534 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring MAC-based VLANs 15 When the hardw are aging period ends, the sof tware aging period begins. T he sof tware aging period lasts for a configu rable amount of time (the def ault is 120 seconds). After the sof tware aging period ends, the MA C-based VLAN session is flushed, and[...]

  • Page 577

    PowerConnect B-Series FCX Configuration Guide 535 53-1002266-01 Configuring MAC-base d VLANs 15 PowerConnect(config)#interface e 3/1 PowerConnect(config-if-e1000-3/1)#mac-authentication disable-aging Syntax: [ no ] mac-authen tication disabl e-aging Configuring the maximum MAC addresses per port T o configure the max imum number of MA C a ddresses [...]

  • Page 578

    536 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring MAC-based VLANs 15 Configuring MAC-based VLAN for a dynamic host Follow the st eps given below t o confi g ure MA C-based VLAN f or a dynamic host. 1. Enable multi-device por t authenticati on globally using th e f ollowing command. PowerConnect(config)#mac-authentication e[...]

  • Page 579

    PowerConnect B-Series FCX Configuration Guide 537 53-1002266-01 Configuring MAC-based VLANs u sing SNMP 15 Configuring MAC-based VLANs using SNMP Sev eral MIB objects hav e been deve loped to a llow the configuration of MAC-based VLANs using SNMP . For more information, ref er to the IronWare MIB R eference Guid e . Displaying Information about MAC[...]

  • Page 580

    538 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying Information about MAC-based VLANs 15 Displaying allowed MAC addresses Enter the f ollowing comm and to displa y info rmation about successfu lly authenticated MAC addresses. PowerConnect#show table-mac-vlan allowed-mac --------------------------------------------------------[...]

  • Page 581

    PowerConnect B-Series FCX Configuration Guide 539 53-1002266-01 Displaying Information about MAC-based VLANs 15 PowerConnect(config)#show table-mac-vlan denied-mac ------------------------------------------------------------------------------- MAC Address Port Vlan Authenticated Time Age dot1x -------------------------------------------------------[...]

  • Page 582

    540 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying Information about MAC-based VLANs 15 . PowerConnect#show table-mac-vlan detailed e 0/1/2 Port : 0/1/2 Dynamic-Vlan Assignment : Disabled RADIUS failure action : Block Traffic Failure restrict use dot1x : No Override-restrict-vlan : Yes Vlan : (MAC-PERMIT-VLAN ) Port Vlan Sta[...]

  • Page 583

    PowerConnect B-Series FCX Configuration Guide 541 53-1002266-01 Displaying Information about MAC-based VLANs 15 Displaying MAC-VLAN information for a specific interface Enter the f ollowing command to display MA C-VLAN information for a specific int er face. The follo wing table describes the information in this output. This field... Displays... MA[...]

  • Page 584

    542 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying Information about MAC-based VLANs 15 Displaying MAC addresses in a MAC-based VLAN Enter the follo wing comm and to display a list of MA C addresses in a MAC-based VLAN. NOTE In this output, (MB V) indicates MA C-based VLAN is enabled. The f ollowing table describes the outpu[...]

  • Page 585

    PowerConnect B-Series FCX Configuration Guide 543 53-1002266-01 Clearing MAC-VLAN information 15 Displaying MAC-based VLAN logging Enter the f ollowing command to display MA C-based VLAN lo gging activity . Clearing MAC-VLAN information Enter the f o llowing command t o clear MAC- VLAN information. Add the inter face id to clear information f or a [...]

  • Page 586

    544 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Sample application 15 F I G U R E 111 Sample MA C-based VLAN configuration Host A MAC address is statically mapped to VLAN 1 with priority 1 and is not subjected t o RADIUS authenticatio n. When Ho st B MAC address is a uth enticated, the Access- Accept message fr om the RADIUS server [...]

  • Page 587

    PowerConnect B-Series FCX Configuration Guide 545 53-1002266-01 Sample application 15 mac-authentication hw-deny-age 30 mac-authentication auth-passwd-format xxxx.xxxx.xxxx interface ethernet 0/1/1 mac-authentication mac-vlan max-mac-entries 5 mac-authentication mac-vlan 0030.4888.b9fe vlan 1 priority 1 mac-authentication mac-vlan enable ! interfac[...]

  • Page 588

    546 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Sample application 15[...]

  • Page 589

    PowerConnect B-Series FCX Configuration Guide 547 53-1002266-01 Chapter 16 Configuring Rule-Based IP Access Control Lists (ACLs) Ta b l e 9 1 lists the individual Dell P owerConnect switches and A CL features the y su ppor t. This chapter describes how A ccess Control Lists (A CLs) are implemented and configured in the Dell PowerC on nec t d evic e[...]

  • Page 590

    548 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 ACL overview 16 NOTE For inf ormation about IPv6 ACLs, ref er to Chapter 1 9, “Configurin g IPv6 Access Contr ol Li sts (ACLs)” . ACL overview Dell Po werConnect de vices suppor t rule-based ACLs (sometimes called hardware-based A CLs), where the decisions to permit or den y packet[...]

  • Page 591

    PowerConnect B-Series FCX Configuration Guide 549 53-1002266-01 ACL overview 16 NOTE This is different from IP access policies. If yo u use IP access policies, you apply the individual policies to inter faces. • ACL e n t r y – Also called an ACL r ul e , this is a filter command associat ed with an A CL ID. The maximum number of ACL rules you [...]

  • Page 592

    550 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 How hardware-bas ed ACLs work 16 How hardware-based ACLs work When you bind an A CL to inbound traffic on an in ter face, the de vice programs the La yer 4 CAM with the A CL. Permit and den y rules are programmed. Most ACL rules req uire one Layer 4 CAM entr y. How ever , A CL rules th[...]

  • Page 593

    PowerConnect B-Series FCX Configuration Guide 551 53-1002266-01 Configuring standard numbered ACLs 16 NOTE Po werConnect B-Series FCX devices do no t supp or t ACLs o n Group VEs, e ven though the CLI contains commands f o r this action. • AC Ls apply to all traf fic, including managem ent traf fic. • The number of ACLs suppor ted per device is[...]

  • Page 594

    552 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring standard numbered ACLs 16 or Syntax: [ no ] access-list <ACL -nu m> deny | per mit <source-ip> / <mask-bits > | <ho stname> [ log ] Syntax: [ no ] access-list <ACL -nu m> deny | per mit host <source-ip> | <hostname> [ log ] Syntax: [...]

  • Page 595

    PowerConnect B-Series FCX Configuration Guide 553 53-1002266-01 Configuring standard named ACLs 16 The log a r g u m e n t c o n f i g u r es t h e d e v i c e t o g e n e r a te Syslog entries and SNMP traps for packe t s that are denied by the access policy . NOTE Y ou can enable logging on ACLs and filters that su pport logging even when the A C[...]

  • Page 596

    554 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring standard named ACLs 16 Standard named ACL syntax Syntax: [ no ] ip access-list standard <ACL -name> | <ACL -num> Syntax: deny | permit <source-ip> | <hostname> <wildcard> [ log ] or Syntax: deny | permit <source-ip> / <mask-bits> | [...]

  • Page 597

    PowerConnect B-Series FCX Configuration Guide 555 53-1002266-01 Configuring standard named ACLs 16 significant bits) and changes the no n-significant por tion of the IP address into ones. For exam ple, if you specify 209. 15 7 .22.26/2 4 or 209. 15 7 .22.26 0.0.0.255, then save the changes to the star tup-config file, the value appears as 209. 15 7[...]

  • Page 598

    556 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring extended numbered ACLs 16 The commands in this exam ple configure a standa rd A C L named “Net1”. The entries in this ACL deny pack ets from three source IP addresses fr om being forwarded on por t 1. Since the implicit action fo r an ACL is “deny”, the last A CL en[...]

  • Page 599

    PowerConnect B-Series FCX Configuration Guide 557 53-1002266-01 Configuring extended numbered ACLs 16 The <ACL - num> parameter is the e xtended access list nu mber . Specify a number from 1 00 – 199. The deny | permit paramete r indicates whether pack ets th at match the policy are dr opped or f or warded. The <ip-prot ocol> paramete[...]

  • Page 600

    558 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring extended numbered ACLs 16 • echo-reply • information-req ues t • log • mask-reply • mask-request • parameter -problem • redirect • source-q u ench • time-ex ceeded • timestamp-reply • timestamp-request • traf fic policy • unreachable • <num>[...]

  • Page 601

    PowerConnect B-Series FCX Configuration Guide 559 53-1002266-01 Configuring extended numbered ACLs 16 NOTE If the AC L is for a vir tual routing interface, you al so can specify a subset of ports within the VLAN containing that inter face when assignin g an ACL to t he in te r fa ce . Refer to “Configuring standard numbered ACLs” on page 55 1. [...]

  • Page 602

    560 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring extended numbered ACLs 16 The 802. 1p-prior ity -matchi ng option inspects the 802. 1p bit in the ACL that can be used with adaptive rat e limiting. Enter a value from 0 – 7 . For details, ref er to “Inspec ting the 802.1p bit in the AC L for adaptive rate limiting” o[...]

  • Page 603

    PowerConnect B-Series FCX Configuration Guide 561 53-1002266-01 Configuring extended numbered ACLs 16 The fifth entr y denies all OSPF traf fic and generat es Syslog entries for denied traffic. The sixth entr y permits all packets that are no t explicitly denied by the other entries. Without this entr y , the A CL would den y all incoming or outgoi[...]

  • Page 604

    562 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring extended named ACLs 16 Configuring extended named ACLs The commands for configuring named ACL entries ar e different fr om the commands fo r configuring numbered ACL entries. The command to configure a numbered A CL is access-list . The command for conf iguring a named AC L[...]

  • Page 605

    PowerConnect B-Series FCX Configuration Guide 563 53-1002266-01 Configuring extended named ACLs 16 The <ip-prot ocol> parameter indicat es the type of IP pack et you are filt ering. Y o u can specify a well-known name f or any pr otocol whose number is less than 255. For other pr otocols, you must enter the number . Enter “?” instead of a[...]

  • Page 606

    564 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring extended named ACLs 16 • mask-reply • mask-request • parameter -problem • redirect • source-q u ench • time-ex ceeded • timestamp-reply • timestamp-request • traf fic policy • unreachable • <num> The <tcp/udp comparison operat or> parameter[...]

  • Page 607

    PowerConnect B-Series FCX Configuration Guide 565 53-1002266-01 Configuring extended named ACLs 16 NOTE If the AC L is for a vir tual routing interface, you al so can specify a subset of ports within the VLAN containing that inter face when assignin g an ACL to t he in te r fa ce . Refer to “Configuring standard numbered ACLs” on page 55 1. The[...]

  • Page 608

    566 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Preserving user input for ACL TCP/UDP port numbers 16 The 802. 1p-prior ity -matchi ng option inspects the 802. 1p bit in the ACL that can be used with adaptive rat e limiting. Enter a value from 0 – 7 . For details, ref er to “Inspec ting the 802.1p bit in the AC L for adaptive ra[...]

  • Page 609

    PowerConnect B-Series FCX Configuration Guide 567 53-1002266-01 Managing ACL comment text 16 The follo wi ng exam ple shows how this feature w ork s for a T CP por t (this feature works the same wa y for UDP ports). In this example, the user identifies the TCP port by number (80 ) when configuring A CL group 1 40. Howe ver , show ip access-lis t 1 [...]

  • Page 610

    568 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Managing ACL comment text 16 The <comment-t ext> can be up t o 128 characters in length. The comment must be ent ered separately fr om the actu al ACL entry; that is , you cannot ent er the ACL entry and the ACL comme nt with the same access-list or ip access-list command. Also, [...]

  • Page 611

    PowerConnect B-Series FCX Configuration Guide 569 53-1002266-01 Applying an ACL to a virtual interfac e in a protocol- or subnet-based VLAN 16 Syntax: show runni ng-config The follo wing example shows the comment t ext f or an ACL in a show access-list display . The output is identical in a show ip access-list display . Syntax: show access-list <[...]

  • Page 612

    570 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Enabling ACL lo gging 16 PowerConnect(config-vif-10)#int ve 20 PowerConnect(config-vif-20)#ip access-group test1 in PowerConnect(config-vif-20)#ip address 10.15.1.10 255.255.255.0 PowerConnect(config-vif-20)#exit PowerConnect(config)#ip access-list extended test1 PowerConnect(config-ex[...]

  • Page 613

    PowerConnect B-Series FCX Configuration Guide 571 53-1002266-01 Enabling ACL logging 16 • A CL logging is intended for debugging purpo ses. Dell recommends that yo u disable A CL logging af ter the debug session is o ver . Configuration Tasks T o enable ACL logging, complete the f ollowing st eps: 1. Create A CL entries with the log option 2. Ena[...]

  • Page 614

    572 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Enabling strict contro l of ACL filtering of fragmented packets 16 Displaying ACL Log Entries The first time an entr y in an ACL permits or denie s a pack et and logging is enabled f or that entr y , the sof tware generates a Syslog m essage and an SNMP trap. Messages f or packets perm[...]

  • Page 615

    PowerConnect B-Series FCX Configuration Guide 573 53-1002266-01 Enabling ACL support for switched traffic in the ro uter image 16 The fragments are f or warded e ven if the first fr agment, which contains th e Layer 4 inf ormation, was denied. Gene rally , denying the first fragme nt of a packet is suffici ent, since a transact ion cannot be com pl[...]

  • Page 616

    574 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Enabling ACL filtering ba sed on VLAN membership or VE port memb ership 16 Y ou can apply an inbound IPv4 ACL to specific VLAN members on a po r t (Lay er 2 devices only) or to specific por ts on a vir tual inter face (VE) (Lay er 3 Devices only). By def ault, this feature suppor t is [...]

  • Page 617

    PowerConnect B-Series FCX Configuration Guide 575 53-1002266-01 Enabling ACL filtering based on VLAN membership or VE port membership 16 PowerConnect(config)#access-list 10 permit PowerConnect(config)#int e 1/23 PowerConnect(config-if-e1000-1/23))#per-vlan 12 PowerConnect(config-if-e1000-1/23-vlan-12))#ip access-group 10 in The commands in this exa[...]

  • Page 618

    576 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using ACLs to filter ARP packets 16 Specify the <por t> v a ri a b l e i n th e fo l l ow in g fo r m a ts : • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> Using ACLs to filter ARP packets Y ou can use ACLs to filter ARP packets. Without[...]

  • Page 619

    PowerConnect B-Series FCX Configuration Guide 577 53-1002266-01 Using ACLs to filt er ARP packets 16 PowerConnect(config-ve-2)# exit PowerConnect(config)# interface ve 3 PowerConnect(config-ve-3)# ip access-group 102 in PowerConnect(config-ve-3)# ip follow ve 2 PowerConnect(config-ve-3)# ip use-ACL-on-arp PowerConnect(config-ve-3)# exit PowerConnec[...]

  • Page 620

    578 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering on IP precedence and ToS values 16 Clearing the filter count T o clear the filter c ount for all int er faces on the de vice, enter a command such as the f ollowing. PowerConnect(config)# clear ACL-on-arp The abo ve command resets the filt er count on all inter faces in a de [...]

  • Page 621

    PowerConnect B-Series FCX Configuration Guide 579 53-1002266-01 QoS options for IP ACLs 16 For de tails about the edge por t security feature, re fer to “Using TCP Flags in combination with other ACL fe a t u re s ” on page 1202. QoS options for IP ACLs Quality of Service (QoS) options enable y ou to per form QoS for pack ets that match the ACL[...]

  • Page 622

    580 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 QoS options for IP ACLs 16 PowerConnect(config)#access-list 101 permit ip any any internal-priority-marking 6 The f ollowing command is not supported. PowerConnect(config)#access-list 101 permit ip any any dscp-marking 43 802.1p-priority-marking 4 internal-priority-marking 6 Using an I[...]

  • Page 623

    PowerConnect B-Series FCX Configuration Guide 581 53-1002266-01 QoS options for IP ACLs 16 PowerConnect(config)#acc 105 per tcp any any 802.1p-priority-marking 1 internal-priority-marking 5 Syntax: access-list <num(100-199)> permit tcp an y any 802. 1p-priority-marking <priority value (0-7)> [ internal-priority-marking <value (0-7)&g[...]

  • Page 624

    582 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 ACL-based rate limiting 16 Syntax: ...ds cp-matc hing <0 – 63> NOTE For com plete syntax inf ormation, refer to “Extended numbered A CL syntax” on page 556. ACL-based rate limiting A CL -based rat e limiting pr ovides the f acility t o limit the rat e for IP tr af fic that [...]

  • Page 625

    PowerConnect B-Series FCX Configuration Guide 583 53-1002266-01 Displaying ACL informatio n 16 PowerConnect#show access-list 100 Extended IP access list 100 (hw usage : 2) deny ip any any (hw usage : 1 The first command enables hardw are usage stat istics, and the second command displa ys the hardware usage for IP access l ist 1 00 .4 Syntax: show [...]

  • Page 626

    584 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Policy-b ased rout ing (PBR) 16 Policy-based routing (PBR) Policy-Based Routing (PBR) allows you t o us e A CLs and r oute maps to selectiv ely modify and rout e IP packets in hardw are. The ACLs classify the tr af fic. Rout e maps that match on the ACLs se t routing attribut es for th[...]

  • Page 627

    PowerConnect B-Series FCX Configuration Guide 585 53-1002266-01 Policy-based routing (PBR) 16 Configuring a PBR policy T o configure PBR, you define the policies using IP A CLs and rout e maps, then enable PBR globally or on individual int er faces. The device pr ogra ms the AC Ls into the pack et processor on the interfaces and routes traffic that[...]

  • Page 628

    586 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Policy-b ased rout ing (PBR) 16 The <wildcar d> parameter specifies the mask value to co mpare against the host address specified by th e <source-ip> parameter . Th e <wildcard> is in d otted -d ecim al nota ti on ( IP a ddr ess form at) . It is a f our-part value, wh[...]

  • Page 629

    PowerConnect B-Series FCX Configuration Guide 587 53-1002266-01 Policy-based routing (PBR) 16 The commands in this example configure an entry in a rout e map named “test-r oute”. The match statement matches on IP inf ormation in ACL 99. The set st atement changes the next-hop IP address for pack ets that m atch to 192. 168.2. 1. Syntax: [ no ] [...]

  • Page 630

    588 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Policy-b ased rout ing (PBR) 16 The commands in this exam ple change the CLI to the I n terface lev el for virtual inter face 1, then apply the “test-r oute” ro ute map to the int er face. Y ou can apply a PBR rout e map to Ethernet por ts or vir tual inter faces. Syntax: ip policy[...]

  • Page 631

    PowerConnect B-Series FCX Configuration Guide 589 53-1002266-01 Policy-based routing (PBR) 16 PowerConnect(config)#access-list 50 permit 209.157.23.0 0.0.0.255 PowerConnect(config)#access-list 51 permit 209.157.24.0 0.0.0.255 PowerConnect(config)#access-list 52 permit 209.157.25.0 0.0.0.255 The following commands configure thre e entries in a rout [...]

  • Page 632

    590 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Policy-b ased rout ing (PBR) 16 The following command enables PB R by globally applying the r oute map to all interfaces. PowerConnect(config)#ip policy route-map file-13 Alternatively , you can enable PBR on specific in terfaces, as shown in the follo wing example. The commands in thi[...]

  • Page 633

    PowerConnect B-Series FCX Configuration Guide 591 53-1002266-01 Chapter 17 Configuring Quality of Service Ta b l e 9 3 lists the individu al Dell PowerConnect swit ches and the Quality of Service (QoS) f eatures they support. 8802.1 Classification Quality of Service (QoS) features are used t o priori tize the use of bandwidth in a switch. When QoS [...]

  • Page 634

    592 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Classification 17 • Static MA C address • Lay er 2 Class of Ser vice (CoS) value – This is the 802. 1p priority value in the Etherne t frame. It can be a value fr om 0 through 7 . The 802. 1p pr iority is also called the Clas s of Ser vice. • Lay er 3 Dif ferentiat ed Ser vices[...]

  • Page 635

    PowerConnect B-Series FCX Configuration Guide 593 53-1002266-01 Classification 17 FIGURE 1 12 De termining a packet trust le vel - Pow erConnect B-Series FCX devices Once a packe t is classified, it is mapped t o an internal f or warding queue. There are eight q ueues designated 0 thr ough 7 . The internal f or war ding priority maps to one of thes[...]

  • Page 636

    594 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Classification 17 Mapping between DSCP v alue and forwarding q ueue cannot be changed. Ho wev er , mapping between DSCP values and other properties can be changed as f ollows: TA B L E 9 4 Default QoS mappings, columns 0 to 1 5 D S C P v a l u e 01234567891 0 1 1 1 2 1 2 1 4 1 5 802. 1[...]

  • Page 637

    PowerConnect B-Series FCX Configuration Guide 595 53-1002266-01 QoS for stackable devices 17 • DSCP t o internal forwarding priority mappi ng – Y ou can change the mapping between the DSCP value and the internal f orwarding priori ty value from the default v alues shown in Ta b l e 9 4 through Ta b l e 97 . This mappin g is used f o r CoS marki[...]

  • Page 638

    596 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 QoS queues 17 QoS behavior on port priority and VLAN priority in an IronStack Port priority and VLAN priority hav e a higher pr ecedence than the 802. 1p priority examination. If por t priority is set to 7, all incoming tr af fic is mapped to int ernal hardware q ueue 6. When stacking [...]

  • Page 639

    PowerConnect B-Series FCX Configuration Guide 597 53-1002266-01 Assigning QoS priorities to traffic 17 When you change the priority , you specify a number from 0 thr ough 7 . The priority number specifies the IEEE 802. 1 equivalent t o one of the eight Qo S queues on Dell Pow erConnect devices. The numbers correspond t o the queues as sho wn in Ta [...]

  • Page 640

    598 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 802.1p priority override 17 Buffer allocation/threshold for QoS queues By default, Dell Ironw are sof tware allocates a cer t ain number of buf f ers to the outbound transpor t queue f or each por t based on QoS priority . Th e buffers contr ol the t otal number of packe ts permitted i[...]

  • Page 641

    PowerConnect B-Series FCX Configuration Guide 599 53-1002266-01 Marking 17 Marking Marking is the process o f changing the packet QoS information (the 802. 1p and DSCP information in a packet) f or the next hop. F or example, f or tr af fic coming from a de vice that does not suppor t Differentiated Services (Dif fServ), you can change the packe t [...]

  • Page 642

    600 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the QoS mappings 17 PowerConnect stackable devices Po werConnect B-Series FCX devices suppo r t DSCP -base d QoS on a per-port basis. DSCP-based QoS is not automatically honored fo r switched traf fic. The default is 802. 1p to CoS mapping. T o honor DSCP-based QoS, ent er [...]

  • Page 643

    PowerConnect B-Series FCX Configuration Guide 601 53-1002266-01 Configuring the QoS mappings 17 1 Y o u can change the DSCP to internal forwarding mappi ngs. Y ou als o can change t he internal forwarding priorit y to hardw are forwar ding queue mappings. Changing the DSCP to internal forwarding priority mappings T o change the DSCP to internal f o[...]

  • Page 644

    602 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the QoS mappings 17 Changing the VLAN prio rity 802.1p to hardware forwarding queue mappings T o map a VLAN priority to a different har dware f or warding qu eue, enter commands such as the following at the g lobal CONF IG level of the CLI . PowerConnect(config)#qos tagged-[...]

  • Page 645

    PowerConnect B-Series FCX Configuration Guide 603 53-1002266-01 Scheduling 17 The exam ple configuration described below is f or a default, non-jumbo mode. The hardware queues f or WRR mode is calculat ed as follo ws. F ront end queue 3= 75%+7% = 82% F ront end queue 2 = 3%+3% = 6% F ront end queue 1 = 3%+3% = 6% F ront end queue 0 = 3%+3% = 6% The[...]

  • Page 646

    604 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Scheduling 17 NOTE Queue cycles on t he PowerConnect devices are based on b y tes. T hese devices ser vice a given number of byte s (based on weight) in each qu eue cy cle. FES and BI/FI queue cy cles are based on pack ets. The byt es-based scheme is more accurate than a packets- based[...]

  • Page 647

    PowerConnect B-Series FCX Configuration Guide 605 53-1002266-01 Scheduling 17 Selecting the QoS queuing method By default, Dell P owerConnect de vices use the WRR method of packet prioritization. T o change the method to strict priority , enter the f ollowing command at the global CONFIG level of the CLI. PowerConnect(config)#qos mechanism strict T[...]

  • Page 648

    606 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Scheduling 17 When the queuing me thod is weighted round ro bin, the sof tware int e rnally translates the percentages int o weights. The weight associated with each queue controls how man y packets are processed f or the queue at a giv en stage of a cycle thr ough the weighted round r[...]

  • Page 649

    PowerConnect B-Series FCX Configuration Guide 607 53-1002266-01 Scheduling 17 The <percentage> variable specifie s a number for the per centage of the de vice outbound bandwidth that is allocated t o the queue. Dell QoS queues req uire a minimum bandwidth percentage of 3 per cent for each priority . When jumbo frames are enabl ed, the minimum[...]

  • Page 650

    608 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Viewing QoS settings 17 Viewing QoS settings T o display the QoS se ttings for all of the q ueues, enter the sho w q os-profiles command. Syntax: show qos-pr ofiles all | <name> The all parameter displa y s the settings f or all eight queues . The <name> variable displa ys [...]

  • Page 651

    PowerConnect B-Series FCX Configuration Guide 609 53-1002266-01 Viewing DSCP-based QoS settings 17 The show qos-tos command can also be used to display co nfiguration information f or 8 to 4 queue mapping. The f ollowing e xample displays 8 to 4 queue mapping configuration. TA B L E 10 4 DSCP-based QoS config uration information This field... Displ[...]

  • Page 652

    610 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Viewing DSCP-based QoS settings 17 Syntax: show qos-tos The show qos-tos command displa ys the following inf o rmation about 8 to 4 queue mapping. TA B L E 10 5 8 to 4 queue mapping configuration information This field... Displays... Priority-> Hardware Queue Priority and Har dware [...]

  • Page 653

    PowerConnect B-Series FCX Configuration Guide 611 53-1002266-01 Chapter 18 Configuring Traffic Policies Ta b l e 1 0 6 lists the individual Dell Pow erConnect swit ches and the traffic policy features the y suppor t. Traffic policies overview This chapter describes ho w traf fic policies are im plemented and configured in the Po werConnect devices.[...]

  • Page 654

    612 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuration notes a nd feature limitations 18 Configuration notes and feature limitations Note the f ollowing when co nfiguring traf fic policies: • T raf fic policies applies t o IP ACLs only . • The maximum number of supported active TPDs is a system-wide parame ter and depends[...]

  • Page 655

    PowerConnect B-Series FCX Configuration Guide 613 53-1002266-01 ACL-based rate limiting using traffic policies 18 • By default, up t o 1 024 active traffic policies are suppor ted o n La yer 2 switches. This value is fixe d on Lay er 2 switches and cannot be modified. • On Po werConnect B-Series FCX devices, up t o 1 02 4 active traff ic polici[...]

  • Page 656

    614 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 ACL-based rate limiting using traffic policies 18 Y ou can configure A CL -based rate limiti n g on the f ollowing interface types: • Physical Ethernet int er faces • V irt ua l i nt e rf a ce s • Tr u n k p o r t s • Specific VLAN members on a por t (refer to “ Applying an I[...]

  • Page 657

    PowerConnect B-Series FCX Configuration Guide 615 53-1002266-01 ACL-based rate limiting using traffic policies 18 PowerConnect(config)#interface ethernet 5 PowerConnect(config-if-e5)#ip access-group 101 in PowerConnect(config-if-e5)#exit The previous commands configure a fix ed rate limi ting policy tha t allows por t e5 to receive a maximum traffi[...]

  • Page 658

    616 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 ACL-based rate limiting using traffic policies 18 If a por t receives more than the configured bit or byt e rate in a one-second int er val, the por t will either drop or forward subsequent data in hardware, depe nding on the action you specify . T o implement the ACL -based adaptive r[...]

  • Page 659

    PowerConnect B-Series FCX Configuration Guide 617 53-1002266-01 ACL-based rate limiting using traffic policies 18 Use the no f orm of the command to delet e a traf fic policy def in iti on . Note t ha t yo u ca nnot de lete a traf fic policy definition if it is currently in use on a por t. T o delete a traffic policy , first unbind the associated A[...]

  • Page 660

    618 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 ACL-based rate limiting using traffic policies 18 • Drop pack ets that exceed the limit. • Permit pack ets that ex ceed the limit and forward them at the lo west priority lev el. Dropping packets t hat exceed the limit This section shows some example configurations and provides the[...]

  • Page 661

    PowerConnect B-Series FCX Configuration Guide 619 53-1002266-01 ACL statistics and rate limit counting 18 Syntax: [no] traf fic-policy <TPD name> rate-limit adaptive cir <cir value> cbs <cbs value> pir <pir value> pbs <pbs value> ex ceed-action permit-at-low-pri ACL statistics and rate limit counting AC L statistics, a[...]

  • Page 662

    620 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 ACL stati stics and rate limit count ing 18 The sof tware allo ws you to add a ref erence to a no n-exist ent TPD in an ACL stat ement and to bind that A CL to an interface. The sof tware does no t issue a warning or error message f or non-existent TPDs. Use the no f orm of the command[...]

  • Page 663

    PowerConnect B-Series FCX Configuration Guide 621 53-1002266-01 ACL statistics and rate limit counting 18 Syntax: show access-list a ccounting traffic-policy [ <TPD name> ] or Syntax: show statisti cs traffic-policy [ <TPD name> ] The <TPD name> var iab le is the name of the traffic policy definition f or which you w ant to displa[...]

  • Page 664

    622 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Viewing traffic policies 18 or Syntax: clear statisti cs traffic-policy <TPD name> The <TPD name> is t h e n a m e o f t h e t r a f f i c policy definition f or which you want to cl ear traf fic policy counters. Viewing traffic policies T o view traffic policies that are c[...]

  • Page 665

    PowerConnect B-Series FCX Configuration Guide 623 53-1002266-01 Chapter 19 Configuring Base Layer 3 and Enabling Routing Protocols Ta b l e 1 1 1 lists the indi vidual Dell PowerConnect sw itches and the base Lay er 3 features the y suppor t. NOTE Lay er 2 with base Layer 3 images pr ovide static RIP suppor t. The device do es not learn RIP rout es[...]

  • Page 666

    624 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Adding a static ARP entry 19 or Syntax: [ no ] ip rout e <dest-ip-ad dr> / <mask-bits> <ne xt-hop-ip-addr> [ <metric> ] [ tag <num> ] The <dest-ip- addr> is the rout e des tination. The <dest- mask> is the networ k mask for the route destinatio[...]

  • Page 667

    PowerConnect B-Series FCX Configuration Guide 625 53-1002266-01 Modifying and displaying layer 3 system parameter limits 19 Modifying and displaying layer 3 system parameter limits This section shows how t o view and configure some of the Lay er 3 system parameter limits. Configuration notes • Changing the sys tem paramet er s reconfigures the de[...]

  • Page 668

    626 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RIP 19 The follo wing shows an exampl e output on a IPV6 device. Configuring RIP If you w ant the Dell Pow erConnect device to use RI P , you must enab le the prot ocol globally , then enable RIP on individual ports. When you enable RIP on a por t, you also must specify the[...]

  • Page 669

    PowerConnect B-Series FCX Configuration Guide 627 53-1002266-01 Configuring RIP 19 • Rout e redistribution – Y ou can enable the sof tware to redistribute static ro utes from the IP rout e table into RIP . Redistri bution is disabled by def ault. • Learning of default r outes – The def ault is disabled. • Loop pre vention (split horizon o[...]

  • Page 670

    628 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RIP 19 When you enable redistribution, all IP static routes are redistributed by def ault. If you want to den y cer tain routes fr om being redistributed into RIP , configure den y filters f or those rout es before y ou enable redistribution. Y ou can configure up to 64 RIP[...]

  • Page 671

    PowerConnect B-Series FCX Configuration Guide 629 53-1002266-01 Other layer 3 protocols 19 T o enable RIP redistribution , enter the f ollowing command. PowerConnect(config-rip-router)#redistribution Syntax: [ no ] redistribution Enabling learning of default routes By default, the software does not learn RIP default ro utes. T o enable learning of [...]

  • Page 672

    630 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Enabling or disabl ing layer 2 switching 19 • IGMP • IP • IP multicast (DVMRP , PIM-SM, PIM-DM) • OSPF • RIPV1 and V2 • VRRP • VRRPE • VSRP IP routing is enabled b y default on devices running La yer 3 code. All other pr otocols are disabled, so you must enable them t o[...]

  • Page 673

    PowerConnect B-Series FCX Configuration Guide 631 53-1002266-01 Enabling or disabling layer 2 switching 19 Syntax: no route-onl y T o disable Layer 2 switching only on a specific interface, go to the Interface configu ration lev el f or that int er face, then disable the f eature. The f ollowing commands show ho w to disable La yer 2 switching on p[...]

  • Page 674

    632 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Enabling or disabl ing layer 2 switching 19[...]

  • Page 675

    PowerConnect B-Series FCX Configuration Guide 633 53-1002266-01 Chapter 20 Configuring Port Mirroring and Monitoring Ta b l e 1 1 2 lists the individual Dell Po werConnect swit ches and the mirroring f e atures they support. The procedures in this chapt er describe how to co nfigure por t mirroring on De ll Pow erConnect devic es. Overview Port mir[...]

  • Page 676

    634 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring port mirroring and monitoring 20 Configuration notes Ref er to the f ollowing rules when conf iguring por t mirroring and monit oring: • Port monitoring and sFlow s upport: • Po werConnect B-Series FCX devices support sF low and port monitoring together on the same por [...]

  • Page 677

    PowerConnect B-Series FCX Configuration Guide 635 53-1002266-01 Configuring port mirroring and monitoring 20 • For ingress A CL mirroring, the previous ingress rule also applies. The analyzer por t setting command acl-mirror-port must be specified for each po r t, e ven though the har dware only suppor ts one por t per device. This applies whe th[...]

  • Page 678

    636 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring port mirroring and monitoring 20 The both , in , and out parameters specify the traffic direction you w ant to mo nitor on the mirr or port. There is no def ault. T o display the port monitoring configuration, enter the show monit or and show mirr or comman ds. Monitoring a[...]

  • Page 679

    PowerConnect B-Series FCX Configuration Guide 637 53-1002266-01 Configuring mirroring on an Ironstack 20 Configuring mirroring on an Ironstack Y ou can configure mirroring on a De ll IronStack. An IronStack consists of up to 8 PowerConnect B-Series FCX de vices. The stack operates as a chassis. Th e following e xamples show how t o configure mirr o[...]

  • Page 680

    638 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 ACL-based inbound mirroring 20 ACL-based inbound mirroring This section describes ACL -based inbound mirroring f or Pow erConnect devices. Creating an ACL-based inbound mi rror clause for PowerConnect B-Series FCX devices The follo wi ng e x ample shows ho w to config ure an ACL -based[...]

  • Page 681

    PowerConnect B-Series FCX Configuration Guide 639 53-1002266-01 VLAN-based mirroring 20 1. Define a mirror port T o activat e mirroring on a por t, use the mirror command in the global configuration mode. Example PowerConnect(config)#mirror e 0/1/14 Configurati on Notes • If there is no input mirror port configured, MAC-Filt er Based Mirroring do[...]

  • Page 682

    640 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VLAN-based mirroring 20 PowerConnect(config)#mirror-port ethernet 1/1/21 input PowerConnect(config)#vlan 10 PowerConnect(config-VLAN-10)#monitor ethernet 1/1/21 PowerConnect(config)#vlan 20 PowerConnect(config-VLAN-20)#monitor ethernet 1/1/21 PowerConnect(config-VLAN-20)#end Syntax: [ [...]

  • Page 683

    PowerConnect B-Series FCX Configuration Guide 641 53-1002266-01 VLAN-based mirroring 20 Configuration notes The follo wi ng rules apply to VLAN-Based Mirr oring con figurations. • A VLAN must ha ve at least one por t member configured bef ore “monitor” can be configured. • Multiple VLANs can have monitor enabled at the same time, and the ma[...]

  • Page 684

    642 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VLAN-based mirroring 20[...]

  • Page 685

    PowerConnect B-Series FCX Configuration Guide 643 53-1002266-01 Chapter 21 Configuring Rate Limiti ng and Rate Shaping on PowerConnect B-Series FCX Switches Ta b l e 1 1 4 lists the individual Dell PowerConnect swit ches and the rate limiting and rat e shaping fe atures they suppor t. This chapter describes ho w to configure rat e limi ting and rat[...]

  • Page 686

    644 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Rate limiting in hardware 21 Rate limiting in hardware Each Dell Pow erConnect device suppor ts line-rat e ra t e limiting in hardware. The device creates entries in Cont ent Addressable Memor y (CAM) f or the rate limiting policies. The CAM entries enable the de vice to per f orm the [...]

  • Page 687

    PowerConnect B-Series FCX Configuration Guide 645 53-1002266-01 Rate limiting in hardware 21 Configuration notes • Rate limiting is a vailable only o n inbound por ts. • The rate limit on IPv6 har dware tak es several se conds t o take effect at higher configured rat e limit values. F or example, if the configured rat e limit is 750 Mbps, line-[...]

  • Page 688

    646 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Rate shaping overview 21 Syntax: show rate-limit fix ed The command lists the po r ts on which fixed rate limiting is configured, and provides the information listed in T a bl e 115 fo r e a ch o f t he p o r ts . Rate shaping overview Outbound Rate Shaping is a por t- level f eature t[...]

  • Page 689

    PowerConnect B-Series FCX Configuration Guide 647 53-1002266-01 Rate shaping overview 21 • When outbound rate shaping is enabled on a po rt on an IPv4 device, the port QoS queuing method ( qos mechanism ) will be strict mode. This applie s to IPv4 devices only . On IPv6 devic es, the QoS mechanism is whate ver method is configured on the por t, e[...]

  • Page 690

    648 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Rate shaping overview 21 The abov e commands configure an outbou nd ra te shape r on por t 1/1 4 and por t 1/15. • On Po werConnect B-Series FCX devices, the co nf igured outbound rate shaper (65 1 Kbps) on por t 1/15 is the r ounded to 6 16 Kbps. T he conf igured 1300 Kbps limit on [...]

  • Page 691

    PowerConnect B-Series FCX Configuration Guide 649 53-1002266-01 Chapter 22 Configuring IP Multicast Traffic Reduction for PowerConnect B-Series FCX Switches Ta b l e 1 1 6 lists the individual Dell PowerConnect swit ches and the IP multicast traf fic reduction fe atures they suppor t. IGMP snooping overview When a device processes a multic ast pack[...]

  • Page 692

    650 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IGMP snooping overview 22 An IGMP de vice is responsible for br oadcasting general queries periodically , and sending group queries when it receives a leave message, t o co nfirm that none of the clients on the por t still want specific traf fic before remo ving the traf fic from the p[...]

  • Page 693

    PowerConnect B-Series FCX Configuration Guide 651 53-1002266-01 IGMP snooping overview 22 The < num > value can be 4, 8, 1 6, or 32. Any other v alue is truncated t o the closest lower ceiling. For e xample, a value of 15 is changed to 8 . The def ault hash chain length is 4. A chain length of more than 4 ma y af fect line rat e switching. NO[...]

  • Page 694

    652 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IGMP snooping overview 22 The implementat ion allows snoo ping on som e VL ANs or all VLANs. Each VLAN can independently enable or disable IGMP , or configure V2 or V3 . In general, global configuration co mmands ip multicast apply t o every VLAN except those that ha ve local multicast[...]

  • Page 695

    PowerConnect B-Series FCX Configuration Guide 653 53-1002266-01 PIM SM traffic snooping overvie w 22 VLAN specific configuration Y ou can configur e IGMP snooping on som e VL ANs or on all VLANs. Each VLAN can be independently enabled or disabled for IGMP sn ooping, and can be configured f or IGMPv2 or IGMPv3. In general, the ip multicast commands [...]

  • Page 696

    654 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM SM traffic snooping overview 22 FIGURE 1 1 4 PIM SM traffic reduction in an enterprise network NOTE IP address 239. 192.0.0/1 4 must be used for IPv4 Organization Local Scope. When PIM SM traffic snooping is enabled, the de vice star ts list ening for PIM SM join and prune messages[...]

  • Page 697

    PowerConnect B-Series FCX Configuration Guide 655 53-1002266-01 Configuring IGMP snooping 22 Notice that the por ts connect ed to the source an d the receiv ers are all in the same por t-based VLAN on the device. This is req u ired f or the PIM SM snooping feature . The devices on the edge of the Global Ethernet clo ud are configured for IP multica[...]

  • Page 698

    656 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IGMP snooping 22 Configuring the hardware and software resource limits The syst em suppor ts up to 8K of hardw are-switche d multicast streams. The configurable range is from 2 56 through 8 192 with a default of 5 12. Enter the f ollowing command t o define the maximum numb[...]

  • Page 699

    PowerConnect B-Series FCX Configuration Guide 657 53-1002266-01 Configuring IGMP snooping 22 Modifying the age interval When the device re ceives a group membership report , it makes an entry for that group in the IGMP group table. The age int er val specifies how long th e entry can remain in the table before the de vice receives ano ther group me[...]

  • Page 700

    658 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IGMP snooping 22 IGMPv2 membership repor ts of the same group fr om dif f erent clients are considered to be the same and are rat e-limited. Use the f ollowing command to alle viate report st orms from many clients answering the upstream rou ter que r y. PowerConnect(config[...]

  • Page 701

    PowerConnect B-Series FCX Configuration Guide 659 53-1002266-01 Configuring IGMP snooping 22 Syntax: [ no ] ip pimsm-snooping NOTE The devic e must be in passive mode bef ore it can be configured f or PIM snooping. Configuring the IGMP mode for a VLAN Y ou can configure a VLAN to use the active or pa ssive IGMP mode. T he default mode is passive. T[...]

  • Page 702

    660 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IGMP snooping 22 Configuring the IGMP version for the VLAN Y ou can specify the IGMP version f or a VLAN. For exam ple, the following co mmands configure VLAN 20 to use IGMPv3. PowerConnect(config)# vlan 20 PowerConnect(config-vlan-20)# multicast version 3 Syntax: [ no ] mu[...]

  • Page 703

    PowerConnect B-Series FCX Configuration Guide 661 53-1002266-01 Configuring IGMP snooping 22 Configuring static router ports FastIr on Stackable de vices forwar d all multicast control and data pack ets to rout er por ts which receive q ueries. Although rout er por ts are learned, you can f orce multicast traffic to specified ports ev en though the[...]

  • Page 704

    662 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IGMP snooping 22 Every group on a ph ysical por t keeps its own trac king record. How ever , it can only track group membership; it cannot track by (source, group). F or example, Client A and Clie nt B belong to group1 but each receives traffic streams from different sour c[...]

  • Page 705

    PowerConnect B-Series FCX Configuration Guide 663 53-1002266-01 Displaying IGMP snooping info rmation 22 Displaying IGMP snooping information This section describes the show commands for IGMP snooping. Displaying IGMP erro rs T o display inf ormation about possible IGMP errors, ent er the follo wing commands. PowerConnect# show ip multicast error s[...]

  • Page 706

    664 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IGMP snooping inform ation 22 Syntax: show ip multicast group [ <group-address> [ detail ] [ trackin g ]] If you want a report f or a specif ic multic ast group, ent er that group's address f or <group-address> . Enter detail t o display the source list of a[...]

  • Page 707

    PowerConnect B-Series FCX Configuration Guide 665 53-1002266-01 Displaying IGMP snooping info rmation 22 Syntax: show ip multicast mcache The f ollowing table describes the output of the show ip multicast m cache command. Displaying PIM sparse snooping information PIM sparse mode snooping allows a device to listen f or join or prune messages exchan[...]

  • Page 708

    666 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IGMP snooping inform ation 22 Syntax: show ip multicast reso urce The f ollowing table describes the output fr om the show ip mul ticast resource command. Displaying status of IGMP snooping traffic T o display status inf ormation for IGMP snoo ping traffic, enter the f ollow[...]

  • Page 709

    PowerConnect B-Series FCX Configuration Guide 667 53-1002266-01 Displaying IGMP snooping info rmation 22 Displaying IGMP snoopi ng information by VLAN Y ou can display IGMP snooping information f or all VLA Ns or fo r a specif ic VLAN. For e xample, to display IGMP snooping inf ormation for VLAN 70, ent er the follo wing command. Syntax: show ip mu[...]

  • Page 710

    668 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IGMP snooping inform ation 22 Displaying querier information Y ou can use the show ip multicast vl an command to displa y the querier information for a VLAN. This command displa ys the VLAN interf ace status and if there is any o ther querier present with the lowest IP addre[...]

  • Page 711

    PowerConnect B-Series FCX Configuration Guide 669 53-1002266-01 Displaying IGMP snooping info rmation 22 Passive interface with no other querier present The follo wi ng exam ple shows the output in whic h the VLAN inter face is passive and no other querier is present with the lo west IP address. PowerConnect# show ip multicast vlan 10 Version=2, In[...]

  • Page 712

    670 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IGMP snooping inform ation 22 This interface is Querier default V2 group: 226.6.6.6, life = 240 group: 228.8.8.8, life = 240 group: 230.0.0.0, life = 240 group: 224.4.4.4, life = 240 2/1/24 has 2 groups, This interface is non-Querier Querier is 5.5.5.5 Age is 0 Max response [...]

  • Page 713

    PowerConnect B-Series FCX Configuration Guide 671 53-1002266-01 Displaying IGMP snooping info rmation 22 This interface is non-Querier (passive) default V2 group: 226.6.6.6, life = 260 group: 228.8.8.8, life = 260 group: 230.0.0.0, life = 260 group: 224.4.4.4, life = 260 2/1/24 has 2 groups, This interface is non-Querier (passive) Querier is 5.5.5.[...]

  • Page 714

    672 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IGMP snooping inform ation 22 Clear mcache on a specific VLAN T o clear the mcache on a specific VLAN, enter the follo wing command. PowerConnect# clear ip multicast vlan 10 mcache Syntax: clear ip multicast vlan <vlan-id > mcache The <vlan-id> parameter specifie[...]

  • Page 715

    PowerConnect B-Series FCX Configuration Guide 673 53-1002266-01 Chapter 23 Enabling the Foundry Discovery Protocol (FDP) and Reading Cisco Discovery Protocol (CDP) Packets Ta b l e 1 17 lists individual Dell Po werC onnect switches and the disco ver y pro tocols they support. Using FDP The F oundr y Discov er y Prot ocol (FDP) enables Dell P owerCo[...]

  • Page 716

    674 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using FDP 23 PowerConnect(config)# fdp run Syntax: [ no ] fdp run The f eature is disabled by default. Enabling FDP at th e interface level Y ou can enable FDP at the inter face le vel b y entering commands such as the f ollowing. PowerConnect(config)# int e 2/1 PowerConnect(config-if-[...]

  • Page 717

    PowerConnect B-Series FCX Configuration Guide 675 53-1002266-01 Using FDP 23 T o change the FDP hold time, enter a command such as the f ollowing at the global CONFIG level of the CLI. PowerConnect(config)# fdp holdtime 360 Syntax: [ no ] fdp holdtime <secs> The <secs> paramet er specif ies the number of seconds a Dell P owerConnect dev[...]

  • Page 718

    676 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using FDP 23 T o display detailed inf orm atio n, enter the follo wi ng command. The show fdp neighbor detail command displays the f oll owing inf ormation. Displaying FDP entries T o display the de tailed neighbor information f or a specific device, enter a c ommand such as the follow[...]

  • Page 719

    PowerConnect B-Series FCX Configuration Guide 677 53-1002266-01 Using FDP 23 Syntax: show fdp entry * | <device-id> The * | <devic e-id> parameter specifies the de vice ID. If y ou enter * , the detailed updates f or all neighbor devices are displayed. If yo u enter a sp ecific device ID, the up date f or that device is display ed. For [...]

  • Page 720

    678 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Reading CDP packets 23 The same commands clear inf ormation for both FDP and CDP . Clearing FDP and CDP neighbor information T o clear the information receiv ed in FDP and CD P updates fro m neighboring devices, ent er the following command. PowerConnect# clear fdp table Syntax: clear [...]

  • Page 721

    PowerConnect B-Series FCX Configuration Guide 679 53-1002266-01 Reading CDP packets 23 Enabling interception of CDP packets on an interface Y ou can disable and enable CDP at the interface lev el. Y ou can enter commands such as the follo wing. PowerConnect(config)# int e 2/1 PowerConnect(config-if-2/1)# cdp enable Syntax: [no ] cdp enable By defau[...]

  • Page 722

    680 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Reading CDP packets 23 Syntax: show fdp neighbors [ detail | ethernet <port> ] Displaying CDP entries T o display CDP entries for all neighbors, enter the f o llowing command. T o display CDP entries f or a specific device, sp ecify the device ID. Here is an e xample. Syntax: sho[...]

  • Page 723

    PowerConnect B-Series FCX Configuration Guide 681 53-1002266-01 Reading CDP packets 23 PowerConnect# show fdp traffic CDP counters: Total packets output: 0, Input: 3 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Fragmented: 0 Syntax: show fdp traffic Clearing CDP information Y ou can clear the following CDP inf o[...]

  • Page 724

    682 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Reading CDP packets 23[...]

  • Page 725

    PowerConnect B-Series FCX Configuration Guide 683 53-1002266-01 Chapter 24 Configuring LLDP and LLDP-MED Ta b l e 1 2 0 lists the in dividual Dell PowerConnect swit ches and the Link Lay er Discov er y Prot ocol (LLDP) features they suppor t. This chapter describes ho w to configure the f ollowing pr otocols: Link lay er discovery prot ocol (LLDP) [...]

  • Page 726

    684 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Terms used in this chapter 24 The info rmation generated by LL DP and LLDP-MED can be used t o diagnose and troubleshoo t misconfigurations on both sid es of a link. For e x ample, the inf ormation generated can be used to discov er devices with misconfigu red or unreachable IP address[...]

  • Page 727

    PowerConnect B-Series FCX Configuration Guide 685 53-1002266-01 LLDP overview 24 FIGURE 1 15 LLDP connectivity Benefits of LLDP LLDP pro vides the fo llowing benefits: • Network Management: • Simplifies the use of and enhances the ability of network management tools in multi-vend or envir onments • Enables discov er y of accu rate ph ysical n[...]

  • Page 728

    686 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 LLDP-MED overview 24 • Acc ur ate top olo gi es si mpl if y tro ub le s hooting within enterprise networks • Can disco ver devic es with misconfi gured or unreachable IP addresses LLDP-MED overview LLDP-MED is an extension to LLDP . This prot oc ol enables advanced LLDP f eatures i[...]

  • Page 729

    PowerConnect B-Series FCX Configuration Guide 687 53-1002266-01 General operating principles 24 • Aut omatically deploys netw ork policies, such as La yer 2 and La yer 3 QoS polic ies and V oice VLANs. • Suppor ts E-9 11 Emergency Call Services (ECS) for IP t elephony • Collects Endpoint inventory information • Netw ork troubleshoot ing •[...]

  • Page 730

    688 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 General operating princ iples 24 • Receiv e LLDP information only Transmit mode An LLDP agent sends LLDP pack ets to ad jacent LLDP-enabled de vices. The LLDP pack ets contain information about the transm itting device and port. An LLDP agent initiates the transmission of LLDP pa cke[...]

  • Page 731

    PowerConnect B-Series FCX Configuration Guide 689 53-1002266-01 General operating principles 24 TLV support This section lists the LLDP and LLDP-MED TL V suppor t . LLDP TLVs There are tw o types of LLDP TL Vs, as specified in the IEEE 802 .3AB standard: • Basic management TL Vs consist of both optional general sy stem info rmation TL Vs as well [...]

  • Page 732

    690 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 General operating princ iples 24 • Location identification • Extended po wer- via-MDI Mandatory TLVs When an LLDP agent transmits LLD P pack ets to other agents in the same 802 LAN segments, the follo wing mandator y TL Vs are alwa ys included: • Chassis ID • Por t ID • Time [...]

  • Page 733

    PowerConnect B-Series FCX Configuration Guide 691 53-1002266-01 General operating principles 24 Dell Po werConnect devices use por t ID subtype 3, the permanent MA C address associated with the por t. Other thir d par ty devices ma y use a por t ID su btype other than 3. The por t ID appears similar to the f ollowing on the remote de vice, and in t[...]

  • Page 734

    692 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 MIB support 24 FIGURE 1 19 TTL TL V pac ket format MIB support Dell Po werConnect devic es suppor t the fo llowing standard MIB modules: • LLDP-MIB • LLDP-EXT -DO T1-MIB • LLDP-EXT -DO T3-MIB • LLDP-EXT -MED-MIB Syslog messages Syslog messages for LLDP pro vide managem ent appl[...]

  • Page 735

    PowerConnect B-Series FCX Configuration Guide 693 53-1002266-01 Configuring LLDP 24 Configuration notes and considerations • LLDP is suppor ted on Ethernet inter faces only . • If a por t is 802. 1X-enabled, the transmission and reception of LLDP pack ets will only take place while the por t is authorized. • Cisco Disco ver y Prot ocol (CDP) [...]

  • Page 736

    694 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP 24 Enabling support for tagged LLDP packets By default, D ell PowerConne ct devices do not accept tagged L LDP packets fr om other ve ndors’ devices. T o enable suppor t, apply the command lldp tagged-packets pr ocess at the Global CONFIG lev el of the CLI. When enab[...]

  • Page 737

    PowerConnect B-Series FCX Configuration Guide 695 53-1002266-01 Configuring LLDP 24 NOTE When a por t is configured to both receiv e and tr ansmit LLDP packets and the MED capabilities TL V is enabled, LLDP-MED is enabled as well. LLDP-MED is not enabled if the operat ing mode is set to receive onl y or transmit only . Enabling and disablin g recei[...]

  • Page 738

    696 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP 24 PowerConnect(config)#no lldp enable receive ports e 2/7 e 2/8 PowerConnect(config)#lldp enable transmit ports e 2/7 e 2/8 The abo ve commands change the LLDP operating mode on por ts 2/7 and 2/8 fr om receive only mode to transmit only mo de. Any incoming LLDP pac k[...]

  • Page 739

    PowerConnect B-Series FCX Configuration Guide 697 53-1002266-01 Configuring LLDP 24 PowerConnect(config)#lldp max-neighbors-per-port 6 Syntax: [ no ] lldp max-neighbors-per-port <value> Use the [no] f orm of the command to remo ve the static configu ration and rev er t to the default val ue o f four . whe re < valu e> is a num be r from[...]

  • Page 740

    698 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP 24 Syntax: [ no ] lldp snmp-n otification-int er val <second s> where <seconds> is a v alue between 5 and 3600. The default is 5 seco nds. Changing the minimum time between LLDP transmissions The LLDP transmit delay timer limits the number of LLDP frames an[...]

  • Page 741

    PowerConnect B-Series FCX Configuration Guide 699 53-1002266-01 Configuring LLDP 24 Changing the holdtime multiplier for transmit TTL The holdtime multiplier for transmit TTL is used to comp ute the actual time-t o-live (TTL) v alue used in an LLDP frame. The TTL v alue is the length of time the receiving devi ce should maintain the information in [...]

  • Page 742

    700 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP 24 • System name 802. 1 capabilities: • VLAN name (not aut omatically adver tised) • Untagged VLAN ID 802.3 capabilities: • Link aggregation inf ormation • MAC/PHY configuration and status • Maximum frame size • Po wer-via-MDI inf ormation (not automatica[...]

  • Page 743

    PowerConnect B-Series FCX Configuration Guide 701 53-1002266-01 Configuring LLDP 24 • Other interface For I Pv6 addresses, link-local and an ycast a ddresses will be excluded fr om these searches. If no IP address is configure d on any of the abo ve, the port's current MAC address will be advertised. T o adver tise a IPv4 manage ment address[...]

  • Page 744

    702 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP 24 Y ou can list all of the port s individually , use the k eywor d to to specify ran ges of por ts, or a combination of both. T o apply the configuration to all por ts on the device, use the ke yword all instead of listing the por ts individu ally . Not e that using t[...]

  • Page 745

    PowerConnect B-Series FCX Configuration Guide 703 53-1002266-01 Configuring LLDP 24 System description The system description is the network entity , which can include information such as the product name or model number , the version of the system hardw are type, the sof tware operating syst em lev el, and the networking software v ersion. The inf[...]

  • Page 746

    704 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP 24 Y ou can list all of the port s individually , use the k eywor d to to specify ran ges of por ts, or a combination of both. T o apply the configuration to all por ts on the device, use the ke yword all instead of listing the por ts individu ally . Not e that using t[...]

  • Page 747

    PowerConnect B-Series FCX Configuration Guide 705 53-1002266-01 Configuring LLDP 24 Syntax: [ no ] lldp adver tise por t-vlan- id por ts ethern et <port-list> | all For <por t-list> , specify the ports in one of the f ollowing formats: • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> Y ou can lis[...]

  • Page 748

    706 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP 24 MAC/PHY configu ration status The MAC/PHY configuration and status TL V includes the follo wing information: • Aut o-negotiation capability and status • Speed and duple x mode • Flow contr ol capabilities for auto-nego tiation • Port speed down-shif t and ma[...]

  • Page 749

    PowerConnect B-Series FCX Configuration Guide 707 53-1002266-01 Configuring LLDP-MED 24 The maximum frame size advertisement will appear similar to the f ollowing on the remote de vice, and in the CLI displa y output on the Dell Pow erConnect device ( sho w ll dp local-info ). Maximum frame size: 1522 octets Syntax: [ no ] lldp adver tise max-frame[...]

  • Page 750

    708 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP-MED 24 NOTE LLDP-MED is not enabled on ports where the LLDP op erating mode is receiv e only or transmit only . LLDP-MED is enabled on por ts that are configured to both receiv e an d tran smit LLD P packets and hav e the LLDP-MED capabilities TL V enabled. Enabling SN[...]

  • Page 751

    PowerConnect B-Series FCX Configuration Guide 709 53-1002266-01 Configuring LLDP-MED 24 NOTE The LLDP-MED fast star t mechanism is only intend ed to run on links betw een Network Co nnectivity devic es and Endpoint devices. It does not appl y t o links between LAN infrastructure elements, including between Network Connectivity de vices, or to other[...]

  • Page 752

    710 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP-MED 24 latitude <degrees> is the angular distance north or south from the earth equator measure d through 90 degrees. P ositive numbers indicate a location nor th of the equat or and negative numbers indicat e a location south of the equat or . resolution <bit[...]

  • Page 753

    PowerConnect B-Series FCX Configuration Guide 711 53-1002266-01 Configuring LLDP-MED 24 • Latitude is 4 1.8 788 4 degrees north (or 4 1.8 7884 degrees). • Longitude is 8 7 .63602 degrees west (or 8 7 .63602 degrees). • The latitude and longitude resolution of 18 de scribes a geo-lo cation area that is latitude 4 1.8 7 6 953 1 to latitude 4 1.[...]

  • Page 754

    712 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP-MED 24 • KR – Korea • US – Unit ed States <CA type> is a v alue from 0 – 255, that describes the civic address elemen t. F or example, a CA type of 2 4 specifies a postal or zip code. V alid elements and their types are listed in Ta b l e 1 2 5 . <va[...]

  • Page 755

    PowerConnect B-Series FCX Configuration Guide 713 53-1002266-01 Configuring LLDP-MED 24 6S t r e e t E x a m p l e s : Canada – Street Germany – Street Japan – Block Korea – Stree t United Stat es – Street 1 6 Leading str eet direction N (nor t h), E (east), S (sout h), W (west), NE, NW, SE, SW 1 7 T rail ing street su ffi x N (nor th), E[...]

  • Page 756

    714 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP-MED 24 Example civic address lo cation advertisement The Civic address lo cation adver tisemen t will appear similar to the following on the rem ote de vice, and in the CLI displa y output on the Dell Pow erConnect device (sho w lldp local-inf o) . Emergency call servi[...]

  • Page 757

    PowerConnect B-Series FCX Configuration Guide 715 53-1002266-01 Configuring LLDP-MED 24 When you configure a media Endpoint location us ing the eme rgency call ser vices location, you specify the Emergency Location Id entification Number (ELIN) fr om the North America Numberin g Plan format, supplied t o the Public Saf ety Answering P oint (PSA P) [...]

  • Page 758

    716 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring LLDP-MED 24 NOTE Endpoints will adv er tise a po licy as “unknown” in the show lldp neighbor detail command output, if it is a policy that is required by the Endpoint and the Endpo int has not yet receiv ed it. Configuration syntax The CLI syntax f or defining an LLDP-M[...]

  • Page 759

    PowerConnect B-Series FCX Configuration Guide 717 53-1002266-01 LLDP-MED attributes ad vertised by the Dell PowerConnect device 24 • voic e – For use b y dedicated IP t elephony handsets and similar de vices that suppor t interactive v oice ser vices. • voice- signaling – For use in network topologies that requ ire a different policy f or v[...]

  • Page 760

    718 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 LLDP-MED attributes advertised by the Dell PowerConnect device 24 • The device type (Network Connectivity devi ce or Endpoint (Class 1, 2, or 3)) By default, LLDP-MED information is aut oma tically advertised when LLDP-MED is enabled. T o disable this advertisement, enter a command s[...]

  • Page 761

    PowerConnect B-Series FCX Configuration Guide 719 53-1002266-01 LLDP-MED attributes ad vertised by the Dell PowerConnect device 24 Syntax: show lldp The follo wing table describes the information displa yed by the show lldp statistics command . LLDP statistics The show lldp statistics command displays an overview of LL DP neighbor de tection on the[...]

  • Page 762

    720 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 LLDP-MED attributes advertised by the Dell PowerConnect device 24 Syntax: show lldp statistics NOTE Y ou can reset LLDP st atisti cs using the CLI command clear LLDP statistics . Ref er to “Resetting LLDP statistics” on page 725. The follo wing table describes the information displ[...]

  • Page 763

    PowerConnect B-Series FCX Configuration Guide 721 53-1002266-01 LLDP-MED attributes ad vertised by the Dell PowerConnect device 24 LLDP neighbors The show lldp neighbors command displays a list of the current LLDP neighbors per port. The follo wing shows an exam ple repor t. Syntax: show lldp neighbors The follo wing table describes the information[...]

  • Page 764

    722 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 LLDP-MED attributes advertised by the Dell PowerConnect device 24 LLDP neighbors detail The show lldp neighbors detail command displays the LLDP adv er tisements received fr om LLDP neighbors. The follo wing shows an exam ple show lldp neighbors detail repor t. NOTE The show lldp neigh[...]

  • Page 765

    PowerConnect B-Series FCX Configuration Guide 723 53-1002266-01 LLDP-MED attributes ad vertised by the Dell PowerConnect device 24 Syntax: show lldp neighbors detail [ ports ethernet <por t-list> | all ] If you do no t specify any ports or use the ke yword all , by default, the repor t will show the LLDP neighbor details for all por ts. For &[...]

  • Page 766

    724 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 LLDP-MED attributes advertised by the Dell PowerConnect device 24 Application Type : Video Conferencing Policy Flags : Known Policy, Tagged VLAN ID : 100 L2 Priority : 5 DSCP Value : 10 + MED Location ID Data Format: Coordinate-based location Latitude Resolution : 20 bits Latitude Valu[...]

  • Page 767

    PowerConnect B-Series FCX Configuration Guide 725 53-1002266-01 Resetting LLDP statistics 24 • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> Y ou can list all of the port s individually , use the k eywor d to to specify ran ges of por ts, or a combination of both. T o apply the configuration to all por ts o[...]

  • Page 768

    726 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Clearing cached LLDP neighbor information 24[...]

  • Page 769

    PowerConnect B-Series FCX Configuration Guide 727 53-1002266-01 Chapter 25 Configuring IP Multicast Protocols Ta b l e 1 2 6 lists the in dividual Dell Po werConnect sw itches and the IP multicast f eatures they suppor t. These f eatures are suppor ted in the full Layer 3 sof tware image only . This chapter describes ho w to configure Lay er 3 Swit[...]

  • Page 770

    728 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview of IP multicasting 25 IPv4 multicast group addresses In IPv4 Multicast, host gr oups are identified by Class D addresses, i.e., those with “1 11 0” as their higher-order f our bits . In Internet standa rd "d ott ed decimal" notation, these group addresses range f[...]

  • Page 771

    PowerConnect B-Series FCX Configuration Guide 729 53-1002266-01 Changing global IP multicast parameters 25 Suppression of unregistered multicast packets Be default, unregist ered multicast packe ts are al wa ys forwarded in har dware but not copied to the CPU. Howe ver , if La yer 2 multicast (IGMP or MLD) is enabled, then unregistered multicast pa[...]

  • Page 772

    730 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Changing global IP multicast parameters 25 NOTE The number of inter face groups you can configure for D VMRP and PIM is unlimited; therefore, the system-max dvmrp-max-int-group and the syst em-max pim-max-int-group commands that define their maximum table size s hav e been remov ed. Th[...]

  • Page 773

    PowerConnect B-Series FCX Configuration Guide 731 53-1002266-01 Changing global IP multicast parameters 25 NOTE Y ou do not need to relo ad the sof tware f or these changes to tak e effect. Defining the maximum number of DVMRP cache entries The D VMRP cache system parame ter defines th e maximum number of repeat ed DVMRP traffic being sent fr om th[...]

  • Page 774

    732 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Adding an interface to a multicast group 25 NOTE Yo u m u s t e n t e r t h e i p m ulticast-routing command bef ore changing the global IP Multicast paramet ers. Other wise, the changes do no t take eff ect and the sof tware uses the default va lues. Modifying IGMP (V 1 and V2) query [...]

  • Page 775

    PowerConnect B-Series FCX Configuration Guide 733 53-1002266-01 PIM Dense 25 When you manually add an int er face to a multicas t gr oup, the Dell Pow erConnect device f or wards multicast packets for the group but does not itself accept pack ets for the group. Y ou can manually add a multicast group t o individual p o r t s o nl y. I f th e p or t[...]

  • Page 776

    734 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Dense 25 Initiating PIM multicasts on a network Once PIM is enabled on each r outer , a network us er can begin a video confer ence multicast from the server on R1 as shown in Figure 120 . When a multicast pack et is received on a PIM-capable rout er interface, the interface checks[...]

  • Page 777

    PowerConnect B-Series FCX Configuration Guide 735 53-1002266-01 PIM Dense 25 FIGURE 120 T ransmission of multicast packets fr om the source to host group members ... ... ... 229.225.0.1 Gro u p Member Gro u p Member Video Conferencing Server (207.95.5.1, 229.225.0.1) (So u rce, Gro u p) 229.225.0.1 Gro u p Member Gro u p Member Gro u p Member Gro u[...]

  • Page 778

    736 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Dense 25 FIGURE 12 1 P runing leaf nodes from a multicast tree Grafts to a multicast Tree A PIM switch resto res pruned branches to a multicast tree b y sending graf t messages tow ards the upstream switch. Graf t messages star t at the leaf node and trav el up the tree, first send[...]

  • Page 779

    PowerConnect B-Series FCX Configuration Guide 737 53-1002266-01 PIM Dense 25 • PIM DM V2 – sends messages to the multicas t address 22 4.0.0.1 3 (ALL -PIM-ROUTERS) with pro tocol number 1 03 The CLI commands f or conf iguring and managing PI M DM are the same f or V1 and V2. The only difference is the command yo u use to enable the pr otocol on[...]

  • Page 780

    738 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Dense 25 • Entering a no r outer pim command remo ves all configuration f or PIM multicast on a Laye r 3 Switch ( rou te r p im level) only . Globally Enabling and Disabling PIM wi thout Deleting Multicast Confi guration As stated above ent ering a no rout er pim command deletes [...]

  • Page 781

    PowerConnect B-Series FCX Configuration Guide 739 53-1002266-01 PIM Dense 25 T o apply a PIM neighbor timeout val ue of 360 seconds to all ports on the router operati ng with PIM, enter the f ollowing. PowerConnect(config)#router pim PowerConnect(config-pim-router)#nbr-timeout 360 Syntax: nbr-timeout < 60-8000> The default is 180 seconds. Mod[...]

  • Page 782

    740 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Dense 25 where <time> can be 0 - 3 sec onds. A value of 0 causes the PI M router t o s top traff ic immediately upon receiving a prune message. The default is 3 seconds. Viewing the prune wait time T o view the prune wait time, enter the show ip pim dense command at an y leve[...]

  • Page 783

    PowerConnect B-Series FCX Configuration Guide 741 53-1002266-01 PIM Dense 25 When the Highest IP RPF f eature is enabled, the sele ction of the shor test path back to the source is based on which Rev erse Path Forwardi ng (RPF) neig hbor in the IP routing table has the highest IP address, if the cost of the r outes are the sa me. For e xample, in t[...]

  • Page 784

    742 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Sparse 25 Configuration notes • If the TTL f or an inter face is greater than 1, PIM pack ets received on the int er face are alwa ys forwar ded in sof tware because each pack et TTL must be e xamined. Therefore, Dell do es not recommend modifying the TTL unde r normal operating [...]

  • Page 785

    PowerConnect B-Series FCX Configuration Guide 743 53-1002266-01 PIM Sparse 25 FIGURE 122 Example of a PIM Sparse domain PIM Sparse switch types Switches that are configur ed with PIM Sparse int er f aces also can be configur ed to fill one or more of the follo wing roles: • PMBR – A PIM switch that has some in ter faces within the PIM domain an[...]

  • Page 786

    744 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Sparse 25 T o enhance overall netw ork per formance, La yer 3 Switches use the RP t o forward only the first pack et fr om a group source to the gr oup receivers. Af ter the first packet, the La yer 3 Switch calculates the shor t est path between the receiver and source (the S hor [...]

  • Page 787

    PowerConnect B-Series FCX Configuration Guide 745 53-1002266-01 PIM Sparse 25 NOTE Dell recommends that you configure the same Lay er 3 Switch as both the BS R and the RP . Limitations The implementation of PI M Sparse in the current sof tware release has the following limitations: • PIM Borde r Routers (PMBRs) are no t suppor ted. Thus, you cann[...]

  • Page 788

    746 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Sparse 25 Configuring PIM interface parameters Af ter y ou enable IP multicast routing and PIM Sparse at the gl obal lev el, you must enable it on the individual interfaces connected t o the PIM Sparse networ k . T o do so, use the f ollowing CLI method. T o enable PIM Sparse mode [...]

  • Page 789

    PowerConnect B-Series FCX Configuration Guide 747 53-1002266-01 PIM Sparse 25 • Enter ve <num> f or a v irt ua l i nt e rf a ce . • Enter loopback <num> for a loopb ack interface. The <hash-mask-le ngth> parameter specifies the number of bits in a group address that are significant when calculating the group- to-RP ma pping. Y[...]

  • Page 790

    748 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Sparse 25 Updating PIM-Sparse forwarding en tri es with new RP configuration If you mak e chan ges to y our stat ic RP configuration, the entries in the PIM-Sparse multicast forwar ding table continue to use the old RP config uration until they are aged out. The clear pim rp-map co[...]

  • Page 791

    PowerConnect B-Series FCX Configuration Guide 749 53-1002266-01 PIM Sparse 25 By default, the device switches from the RP to th e SPT af ter receiving the first packet f or a given PIM Sparse group. T he Layer 3 Switch mainta ins a separate counter f or each PIM Sparse source-gr oup pair . Af ter the La yer 3 Switch receives a pack et for a gi ven [...]

  • Page 792

    750 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Sparse 25 Displaying PIM Sparse co nfiguration information and statistics Y ou can display the f ollowing PIM Sparse information: • Basic PIM Spars e configuration information • Group inf orm ation • BSR information • Candidate RP information • RP-to-gr oup mappings • R[...]

  • Page 793

    PowerConnect B-Series FCX Configuration Guide 751 53-1002266-01 PIM Sparse 25 Displaying a list of multicast groups T o display a list of the IP multicast groups the Layer 3 Switch is forwarding, ent er t he follo wing command at an y CLI level. Neighbor timeout How man y seconds the Lay er 3 Switch will wait f or a hello message from a neighbor be[...]

  • Page 794

    752 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Sparse 25 Syntax: show ip pim gr oup This display sho w s the f ollowing information. Displaying BSR information T o display BSR inf ormation, enter the f ollowing command at an y CLI level. This exam pl e show inf ormation displayed on a La ye r 3 Switch that has been elected as t[...]

  • Page 795

    PowerConnect B-Series FCX Configuration Guide 753 53-1002266-01 PIM Sparse 25 Displaying Pim resources T o display the hardw are resource information such as hardware allocation, a vailability , and limit for soft ware data structure, ent er the follo wing command. TA B L E 1 2 9 Output of show ip pim bsr This field... Displays... BSR address or lo[...]

  • Page 796

    754 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Sparse 25 Syntax: show ip pim resource For each software data structure listed in the output, the f ollowing information is shown. TA B L E 1 3 0 Output of show ip pim resource This field... Displays... alloc Number of nodes of that data that are currently all ocated in memory. in-[...]

  • Page 797

    PowerConnect B-Series FCX Configuration Guide 755 53-1002266-01 PIM Sparse 25 NOTE When the product o f the number of active PIM in t er faces multiplied b y the number of multicast streams ex ceeds the total number of MLL, the CLI displa ys the message, “MLL pool out of memor y”. NOTE The total number of MLL av ail able changes according to th[...]

  • Page 798

    756 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Sparse 25 1 239.255.163.1 99.99.99.5 2 239.255.163.2 99.99.99.5 3 239.255.163.3 99.99.99.5 4 239.255.162.1 99.99.99.5 5 239.255.162.2 43.43.43.1 6 239.255.162.3 99.99.99.5 Syntax: show ip pim rp-map This display sho w s the f ollowing information. Displaying RP informatio n for a P[...]

  • Page 799

    PowerConnect B-Series FCX Configuration Guide 757 53-1002266-01 PIM Sparse 25 This display sho w s the f ollowing information. Displaying multicast neighbor information T o display information about the Lay er 3 Switch PI M neighbors, enter the following command at any CLI lev el. Syntax: show ip pim nbr This display sho w s the f ollowing informat[...]

  • Page 800

    758 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Sparse 25 Displaying information about an upstream neighbor device Y ou can view information about the upstream neighb or de vice for a given sour ce IP address for IP Pro tocol Independent Multicast (PIM ). F or PIM, the sof tware uses the IP route table or multicast rout e table [...]

  • Page 801

    PowerConnect B-Series FCX Configuration Guide 759 53-1002266-01 PIM Sparse 25 Displaying the PIM multicast cache T o display the PI M multicast cache, enter the f ollowing command at any CLI le vel. Syntax: show ip pim mc ache This display sho w s the f ollowing information. Fid This field is use d for troubleshooting. Flags This field is used for [...]

  • Page 802

    760 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Sparse 25 RPT Indicates w hether th e cache entr y uses the RP pa th or the S PT path . The RPT fl ag can have one of the f ollowing values : • 0 – The SPT path is used inst ead of the RP path. • 1– The RP path is used inst ead of the SPT path. NO TE: The values of the RP a[...]

  • Page 803

    PowerConnect B-Series FCX Configuration Guide 761 53-1002266-01 PIM Sparse 25 Displaying PIM traffic statistics T o display PIM traffic statistics , use the follo wing CLI method. Syntax: show ip pim traf fic NOTE I f y o u h a v e c o n f i g u r e d i n t e r f a c e s fo r s t a n d a r d P I M (dense mode) on the La yer 3 Switch, statistics f o[...]

  • Page 804

    762 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 PIM Passive 25 Syntax: show ip pim error This command displays the number o f warnings an d non-zer o PIM errors on the de vice. This count can increase during transition periods such as reboots and topology changes; ho wev er , if the device is stable, the number of errors should not [...]

  • Page 805

    PowerConnect B-Series FCX Configuration Guide 763 53-1002266-01 Passive multicast route insertion 25 Passive multicast route insertion Passiv e Multicast Route Insertion (PMRI) enables a La yer 3 switch running PIM Sparse to create an entr y f or a multicast rout e (e.g., (S,G)), with no d irectly attached clients or when connect ed to another PIM [...]

  • Page 806

    764 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using ACLs to control mult icast features 25 PowerConnect(config)#int e1 PowerConnect(config-if-1)#ip tunnel 192.3.45.6 NOTE The IP tunnel address represents the configured IP tu nnel address of the destination route r . In the case of Rout er A, its destination rout er is Rout er B. R[...]

  • Page 807

    PowerConnect B-Series FCX Configuration Guide 765 53-1002266-01 Using ACLs to control m ulticast features 25 PowerConnect(config)#router pim PowerConnect(config-pim-router)#bsr-candidate ve 43 32 100 PowerConnect(config-pim-router)#rp-candidate ve 43 PowerConnect(config-pim-router)#rp-address 99.99.99.5 5 T o configure a n RP for multicast groups u[...]

  • Page 808

    766 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using ACLs to control mult icast features 25 The display sho ws the multicast group addresses co vered by the RP c andidate and th e IP address of the RP f or the listed multicast gr oup. In the exam ple above, y ou see the follo wing: • The first three lines show the multicast gr ou[...]

  • Page 809

    PowerConnect B-Series FCX Configuration Guide 767 53-1002266-01 Disabling CPU processing fo r select multicast groups 25 PowerConnect(config)#router pim PowerConnect(config-pim-router)#bsr-candidate loopback 1 32 100 PowerConnect(config-pim-router)#rp-candidate loopback 1 group-list 5 Syntax: [ no ] rp-candidat e ethernet [ <slotnum>/]<por[...]

  • Page 810

    768 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Disabling CPU processing for select multicast groups 25 CLI command syntax T o disable CPU processing f or selective multicas t gr oups, e nter commands such as t he following. PowerConnect# config t PowerConnect(config)# vlan 5 PowerConnect(config-vlan-5)# disable multicast-to-cpu 224[...]

  • Page 811

    PowerConnect B-Series FCX Configuration Guide 769 53-1002266-01 Displaying the multicast co nfiguration for another multicast router 25 Displaying the multicast configuration for another multicast router The Dell implementation of Mrinf o is based on the DVMRP Int e rnet draf t by T . Pusateri, but applies to PIM and not t o DVMRP . T o display the[...]

  • Page 812

    770 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IGMP V3 25 IGMP V3 The Internet Group Management Protocol (IGMP) allows an IPV4 int er face to communicat e IP Multicast group members hip information to its neighboring r outers. The routers in turn limit the multicast of IP packets with multicast destination addresses to only those i[...]

  • Page 813

    PowerConnect B-Series FCX Configuration Guide 771 53-1002266-01 IGMP V3 25 Default IGMP version IGMP V3 is a vailable on Dell Po werConnect devi ces; howe ver , the devices are shipped with IGMP V2 enabled . Y ou must enable IGMP V3 gl obally or per inter face. Al so , yo u m us t s p ec if y w ha t ver s io n o f I GM P you wan t to ru n o n a d e[...]

  • Page 814

    772 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IGMP V3 25 T o specify the IGMP version f o r a vir tual routing inter face on a physical por t, enter a command such as the fo llowing. PowerConnect(config)#interface ve 3 PowerConnect(config-vif-1) ip igmp version 3 Syntax: [ no ] ip igmp version <version-number > Enter 1, 2, o[...]

  • Page 815

    PowerConnect B-Series FCX Configuration Guide 773 53-1002266-01 IGMP V3 25 For e xample, two clients (Client A and Client B) belong to group1 but each is receiving traf fi c streams from different sources. Client A receives a stream from (sour ce_1, group1) and Client B receives it fr om (source_2, gr oup1). The router still w aits for three second[...]

  • Page 816

    774 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IGMP V3 25 PowerConnect(config)#ip igmp max-response-time 8 Syntax: [ no ] ip igmp max-response-time <num> The <num> parameter specifies the IGMP maximum respon se time in number of seconds. Enter a value fr om 1 throug h 10. The default is 1 0. IGMP V3 and source specific [...]

  • Page 817

    PowerConnect B-Series FCX Configuration Guide 775 53-1002266-01 IGMP V3 25 T o display the status of one IGMP multicast group, enter a command such as the f ollowing. If the tracking and fast lea ve feat ure is enabled , you can display the list of clients that belong to a par ticular group b y entering co mmands such as the f ollowing. Syntax: sho[...]

  • Page 818

    776 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IGMP V3 25 Displaying the IGMP st atus of an interface Y ou can display the status of a multicast enab led por t by ent ering a command such as the following. NOTE This repor t is a vailable on Lay er 3 Switches. Syntax: show ip igmp interface [ ve | ethernet <nu mber> <group-[...]

  • Page 819

    PowerConnect B-Series FCX Configuration Guide 777 53-1002266-01 IGMP V3 25 Enter ve and its <number> or ethernet and its <number> to display inf ormation for a specific vir tual routing interface or ethernet inter face. Entering an address f or <group-address> displays inf ormation for a specified group on the specified inter face[...]

  • Page 820

    778 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IGMP Proxy 25 Clearing IGMP statistics T o clear statistics for IGMP traf fic, enter the f ollowing command. PowerConnect#clear igmp traffic Syntax: clear igmp traf fic This command clears all the multicast traf fic information on all int er faces on the device. IGMP Proxy IG MP Prox y[...]

  • Page 821

    PowerConnect B-Series FCX Configuration Guide 779 53-1002266-01 IP multicast protocols and IGMP snooping on the same device 25 • IGMP Pro xy is only suppor ted in a PIM Dense en vironment where there are IGMP clients connected to the De ll PowerConnect device. Th e Dell Pow erConnect device will not send IGMP repor ts on an IGMP proxy interface f[...]

  • Page 822

    780 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IP multicast protocols and IGMP snooping on the same device 25 If there are two sources f or a single group, where one sour ce sends traf fic into a VLAN with IGMP snooping enabled, while the other so urce sends traffic to a PIM enabled Laye r 3 inter face, a client for t he group in t[...]

  • Page 823

    PowerConnect B-Series FCX Configuration Guide 781 53-1002266-01 IP multicast protocols and IGMP snooping on the same device 25 FIGURE 125 Example 2: IGMP Snooping and PIM F or warding CLI commands The f ollowing are the CLI commands f o r the configuratio n exam ple shown in Figure 12 4 and Figure 125 . 1. On the device, config ure IGMP Snooping on[...]

  • Page 824

    782 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IP multicast protocols and IGMP snooping on the same device 25 PowerConnect(config-vif-20)#exit PowerConnect(config)#interface e 13 PowerConnect(config-if-e1000-13)#ip address 30.30.30.10/24 PowerConnect(config-if-e1000-13)#ip pim 3. Configure the neighbo ring device. PowerConnect(conf[...]

  • Page 825

    PowerConnect B-Series FCX Configuration Guide 783 53-1002266-01 Chapter 26 Configuring IP Ta b l e 1 4 3 lists the individual Dell Pow erConnect sw itches and the IP features the y suppor t. TA B L E 14 3 Supported IP f eatures Feature PowerConnect B-Series FCX BootP/DHCP relay Y es Specifyi ng which I P address w ill be included in a DHCP/BootP r [...]

  • Page 826

    784 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic configuration 26 NOTE The terms L ayer 3 Switch and route r are used inte r changeably in this chapter and mean the same. Basic configuration IP is enabled b y default. Basic configuration consis ts of adding IP addresses fo r Layer 3 Switches, enabling a rout e exchange pr otoco[...]

  • Page 827

    PowerConnect B-Series FCX Configuration Guide 785 53-1002266-01 Overview 26 IP interfaces NOTE This section describes IPv4 addresses. For in f ormation about IPv6 addresses on all other Po werConnect devices, ref er to “IPv6 addressing” on page 198. Lay er 3 Switches and Lay er 2 Switches allow you t o configure IP addresses. On La yer 3 Switch[...]

  • Page 828

    786 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview 26 Figure 126 s how s t he fol low in g p ac ket f low : 1. When the La yer 3 Switch receives an I P packet , the L ayer 3 Switch checks for filt ers on the receiving inter face. 1 If a deny filt er on the interface de nies the packe t, the Layer 3 Switch discards the pack et [...]

  • Page 829

    PowerConnect B-Series FCX Configuration Guide 787 53-1002266-01 Overview 26 4. If the IP f or warding cache do es not hav e an entr y for the pack et, the La yer 3 Switch checks the IP rout e table for a r oute to the pac ket destination. If the IP r oute table has a ro ute, the La yer 3 Switch mak es an entr y in the session table or the forwardin[...]

  • Page 830

    788 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview 26 The sof tware places an entr y from the static ARP table int o the ARP cache when the entr y interface comes u p. Here is an example of a static ARP entry. Index IP Address MAC Address Port 1 207.95.6.111 0800.093b.d210 1/1 Each entr y lists the in formation you specified w[...]

  • Page 831

    PowerConnect B-Series FCX Configuration Guide 789 53-1002266-01 Overview 26 Each IP rout e table entr y contains the destination IP address and subnet mask and the IP address of the next-ho p router int er face to the destination . Each entr y also indicates the port attached to the destination or the next-hop t o the destination, the rout e IP met[...]

  • Page 832

    790 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview 26 NOTE Y ou cannot add static entries to the IP forwar ding cache, although you can increase the number of entries the cache can contain. R efer t o the section “Displa ying and m odifying system parameter default settings” on page 321. Layer 4 session table The Lay er 4 [...]

  • Page 833

    PowerConnect B-Series FCX Configuration Guide 791 53-1002266-01 Basic IP parameters and defaults – Layer 3 Switches 26 NOTE Lay er 2 Switches suppor t IGMP and can f or ward IP multicast pack ets. Re fer to Chapter 22, “Configuring IP Multicast T raf fi c Reductio n f or Pow erConnect B-Series FCX Switches” . IP interface redundancy protocols[...]

  • Page 834

    792 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic IP parameters and defaults – Layer 3 Switches 26 • Multicast pro tocols: - Internet Gr oup Membership Prot ocol (IGMP) – refer to “Changing global IP multicast parameters” on page 729 - Pro tocol Independent Multicas t Dense (PIM-DM) – ref er to “PIM Dense” on pag[...]

  • Page 835

    PowerConnect B-Series FCX Configuration Guide 793 53-1002266-01 Basic IP parameters and defaults – Layer 3 Switches 26 TA B L E 14 4 IP global parameters – Layer 3 Switche s Parameter Description Default See page... IP state The Internet Protocol, version 4 Enabled NOTE: Yo u c a n n o t disable IP . n/a IP address and mask notation Format f or[...]

  • Page 836

    794 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic IP parameters and defaults – Layer 3 Switches 26 Time to Live (TTL) The maximum number of route r s (hops) thr ough which a packet can pass before being discarded. Each router decreases a packe t TTL by 1 before forwar ding the packet. If decreasing the TTL causes the TTL t o b[...]

  • Page 837

    PowerConnect B-Series FCX Configuration Guide 795 53-1002266-01 Basic IP parameters and defaults – Layer 3 Switches 26 Static RARP entries An IP address you place in the RARP tabl e for RARP requests fr om hosts. NO TE: Y o u must enter the RARP entries manually . The Lay er 3 Switch does not have a mechanism f or learning or dynamicall y generat[...]

  • Page 838

    796 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic IP parameters and defaults – Layer 3 Switches 26 IP interface parameters – Layer 3 Switches Ta b l e 1 4 5 lists the inter face-le vel IP parameters f or Layer 3 Switches. TA B L E 14 5 IP in te r f ac e pa r am e te rs – Laye r 3 S w it c he s Parameter Description Default[...]

  • Page 839

    PowerConnect B-Series FCX Configuration Guide 797 53-1002266-01 Basic IP parameters and defaults – Layer 2 Switches 26 Basic IP parameters and defaults – Layer 2 Switches IP is enabled by default. The f ollowing tables list the La yer 2 Switch IP parameters, their default values, and where to find configuration information. NOTE Lay er 2 Switch[...]

  • Page 840

    798 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic IP parameters and defaults – Layer 2 Switches 26 TA B L E 14 6 IP global paramet ers – Laye r 2 Switches Parameter Description Default See page... IP address and ma sk notation Format f or display ing an IP address and its netw ork mask info rmation. Y ou can enable one of th[...]

  • Page 841

    PowerConnect B-Series FCX Configuration Guide 799 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Interface IP parameters – Layer 2 Switches Ta b l e 1 47 lists the inter face-lev el IP parameters for Lay er 2 Switches. Configuring IP parameters – Layer 3 Switches The follo wing sections describe how t o configure IP parameters.[...]

  • Page 842

    800 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 • V i rtu al r o ut i n g i nt e rf a ce ( a ls o c al le d a Vi rtu al Et he rn et or “V E ”) • Loopback i nter fac e By default, y ou can configure up to 2 4 IP addresses on each interface. Y ou can increase this amount to up [...]

  • Page 843

    PowerConnect B-Series FCX Configuration Guide 801 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 NOTE The ospf-passive option disables adjacency f ormation bu t does no t disable adver tisement of the interface into OSPF . T o disable ad vertisement in addition to disabl ing adjacency f ormation, you must use the ospf-ignore option[...]

  • Page 844

    802 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Assigning an IP address to a virtual interface A vir tual interface is a logical por t associated wi th a La yer 3 Vir tual LAN (VLAN) configured on a Lay er 3 Switch. Y ou can configure routing paramet ers on the vir tual interface to [...]

  • Page 845

    PowerConnect B-Series FCX Configuration Guide 803 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Configuration l imitations and feature limi tations • When configuring IP Follow , the primar y vir tual r outing inter face should not ha ve A CL or DoS Pro tection configured. It is recommended that yo u create a dummy virtual r out[...]

  • Page 846

    804 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 For e xample, if the domain “ds.compan y .com” is defined on a La yer 2 Switch or La yer 3 Switch and you want t o initiate a ping to “mary”. Y ou need to ref erence only the host name instead of the host name and its domain nam[...]

  • Page 847

    PowerConnect B-Series FCX Configuration Guide 805 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Defining DNS server addresses Y ou can configure the Dell Po werConnect device t o recognize up to four DNS servers. The first entry serves as the primar y default address. If a query to the primar y address fails to be resolv ed af ter[...]

  • Page 848

    806 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 NOTE In the previouse xample, 209. 15 7 .22. 199 is the IP address of the domain name ser ver (def ault DNS gate wa y address), and 209. 15 7 .22.80 repres ents the IP address of the NY C02 host. Configuring packet parameters Y ou can c[...]

  • Page 849

    PowerConnect B-Series FCX Configuration Guide 807 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Changing the Maximum Transmission Unit (MTU) The Maximum T ransmiss ion Unit (MTU) is the maximum length of IP packet that a La yer 2 pack et can contain. IP packets that are longer than th e MT U are fragmented and sent in multiple La [...]

  • Page 850

    808 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Y ou can increa se the MTU size to accommodat e j umbo pack et sizes u p to up to 1 0,232 byt es in an IronStack. De vices that are not par t of an Ir onStack suppor t up to 10 ,2 40 bytes. T o globally enable jumbo support on all ports[...]

  • Page 851

    PowerConnect B-Series FCX Configuration Guide 809 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Path MTU discovery (RFC 1191) support When the Dell Po werConnect device rece ives an IP pa ck et that has its Do not F ragment (DF) bit set, and the pack et size is greater than the MTU v alue of the outbound inte r face, then the Dell[...]

  • Page 852

    810 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 NOTE Y ou can specify an IP address used f or an interface on the La yer 3 Switch, but do not specify an IP address in use by ano ther device. Configuring ARP parameters Address R esolution Proto col (ARP) is a standard IP pr otocol tha[...]

  • Page 853

    PowerConnect B-Series FCX Configuration Guide 811 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 • If the ARP cache does not contain an entr y for the destination IP address, the La yer 3 Switch br oadcasts an ARP r equest out all its IP inte r fac es. The ARP req uest contains the IP address of the destination. If the device wit[...]

  • Page 854

    812 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 NOTE If you w ant to change a previously configure d th e ARP rate limiting policy , you must remove the previ ously configured po licy using the no rate-limit-arp <num> command before ent ering the new policy . Changing the ARP a[...]

  • Page 855

    PowerConnect B-Series FCX Configuration Guide 813 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Pro xy ARP is disabled by default on La yer 3 Swit c hes. This feature is not suppor ted on La yer 2 Switches. Y ou can enable proxy ARP at the Int er face le vel, as well as at the Global CONFIG level, of the CLI. NOTE Configuring pro [...]

  • Page 856

    814 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 PowerConnect(config)# interface ethernet 4 PowerConnect(config-if-e1000-4)# ip local-proxy-arp Syntax: [ no ] ip local-pr oxy-arp Use the no f orm of the command to disable Local Proxy ARP . Creating static ARP entries Lay er 3 Switches[...]

  • Page 857

    PowerConnect B-Series FCX Configuration Guide 815 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 T o increase the maximum number of static AR P table entries you can configure on a La yer 3 Switch, enter commands such as the f ollowin g at the global CONFIG le vel of the CLI. PowerConnect(config)# system-max ip-static-arp 1000 Powe[...]

  • Page 858

    816 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 NOTE A less common type, the all-subnets broadcast, goes to all directly -attached subnets. Forwarding f or this broadcast type also is suppor ted, but most ne tw orks use IP multicasting instead of all-subnet broadcasting. Forwarding f[...]

  • Page 859

    PowerConnect B-Series FCX Configuration Guide 817 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 PowerConnect(config)# ip source-route Enabling support for zero- based IP subnet broadcasts By default, the Lay er 3 Switch treats IP packets with all ones in the host por tion of the address as IP broadcast pack ets. For ex ample, the [...]

  • Page 860

    818 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Disabling replies to broadcast ping requests By default, Dell PowerConnect de vices are enabl ed t o respond to br oadcast ICMP echo pack ets, which are ping requ ests. T o disable response to bro adcast ICMP echo pack ets (ping req ues[...]

  • Page 861

    PowerConnect B-Series FCX Configuration Guide 819 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 • The administration parameter disables ICMP Unreachabl e (caused by A dministration action) messages. • The fragmentation-needed paramet er disables ICMP F ragmentation-Needed But Do not-F ragment Bit Set messages. • The host par[...]

  • Page 862

    820 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 • RIP – If RIP is enabled, the L ayer 3 Switch ca n learn about rout es from the adv er tisements other RIP rout ers send to the Layer 3 Switch. If the r o ute has a lower administrativ e distance than an y other routes fr om dif fe[...]

  • Page 863

    PowerConnect B-Series FCX Configuration Guide 821 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 • The administrative distance f or the rout e – The value that the La yer 3 Switch uses to compare this rout e with routes fr om other route sour ces to the same destination before placing a rout e in the IP rout e table. This param[...]

  • Page 864

    822 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 PowerConnect(config)# ip route 207.95.7.0/24 207.95.6.157 When you configure a static IP r oute, you spec ify the destination address for the r oute and the next-hop gat ewa y or Lay er 3 Switch interface through which the La yer 3 Swit[...]

  • Page 865

    PowerConnect B-Series FCX Configuration Guide 823 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 If you do no t want to specify a ne xt-hop IP address, you can inst ead specify a por t or interface number on the La yer 3 Switch. The <nu m> parameter is a virtual inter face number . If y ou instead specify an Ethernet por t, t[...]

  • Page 866

    824 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 The <ip-addr> paramet er specifies the network or host address. The La yer 3 Switch will dr op pack ets that contain this address in the de stination field inst ead of f or warding them. The <ip-mask> parameter specifies the[...]

  • Page 867

    PowerConnect B-Series FCX Configuration Guide 825 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 The commands in the pre vious example configure tw o static IP rout es. The rout es go to different next-hop gat ewa ys but ha ve the same metrics. Th ese commands use the default metric value ( 1), so the metric is not specif ied. Thes[...]

  • Page 868

    826 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Figure 129 shows an example of two static r outes conf igured f or the same destination network. In this exam ple, one of the rout es is a standard stat ic route and has a metric of 1 . The other static rout e is a null rout e and has a[...]

  • Page 869

    PowerConnect B-Series FCX Configuration Guide 827 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 FIGURE 13 0 Standard and inte r face routes t o the same destination network T o configure a standard static IP r oute and a null r o ute t o the sa me network as shown in Figure 129 on page 826, ent er commands such as the following. P[...]

  • Page 870

    828 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Configuring a default network route The La yer 3 Switch enables yo u to specify a candidat e default r oute without the need t o specify the next hop gat ewa y . If the IP r oute table does not contain an e xplicit default r oute (for e[...]

  • Page 871

    PowerConnect B-Series FCX Configuration Guide 829 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 T o verify that the route is in the route table, enter the follo wing command at an y level of the CLI . This ex ample shows two r outes. Bo th of the rout es are directly attached, as indicated in the T ype column. How ever , one of th[...]

  • Page 872

    830 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 • Routes learned thr oug h BGP4 Administrati ve distance The administrative distance is a unique value associated with each type (source) of IP r oute. Each path has an administrative distan ce. The administrative distance is not used[...]

  • Page 873

    PowerConnect B-Series FCX Configuration Guide 831 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 The source of a path cost value de pends on the sour ce of the path: • IP static rout e – The value y ou assign to the metric parameter when you configure the route. The default metric is 1. Ref er to “Configuring load balancing a[...]

  • Page 874

    832 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 • If the IP f or warding sharing cache c ontains a forwarding entry for the destination, the de vice uses the entry to forwar d the traf fic. • If the IP load f orwarding cache does not c ont ain a forwarding entry for the destinati[...]

  • Page 875

    PowerConnect B-Series FCX Configuration Guide 833 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 • If you lea ve the f eature disabled globally but en able it on individual por ts, you also can configure the IRDP parame ters on an individual port basis. NOTE Y ou can configure IRDP parameters only an indi vidual por t basis . T o[...]

  • Page 876

    834 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Enabling IRDP on an individual port T o enable IRDP on an individual int er face and change IRDP paramet ers, enter commands such as the fo llowing. PowerConnect(config)# interface ethernet 1/3 PowerConnect(config-if-1/3)# ip irdp maxad[...]

  • Page 877

    PowerConnect B-Series FCX Configuration Guide 835 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 RARP is enabled by def ault. Howe ver , you must create a RARP entry for each host that will use the Lay er 3 Switch for booting. A RARP entry con sists of the follo wing information: • The entr y number – the entr y sequ ence numbe[...]

  • Page 878

    836 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Creating static RARP entries Y ou must configure the RARP entries for the RARP table. The La yer 3 Switch can send an IP address in reply to a client RARP request on ly if creat e a RARP entr y for that client. T o assign a static IP RA[...]

  • Page 879

    PowerConnect B-Series FCX Configuration Guide 837 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 • Configure a helper adders on the int er face connected to the clients. Specify the helper address to be the IP add ress of the application ser ver o r the subnet directed br oadcast address for the IP subnet the ser ver is in. A hel[...]

  • Page 880

    838 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Syntax: [ no ] ip forward-pr otocol udp <udp-port-name> | <udp-por t-num> The <udp-por t-name> paramet er ca n hav e one of the f ollowing values. For ref erence, the corresponding por t numbers from RFC 1340 are sho w[...]

  • Page 881

    PowerConnect B-Series FCX Configuration Guide 839 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Syntax: ip helper-address <nu m> <ip-addr> The <num> parameter specifies the helper addre ss number and can be from 1 thr ough 16 . The <ip-addr> command specifies the server IP address or the subnet di rected br[...]

  • Page 882

    840 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Configuring an IP helper address The procedure f or configuring a helper address f or BootP/DHCP requests is the same as the procedure f or configuring a helper address fo r o ther types of UDP broadcasts. R efer to “Configuring an IP[...]

  • Page 883

    PowerConnect B-Series FCX Configuration Guide 841 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 NOTE The BootP/DHCP hop count is not the TTL param eter . T o modify the maximum number of Boo tP/ DHCP hops, enter the f ollowing command. PowerConnect(config)# bootp-relay-max-hops 10 This command allows the Layer 3 Switch t o fo rwar[...]

  • Page 884

    842 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 • For DHCP client hitless suppo r t in an IronStack, the stack mac comm and must be used to configure the Ir onStack MAC address, so that the MA C address does not change in the event of a switchover or failover . If stack mac is not [...]

  • Page 885

    PowerConnect B-Series FCX Configuration Guide 843 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 FIGURE 13 1 DHCP Server configuration flo w char t Cl ass ify incoming me ssa ge DHCP en a bled? Ye s No previo us a lloc a tion in DB for thi s ho s t? No Ye s U s e RX P or tn u m, Ci a ddr field, a nd Gi a ddr field to s elect proper[...]

  • Page 886

    844 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Configuring DHCP Server on a device Perform the f ollowing st eps to configure the DHCP Server f eature on your P owerConnect de vice. 1. Enable DHCP Ser ver b y entering a command similar t o the follo wing. PowerConnect(config)# ip dh[...]

  • Page 887

    PowerConnect B-Series FCX Configuration Guide 845 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Default DHCP server settings Ta b l e 1 5 1 shows the default DHCP server settings. DHCP server CLI commands This section describes the CLI commands that are a vailable in the DHCP Server f eature. TA B L E 151 DHCP server default setti[...]

  • Page 888

    846 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 TA B L E 15 3 DHCP Ser ver CLI co mmands Command Description ip dhcp-server arp-pin g-timeout <#> Specifies the time (in se conds) the ser ver will w ait for a response t o an arp-ping pack et bef ore deleting the client fr om the[...]

  • Page 889

    PowerConnect B-Series FCX Configuration Guide 847 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Removing DHCP leases The clear ip dhcp-server binding command can be used to dele te a specific lease, or all le ase entries from the lease binding database. PowerConnect(config)# clear ip dhcp-server binding * Syntax: clear ip dhcp-ser[...]

  • Page 890

    848 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Setting the wait time for ARP-ping response At startup, the ser ver reconciles the lease-bindin g database by sending an ARP-p ing packet out to ev er y client. If there is no respon se to the ARP-ping pac ket within a set amoun t of ti[...]

  • Page 891

    PowerConnect B-Series FCX Configuration Guide 849 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 • < address > - The IP address of the DHCP server This command assigns an IP address t o the selected DHCP server . Configure the boot image The bootf ile command specifies a boot image name to be used b y the DHCP client. Power[...]

  • Page 892

    850 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Specify addresses to excl ude from the address pool The e xcluded-address command specifies either a single address, or a range of addresses that are to be e xcluded fr om the address pool. PowerConnect(config-dhcp-cabo)# excluded-addre[...]

  • Page 893

    PowerConnect B-Series FCX Configuration Guide 851 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Displaying DHCP server informat ion The follo wi ng DHCP show commands ma y be entered fr om any lev el of the CLI. Display active lease entries The show ip dhcp-ser ver binding command disp lays a specific active lease, or all active l[...]

  • Page 894

    852 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 netbios-name-server: 192.168.1.101 network: 192.168.1.0 255.255.255.0 next-bootstrap-server: 192.168.1.102 tftp-server: 192.168.1.103 Syntax: show ip dhcp-server address-pool [ s ] [< name >] • address-pool [ s ] - If y ou enter[...]

  • Page 895

    PowerConnect B-Series FCX Configuration Guide 853 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Display summary DHCP server information The show ip dhcp-ser ver summary command displays inf ormation about activ e leases, deployed address-pools, undeploy ed address-pools, and server uptime. PowerConnect# show ip dhcp-server summary[...]

  • Page 896

    854 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 DHCP Client-Based Auto -Configuration and Flash image update NOTE The DHCP Client-Based Au to-Configuration and Flash image updat e are platform independent and hav e no dif ferences in behavior or configuration across all platf orms. D[...]

  • Page 897

    PowerConnect B-Series FCX Configuration Guide 855 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 2. If au to-update is enabled, the TFTP flash image is do wnloaded and updated. The de vice compares the filename of the req uested flash image with the image stored in flash. If the filenames are different, then the de vice will downlo[...]

  • Page 898

    856 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 The following configuration rule s apply to flash image update: • T o enable flash image update ( ip dhcp-client auto-updat e enable command), also enable auto-configuration ( ip dhcp-client enable command). • The image filename t o[...]

  • Page 899

    PowerConnect B-Series FCX Configuration Guide 857 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 FIGURE 13 3 The DHCP C lient-Based Aut o-Configurati on steps The IP address validation and lease nego tiation step 1. At boot-up, the device automatically chec ks its configuration for an IP address. 2. If the de vice does not ha ve a [...]

  • Page 900

    858 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 3. If the de vice has a dynami c address, the de vice asks the DHCP ser ver t o validate that address. If the server does not respo n d, the de vice will continue to use the e xisting address until the lease expir es. If the ser ver res[...]

  • Page 901

    PowerConnect B-Series FCX Configuration Guide 859 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 The TFTP configuration do wnload and update step NOTE This pro cess only occurs when the client de vice reboots, or when Auto-Configuration has bee n disabled and then re-enabled. 1. When the device reboo ts, or the Aut o-Confi guration[...]

  • Page 902

    860 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 Configuration notes • When using DHCP on a r outer , if you ha ve a DH CP address f or one interface, and yo u want to connect to the DHCP server fr om another inte r face, you must disable DHCP on the first interface, then enable DHC[...]

  • Page 903

    PowerConnect B-Series FCX Configuration Guide 861 53-1002266-01 Configuring IP parameters – Layer 3 Switches 26 The follo wing example shows output fr om the show ip address command for a La yer 2 device. The follo win g example shows output fr om the show ip address command f or a base Lay er 3 device. The follo wing example shows a La yer 2 de [...]

  • Page 904

    862 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 2 Switches 26 DHCP Log messages The following DHCP notification m e ssages are sent to the log file. 2d01h48m21s:I: DHCPC: existing ip address found, no further action needed by DHCPC 2d01h48m21s:I: DHCPC: Starting DHCP Client service 2d01h48m21s:I: [...]

  • Page 905

    PowerConnect B-Series FCX Configuration Guide 863 53-1002266-01 Configuring IP parameters – Layer 2 Switches 26 Configuring the management IP address and specifying the default gateway T o manage a La yer 2 Switch using T elnet or Secure Shell (SSH) CLI connections or the W eb Management Interface, you must configure an IP ad dress for the La yer[...]

  • Page 906

    864 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 2 Switches 26 For e xample, if the domain “newyork.com” is defin e d o n a Laye r 2 Sw itc h o r L ayer 3 Sw it ch an d you wa n t to i n i t i a te a p i n g to h o s t “ N YC01 ” o n t h at d o m a i n , yo u n e e d to r e fe r e n c e o n[...]

  • Page 907

    PowerConnect B-Series FCX Configuration Guide 865 53-1002266-01 Configuring IP parameters – Layer 2 Switches 26 NOTE In the previous e xample, 209. 15 7 .22. 199 is the IP address of the domain name server (default DNS gate wa y address), and 209. 15 7 .22.80 repres ents the IP address of the NY C02 host. FIGURE 13 4 Quer ying a Host on the newyo[...]

  • Page 908

    866 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 2 Switches 26 By allowing multiple subnet DHCP request s to be sent on the same wire, you can reduce the number of rout er por ts required to support secondary addressing as well as reduce the number of DHCP servers required, b y allowing a server to[...]

  • Page 909

    PowerConnect B-Series FCX Configuration Guide 867 53-1002266-01 Configuring IP parameters – Layer 2 Switches 26 How DHCP Assist works Upon initiation of a DHCP session, the client sends out a DHCP discovery packet for an address from the DHCP ser ver as seen in Figure 136 . When the DHCP disco ver y pack et is received at a Lay er 2 Switch with t[...]

  • Page 910

    868 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring IP parameters – Layer 2 Switches 26 NOTE The DHCP relay function of the conne cting router must be turned on. FIGURE 13 7 DHCP of fe rs are for war ded b ack toward th e req ues tors NOTE When DHCP Assist is enabled on any po r t, La yer 2 br oadcast pack ets are forwarde[...]

  • Page 911

    PowerConnect B-Series FCX Configuration Guide 869 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 Up t o eight addresses can be defined for each gatew ay list in support of por ts that are multi-homed. When multiple IP addresses are configured f or a gatew ay list, the La yer 2 Switch inser ts the addresses into the disco [...]

  • Page 912

    870 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 • IP interfaces – refer t o “Displaying IP int er face information” on page 8 73. • ARP entries – ref er to “Displaying ARP entries” on page 8 7 4. • Static ARP entries – refer t o “Dis playing ARP entrie[...]

  • Page 913

    PowerConnect B-Series FCX Configuration Guide 871 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 TA B L E 15 9 CLI display of global IP configuration inf orm ation – Lay er 3 Switch This field... Displays... Global settings ttl The Time- T o-Live (TTL) f or IP pack ets. The TTL specifies the maximum number of rout er ho[...]

  • Page 914

    872 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 Displaying CPU uti lization statistics Y ou can displa y CP U utilization statistics for IP pro tocols using the show process cpu command. The show process cpu co mmand includes CPU utilization statistics for A CL, 802. 1x, an[...]

  • Page 915

    PowerConnect B-Series FCX Configuration Guide 873 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 T o display utilization statistics for a specific number of seconds, enter a command such as the following. When you specify ho w many seconds’ worth of statistics you want to displa y , the sof tware selects the sample that[...]

  • Page 916

    874 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 T o display detailed IP information for a specific inter face, enter a command such as the following. Displaying ARP entries Y ou can display the ARP cache and the static AR P table. The ARP cache contains entries for devic es[...]

  • Page 917

    PowerConnect B-Series FCX Configuration Guide 875 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 The mac-address <xxxx.xxxx. xxxx> parameter lets you restrict the displa y to entries f or a specific MA C address. The <mask> parameter lets you specify a mask f o r the mac-address <xxx x.xxxx.xxxx> pa ra m[...]

  • Page 918

    876 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 Displaying the static ARP table T o display the static ARP table instead of the AR P cache, enter the f ollowing co mmand at any CLI lev el . This exam ple shows two static entries. Note that because you specify an entry index[...]

  • Page 919

    PowerConnect B-Series FCX Configuration Guide 877 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 Displaying the forwarding cache T o display the I P forwarding cache, enter the fo llowing command at an y CLI level. Syntax: show ip cache [ <ip-addr > ] | [ <num> ] The <ip-addr> parameter displa ys the cac[...]

  • Page 920

    878 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 Displaying the IP route table T o display the IP route table, ent er the following command at any CLI le vel. Syntax: show ip rout e [ <ip-addr> [ <ip-mask> ] [ longer ] [ none-bgp ]] | <num> | bgp | direct |[...]

  • Page 921

    PowerConnect B-Series FCX Configuration Guide 879 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 The bgp option displays the BGP4 routes. The direct option displa ys only the IP rout es that are direct ly attached to the Layer 3 Switch. The ospf option displays the OS PF rout es. The rip option displays the RIP r outes. T[...]

  • Page 922

    880 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 Example Syntax: show ip rout e summar y In this ex ample, the IP rout e table contains 35 en tries. Of these entries, 6 are directly co nnected devic es, 28 are static rout es, and 1 rout e was calculated thr ough OSPF . One o[...]

  • Page 923

    PowerConnect B-Series FCX Configuration Guide 881 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 T o clear rout e 209. 15 7 .22.0/2 4 from the IP r outing table, enter the f ollowing command. PowerConnect# clear ip route 209.157.22.0/24 Syntax: clear ip route [ <ip-addr> <ip-mask> ] or Syntax: clear ip route [[...]

  • Page 924

    882 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 fragment ed The total number of IP pack ets fragmented b y this device t o accommodate the MTU of this device or of anot her device. reassemble d The total number o f fragmented IP p ackets that this d evice re-assembled . bad[...]

  • Page 925

    PowerConnect B-Series FCX Configuration Guide 883 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 Displaying IP information – Layer 2 Switches Y ou can display the fo llowing IP configurat ion information statistics on La yer 2 Switches: passive opens The number of TCP connectio ns opened by this devi ce in response to c[...]

  • Page 926

    884 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 • Global IP settings – refer t o “Displaying global IP configuration information” on page 884. • ARP entries – ref er to “Displaying ARP entries” on page 884. • IP traffic statistics – refer t o “Displayi[...]

  • Page 927

    PowerConnect B-Series FCX Configuration Guide 885 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 Syntax: show arp This display sho w s the f ollowing information. Displaying IP tr affic statistics T o display IP traf fic statistics on a Lay er 2 Sw itch, en ter the following command at an y CLI level. Syntax: show ip traf[...]

  • Page 928

    886 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying IP configuratio n information and s tatistics 26 The show ip traf fic command displays the f oll owing inf ormation. TA B L E 16 8 CLI displa y of IP traf fic statist ics – Lay er 2 Switch This field... Displays... IP statistics received The total n umber of IP packets rec[...]

  • Page 929

    PowerConnect B-Series FCX Configuration Guide 887 53-1002266-01 26 no por t The number of UDP packets dropped becaus e the pack et did not contain a valid UDP port number . input errors This informatio n is used by Dell customer s uppor t. TCP statistics The TC P statistics are derived from RFC 793, “T ransmission Control Pr otocol”. current ac[...]

  • Page 930

    888 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 26[...]

  • Page 931

    PowerConnect B-Series FCX Configuration Guide 889 53-1002266-01 Chapter 27 Configuring Multicast Listening Discovery (MLD) Snooping on PowerConnect B-Series FCX Switches Ta b l e 1 6 9 lists the individual Dell Pow erConnect sw itches and the MLD snooping f eatures they suppor t.. Overview The de fault met ho d a Powe rCo nn ect us es to proc ess a[...]

  • Page 932

    890 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview 27 The interfaces respond to general queries by send ing a membership repor t containing one or more of the f ollowing recor ds associ at ed with a specific group: • Current-state reco rd - Indicates the sour ces from which the int er face wants t o receive or not receive tr[...]

  • Page 933

    PowerConnect B-Series FCX Configuration Guide 891 53-1002266-01 Overview 27 NOTE For this co mmand to tak e ef fect, you must sa ve the configuratio n an d reload the switch. The hardw are resource limi t applies only to sn ooping-enabled VLANs. I n VLANs where snooping is not enabled, multicast streams ar e switched in hard ware without us ing any[...]

  • Page 934

    892 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview 27 When any por t of a VLAN is co nfigured for MLDv2, the VLAN matches both source and group (S G) in hardware s witching. If no por t is conf igur ed f or MLDv2, the VLAN matches gr oup only (* G). Matching (S G) requires more hardware resour ces than (* G) when there are mul[...]

  • Page 935

    PowerConnect B-Series FCX Configuration Guide 893 53-1002266-01 Configuring MLD snooping 27 NOTE T o av oid version deadlock, when an interface receiv es a r epor t with a low er version than that for which it has been configured, the inter face does not automatically downgrade the running MLD ver s io n. Configuring MLD snooping Configuring MLD Sn[...]

  • Page 936

    894 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring MLD snooping 27 The sys tem s upp or ts u p to 3 2K o f gro ups . Th e co nf igu rab le r ang e i s 25 6 to 3 2 7 68 a nd the defa ult is 8 192. The configured number is the upper limit of an expandable database. Client memberships ex ceeding the group limits are no t proce[...]

  • Page 937

    PowerConnect B-Series FCX Configuration Guide 895 53-1002266-01 Configuring MLD snooping 27 Syntax: [ no ] ipv6 mld-snooping age-interval <interval> The <interval> parameter specifies the aging time. Y ou can specify a value from 20 – 7200 seconds. The default is 1 40 seconds. Modifying the query int erval (A ctive MLD snooping mode o[...]

  • Page 938

    896 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring MLD snooping 27 Modifying the wait time before sto pping traffic when receiving a leave message Y ou can define the wait time before st opping traf fic to a port when the device receiv es a leave message f or that por t. The device sends gr oup-specific queries once per se [...]

  • Page 939

    PowerConnect B-Series FCX Configuration Guide 897 53-1002266-01 Configuring MLD snooping 27 Disabling MLD snooping for the VLAN When MLD snooping is enabled g lobally, y ou can di sable it f or a specific VLAN. F or example, the follo wing commands disable MLD snoo ping for VLAN 20. This settin g o verrides the global setting fo r V L A N 2 0 . Pow[...]

  • Page 940

    898 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring MLD snooping 27 The ipv6-address paramet er is the IPv6 address of the multicast g roup. The count is optional, which allows a contiguous range of groups. Omitting the count <num> is equiv alent to the count being 1. If there are no <s tack-unit/slot/por t> numb[...]

  • Page 941

    PowerConnect B-Series FCX Configuration Guide 899 53-1002266-01 Configuring MLD snooping 27 Every group on a ph ysical por t keeps its own tracking record. How ever , it can track group membership only; it cannot track b y (source, group) . For e xample, Client A and Client B belong to group1 but each is receiving traffic from dif ferent sour ces. [...]

  • Page 942

    900 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring MLD snooping 27 Displaying MLD snooping information Y ou can display the fo l lowing MLD Snooping info rm ation: • MLD Snooping err or information • Information about VLANs • Group and f or warding information f or VLANs • MLD memor y pool usage • Status of MLD tr[...]

  • Page 943

    PowerConnect B-Series FCX Configuration Guide 901 53-1002266-01 Configuring MLD snooping 27 If tracking and fast lea ve are enabled, you can disp lay the list of clients for a par ticular group by entering the following command. Syntax: show ipv6 mld-snooping gr oup [ <group-address> [ detail ] [ tracking ]] T o receive a report for a specifi[...]

  • Page 944

    902 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring MLD snooping 27 Syntax: show ipv6 mld-snooping mcache The f ollowing table describes the output fr om the ipv6 mld-snooping mcache co mmand. Displaying software resource usa ge for VLANs T o display inf ormatio n about the sof tware resources used, enter the follo wing comm[...]

  • Page 945

    PowerConnect B-Series FCX Configuration Guide 903 53-1002266-01 Configuring MLD snooping 27 Displaying status of MLD snooping traffic T o display status inf ormation for MLD snoo ping traff ic, enter the f ollowing command. Syntax: show ipv6 mld-snooping traffic The follo wing table describes the information displa yed by the show ipv6 mld-snooping[...]

  • Page 946

    904 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring MLD snooping 27 Displaying MLD snooping information by VLAN Y ou can display MLD snooping information f or all VLANs o r f or a specif ic VLAN. For example, to display MLD snoo ping information f or VLAN 70, enter the f ollowing command. Syntax: show ipv6 mld-snooping vlan [...]

  • Page 947

    PowerConnect B-Series FCX Configuration Guide 905 53-1002266-01 Configuring MLD snooping 27 Clear MLD counters on VLANs T o clear MLD Snooping erro r and traf fic counters on all VLANs, enter a command si milar to the following. PowerConnect#clear ipv6 mld-snooping counters Syntax: clear ipv6 mld-snooping counters Clear MLD mcache T o clear the mca[...]

  • Page 948

    906 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring MLD snooping 27[...]

  • Page 949

    PowerConnect B-Series FCX Configuration Guide 907 53-1002266-01 Chapter 28 Configuring RIP (IPv4) Ta b l e 17 0 lists the individual Dell P owerConnect sw itches and the RIP features they suppor t. RIP overview Routing Inf ormation Prot ocol (RIP) is an IP route ex change protoc ol that uses a dis t ance vect or (a number represen ting a dist ance)[...]

  • Page 950

    908 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 RIP parameters and defaults 28 • Ve r s i o n ( V 1 ) • V1 compatible with V2 • V ersion (V2) (the default) ICMP host unreachable message for undeliverable ARPs If the r outer receiv es an ARP request packe t that it is unable to deliv er to the final destination because of the A[...]

  • Page 951

    PowerConnect B-Series FCX Configuration Guide 909 53-1002266-01 RIP parameters and defaults 28 RIP interface parameters Ta b l e 17 2 lists the inter face-lev el RIP parameters and their default v alues, and indicates where you can find configurat ion information. . Learning default r outes The rout er can learn default r outes from its RIP nei ghb[...]

  • Page 952

    910 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RIP parameters 28 Configuring RIP parameters Use the follo wing procedures to configure RIP parameters on a system -wide and individual interface basis. Enabling RIP RIP is disabled b y default. T o enable it, use the f ollowing method. NOTE Y ou mus t enable the prot oco l[...]

  • Page 953

    PowerConnect B-Series FCX Configuration Guide 911 53-1002266-01 Configuring RIP parameters 28 PowerConnect(config)#interface ethernet 0/6/1 PowerConnect(config-if-0/6/1)#ip metric 5 These commands configure port 6/1 to add 5 to the cost of each r oute learned on the por t. Syntax: ip metric <1-1 6> Configuring a RIP offset list A RIP offset l[...]

  • Page 954

    912 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RIP parameters 28 NOTE Refe r to “Changing administrative distances” on page 1 01 4 for the default di stances for all ro ute sources. T o change the administrative distance for RIP routes, ent er a command such as the follo wing. PowerConnect(config-rip-router)#distanc[...]

  • Page 955

    PowerConnect B-Series FCX Configuration Guide 913 53-1002266-01 Configuring RIP parameters 28 Syntax: [ no ] permit | deny redistribute <filter - num> all | bgp | ospf | static address <ip-addr> <ip-mask> [ match-metric <v alue> | set-metric <value> ] The <filter -num> var iable specif ies the redistribution filt[...]

  • Page 956

    914 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RIP parameters 28 This command assigns a RIP metric of 1 0 to each rout e that is redistribut ed into RIP . Syntax: [ no ] default-m etric <1-1 5> Enabling redistribution Af ter y ou configure redistribution pa rameters , you need to enable redistribution. T o enable [...]

  • Page 957

    PowerConnect B-Series FCX Configuration Guide 915 53-1002266-01 Configuring RIP parameters 28 PowerConnect(config-rip-router)#update-time 120 This command con figures the Lay er 3 Sw itch to send RIP updates e very 120 seconds. Syntax: update-time <1-1 000> Enabling learning of RIP default routes Y ou can enable learning of RIP default rout e[...]

  • Page 958

    916 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RIP parameters 28 These loop pre vention methods are co nfigurable on an individual interfac e basis. One of the methods is alwa ys in ef fec t on an inter face enabled f or RIP . If you disable one method, the other method is enabled. NOTE These method s may be used i n ad[...]

  • Page 959

    PowerConnect B-Series FCX Configuration Guide 917 53-1002266-01 Displaying RIP filters 28 NOTE By default, r outes that do not matc h a route filt er are learned or adve r tised. T o prevent a route fr om being learned or adv er tised, y ou must co nfigu re a filter to deny t he rout e. T o configure RIP filt ers, enter commands such as the f ollow[...]

  • Page 960

    918 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying CPU utilizat ion statistics 28 Displaying CPU utilization statistics Y ou can displa y CP U utilization statistics for RIP and other IP pr otocols. T o display CPU utilization statistics for RIP f or the previous five-second, one-minute, five-minute, fif teen-minut e, and ru[...]

  • Page 961

    PowerConnect B-Series FCX Configuration Guide 919 53-1002266-01 Displaying CPU util ization statistics 28 If the soft ware has been running less than 15 minutes (the maximum interval for utilization statistics), the command indicat es how long th e sof tware has been running, as sho wn in the follo win g example. T o display utilization statistics [...]

  • Page 962

    920 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying CPU utilizat ion statistics 28[...]

  • Page 963

    PowerConnect B-Series FCX Configuration Guide 921 53-1002266-01 Chapter 29 Configuring OSPF Version 2 (IPv4) Ta b l e 17 4 lists the individ ual Dell PowerConnect switches and the OS PF V ersi on 2 features they suppor t. T A B L E 174 Suppor ted OSPF V2 f eatures Feature PowerConnect B-Series FCX OSPF V2 Y es OSPF point-t o-point links Y es RFC 15[...]

  • Page 964

    922 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview of OSPF 29 This chapter describes how to configure OSPF Vers ion 2 on Lay er 3 Switches using the CLI. OSPF V ersion 2 is suppor t ed on devices running IPv4. NOTE The terms La yer 3 Switch and router are used int erchangeably in this chapt er and mean the same thing. Overview[...]

  • Page 965

    PowerConnect B-Series FCX Configuration Guide 923 53-1002266-01 Overview of OSPF 29 An Aut onomous System Boundary Router (ASBR) is a rout er that is running multiple protocols and serves as a gate wa y to rout ers outside an area an d those operating with dif ferent pr otocols. The ASBR is able t o impor t and translate different pr otocol rout es[...]

  • Page 966

    924 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview of OSPF 29 I n a n O S P F p o i n t - to - p o i n t n e t wo r k , w h e r e a d i r e c t La ye r 3 c o n n e c t i o n e x i s t s b e t w e e n a s in g l e p a i r o f OSPF rout ers, there is no need f or Designat ed and Backup Designat ed Route rs, as is the case in OSP[...]

  • Page 967

    PowerConnect B-Series FCX Configuration Guide 925 53-1002266-01 Overview of OSPF 29 NOTE Priority is a configurable opt ion at the interface level. Y ou can use this parameter to help bias one rout er as the DR. FIGURE 1 40 Backup designat ed router becomes designat ed router If two neighbors share the same priority , the rout er with the highest r[...]

  • Page 968

    926 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview of OSPF 29 NOTE For de tails on how to configure the syst em to operat e with the RFC 2 1 78, refer t o “Modifying the OSPF standard compliance setting” on page 962. Reduction of equivalent AS External LSAs An OSPF ASBR uses AS Ext ern al link advertisemen ts (AS External [...]

  • Page 969

    PowerConnect B-Series FCX Configuration Guide 927 53-1002266-01 Overview of OSPF 29 FIGURE 1 4 1 AS External LSA reduction Notice that both R outer D and Rout er E hav e a route t o the other routing domain thr ough Rout er F . In earlier software releases, if R outers D and E ha ve equal-co st routes t o Rout er F , then both R outer D and Rout er[...]

  • Page 970

    928 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview of OSPF 29 that flush the duplicate AS Ext ernal LSAs ha ve more memor y f or other OSPF data. In Figure 1 4 1 , since Rout er D has a higher router ID than Rout er E, Router D floods the AS External LSAs for Rout er F to Rout ers A , B, and C. Rout er E fl ushes the equivalen[...]

  • Page 971

    PowerConnect B-Series FCX Configuration Guide 929 53-1002266-01 Overview of OSPF 29 All three networks ha ve the sam e network address , 1 0.0. 0.0. Without suppo r t for RFC 2328 Appendix E, an OSPF r outer uses the same link state ID, 1 0.0.0.0, f or the LSAs for all three networks. For exam ple, if the rout er generates an LSA with ID 10.0.0.0 f[...]

  • Page 972

    930 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 OSPF graceful restart 29 Y ou also can change the amount of memor y alloca ted t o various types of LSA entries. Howev er , these changes require a syst em reset or reboo t. Dynamic OSPF memory Pow erCon nect devices dynam ically allocate memo r y for Link Stat e Advertisements (LSAs) [...]

  • Page 973

    PowerConnect B-Series FCX Configuration Guide 931 53-1002266-01 Configuring OSPF 29 4. Define redistribution filters, if desired. 5. Enable redistribution, if you defined redistribution filt ers. 6. Modify default global and po r t parameters as req u ired. 7 . Modify OSPF standard compliance, if desired. NOTE OSPF is automatically ena bl ed withou[...]

  • Page 974

    932 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 Interface parameters: • Assign interfaces to an area. • Define the authentication key f or the inter face. • Change the authentication-change inter val • Modify the cost f or a link. • Modify the dead interval. • Modify MD5 authentication ke y parameters[...]

  • Page 975

    PowerConnect B-Series FCX Configuration Guide 933 53-1002266-01 Configuring OSPF 29 If you ha ve disabled the pr otocol but ha ve not ye t sav ed the configura tion to the startup-config f ile and reloaded the so f tware, you can restore the configuration information by re-en tering the command to enable the pr otocol (for e x ample, rou te r o s p[...]

  • Page 976

    934 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 When an NSSA contains more than one ABR, OSPF elects one of the ABRs to perform the LSA translation f or NSSA. OSPF elects the ABR with the highes t route r ID. If the elected ABR becomes unavailable, OSPF aut omaticall y elects the ABR with the next highest r outer[...]

  • Page 977

    PowerConnect B-Series FCX Configuration Guide 935 53-1002266-01 Configuring OSPF 29 The stub <cost> parameter specifies an additional cost fo r using a rout e to or from this area and can be from 1 through 1 677 721 5. There is no default. Normal areas do not use the cost parameter . The no-summar y parameter applies only t o stub areas and d[...]

  • Page 978

    936 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 The ABR translates the T ype-7 LSAs into T ype-5 LS As. If an area range is configured fo r the NSSA , the ABR also summarizes the LSAs into an aggregate LSA before flooding the T y pe-5 LSAs into the backbone. Since the NSSA is part ially “stubb y” the ABR does[...]

  • Page 979

    PowerConnect B-Series FCX Configuration Guide 937 53-1002266-01 Configuring OSPF 29 The <ip-mask> parameter specifies the por tions of the IP address that a r oute must contain to be summarized in the summar y rout e. In the example abo ve, all netw orks that b e g i n w i t h 2 0 9 .1 57 a r e summarized into a sing le route. Assigning an ar[...]

  • Page 980

    938 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 • ip ospf cost <num> • ip ospf dead-int er val <value> • ip ospf hello-inter val <value> • ip ospf md5-authenti cation ke y -activatio n-wait-time <num> | key -i d <num> [ 0 | 1 ] key <string> • ip ospf passive • ip os[...]

  • Page 981

    PowerConnect B-Series FCX Configuration Guide 939 53-1002266-01 Configuring OSPF 29 MD5-authentication activation wait time : The number of seconds the La yer 3 Switch waits until placing a new MD5 k ey into effect. The wait time pr ovides a wa y to gracefully transition fr om one MD5 ke y to another without disturbing the network. The wait time ca[...]

  • Page 982

    940 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 NOTE If you w ant the sof tware to assume that the v alu e you ent er is the clear-t ext f orm, and to encr ypt display of that form, do not ent er 0 or 1 . Instead, omit the encr yption option and allow the sof tware to use the default behavior . If you specif y en[...]

  • Page 983

    PowerConnect B-Series FCX Configuration Guide 941 53-1002266-01 Configuring OSPF 29 Block flooding of outbound LSAs on specific OSPF interfaces By default, the La yer 3 Switch floods all outbound LS As on all the OSPF interfaces within an area. Y ou can configure a filt er to block outbound LSAs on an OSPF int e r face. This f eature is par ticu la[...]

  • Page 984

    942 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 PowerConnect(config)#int ve 20 PowerConnect(config-vif-20)#ip ospf area 0 PowerConnect(config-vif-20)#ip ospf network non-broadcast PowerConnect(config-vif-20)#exit Syntax: [ no ] ip ospf network non-broadcast The follo wing commands specify 1. 1.20.1 as an OSPF nei[...]

  • Page 985

    PowerConnect B-Series FCX Configuration Guide 943 53-1002266-01 Configuring OSPF 29 NOTE By default, the Dell router ID is the IP addre ss configu red on the lowest number ed loopback interface. If the Lay er 3 Switch does not hav e a loop back int er face, the default rout er ID is the lowest numbered IP address configured on the de vice. For more[...]

  • Page 986

    944 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 PowerConnectC(config-ospf-router)#area 1 virtual-link 10.0.0.1 PowerConnectC(config-ospf-router)#write memory Syntax: area <ip-addr> | <num> virtual-link <router -id> [ authentication-k ey | dead-int er val | hello-interval | retransmit-interval | [...]

  • Page 987

    PowerConnect B-Series FCX Configuration Guide 945 53-1002266-01 Configuring OSPF 29 MD5 Authentication Wait Time : This parameter det ermines when a newly configured MD5 authentication key is v alid. This parameter pr ov ides a graceful transition fr om one MD5 k ey to another without disturbi ng the network. All new packets transmitt ed af ter the[...]

  • Page 988

    946 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 Changing the reference bandwidth for the cost on OSPF interfaces Each int er face on which OSPF is enabled has a cost associat ed with it. The La yer 3 Switch advertises its interfaces and their costs to OSPF neighbors. F or example, if an int er face has an OSPF co[...]

  • Page 989

    PowerConnect B-Series FCX Configuration Guide 947 53-1002266-01 Configuring OSPF 29 Interface types to which the re ference bandwidth does not apply Some int er face types are not affect ed by the reference bandwidth and alw ays ha ve the same cost regardless of the ref erence bandwidth in use: • The cost of a loopback int er face is alw ays 0. ?[...]

  • Page 990

    948 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 In Figure 144 on page 948, an administrator wants to configure the Pow erConnect Layer 3 Switch acting as the ASBR (Autonomous System Boundar y Rout er) between the RIP domain and the OS PF domain to redistribut e route s between the two domains. NOTE The ASBR must [...]

  • Page 991

    PowerConnect B-Series FCX Configuration Guide 949 53-1002266-01 Configuring OSPF 29 NOTE Redistribution is permitt ed for all r outes by def ault, so the permit redistribute 1 all command in the example ab ov e is shown for clari ty but is not required. Y ou also hav e the option of specifying im por t of just OSPF , BGP4, or static rout es, as wel[...]

  • Page 992

    950 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 Preventing specific OSPF routes fr om being installed in the IP route table By default, all OSPF routes in the OSPF route table ar e eligibl e f or ins tallation in the IP route table. Y ou can conf igure a distribution list to explicitly den y specific routes fr om[...]

  • Page 993

    PowerConnect B-Series FCX Configuration Guide 951 53-1002266-01 Configuring OSPF 29 Syntax: deny | permit <source-ip> <wildcard> The <A CL -name> | <ACL -id> parameter specifies the ACL name or ID. The in command applies the ACL to incoming rout e updates. The <interface number> parameter spec ifies the interface numbe[...]

  • Page 994

    952 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 The first th ree commands co nfigure an extended AC L that denies routes t o any 4.x.x.x destination network with a 255.255.0.0 network mask and allo ws all other rout es for eligibility t o be installed in the IP ro ute table. The last three c ommands change the CL[...]

  • Page 995

    PowerConnect B-Series FCX Configuration Guide 953 53-1002266-01 Configuring OSPF 29 Because this ACL is input to an OSPF distributi on list, the <destination- ip> parameter actually specifies the subnet mask of the route. The <wildcard> parameter specifies the por t ion of the subnet mask t o match against. F or exam ple, the <destin[...]

  • Page 996

    954 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 The commands in this example configure some st atic IP r outes, then co nfigure a rout e map and use the rout e map for redistributing stati c IP routes into OSPF . The ip route commands configure the static IP rout es. The rout e- ma p command begins configuration [...]

  • Page 997

    PowerConnect B-Series FCX Configuration Guide 955 53-1002266-01 Configuring OSPF 29 NOTE For an e xternal r oute that is redistributed int o OSPF thr ough a route map, the metric v alue of the rout e remains the same un less the metric is set by a set metric command inside th e rout e ma p. The default-metric <num> command has no eff ect on t[...]

  • Page 998

    956 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 • Po werConnect->R4 • Po werConnect->R5 • Po werConnect->R6 Normally , the Dell Po werCo nnect switch will ch oose the path to the R1 with the lower metric. F o r example, if R3 metric is 1 400 and R4 metric is 600, the Dell Po werConne ct switch will[...]

  • Page 999

    PowerConnect B-Series FCX Configuration Guide 957 53-1002266-01 Configuring OSPF 29 PowerConnect(config-ospf-router)#summary-address 10.1.0.0 255.255.0.0 The command in this example configures summar y address 1 0.1 .0.0, which includes addresses 1 0. 1. 1.0, 1 0.1 .2.0, 10. 1.3.0, and so on. F or all of these networks, only the address 10. 1.0.0 ([...]

  • Page 1000

    958 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 If the Lay er 3 Switch is an ASBR, y ou can use the “alwa ys” option when you enable the default r oute originati on. The always opt ion ca uses the ASBR to creat e and advertise a default r oute if it does not already ha ve one configured. If default r oute ori[...]

  • Page 1001

    PowerConnect B-Series FCX Configuration Guide 959 53-1002266-01 Configuring OSPF 29 Y ou can set the dela y and hold time t o lower value s to cause the La yer 3 Switch t o change to alternat e paths more quickly in the ev ent of a rout e failure. Note that lo wer values require more CPU processing time. Y ou can change one or both of the timers. T[...]

  • Page 1002

    960 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 • Inter -area routes • External r outes The default f or all these OSPF ro ute types is 11 0. NOTE This f eature does not influence the choice of routes within OSPF . For ex ample, an OSPF intra-area rout e is alwa ys preferred o ver an OSPF inter -area rout e, [...]

  • Page 1003

    PowerConnect B-Series FCX Configuration Guide 961 53-1002266-01 Configuring OSPF 29 Syntax: [ no ] timers lsa-group-pacing <secs> The <secs> paramet er specif ies the number of second s and can be from 1 0 throug h 1800 (30 minutes). The default is 2 40 seconds (4 minutes). T o restore the pacing int er val to its def ault value, enter [...]

  • Page 1004

    962 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring OSPF 29 Example T o reinstate the trap, enter the following command. PowerConnect(config-ospf-router)#trap neighbor-state-change-trap Syntax: [ no ] trap <ospf-trap> Specifying the types of OSPF Syslog messages to log Y ou can specify which kinds of OSPF-relat ed Sysl[...]

  • Page 1005

    PowerConnect B-Series FCX Configuration Guide 963 53-1002266-01 Configuring OSPF 29 NOTE Po werConnect devices dynamically allocat e OSPF memor y as needed. Ref er to “Dynamic OSPF memor y” on page 930. T o modify the exit o ver flow interval to 60 seconds, ent er the following command. PowerConnect(config-ospf-router)#database-overflow-interva[...]

  • Page 1006

    964 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Clearing OSPF information 29 Enabling and disabling OS PF graceful restart OSPF graceful restar t is enabled by def ault on a Pow erConnect La ye r 3 switch. T o disable it, use the fo llowing commands. PowerConnect (config)# router ospf PowerConnect (config-ospf-router)# no graceful-r[...]

  • Page 1007

    PowerConnect B-Series FCX Configuration Guide 965 53-1002266-01 Clearing OSPF information 29 • OSPF area inf orm ation, including rout es received from OSPF neighbors wi thin an area, as w ell as rout es impor ted int o the area. Y ou can clear area inf ormation for all OSPF areas, or f o r a specified OSPF area The OSPF infor mation is cleared d[...]

  • Page 1008

    966 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying OSPF informatio n 29 Syntax: clear ospf redistribution This command clears all rout es in the OSPF r o uting table that are redistributed fr om other pro tocols, including direct connect ed, static, RIP , and BGP . T o import redistributed routes fr om othe r protoc ol s, u [...]

  • Page 1009

    PowerConnect B-Series FCX Configuration Guide 967 53-1002266-01 Displaying OSPF information 29 • T rap state inf ormation – refer t o “Displaying OSPF trap status” on page 9 78. • OSPF graceful restar t - ref er to “Displaying OSPF gracef ul restart information” on page 9 78. Displaying general OSPF configuration information T o displ[...]

  • Page 1010

    968 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying OSPF informatio n 29 Displaying CPU utilization statistics Y ou can display CPU utilization statist ics for OSPF and o ther IP protocols. T o display CPU utilization statistics for OSPF f or the previous one-second, one-m inute, five-minut e, and fifteen-minute int er vals, [...]

  • Page 1011

    PowerConnect B-Series FCX Configuration Guide 969 53-1002266-01 Displaying OSPF information 29 The <num> paramet er specifies the number of seconds and can be from 1 thr ough 900. If you use this parameter , the command lists the usage statistics only f or the specified number of seconds. If you do not use this paramet er , the command lists [...]

  • Page 1012

    970 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying OSPF informatio n 29 Syntax: show ip ospf neighbor [ r outer -id <ip-addr> ] | [ <num> ] | [ detail ] The ro ute r-i d <ip -addr> parameter displa ys only the neighbor entries for the specified r outer . The <num> parameter displa ys only the entr y i[...]

  • Page 1013

    PowerConnect B-Series FCX Configuration Guide 971 53-1002266-01 Displaying OSPF information 29 Displaying OSPF interface information T o display OSPF interface information, en ter the f ollowing command at any CLI le vel. State The state of t he conversation be tween the Lay er 3 Switch and the neighbor . This field can hav e one of the f ollowing [...]

  • Page 1014

    972 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying OSPF informatio n 29 Syntax: show ip ospf interface [ <ip-addr> ] The <ip-addr> parameter displa ys the OSPF interface information f or the specified IP address. The follo wing table defines the highlighted fiel ds sho wn in the above example output of the sho w [...]

  • Page 1015

    PowerConnect B-Series FCX Configuration Guide 973 53-1002266-01 Displaying OSPF information 29 Displaying OSPF route information T o display OSPF r oute information f or the rout er , enter the f o llowing command at an y CLI leve l. Syntax: show ip ospf r outes [ <ip-addr> ] The <ip-addr> parameter specifies a destination IP address. I[...]

  • Page 1016

    974 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying OSPF informatio n 29 Displaying the routes that have been redistributed into OSPF Y ou can display the r outes that ha ve been redist ributed into OSPF . T o displa y the redistributed rout es, enter the f ollowing command at an y level of the CLI. In this example, f our rou[...]

  • Page 1017

    PowerConnect B-Series FCX Configuration Guide 975 53-1002266-01 Displaying OSPF information 29 Displaying OSPF external link state information T o display ext ernal link state information, enter the f ollowing comm and at any CLI lev el. Syntax: show ip ospf data base e xternal-lin k-stat e [ adver tise <num> ] | [ exte n si ve ] | [ link-sta[...]

  • Page 1018

    976 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying OSPF informatio n 29 Displaying OSPF link state information T o display link stat e info rmation, ent er the follo wing command at an y CLI lev el. PowerConnect#show ip ospf database link-state Syntax: show ip ospf database link -state [ advertise <num> ] | [ asbr ] | [...]

  • Page 1019

    PowerConnect B-Series FCX Configuration Guide 977 53-1002266-01 Displaying OSPF information 29 Syntax: show ip ospf data base e xternal-lin k-stat e [ adver tise <num> ] | [ link-stat e-id <ip- addr> ] | [ rout er-id <i p-addr> ] | [ sequence-numbe r <num(Hex)> ] | [ status <num> ] T o determine an e xternal LSA or oth[...]

  • Page 1020

    978 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying OSPF informatio n 29 PowerConnect#show ip ospf border-routers Syntax: show ip ospf border -routers [ <ip-addr> ] The <ip-addr> parameter displa ys the ABR and ASBR entries for the specified IP address. Displaying OSPF trap status All traps are enabled by def ault[...]

  • Page 1021

    PowerConnect B-Series FCX Configuration Guide 979 53-1002266-01 Displaying OSPF information 29 Ta b l e 1 8 0 defines the fields in the show output. TA B L E 1 8 0 CLI displ ay of OSPF database grac e LSA information Field Defini tion Area The OSPF area that the int er face configured f or OSPF graceful restart is in. Interface The interface that i[...]

  • Page 1022

    980 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying OSPF informatio n 29[...]

  • Page 1023

    PowerConnect B-Series FCX Configuration Guide 981 53-1002266-01 Chapter 30 Configuring BGP4 (IPv4) Ta b l e 1 8 1 lists individual Dell P owerCo nnect switches and the BGP4 f eatures they suppor t. BGP4 f eatures are suppor ted on P owerConnect B-Seri es FCX ADV devic es running the full Layer 3 soft ware image. This chapter pr ovides de tails on h[...]

  • Page 1024

    982 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview of BGP4 30 Overview of BGP4 BGP4 is the standard Ext erior Gatew ay Pr otocol (E GP) used on the Internet to route traffic between Auto no m ou s S y ste ms (A S ) a nd to m a in ta in lo o p- fr e e ro ut in g. An a uto no m ou s s ys te m i s a co ll ec t io n of networks th[...]

  • Page 1025

    PowerConnect B-Series FCX Configuration Guide 983 53-1002266-01 Overview of BGP4 30 Although a La yer 3 Switch BGP4 r oute table can ha ve multiple r outes t o the same destination, the BGP4 prot ocol evaluat es the rout es and chooses only one of the rout es to send to the IP rout e table. The rout e that BGP4 chooses and sends to th e IP r oute t[...]

  • Page 1026

    984 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview of BGP4 30 3. If the weights are the same, prefer the route with the larg est local preference. 4. If the ro utes hav e the same local pref erence, pref er the route that w as originated locally (by this BGP4 Lay er 3 Switch). 5. If the local pref erences are the same, pref er[...]

  • Page 1027

    PowerConnect B-Series FCX Configuration Guide 985 53-1002266-01 Overview of BGP4 30 NOTE Lay er 3 Switches suppor t BGP4 lo ad sharing among multiple equal-cost paths. BGP4 load sharing enables the Lay er 3 Switch to balance th e traf fic across the multiple paths instead of choosing just one path based on r outer ID. F or EBGP routes, load sharing[...]

  • Page 1028

    986 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview of BGP4 30 UPDATE message Af ter BGP4 neighbors establish a BGP4 connectio n over T CP and exchange their BGP4 r outing tables, they do no t send periodic r outing updates. I ns t e a d , a BG P 4 n e i g h b o r s e n d s a n up d a t e to i t s neighbor when it has a new r o[...]

  • Page 1029

    PowerConnect B-Series FCX Configuration Guide 987 53-1002266-01 BGP4 graceful restart 30 BGP4 graceful restart BGP4 graceful restar t is a high-availability r outing feature that minimizes disruption in traf fic forwar ding, diminishes route flapping , and provides continuous service during a syst em restar t, switchov er , failov er , or hitless O[...]

  • Page 1030

    988 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 BGP4 parameters 30 NOTE By default, the r outer ID is the IP address configur ed on the lowest numbered loopback inte r face. If the La yer 3 Switch does not ha ve a loopback int er face, the def ault router ID is the lowest numbered IP interface address configured on the de vice. For [...]

  • Page 1031

    PowerConnect B-Series FCX Configuration Guide 989 53-1002266-01 BGP4 parameters 30 • Req uired – Identify BGP4 neighbors. • Optional – Change the K eep Alive Time and Hold Time. • Optional – Change the update timer for r oute changes. • Optional – Enable fast e xternal fallo ver . • Optional – Specify a list of individual networ[...]

  • Page 1032

    990 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 BGP4 parameters 30 Immediately The follo wing parameter changes take ef fect immediat ely: • Enable or disable BGP . • Set or change the local AS. • Add neighbors. • Change the update time r for r oute changes. • Disable or enable fast e xternal fallov er . • Specify indivi[...]

  • Page 1033

    PowerConnect B-Series FCX Configuration Guide 991 53-1002266-01 Memory considerations 30 After disabling and re-e nabling redistribution The following paramet er ch ange takes effect only af ter you disable and then re-enable redistribution: • Change the default MED (metric). Memory considerations BGP4 handles a very large number of rout es and t[...]

  • Page 1034

    992 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic configuration tasks 30 Basic configuration tasks The f ollowing sections describe ho w to per fo rm th e configuration tasks that are required to use BGP4 on the Lay er 3 Switch. Y ou can modify man y parameters in addition t o the ones described in this section. Ref er to “Opt[...]

  • Page 1035

    PowerConnect B-Series FCX Configuration Guide 993 53-1002266-01 Basic configuration tasks 30 Setting the local AS number The local AS number identifies th e AS the Dell BGP4 rout er is in. The AS number can be from 1 through 65535 . There is no default. AS nu mbers 645 12 thr ough 65535 are the well-kno wn privat e BGP4 AS numbers and are not adver[...]

  • Page 1036

    994 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic configuration tasks 30 NOTE If the Lay er 3 Switch has multiple neighbors with s imilar attributes, you can simplify configuration by configuring a peer gr oup, then addi ng individual neighbors t o it. Th e configuration steps are similar , ex cept you specify a peer group name [...]

  • Page 1037

    PowerConnect B-Series FCX Configuration Guide 995 53-1002266-01 Basic configuration tasks 30 NOTE The Lay er 3 Switch applies the adver tisement inte rval only under cer tain conditions. The Lay er 3 Switch does not apply the advertisement inter val when sending initial updates t o a BGP4 n eighbor . As a result, the La yer 3 Switch sends the updat[...]

  • Page 1038

    996 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic configuration tasks 30 filter -list in | out <num,num,...> sp ecif i es a n AS -pa th f ilte r lis t o r a li st of AS -p ath ACLs. The in | out ke yword specifies whe ther the list is applied on updat es received from the ne ighbor or sent to the neighbor . If you specify [...]

  • Page 1039

    PowerConnect B-Series FCX Configuration Guide 997 53-1002266-01 Basic configuration tasks 30 NOTE If you w ant the sof tware to assume that the v alu e you ent er is the clear-t ext f orm, and to encr ypt display of that form, do not enter 0 or 1. I n stead, omit the encr yption option and allow the software to use the default behavior . If you spe[...]

  • Page 1040

    998 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic configuration tasks 30 indefinitely f or messages from a neighbor withou t concluding that the neig hbor is dead. The defaults f or these parameters are the currently co nfigured glo bal Keep Aliv e Time and Hold Time. For more informatio n about these paramet ers, refer to “Ch[...]

  • Page 1041

    PowerConnect B-Series FCX Configuration Guide 999 53-1002266-01 Basic configuration tasks 30 Notice that the sof tware has converted the comman ds that specify an auth entication string into the new syntax (described belo w), and has encr yp t ed display of the authentication strings. Command syntax Since the default beha vior does not affect the B[...]

  • Page 1042

    1000 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic configuration tasks 30 The enable passw ord-display command enables display of the auth entication string, but only in the output of the show ip bgp neighbors command. Displa y of the string is still encrypted in the star tup-conf ig file and run ning-config. Enter the command a[...]

  • Page 1043

    PowerConnect B-Series FCX Configuration Guide 1001 53-1002266-01 Basic configuration tasks 30 NOTE If you ent er a command to remo ve the remot e AS paramet er from a peer gr oup, the sof tware checks to ensure that the peer gr oup does not contain an y neighbors. If the peer gr oup does contain neighbors, the sof tware does not allo w you t o remo[...]

  • Page 1044

    1002 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic configuration tasks 30 • If you add a paramet er to a peer group that alre ady conta ins neighbors, the parameter value is applied to neighbors that do no t already have the paramet er explicitly set. If a neighbor has the parameter e xplicit ly set, the explicitly set valu e [...]

  • Page 1045

    PowerConnect B-Series FCX Configuration Guide 1003 53-1002266-01 Basic configuration tasks 30 [ send-community ] [ sof t-reconfiguration inbound ] [ shutdown ] [ timers keep-alive <num> hold-time <num> ] [ update-sour ce loopback <num> ] [ wei gh t <num> ] The <ip-addr> | <peer -group-name> parameter indicates wh[...]

  • Page 1046

    1004 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Optional configuration tasks 30 NOTE The sof tware also contains an op tion t o end the session with a BGP4 neighbor and thus clear the rout es learned from the neighbor . Unlik e this clear option, the option f or shutting down the neighbor can be sav ed in the star tup-config file a[...]

  • Page 1047

    PowerConnect B-Series FCX Configuration Guide 1005 53-1002266-01 Optional configuratio n tasks 30 For e a ch key wo rd , <num> indicates the number of seconds. The K eep Alive Time can be 0 thr ough 65535. The Hold Time c an be 0 or 3 through 6553 5 (1 and 2 are not allow ed). If you set the Hold Time to 0, the r outer waits indefinitely f or[...]

  • Page 1048

    1006 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Optional configuration tasks 30 Changing the maximum number of paths for BGP4 load sharing Load sharing enables the La yer 3 Switch to balanc e traffic to a route acr oss mu ltiple equal-cost paths of the same type (EBGP or IBGP) f or the rout e. T o configure the Layer 3 Switch t o p[...]

  • Page 1049

    PowerConnect B-Series FCX Configuration Guide 1007 53-1002266-01 Optional configuratio n tasks 30 If an IGP path used b y a BGP4 nex t-hop route path installed in the IP rout e table changes, then the BGP4 paths and IP paths are adjusted accor dingly . For e xample, if one of the OS PF paths to reach the BGP4 next hop goes do wn, the software remov[...]

  • Page 1050

    1008 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Optional configuration tasks 30 • multi-as – Load sharing is enabled for pa ths from different autonomous systems. By default, load sharing applies to EBGP and IBGP paths, and does not apply to paths from different neighboring autonomous syst ems. Specifying a list of networks to [...]

  • Page 1051

    PowerConnect B-Series FCX Configuration Guide 1009 53-1002266-01 Optional configuratio n tasks 30 T o configure a route map, and use it t o set or ch ange ro ute attributes for a network y ou def ine for BGP4 to adv er tise, enter commands such as the f ollowing. PowerConnect(config)#route-map set_net permit 1 PowerConnect(config-routemap set_net)#[...]

  • Page 1052

    1010 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Optional configuration tasks 30 Using the IP default route as a valid next hop for a BGP4 route By default, the Layer 3 Switch does not use a default route t o resolve a BGP4 ne xt-hop rout e. If the IP rout e lookup f or the BGP4 next hop does no t result in a valid IGP r oute (inclu[...]

  • Page 1053

    PowerConnect B-Series FCX Configuration Guide 1011 53-1002266-01 Optional configuratio n tasks 30 Enabling next-hop recursion For each BGP4 rout e a Layer 3 Switch learns, the Lay er 3 Switch per forms a r oute look up to obtain the IP address of the r oute nex t hop. A BGP4 rout e becomes eligible for installation into the IP rout e table only if [...]

  • Page 1054

    1012 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Optional configuration tasks 30 In this ex ample, the Laye r 3 Switch cannot reach 2 40.0.0.0/2 4, because the next-ho p IP address f or the rout e is an IBGP rout e instead of an IGP route, and thus is considered unreachable by th e Lay er 3 Switch. Here is the IP ro ute table entr y[...]

  • Page 1055

    PowerConnect B-Series FCX Configuration Guide 1013 53-1002266-01 Optional configuratio n tasks 30 The first look up results in an IBGP r oute, t o network 1 02.0.0.0/2 4. Since the ro ute to 1 02.0.0. 1/2 4 is not an IGP ro ute, the Lay er 3 Switch cannot reach the ne xt hop through IP , and thus cannot use the BGP r oute. In this case, since recur[...]

  • Page 1056

    1014 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Optional configuration tasks 30 This Laye r 3 Switch can use this route because the Lay er 3 Switch has an IP r oute to the ne xt-hop gate wa y . Without recursive ne xt-hop look ups, th is route w ould not be in the IP rout e table. Enabling recursive next-hop lookups The recursive n[...]

  • Page 1057

    PowerConnect B-Series FCX Configuration Guide 1015 53-1002266-01 Optional configuratio n tasks 30 Lower administrativ e distances ar e preferred over higher distances. F or example, if the router receives r outes f or the same network from OSPF and fr om RIP , the rout er will prefer the OSPF route by default. The administrative di stances are conf[...]

  • Page 1058

    1016 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Optional configuration tasks 30 PowerConnect(config-bgp-router)#as-path-ignore This command disables comparison of the AS-Pat h lengths of ot her wise equal paths. When you disable AS-Path length comparison , the BGP4 algorithm shown in “How BGP4 sele cts a path for a rou te ” on [...]

  • Page 1059

    PowerConnect B-Series FCX Configuration Guide 1017 53-1002266-01 Optional configuratio n tasks 30 Y ou can enable the Lay er 3 Switch to alwa ys co mpare the MEDs, regar dless of the AS information in the paths. For example, if the r outer receiv es UPDA TES for the same r oute fr om neighbors in three autonomo us systems, the rout er would compare[...]

  • Page 1060

    1018 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Optional configuration tasks 30 • A cluster is a gr oup of IGP rout ers organized into r oute reflect ors and route re flector clients. Y ou configure the cluster b y ass igning a cluster ID on the r oute reflector and identifying the IGP neighbors that are members of that cluster .[...]

  • Page 1061

    PowerConnect B-Series FCX Configuration Guide 1019 53-1002266-01 Optional configuratio n tasks 30 FIGURE 1 4 7 Example of a route reflector configuration Support for RFC 2796 Rout e reflection on Dell Pow erConnect devices is based on RFC 279 6. This updated RFC helps eliminate r outing loop s that are possible in some implementations of the older [...]

  • Page 1062

    1020 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Optional configuration tasks 30 • A Lay er 3 Switch configured as a rout e reflector sets the ORI GINA T OR_ID attribute to the r outer ID of the r outer that originat ed the rout e. Moreov er , the r oute reflecto r sets the attribute only if this is the first time the route is bei[...]

  • Page 1063

    PowerConnect B-Series FCX Configuration Guide 1021 53-1002266-01 Optional configuratio n tasks 30 If you need t o disable rout e reflection between clients, enter the f ollowing co mmand. When t he fe ature is disabled, rout e reflection does not occu r betw een clients but reflection does still occur between cl ients and non-clients. PowerConnect([...]

  • Page 1064

    1022 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Optional configuration tasks 30 FIGURE 1 48 Ex ample of a BGP4 confederation In this example, f our switches are configured in to two sub-autonomous systems, each containing two of the switches. The sub-aut onomous system s are members of conf ederation 1 0. Switches within a sub-AS m[...]

  • Page 1065

    PowerConnect B-Series FCX Configuration Guide 1023 53-1002266-01 Optional configuratio n tasks 30 • Configure the conf ederation ID. The confederation ID is the A S number by which BGP switches outside the confed eration know the confed eration. Thus, a BGP switch outside the conf ederation is not aware and does not care that y our BGP switches a[...]

  • Page 1066

    1024 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Optional configuration tasks 30 Commands for router C PowerConnectC(config)#router bgp PowerConnectC(config-bgp-router)#local-as 64513 PowerConnectC(config-bgp-router)#confederation identifier 10 PowerConnectC(config-bgp-router)#confederation peers 64512 64513 PowerConnectC(config-bgp[...]

  • Page 1067

    PowerConnect B-Series FCX Configuration Guide 1025 53-1002266-01 Configuring BGP4 graceful restart 30 The advert ise-map <map-name> parameter configures the r outer t o adver tise the more specific rout es in the specified r oute map. The attribut e-map <map-name> parameter configures the r outer t o set attributes f or the aggregate ro[...]

  • Page 1068

    1026 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 BGP null0 routing 30 Configuring the BGP4 graceful restart stale ro utes timer Use the f ollowing command t o specify the maximum am ount of time a helper device will wait f or a n end-of-RIB message fr om a peer before delet ing routes from that peer . PowerConnect (config-bgp)# grac[...]

  • Page 1069

    PowerConnect B-Series FCX Configuration Guide 1027 53-1002266-01 BGP null0 routing 30 Figure 149 shows a t o pology for a null0 routing application ex ample. FIGURE 1 49 Ex ample of a null0 routing application The follo wing steps configu re a null0 routing applicat ion for st opping denial of ser vice attack s from remote hosts on the int ernet. C[...]

  • Page 1070

    1028 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 BGP null0 routing 30 Configuration examples S6 The following configuration defines specific prefixes t o filter . PowerConnect(config)#ip route 110.0.0.40/29 ethernet 3/7 tag 50 PowerConnect(config)#ip route 115.0.0.192/27 ethernet 3/7 tag 50 PowerConnect(config)#ip route 120.014.0/23[...]

  • Page 1071

    PowerConnect B-Series FCX Configuration Guide 1029 53-1002266-01 BGP null0 routing 30 Show commands Af ter configuring the null0 applicat ion, y ou can display the output. S6 The following is the show ip r oute static output for S6. S1 and S2 The following is the show ip r oute static output for S1 and S2. S6 The following is the show ip bgp rout e[...]

  • Page 1072

    1030 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Modifying redistribution parameters 30 S1 and S2 The show ip r oute output f or S1 and S2 shows "drop" under the Port column for the network prefixes you configured with null0 ro uting. Modifying redistribution parameters By default, the La yer 3 Switch does not redistri but[...]

  • Page 1073

    PowerConnect B-Series FCX Configuration Guide 1031 53-1002266-01 Modifying redistri bution parameters 30 Re fe r t o t he fo l l ow i n g s e c t i on s fo r d et a i l s o n redistrib uting specific rout es using the CLI: • “Redistributing connect ed route s” on page 103 1 • “Redistributing RIP r outes” on page 1 03 1 • “Redistribu[...]

  • Page 1074

    1032 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Modifying redistribution parameters 30 Syntax: redistribute ospf [ match in ternal | exte rn al 1 | ex te rn a l2 ] [ metric <num> ] [ ro u te- m ap <map-name> ] The ospf parameter indicat es that you are redi stributing OSPF ro utes into BGP4. The match intern al | ex ter[...]

  • Page 1075

    PowerConnect B-Series FCX Configuration Guide 1033 53-1002266-01 Filtering 30 T o disable re-advertisement of BGP4 rout es to BG P4 neighbors e xcept for r outes that the software also instal ls in the rout e tabl e, ent er the following command. PowerConnect(config-bgp-router)#no readvertise Syntax: [ no ] readvert ise T o re-enable re-advertiseme[...]

  • Page 1076

    1034 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering 30 NOTE Once you define a filter , the default action f or ad dresses that do no t match a filter is “den y”. T o change the default action to “permit”, configure the last filter as “permit an y any”. Address filt ers can be referre d to by a BGP neighbor 's[...]

  • Page 1077

    PowerConnect B-Series FCX Configuration Guide 1035 53-1002266-01 Filtering 30 If you enable the soft ware t o display IP subnet ma sks in CIDR fo rmat, the mask is sav ed in the file in “/ <mask-bits> ” f o rmat. T o enable the software to displa y the CIDR masks, ent er the ip show-subnet-len gth command at the global CONFIG le vel of th[...]

  • Page 1078

    1036 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering 30 The <as-path> paramet er indicates the AS-path inf ormatio n. Y ou can enter an e x act AS-path stri ng if you w ant to filt er for a specific v alue. Y o u al so can use regu lar expressions in the filt er string. Defining an AS-path ACL T o conf igure an AS -path [...]

  • Page 1079

    PowerConnect B-Series FCX Configuration Guide 1037 53-1002266-01 Filtering 30 Special characters When you ent er as single-character e xpression or a list of charact ers, you also can use the follo win g special characters. Ta b l e 1 8 2 on page 1 03 7 lists the special characters. The description for each special character includes an e xample. N[...]

  • Page 1080

    1038 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering 30 If you want t o filter f or a special character instead of u sing the special charact er , enter “” (backslash) in front of the charact er . For e xampl e, to filt er on AS-path strings cont aining an asterisk, ent er the asterisk por tion of the regular e xpression [...]

  • Page 1081

    PowerConnect B-Series FCX Configuration Guide 1039 53-1002266-01 Filtering 30 NOTE The La yer 3 Switch cannot actively support commun it y filters and community list ACLs at the same time. Use one method or the other but do not mix methods. NOTE Once you define a filt er or ACL, the de fault action fo r com munities that do not match a filter or A [...]

  • Page 1082

    1040 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering 30 The no-export keyw ord filt ers for r outes with the w ell -known community “NO_EXPORT”. A r oute in this community should no t be adver tised to an y BGP4 neighbors outside the local AS . If the rout er is a member of a conf ederation, the Lay er 3 Switch advertises [...]

  • Page 1083

    PowerConnect B-Series FCX Configuration Guide 1041 53-1002266-01 Filtering 30 The <regular-e xpression> parameter specifies a regular e xpr ession fo r matching on community names. For inf ormation about regu lar expression syntax, ref er to “Using regular expressions” on page 1 036. Y ou can specify a regular expressi on only in an e xte[...]

  • Page 1084

    1042 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering 30 Defining neighbor distribute lists A neighbor di stribute list is a list of BGP4 addre ss filters or A CLs that filter the traf fic to or fr om a neighbor . T o configure a neighbo r distribute list, use either of the follo wing methods. T o configure a distribute list th[...]

  • Page 1085

    PowerConnect B-Series FCX Configuration Guide 1043 53-1002266-01 Filtering 30 If the r oute map contains set stat ements, rout es that are permitted b y the rout e map match statements are modified acco r ding to the set statements. Match statements com pare the ro ute ag ainst one or more of the follo wing: • The rout e BGP4 MED (metric) • A s[...]

  • Page 1086

    1044 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering 30 As shown in this e xample, the command pro mpt changes to the R oute Map lev el. Y ou can enter the match and set stat ements at this level. R efer t o “Specifying the match conditions” on page 1 044 and “Setting parameters in the rout es” on page 1 04 7. The <[...]

  • Page 1087

    PowerConnect B-Series FCX Configuration Guide 1045 53-1002266-01 Filtering 30 NOTE The filters must al ready be configured. The community <num> parameter specifies a community ACL. NOTE The ACL must already be configured. The community <ACL> exac t -m at ch parameter matches a r oute if (and only if) the r oute's community attribut[...]

  • Page 1088

    1046 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering 30 PowerConnect(config)#ip community-list 1 permit 123:2 PowerConnect(config)#route-map CommMap permit 1 PowerConnect(config-routemap CommMap)#match community 1 Syntax: match community <string> The <str ing> parameter specifies a co mmunity list AC L. T o configu[...]

  • Page 1089

    PowerConnect B-Series FCX Configuration Guide 1047 53-1002266-01 Filtering 30 The first command configures an IP AC L that ma tches on rout es received fr om 192. 168.6.0/2 4. The remaining commands conf igure a rout e map th at matches on all BGP 4 r outes advertised by the BGP4 neighbors whose addresses match addresses in the IP prefix list. Y ou[...]

  • Page 1090

    1048 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering 30 [ dampening [ <half-life> <reuse> <sup press> <max-suppress-time> ]] [[ default ] interface null0 | [ ip [ default ] ne xt hop <ip-addr> ] [ ip ne xt-hop peer-address ] | [ local-pref erence <num> ] | [ metric [ + | - ] <num> | no[...]

  • Page 1091

    PowerConnect B-Series FCX Configuration Guide 1049 53-1002266-01 Filtering 30 The metric-type type-1 | type-2 paramet er changes the metric type of a rout e redistributed into OSPF . The metric -type internal paramet er s ets the rout e's ME D to the same value as the IGP metric of the BGP4 nex t-hop rout e. The parameter does this when adv er[...]

  • Page 1092

    1050 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering 30 These commands configure a route map that matches on r outes whose destination network is specified in ACL 1, a nd sets the next hop in the rout es to the neighbor address (inbound filt ering) or the local IP address of the BGP4 session (outbound filtering ). Syntax: set [...]

  • Page 1093

    PowerConnect B-Series FCX Configuration Guide 1051 53-1002266-01 Filtering 30 T o create a r oute map and identify it as a tabl e map, enter commands such as f ollowing. These commands create a r oute map that uses an address filter . For r outes that match the address filt er , the rout e map changes the tag v alue to 1 00. This ro ut e ma p is th[...]

  • Page 1094

    1052 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering 30 PowerConnect(config)#ip prefix-list Routesfrom1234 deny 20.20.0.0/24 PowerConnect(config)#ip prefix-list Routesfrom1234 permit 0.0.0.0/0 le 32 PowerConnect(config)#router bgp PowerConnect(config-bgp-router)#neighbor 1.2.3.4 prefix-list Routesfrom1234 in PowerConnect(confi[...]

  • Page 1095

    PowerConnect B-Series FCX Configuration Guide 1053 53-1002266-01 Filtering 30 T o per form a soft reset of a neighbor session and send ORFs t o the neighbor , enter a command such as the fo llowing. PowerConnect#clear ip bgp neighbor 1.2.3.4 soft in prefix-list Syntax: clear ip bgp neighbor <ip-addr> [ sof t in prefix-filter ] If you use the [...]

  • Page 1096

    1054 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring route flap dampening 30 Configuring route flap dampening A “rout e flap” is the change in a rout e state, fr om up to down or do wn to up. When a r oute state changes, the state change causes changes in the r o ute tables of the ro uters that suppor t the r oute. F req[...]

  • Page 1097

    PowerConnect B-Series FCX Configuration Guide 1055 53-1002266-01 Configuring route flap dampening 30 Globally configuring route flap dampening T o enable rout e flap dampening using the default values, ent er the follo wing command. PowerConnect(config-bgp-router)#dampening Syntax: dampeni ng [ <half-life> <reuse> <suppress> <m[...]

  • Page 1098

    1056 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring route flap dampening 30 The address-filter commands in this e xample configure two BGP4 address filters, f or networks 209. 15 7 .22.0 and 209. 15 7 .23.0. The first r oute- map command creates an entry in a route map called “DAMPENING_MAP”. Within this entry of the ro[...]

  • Page 1099

    PowerConnect B-Series FCX Configuration Guide 1057 53-1002266-01 Configuring route flap dampening 30 PowerConnect(config)#route-map DAMPENING_MAP_ENABLE permit 1 PowerConnect(config-routemap DAMPENING_MAP_ENABLE)#exit PowerConnect(config)#route-map DAMPENING_MAP_NEIGHBOR_A permit 1 PowerConnect(config-routemap DAMPENING_MAP_NEIGHBOR_A)#set dampenin[...]

  • Page 1100

    1058 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring route flap dampening 30 Here is an example. The aggregate-address command conf igures an aggregate address. The summar y -only p arameter prev ents the Layer 3 Switch fr om adver tising more specific routes contained within the aggregat e ro ute. The show ip bgp r oute com[...]

  • Page 1101

    PowerConnect B-Series FCX Configuration Guide 1059 53-1002266-01 Configuring route flap dampening 30 Displaying and clearing route flap dampening statistics The sof tware pro vides many options for displa ying an d clearing r oute flap statistics. T o display the statistics, use either of the f ollowing methods. Displaying route flap dampening stat[...]

  • Page 1102

    1060 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Generating traps for BGP 30 Y ou also can display all the dampened rout es by ente ring the sho w ip bgp dampened-paths command. Clearing route flap dampening statistics T o clear rout e flap dampening statis tics, use the following CLI method. NOTE Clearing the dampening statistics f[...]

  • Page 1103

    PowerConnect B-Series FCX Configuration Guide 1061 53-1002266-01 Displaying BGP4 informatio n 30 Syntax: [ no ] snmp-ser ver enable traps bgp Use the no for m o f t h e c om m a n d t o disable BGP traps. Displaying BGP4 information Y ou can display the fo l lowing configuration information and statistics for the BGP4 pr otocol on the rou te r: •[...]

  • Page 1104

    1062 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 Ta b l e 1 8 4 lists the field definitions f or the command output. TA B L E 1 8 4 BGP4 summa r y information Field Des cription Rout er ID The Layer 3 Swit ch router ID . Local AS Number The BGP4 AS number the rout er is in. Conf ederation Identifier Th[...]

  • Page 1105

    PowerConnect B-Series FCX Configuration Guide 1063 53-1002266-01 Displaying BGP4 informatio n 30 State The state of this router neighbo r session with each neighbor. The states are from this r outer perspectiv e of the session, not the neighbor perspecti ve. The stat e values are based on the BGP4 state machine values descri bed in RFC 1 77 1 and c[...]

  • Page 1106

    1064 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 Displaying the active BGP4 configuration T o view the active BGP4 configuration inf ormatio n contained in the running-config without displaying the entire running-confi g, use the f ollowing CLI method. T o display the d evice activ e BGP4 configuration[...]

  • Page 1107

    PowerConnect B-Series FCX Configuration Guide 1065 53-1002266-01 Displaying BGP4 informatio n 30 If the soft ware has been running less than 15 minutes (the maximum interval for utilization statistics), the command indicat es how long the software has been running. Her e is an example. T o display utilization statistics for a specific number of sec[...]

  • Page 1108

    1066 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 Displaying summary neighbor information T o display summary neighbor information, ent er a command such as the follo w ing at any le vel of the CLI. Syntax: show ip bgp neighbors [ <ip-addr> ] | [ rout es-summary ] Ta b l e 1 8 5 lists the field de[...]

  • Page 1109

    PowerConnect B-Series FCX Configuration Guide 1067 53-1002266-01 Displaying BGP4 informatio n 30 Displaying BGP4 neighbor information T o view BGP4 neighbor info rmatio n including the values f or all the configured parameters, enter the f ollowing command. NOTE The display sho ws all the configured param et er s fo r the neighbor . Only the parame[...]

  • Page 1110

    1068 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 This example sho ws how to displa y information for a specific neighbor , by specifying the neighbor IP address with the command. None of the o ther disp lay options are used; thus, all of the information is display ed for the neighbor . The number in th[...]

  • Page 1111

    PowerConnect B-Series FCX Configuration Guide 1069 53-1002266-01 Displaying BGP4 informatio n 30 The attribute-entries option shows the attribute-entries associated with r outes received fr om the neighbor . The flap-statistics option sho ws the route flap statistics f or rout es received from or se nt to the neighbor . The last-pack et-with-error [...]

  • Page 1112

    1070 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 Rout erID The neighbor rout er ID. Description The descripti on you gav e the neighbor when you configured it on the La yer 3 Switch. State The state of the r outer session with the neig hbor . The states are fr om this router perspective of the session,[...]

  • Page 1113

    PowerConnect B-Series FCX Configuration Guide 1071 53-1002266-01 Displaying BGP4 informatio n 30 Remo vePrivat eAs Wheth er this option is enabled for the neigh bor . Refresh Capability Whether this Lay er 3 Switch has received con f irmation fr om the neighbor that the neighbor suppo r ts the dynamic refresh capabili ty. Coopera tiveFilteringCa pa[...]

  • Page 1114

    1072 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 Last Connection R eset Rea so n The reason the pre vious session with this neighbor ended. The reason can be one of the f ollowing. Reaso ns described in the BGP specifi cations: • Message Header E rror • Connection Not Synch ronized • Bad Message [...]

  • Page 1115

    PowerConnect B-Series FCX Configuration Guide 1073 53-1002266-01 Displaying BGP4 informatio n 30 Notification Sent If the rout er receives a NO TIFICA TION message from the neighbor , the messag e contains an e rror code corresp onding to one of the following errors. Some errors hav e subcodes that clarify the reason f or the error . Where applicab[...]

  • Page 1116

    1074 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 T CP Connection state The state of the connect ion with the neighbor . The connection can ha ve one of the fol l ow i ng s ta t es : • LISTEN – Waiting for a connection request. • SYN-SENT – W aiting for a matchi ng connection request after havi [...]

  • Page 1117

    PowerConnect B-Series FCX Configuration Guide 1075 53-1002266-01 Displaying BGP4 informatio n 30 Displaying route information for a neighbor Y ou can display r outes based on the f ollowing criteria: • A summar y of the r outes fo r a specific neighbor . • The rout es received fr om the neighbor that the La yer 3 Switch select ed as the best r [...]

  • Page 1118

    1076 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 T A B L E 187 BGP4 route s ummar y information f or a neighbor Field Des cription Rout es Received How many r outes the Lay er 3 Switch has received fr om the neighbor during the current BGP4 sessio n: • Accepted/Ins talled – Ind icates how man y o f[...]

  • Page 1119

    PowerConnect B-Series FCX Configuration Guide 1077 53-1002266-01 Displaying BGP4 informatio n 30 Displaying advertised routes T o display the r outes the Lay er 3 Switch has adver tised to a specific neighbor f or a specific network, enter a command such as the f ollowing at an y level of the CLI. Y ou also can enter a specif ic rout e, as in the f[...]

  • Page 1120

    1078 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 Displaying the best routes th at were nonetheless not inst alled in the IP route table T o display the B GP4 routes receiv ed from a specific neighbor that are the “best” ro utes to their destinations but are not installed in the Lay er 3 Sw itch IP [...]

  • Page 1121

    PowerConnect B-Series FCX Configuration Guide 1079 53-1002266-01 Displaying BGP4 informatio n 30 Syntax: show ip bgp pee r-group [ <peer-gr oup-name> ] Only the parameters that hav e values dif ferent fr om their defaults are listed. Displaying summary route information T o display summary stat istics for all the r outes in the La yer 3 Switc[...]

  • Page 1122

    1080 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 Displaying the BGP4 route table BGP4 uses filters y ou define as well as the algorithm described in “Ho w BGP4 selects a path for a rou te ” on page 983 to de termine the pref erred ro ute to a destination. BGP4 sends only the pref erred rout e to th[...]

  • Page 1123

    PowerConnect B-Series FCX Configuration Guide 1081 53-1002266-01 Displaying BGP4 informatio n 30 The community option lets you displa y routes f or a specific co mmunity . Y ou can specify local-as , no-export , no-adver tise , internet , or a privat e community number . Y ou can specify the community number as either two fiv e-digit integer values[...]

  • Page 1124

    1082 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 For inf ormation about the f ields in this display , refer t o T a ble 189 on page 1 083. The fields in this display also appear in the sho w ip b gp displa y . Displaying the best BGP4 routes that are n ot in the IP route table When the La yer 3 Switch [...]

  • Page 1125

    PowerConnect B-Series FCX Configuration Guide 1083 53-1002266-01 Displaying BGP4 informatio n 30 Displaying information for a specific route T o display BGP4 network inf ormation by specifyi ng an IP address within the network, enter a command such as the follo wing at any lev el of the CLI. Syntax: show ip bgp [ route ] <ip-addr> / <p ref[...]

  • Page 1126

    1084 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 Displaying route details Here is an e xample of the information displa yed when you use the detail option. In this exam ple, the information f or one route is show n . Wei ght The value that this r outer associat es with rout es from a specific neighbor [...]

  • Page 1127

    PowerConnect B-Series FCX Configuration Guide 1085 53-1002266-01 Displaying BGP4 informatio n 30 These displays show the f ollowing information. TA B L E 19 0 BGP4 route inf ormation Field Des cription T otal number of BGP Rout es The number of BGP4 routes. Status codes A list of the characters the displa y uses to indicate the r oute status. The s[...]

  • Page 1128

    1086 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 Displaying BGP4 route-attribute entries The rout e-attribute entries table lists the se ts of BGP4 attributes st ored in the route r memor y . Each set of attributes is unique an d can be associated with one or more routes. In f act, the router typically[...]

  • Page 1129

    PowerConnect B-Series FCX Configuration Guide 1087 53-1002266-01 Displaying BGP4 informatio n 30 Displaying the routes BG P4 has placed in the IP route table The IP route table indicates the rout es it has re ce ived fr om BGP4 by listing “BGP” as the r oute type. T o display the I P route table, ent er the following command. PowerConnect#show [...]

  • Page 1130

    1088 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying BGP4 information 30 Displaying route flap dampening statistics T o display r oute dampening statistics or all the dampened rout es, enter the f ollowing command at any le vel of the CLI. Syntax: show ip bgp flap-statistics [ regular -expression <regular -expression> |[...]

  • Page 1131

    PowerConnect B-Series FCX Configuration Guide 1089 53-1002266-01 Displaying BGP4 informatio n 30 Y ou also can display all the dampened rout es by ente ring the following command. show ip bgp dam pened-paths . Displaying the active route map configuration T o view the de vice active r oute map configur ation (contained in the running-config) withou[...]

  • Page 1132

    1090 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Updating route information and resetting a neighbor session 30 This example sho ws the active configuration f or a rout e map called “setcomm“. Syntax: show rout e-map [ <map-name> ] Displaying BGP4 graceful restart neighbor information Use the show ip bgp neighbors command [...]

  • Page 1133

    PowerConnect B-Series FCX Configuration Guide 1091 53-1002266-01 Updating route information and reset ting a neighbor session 30 Using soft reconfiguration The sof t reconfiguratio n feature places policy changes into effect wi thout resetting the B GP4 session. Soft reconfiguration does not requ est the ne ighbor or group to send its entire BGP4 t[...]

  • Page 1134

    1092 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Updating route information and resetting a neighbor session 30 NOTE If you do not specify “in”, the command appl ies t o both inbound and outbound updates. NOTE The syntax related to soft reco nfiguration is shown. F or complete command syntax, ref er to “Dynamically refreshing [...]

  • Page 1135

    PowerConnect B-Series FCX Configuration Guide 1093 53-1002266-01 Updating route information and reset ting a neighbor session 30 Syntax: show ip bgp neighbors <ip-addr> receiv ed-routes [ de tail ] The detail paramete r displays detailed inf ormation for the r outes. The e xample abov e shows summary informatio n. NOTE The syntax for displa y[...]

  • Page 1136

    1094 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Updating route information and resetting a neighbor session 30 NOTE The option f or dynamically refreshing rout es rece ived fr om a neighbor requires the neighbor to suppor t dynamic ro ute refresh. If the neighbor doe s not support this feature, the optio n does not take eff ect and[...]

  • Page 1137

    PowerConnect B-Series FCX Configuration Guide 1095 53-1002266-01 Updating route information and reset ting a neighbor session 30 T o dynamically rese nd all the Lay er 3 Switch BGP4 rout es to a n ei gh bo r , enter a command such as the fo llowing. PowerConnect(config-bgp-router)#clear ip bgp neighbor 192.168.1.170 soft out This command applies it[...]

  • Page 1138

    1096 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Updating route information and resetting a neighbor session 30 Closing or resetting a neighbor session Y ou can close a ne ighbor session or rese nd rout e updates t o a neighbor . If you mak e chan ges to filt ers or route maps and the neighbor does not suppor t dynamic rout e refres[...]

  • Page 1139

    PowerConnect B-Series FCX Configuration Guide 1097 53-1002266-01 Clearing traffic counters 30 Switch sends updates to advertise, change, or e ven withdraw r outes on the neighbor as needed. This ensures that the neighbor rece ives on ly the r outes you w ant it to contain. Ev en if the neighbor already contains a rout e learned fr om the L ayer 3 S[...]

  • Page 1140

    1098 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Clearing route flap dampening statistics 30 Syntax: clear ip bgp neighbor all | <ip-addr> | <peer-gr oup-name> | <as-num> traf fic The all | <ip-ad dr> | <pee r -group-n ame> | <as-num> option specifies the neighbo r . The <ip-addr> parameter [...]

  • Page 1141

    PowerConnect B-Series FCX Configuration Guide 1099 53-1002266-01 Clearing diagnostic buffers 30 • The first 400 bytes of the la st packet that contained an error • The last NO TIFICA TION message either sent or receiv ed by the La yer 3 Switch T o display these buffers, use options with the show ip bgp neighbors command. Ref er to “Displaying[...]

  • Page 1142

    1100 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Clearing diagnostic buffers 30[...]

  • Page 1143

    PowerConnect B-Series FCX Configuration Guide 1101 53-1002266-01 Chapter 31 Configuring VRRP and VRRPE Ta b l e 1 9 3 lists the individual Dell Po werConnect swit ches and the VRRP and VRRPE fe atures they suppor t. This chapter describes ho w to configure La yer 3 Switches with the f ollowing route r redundancy pro tocols: • Vir tual Rout er Red[...]

  • Page 1144

    1102 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview 31 Overview of VRRP VRRP is a pro tocol that pro vides redundancy to ro uters within a LAN. VRRP allo ws you to pr ovide alternat e router paths f or a host without changing the IP address or MAC ad dress by which the host knows its gate way . Consider the situation shown in [...]

  • Page 1145

    PowerConnect B-Series FCX Configuration Guide 1103 53-1002266-01 Overview 31 FIGURE 1 5 1 Switch 1 and Switch 2 are configured as a VRRP vir tual router for redundant network access for Host1 The dashed box in Figure 1 5 1 represents a VRRP vir tual ro uter . When you configure a vir tual rout er , one of the configuration paramet ers is the vir tu[...]

  • Page 1146

    1104 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview 31 When you configure a VRID, the software automati cally as signs its MAC address. When a V RID becomes active, the Mast er router br oadcasts a gratuitous ARP request containing the vir tual rout er MAC add ress for each IP ad dress associated with the vir tual r outer . In[...]

  • Page 1147

    PowerConnect B-Series FCX Configuration Guide 1105 53-1002266-01 Overview 31 Hello messages VRRP routers use Hello messages for negotiation t o determine the Master rout er . VRRP rout ers send Hello messages to IP Multicast address 22 4. 0.0. 18. The frequency wit h which the Master sends Hello messages is the Hello Inter val. Only the Master send[...]

  • Page 1148

    1106 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview 31 In Figure 15 1 on page 11 03, the track priority results in Switch 1 VRRP priority becoming low er than Switch 2 VRRP priority . As a result, when Swit ch 2 learns that it now has a higher priority than Switch 1, Switch 2 initiates negotiation for Mast er router and become[...]

  • Page 1149

    PowerConnect B-Series FCX Configuration Guide 1107 53-1002266-01 Overview 31 • VRRPE does not use Owners. All routers are Backups f or a given VRID. The r outer with the highest priority becomes Master . If there is a tie for highest priority , the router with the highest IP address becomes Mast er . The elec t ed Master owns the virtual IP addre[...]

  • Page 1150

    1108 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Overview 31 FIGURE 1 52 Rout er1 and Router2 are configured t o pr ovide dual redundant netw ork access for the host In this ex ample, Switch 1 and Sw itch 2 use VRRPE to load share as well as pr ovide redundancy to the hosts. The load sharing is accomplished by creating two VRRPE gro[...]

  • Page 1151

    PowerConnect B-Series FCX Configuration Guide 1109 53-1002266-01 Comparison of VRRP and VR RPE 31 Configuration note VRRP-E is suppor ted in the ed ge Layer 3 and full La ye r 3 code only . It is not supported in the base Layer 3 code. Comparison of VRRP and VRRPE This section compares r outer redundancy pr otoc ols. VRRP VRRP is a standards-based [...]

  • Page 1152

    1110 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VRRP and VRRPE parameters 31 Virtual router IP address (the address you are backing up) • VRRP – The virtual router IP address is the same as an IP address or vir tual interface configured on one of the Layer 3 Switches, which is the “Owner” and becomes the def ault Master . ?[...]

  • Page 1153

    PowerConnect B-Series FCX Configuration Guide 1111 53-1002266-01 VRRP and VRRPE parameters 31 VRID MA C address The source MA C address in VRRP or VRRPE packet s sent from the VRID int er face, and the destination f or packets sent to the VRID: • VRRP – A vir tual MAC addr ess def ined as 00-00-5e-00-0 1- <vrid> . The Mas ter owns the Vir[...]

  • Page 1154

    1112 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 VRRP and VRRPE parameters 31 Dead interval The numbe r of seconds a Backup w aits for a Hello message fr om the Maste r for the VRID bef ore determining that the Mast er is no longer active. If the Maste r does not send a Hello message bef ore the dead inte r val expires, the Back ups[...]

  • Page 1155

    PowerConnect B-Series FCX Configuration Guide 1113 53-1002266-01 Configuring basic VRRP parameters 31 Configuring basic VRRP parameters T o implement a simple V RRP configuration u sing all the default v alues, enter commands such as the fo llowing. Configuring the Owner Router1(config)#router vrrp Router1(config)#inter e 1/6 Router1(config-if-1/6)[...]

  • Page 1156

    1114 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Note regarding disabling VRRP or VRRPE 31 NOTE Yo u a l s o c a n u s e t h e enable command t o activate the configuration. This command does the same thing as the activate command. Configuration rules for VRRPE • The interfaces of all routers in a VRID must be in the same IP subne[...]

  • Page 1157

    PowerConnect B-Series FCX Configuration Guide 1115 53-1002266-01 Configuring additional VRRP and VRRPE parameters 31 • Backup priority • Suppression of RIP adv er t isements on Ba ck up routes f or the back ed up int er face • Hello interval • Dead int er val • Backup Hello messages and messag e timer (Backup adv er tisement) • Tr a c k[...]

  • Page 1158

    1116 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring additional VRRP and VRRPE parameters 31 The parameter v alues are the same as for VRRP . Router type A VRRP interface is either an Owner or a Backup f or a given VRID. By default, the Owner becomes the Master f ollowing the negotiation. A B ackup becomes the Mast er only i[...]

  • Page 1159

    PowerConnect B-Series FCX Configuration Guide 1117 53-1002266-01 Configuring additional VRRP and VRRPE parameters 31 Syntax: back up [ priority <value> ] [ track-priority <value> ] The priority <value> parameter specifies the VRRP priority f or this inter face and VRID. Y ou can specify a value fr om 3 – 254. The def ault is 100[...]

  • Page 1160

    1118 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring additional VRRP and VRRPE parameters 31 Dead interval The Dead int er val is the number of seconds a Ba ckup waits f or a Hello message from the Master before determining that the Mast er is dead. When Back ups determine that the Mast er is dead, the Backup with the highes[...]

  • Page 1161

    PowerConnect B-Series FCX Configuration Guide 1119 53-1002266-01 Configuring additional VRRP and VRRPE parameters 31 Syntax: track-port ethernet [ <slo tnum>/ ] <por tnum > | ve <num> The syntax is the same f or VRRP and VRRPE. Track priority When you configure a VRID t o track the link state of other inter faces, if one of the tr[...]

  • Page 1162

    1120 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring additional VRRP and VRRPE parameters 31 Syntax: non-preempt-mode The syntax is the same f or VRRP and VRRPE. Changing the timer scale T o achiev e sub-se cond failo ver times, you can sh orten the duration of all scale timers f or VSRP , VRRP , and VRRP-E by adjusting the [...]

  • Page 1163

    PowerConnect B-Series FCX Configuration Guide 1121 53-1002266-01 Forcing a Master router to abdicate to a standby router 31 T o set the VRRP-E slow star t timer to 30 seconds, enter the following commands. PowerConnect(config)#router vrrp-e PowerConnect(config-vrrpe-router)#slow-start 30 Syntax: [ no ] slow-s tar t <seconds> For <seconds&g[...]

  • Page 1164

    1122 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying VRRP and VRRPE information 31 mode owner priority 99 current priority 99 hello-interval 1 sec ip-address 192.53.5.1 backup routers 192.53.5.2 This exam ple shows that even though this Layer 3 Switch is the Owner of the VRID (“mode owner”), the Lay er 3 Switch priority f[...]

  • Page 1165

    PowerConnect B-Series FCX Configuration Guide 1123 53-1002266-01 Displaying VRRP and VRRPE information 31 The <por tnum> parameter specifies an Ethernet port. If you use this p arameter , the command displays VRRP or VRRPE inf ormation only for the specified por t. The ve <num> parameter specifies a vir tual inter face. If y ou use this[...]

  • Page 1166

    1124 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying VRRP and VRRPE information 31 This exam ple is for a VRRP Owner . Here is an exam ple for a VRRP Back up. Here is an example f or a VRRPE Back u p. Syntax: show ip vrrp brief | ethern et [ <slo tnum> / ] <por tnum> | ve <num> | stat PowerConnect#show ip vr[...]

  • Page 1167

    PowerConnect B-Series FCX Configuration Guide 1125 53-1002266-01 Displaying VRRP and VRRPE information 31 Syntax: show ip vrrp-ex tended brief | ethernet [ <slotnum> /] <por tnum> | ve <nu m> | stat The brief parameter displa ys summary information. Ref er to “Displa ying sum mar y information” on page 1122. The <por tnum&g[...]

  • Page 1168

    1126 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying VRRP and VRRPE information 31 priority The device pref erability f or becoming the Master f or the VRID. During negotiatio n, the router wit h the highest priority becomes the Mast er . If two or more de vices are tied with the highest priority , the Backup int er face with[...]

  • Page 1169

    PowerConnect B-Series FCX Configuration Guide 1127 53-1002266-01 Displaying VRRP and VRRPE information 31 Displaying detailed informat ion for an individual VRID Y ou can displa y informati on about the settings co nf igured for a specified VRRP Vir tual Router ID (VRID). F or example, to display info rmation about VRID 1. Syntax: show ip vrrp vrid[...]

  • Page 1170

    1128 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying VRRP and VRRPE information 31 Displaying statistics T o display statistics on most Dell devices, ent er a command such as the follo wing at any le vel of the CLI. The same statistics are li st ed for VRRP and VRRPE. Syntax: show ip vrrp brief | ethern et [ <slo tnum> [...]

  • Page 1171

    PowerConnect B-Series FCX Configuration Guide 1129 53-1002266-01 Displaying VRRP and VRRPE information 31 Syntax: show ip vrrp-ex tended brief | ethernet [ <slotnum> /] <por tnum> | ve <nu m> | stat The brief parameter displa ys summary information. Ref er to “Displa ying sum mar y information” on page 1122. If you specify a p[...]

  • Page 1172

    1130 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying VRRP and VRRPE information 31 Clearing VRRP or VRRPE statistics Use the f ollowing methods to cl ear VRRP or VR RPE statistics. T o clear VRRP or VRRPE statistics, enter the f ollo wing command at the Priv ileged EXEC lev el or any configuration level of the CLI. Router1#cl[...]

  • Page 1173

    PowerConnect B-Series FCX Configuration Guide 1131 53-1002266-01 Configuration examples 31 When you specify ho w many seconds’ worth of statistics you want to displa y , the sof tware selects the sample that most closely matches the number of seconds y ou specified. In this exam ple, statistics are request ed for the previous two second s. The cl[...]

  • Page 1174

    1132 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuration examples 31 The ip vrrp owner command specif ies that this router owns the IP address you are associating with the VRID. Because this r outer owns the IP address, this rout er is the default Master router and its VRRP priority is thus 255. Configuring Router2 T o configu[...]

  • Page 1175

    PowerConnect B-Series FCX Configuration Guide 1133 53-1002266-01 Configuration examples 31 Configuring Router1 T o configure VRRP Rout er1 in Fi gure 152 on page 11 08, enter the f ollowing commands. Router1(config)#router vrrp-extended Router1(config)#interface ethernet 1/6 Router1(config-if-1/6)#ip address 192.53.5.2/24 Router1(config-if-1/6)#ip [...]

  • Page 1176

    1134 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuration examples 31 NOTE When you configure a Backup r outer , the rout er interface on which you are configuring the VRID mus t have a rea l IP ad dre ss t ha t is in t he s ame subnet as the address associat ed with the VRID by the Owner . Howe ver , the address cannot be the [...]

  • Page 1177

    PowerConnect B-Series FCX Configuration Guide 1135 53-1002266-01 Chapter 32 Securing Access to Management Functions Ta b l e 1 9 9 lists the individual Dell Po werConne ct switches and the se curity access f eatures they suppor t.. This chapter e xplains how to secure access t o management functions on a Dell Po werConnect devic e. NOTE For all Del[...]

  • Page 1178

    1136 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Securing access methods 32 TA B L E 2 0 0 Wa ys to secure management access to Dell P owerConnect de vices Access method How the access method is secured by default Ways to secure the access method See page Serial access t o the CLI Not secured Establish passw ords for manag ement pri[...]

  • Page 1179

    PowerConnect B-Series FCX Configuration Guide 1137 53-1002266-01 Restricting remote access to management functions 32 Restricting remote access to management functions Y ou can restrict acce ss to management functions fr om remote sources, including T elnet, the Web Management Interface, and SNMP . The following methods for restricting remot e acce[...]

  • Page 1180

    1138 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Restricting remote access to management functions 32 • Using ACLs t o restrict T elnet, Web Manag ement Inter face, or SNMP access • Allowing remo te access only fr om specific IP addresses • Allowing T elnet and SSH access on ly fr om specific MAC addresses • All ow ing re mo[...]

  • Page 1181

    PowerConnect B-Series FCX Configuration Guide 1139 53-1002266-01 Restricting remote access to management functions 32 Example PowerConnect(config)#access-list 10 permit host 209.157.22.32 PowerConnect(config)#access-list 10 permit 209.157.23.0 0.0.0.255 PowerConnect(config)#access-list 10 permit 209.157.24.0 0.0.0.255 PowerConnect(config)#access-li[...]

  • Page 1182

    1140 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Restricting remote access to management functions 32 Using ACLs to res trict SNMP access T o restrict SNMP access to the device usin g ACLs, ent er commands such as the follo wing. NOTE The syntax for using A CLs for SNMP access is diff erent fr om the syntax for contr olling T elnet,[...]

  • Page 1183

    PowerConnect B-Series FCX Configuration Guide 1141 53-1002266-01 Restricting remote access to management functions 32 NOTE In RADIUS, the standard attribute Idle- Timeout is used to defin e the console s ession timeo ut value. The attribute Idle- Timeout value is specified in se conds. Within the switch, it is tru ncated to the nearest minute, beca[...]

  • Page 1184

    1142 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Restricting remote access to management functions 32 Restricting SNMP access to a specific IP address T o allow SNMP access (which includes Br ocade Ne twork Advisor) t o the Dell Pow erConnect device only to the host with IP address 209. 15 7 .22. 14, enter the f ollowing command. Po[...]

  • Page 1185

    PowerConnect B-Series FCX Configuration Guide 1143 53-1002266-01 Restricting remote access to management functions 32 T o allow SSH access to the Dell Po werConnect de vice to a host with an y IP address and MA C address 000 7 .e90f.e9a0, ente r the following command. PowerConnect(config)#ip ssh client any 0007.e90f.e9a0 Syntax: [ no ] ip ssh clien[...]

  • Page 1186

    1144 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Restricting remote access to management functions 32 Specifying the maximum nu mber of login attempts for Telnet access If you are co nnecting to the de vice using T eln et, the devic e pro mpts you for a username and password. By default, y ou have up to 4 chances to enter a correct [...]

  • Page 1187

    PowerConnect B-Series FCX Configuration Guide 1145 53-1002266-01 Restricting remote access to management functions 32 The command in this example conf igures the de vice to allo w T elnet management access only t o clients connected t o por t s within por t-based VLAN 1 0. Clients connected t o por ts that are not in VLAN 1 0 are denied management [...]

  • Page 1188

    1146 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Restricting remote access to management functions 32 Y ou also can configure up to five def ault gatewa ys for the designated VL AN, and associate a metric with each one. The sof tware uses the ga te way with the lowest metric. The other gat ewa ys reside in the configuration but are [...]

  • Page 1189

    PowerConnect B-Series FCX Configuration Guide 1147 53-1002266-01 Restricting remote access to management functions 32 The zeroize paramet er deletes the currently operative dsa key pair . In addition, you must use AAA authentication to creat e a password t o allow SSHv2 access. F o r exam ple the following command configures AAA auth entication to [...]

  • Page 1190

    1148 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Restricting remote access to management functions 32 Disabling specific access methods Y ou can specifically disable the follo wing access methods: • Te l n e t a c c e s s • Web management access • SNMP access • TFTP NOTE If you disable T elnet access, you will not be able to[...]

  • Page 1191

    PowerConnect B-Series FCX Configuration Guide 1149 53-1002266-01 Setting passwords 32 Disabling SNMP access SNMP is requir ed if you want t o manage a Dell PowerConnect device using Brocade Netw ork Adv is or . T o disable SNMP management of the de vice. PowerConnect(config)#no snmp-server T o later re-enable SNMP management of the device. PowerCon[...]

  • Page 1192

    1150 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Setting passwords 32 Set the passwor d “letmein” fo r T elnet access t o the CLI using the f ollowing com mand at the global CONFIG lev el. PowerConnect(config)#enable telnet password letmein Syntax: [ no ] enable telnet password <s tring> Suppressing Telnet conn ection reje[...]

  • Page 1193

    PowerConnect B-Series FCX Configuration Guide 1151 53-1002266-01 Setting passwords 32 PowerConnect#configure terminal PowerConnect(config)# 3. Enter the following command t o set the Su per User lev el password. PowerConnect(config)#enable super-user-password <text> NOTE Y ou must set the Su per User lev el password bef ore you can set other [...]

  • Page 1194

    1152 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Setting passwords 32 In this co mmand, configure specifies that the enhanced access is f or a command at the global CONFIG lev el of the CLI. The level 4 paramet er indicates that the enhanced access is for management privilege level 4 (P or t Conf iguration). All user s with Port Con[...]

  • Page 1195

    PowerConnect B-Series FCX Configuration Guide 1153 53-1002266-01 Setting passwords 32 1. Star t a CLI session over the serial int er face to the device. 2. Reboot th e device. 3. At the initial boot prom pt at system star tup, enter b to ent er the boot monitor mode. 4. Enter no passwor d at the prompt . (Y ou cannot abbre viate this command.) Thi [...]

  • Page 1196

    1154 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Setting u p local user acco unts 32 PowerConnect(config)#enable password-min-length 8 Syntax: enable password-min-length <number -of-charact er s> The <number -of-charact er s> can be from 1 – 48. Setting up local user accounts Y ou can define up to 1 6 local user accoun[...]

  • Page 1197

    PowerConnect B-Series FCX Configuration Guide 1155 53-1002266-01 Setting up local user accounts 32 • Users are lock ed out (disabled) if they f ail to lo gin af ter three att empts. This fe ature is automatically enabled. Use the disable-on-login-failure command to change the number of login attem pts (up to 1 0) before users are locked out. The [...]

  • Page 1198

    1156 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Setting u p local user acco unts 32 Enabling user password masking By default, when y ou use the CLI t o create a user password, the passw ord displa ys on the console as you type it. For enhanced securit y , you can conf igure the Dell Pow erConnect device to mask the passwor d chara[...]

  • Page 1199

    PowerConnect B-Series FCX Configuration Guide 1157 53-1002266-01 Setting up local user accounts 32 • The username password expires When a username set-time configuration is removed, it no longer appears in the sho w running configuratio n output. Note that if a username does not ha ve an assigned password, the username will not hav e a set-time c[...]

  • Page 1200

    1158 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Setting u p local user acco unts 32 Setting passwords to expire Y ou can set a user passw ord to e xpire. Once a pa sswor d expires, the administrator must assign a new passw ord to the user . T o configure a user passwor d to e xpire, enter the f ollowing. PowerConnect(config)#userna[...]

  • Page 1201

    PowerConnect B-Series FCX Configuration Guide 1159 53-1002266-01 Setting up local user accounts 32 Local user accounts with unencrypted passwords If you want t o use unencr ypted passwords f or lo cal user acc ounts, enter a command such as the following at the g lobal CONF IG level of the CLI . PowerConnect(config)#username wonka password willy If[...]

  • Page 1202

    1160 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Setting u p local user acco unts 32 Local accounts with encrypted passwords Y ou can create loc al user accounts with MD5 encrypted passw ords using one of the f ollowing methods: • Issuing the ser vice password-encryption command af ter creating the local user acc ount with a usern[...]

  • Page 1203

    PowerConnect B-Series FCX Configuration Guide 1161 53-1002266-01 Configuring SSL security for the Web Management I nterface 32 Changing a local user password T o change a local user passw ord fo r an existing local user account, ent er a command such as the following at the g lobal CONF IG level of the CLI . NOTE Y ou must be logged on with Super U[...]

  • Page 1204

    1162 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring SSL security for the Web Mana gement Interface 32 PowerConnect(config)#web-management https Syntax: [ no ] web-management http | https Y ou can enable either the HTTP or HTT Ps ser ver s with this command. Y ou can disable both the HTTP and HTTPs ser vers b y entering the [...]

  • Page 1205

    PowerConnect B-Series FCX Configuration Guide 1163 53-1002266-01 Configuring TACA CS/TACACS+ security 32 If you w ant to allow the Dell PowerCo n nect de vice to create the digital cer tificates, ref er to the ne xt section, “Generating an SSL cer tifica te” . If you choose to impor t an RS A cer tif icate and private k ey file from a client, y[...]

  • Page 1206

    1164 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring TACACS/TACACS+ security 32 NOTE Y ou cannot authenticate Brocade Netw ork Advisor (SNMP) access to a De ll Po werConnect device using T ACA CS/T ACA CS+. The T ACA CS and T A CACS+ pr otocols define ho w au thentication, authorization, and accounting information is sent be[...]

  • Page 1207

    PowerConnect B-Series FCX Configuration Guide 1165 53-1002266-01 Configuring TACA CS/TACACS+ security 32 Configuring TACACS/TACACS+ fo r devices in a Dell IronStack Because devices opera ting in a Dell IronStack topology present multiple co nsole por ts, you must take additio nal steps to se cure these por ts when configuring T ACACS /T ACA CS+. Th[...]

  • Page 1208

    1166 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring TACACS/TACACS+ security 32 6 closed SSH connections: 1 closed 2 closed 3 closed 4 closed 5 closed stack9# stack9#show telnet Console connections (by unit number): 1 established you are connecting to this session 1 minutes 5 seconds in idle 2 established 1 hours 4 minutes 1[...]

  • Page 1209

    PowerConnect B-Series FCX Configuration Guide 1167 53-1002266-01 Configuring TACA CS/TACACS+ security 32 TACACS+ authentication When T ACA CS+ authentication takes place, the follo w ing e vents occur . 1. A user attempts t o gain access to the Dell P owerConnect de vice by doing one of the following: • Logging into the de vice using T elnet, SSH[...]

  • Page 1210

    1168 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring TACACS/TACACS+ security 32 TACACS+ accounting T ACA CS+ accounting works as f ollows. 1. One of the f ollowing ev ents occur on the Dell P owerConnect de vice: • A user logs into the manage ment inter face using T elnet or SSH • A user enters a command f o r whic h acc[...]

  • Page 1211

    PowerConnect B-Series FCX Configuration Guide 1169 53-1002266-01 Configuring TACA CS/TACACS+ security 32 AAA security for commands past ed into the running-config If AAA security is enabled on the de vice, comman ds pasted int o the running-config are subject to the same AAA operations as if they we re entered manually . When you past e commands in[...]

  • Page 1212

    1170 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring TACACS/TACACS+ security 32 • Y ou can configure the Dell Po werConnect de vice to authenticate using a T A CACS or T ACA CS+ server , not both. TACACS configuration procedure Follo w the procedure giv en below for T ACA CS configuration s. 1. Identify T ACA CS ser vers. [...]

  • Page 1213

    PowerConnect B-Series FCX Configuration Guide 1171 53-1002266-01 Configuring TACA CS/TACACS+ security 32 Syntax: tacacs-ser ver host <ip-addr> | <ipv6-addr> | <hostname> [ auth-por t <number > ] The <ip-addr> | <ipv6-addr> | <hos tname> paramet er specifies the IP address or host name of the server . Y ou c[...]

  • Page 1214

    1172 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring TACACS/TACACS+ security 32 Af ter authentication tak es place, the ser ver that per formed the authenticat ion is used f o r authorization and accounting. If the authenticating server cannot perform the req uested function, then the next server in the configured list of se[...]

  • Page 1215

    PowerConnect B-Series FCX Configuration Guide 1173 53-1002266-01 Configuring TACA CS/TACACS+ security 32 Setting the retransmission limit The retransmit parameter specifies ho w many times the De ll P owerConnect device will resend an authentication request when the T ACA CS/T A CACS+ server does not respon d. The retransmit limit can be from 1 –[...]

  • Page 1216

    1174 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring TACACS/TACACS+ security 32 The command abo ve causes T ACA CS/T AC ACS+ to be the primar y authenticati on method f or securing access to Privileged EXEC le vel and CO NFIG lev els of the CLI. If T ACA CS/T ACA CS+ authentication fails due to an error with the ser v er , l[...]

  • Page 1217

    PowerConnect B-Series FCX Configuration Guide 1175 53-1002266-01 Configuring TACA CS/TACACS+ security 32 PowerConnect(config)#aaa authentication login privilege-mode Syntax: aaa authentication login privilege-mode The user privilege level is based on the privilege le vel granted during login. Configuring enable authentication to prompt for password[...]

  • Page 1218

    1176 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring TACACS/TACACS+ security 32 A user privilege le vel is obtained fr om the T ACA CS+ server in the “foundry-privlvl” A -V pair . If the aaa authorization ex ec default tacacs command e xists in the configuration, the device assigns the use r the privilege level specified[...]

  • Page 1219

    PowerConnect B-Series FCX Configuration Guide 1177 53-1002266-01 Configuring TACA CS/TACACS+ security 32 service = exec { privlvl = 15 } } The attribute name in the A -V pair is not significa n t; the Dell Po werConnect devic e uses the last one that has a numeric value. How ever , the Dell Po werConnect device int erprets the value f or a non-”f[...]

  • Page 1220

    1178 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring TACACS/TACACS+ security 32 • 0 – Authorization is per formed fo r commands a vailable at the Su per User le vel (all commands) • 4 – A uthorization is performed f or commands a vailable at the Port Conf iguration lev el (por t-config and read-only commands) • 5 ?[...]

  • Page 1221

    PowerConnect B-Series FCX Configuration Guide 1179 53-1002266-01 Configuring TACA CS/TACACS+ security 32 Configuring TACACS+ acco unting for CLI commands Y ou can configure T ACA CS+ accounting f or CLI co mmands by specifying a privilege le vel whose commands require accountin g. For e xample , to co nfigure the Dell Po werConnect device t o per f[...]

  • Page 1222

    1180 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring TACACS/TACACS+ security 32 Displaying TACACS/TAC ACS+ statistics and configuration information The show aaa command displays inf ormation about all T A CA CS+ and RADIUS ser vers identified on the device. The f ollowing table describes the T ACA CS/T ACA CS+ information di[...]

  • Page 1223

    PowerConnect B-Series FCX Configuration Guide 1181 53-1002266-01 Configuring RADIUS security 32 Example Syntax: show w eb connection Use the f ollowing command to clear w eb connections: PowerConnect#clear web-connection Syntax: clear web connection Af ter issuing the clear w eb connection command, the show web connection command displa ys the foll[...]

  • Page 1224

    1182 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RADIUS securi ty 32 2. The user is pr ompted f or a username and passwor d. 3. The user enters a usern ame and password. 4. The Dell Po werConnect device sends a RADI US Access-Request packet containing the username and passwor d to the RADIUS server . 5. The RADIUS server[...]

  • Page 1225

    PowerConnect B-Series FCX Configuration Guide 1183 53-1002266-01 Configuring RADIUS security 32 1. One of the f ollowing ev ents occur on the Dell P owerConnect de vice: • A user logs into the manage ment inter face using T elnet or SSH • A user enters a command f o r whic h accounting has been co nfigured • A system e vent occurs, such as a [...]

  • Page 1226

    1184 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RADIUS securi ty 32 AAA security for commands past ed Into the running-config If AAA security is enabled on the de vice, comman ds pasted int o the running-config are subject to the same AAA operations as if they we re entered manually . When you past e commands into the r[...]

  • Page 1227

    PowerConnect B-Series FCX Configuration Guide 1185 53-1002266-01 Configuring RADIUS security 32 • Y ou can map up to eight RADIUS ser vers to ea ch por t on the Dell Po werConnect device. The por t will authenticate users using only the RADIUS se r vers to which it is mapped. I f there are no RADIUS servers mapped t o a por t, it will us e the ?[...]

  • Page 1228

    1186 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RADIUS securi ty 32 Y ou must add these three Dell vendor -specific attrib utes to y our RADIUS ser ver configuration, and configure the attributes in the in dividual or gr oup profiles of the users that will access the Dell PowerC on nec t d evic e. Dell V endor-ID is 199[...]

  • Page 1229

    PowerConnect B-Series FCX Configuration Guide 1187 53-1002266-01 Configuring RADIUS security 32 Enabling SNMP to configure RADIUS T o enable SNMP access to RADIUS MIB objects on the device , enter a command such as the following. PowerConnect(config)#enable snmp config-radius foundry -access -list 5 string Specifi es the access control list t o be [...]

  • Page 1230

    1188 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RADIUS securi ty 32 Syntax: [ no ] enable snmp <config-radius | config-tacacs> The <config-radius> parameter specifies the RADIUS config uration mode. RADIUS is disabl ed by default. The <config-tacacs> parameter specifies the T ACA CS configuratio n mode[...]

  • Page 1231

    PowerConnect B-Series FCX Configuration Guide 1189 53-1002266-01 Configuring RADIUS security 32 Configuring a RADIUS server per port Y ou can optionally configure a RADIUS server per por t , indicating that it will be used only t o authenticate users on po r ts to which it is mapped. A RA DIUS ser ver that is not explicitly configured as a RADIUS s[...]

  • Page 1232

    1190 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RADIUS securi ty 32 Mapping a RADIUS server to individual ports Y ou can map up to eight RAD IUS ser vers t o each por t on the Dell Po werConnect device. The por t will authenticate users using only the RADIUS server s to which the por t is mapped. If there are no RADIUS [...]

  • Page 1233

    PowerConnect B-Series FCX Configuration Guide 1191 53-1002266-01 Configuring RADIUS security 32 PowerConnect(config)#radius-server key mirabeau Syntax: radius-ser ver k ey [ 0 | 1 ] <string> When you displa y the configuration of the Dell P owe rConnect d evice, the RADIUS k ey is encr ypted. Example PowerConnect(config)#radius-server key 1 a[...]

  • Page 1234

    1192 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RADIUS securi ty 32 Configuring authentication-method lists for RADIUS Y ou can use RADIUS to authenticate T elnet/SSH ac cess and access t o Privileged EXEC lev el and CONFIG lev els of the CLI. When config uring RADI US authentication, you creat e authentication-method l[...]

  • Page 1235

    PowerConnect B-Series FCX Configuration Guide 1193 53-1002266-01 Configuring RADIUS security 32 NOTE For e xamples of how t o define authen tication-method lists for types of authentication other than RADIUS, refer t o “Configuring authentication-method lists” on page 1 198. Entering privileged EXEC mode after a Telnet or SSH login By default, [...]

  • Page 1236

    1194 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RADIUS securi ty 32 Configuring RADIUS authorization Dell Po werConnect de vices suppor t RADIUS author ization f or controlling access t o managem ent functions in the CLI. T wo kinds of RADIUS authorization are suppor ted: • Exec authorization de termines a user privil[...]

  • Page 1237

    PowerConnect B-Series FCX Configuration Guide 1195 53-1002266-01 Configuring RADIUS security 32 • 5 – A uthorization is performed f or commands a v ailable at the R ead Only lev el (read-only commands) NOTE RADIUS command authorization can be per formed only f or commands ent ered from T elnet or SSH sessions, or from the consol e. No authoriza[...]

  • Page 1238

    1196 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring RADIUS securi ty 32 Configuring RADIUS accounting for CLI commands Y ou can configure RADIUS accounting f or CLI commands by specifying a privilege lev el whose commands require accountin g. For e xample , to co nfigure the Dell Po werConnect device t o per form RADIUS acc[...]

  • Page 1239

    PowerConnect B-Series FCX Configuration Guide 1197 53-1002266-01 Configuring RADIUS security 32 Example The f ollowing table describes the RADIUS inf ormation display ed by the show aaa command. The sh ow web co nn ec t io n command displays the privilege lev el of Web Management Int er face users. Example Syntax: show w eb connection Use the f oll[...]

  • Page 1240

    1198 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring authentication-m ethod lists 32 PowerConnect#clear web-connection Syntax: clear web connection Af ter issuing the clear w eb connection command, the show web connection command displa ys the follo win g output: Configuring authentication-method lists T o implement on e or [...]

  • Page 1241

    PowerConnect B-Series FCX Configuration Guide 1199 53-1002266-01 Configuring authentication-m ethod lists 32 NOTE If an authentication method is working properly and the password (and user name, if applic able) is not known t o that method, this is not an err or . The authentication attempt stops, and the user is denied access. The sof tware will c[...]

  • Page 1242

    1200 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring authentication-m ethod lists 32 This command con figures th e device to use the loca l user accounts to authenticate access to the devic e through the W eb Management Inter face. If the device does not ha ve a user account that matches the user name and passw ord ent ered [...]

  • Page 1243

    PowerConnect B-Series FCX Configuration Guide 1201 53-1002266-01 TCP Flags - edge port security 32 NOTE T ACA CS/T ACA CS+ and RADIUS are suppor ted only with the enable and login parameters. The <method1> paramet er specifies the primar y authenti cation method. The remaining optio nal <method> parameters specify additional methods t o[...]

  • Page 1244

    1202 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 TCP Flags - edge port security 32 • Match-all - Indicates that incoming TCP traffic must be matched against all of the T CP flags configured as part of the match-all ACL rule. In CAM hardware, ther e will be only one ACL rule for all conf igured flags. Example PowerConnect(config-ex[...]

  • Page 1245

    PowerConnect B-Series FCX Configuration Guide 1203 53-1002266-01 Chapter 33 Configuring SSH2 and SCP Ta b l e 2 0 8 lists individual Dell PowerCo n nect switches and the SSH2 and Secure Copy features they support. SSH version 2 support Secure Shell (SSH) is a mechanis m for allowing s ecure remot e access to management functions on a Dell Po werCon[...]

  • Page 1246

    1204 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 SSH version 2 support 33 • SSH Fingerprint F ormat • SSH Pr otocol Assigned Numbers • SSH T ranspor t Layer Encryption Modes • SCP/SFTP/SSH URI F ormat Tested SSH2 clients The follo wing SSH clients ha ve been test ed with SSH2: • SSH Secure Shell 3.2. 3 • V an Dy k e Sec [...]

  • Page 1247

    PowerConnect B-Series FCX Configuration Guide 1205 53-1002266-01 AES encryption for SSH2 33 AES encryption for SSH2 Encr yption is pro vided wit h 3des-cbc , aes128-cbc , aes192-cbc or aes256-cbc . AES encr yption has been adopted b y the U.S. Go vernment as an encryption standard. A total of five SSH connections can be active on a Dell Po werConne[...]

  • Page 1248

    1206 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring SSH2 33 • Passwor d authentication , where users attempting t o gain access to the device using an SSH client are authenticated with passwords stored on the device or o n a T ACA CS/T ACA CS+ or RADIUS server Both kinds of user authentication are enabled by default. Y ou[...]

  • Page 1249

    PowerConnect B-Series FCX Configuration Guide 1207 53-1002266-01 Configuring SSH2 33 When a host ke y pair is generated, it is sav ed t o the flash memor y of all management modules. T o disable SSH2 on a Dell Po werConnect device , enter the fo llowing command. PowerConnect(config)#crypto key zeroize When SSH is disabled, it is delet ed from th e [...]

  • Page 1250

    1208 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring SSH2 33 1. The client sends its public key t o the Dell PowerConnect de vice. 2. The Brocade device compares the client public k ey t o those stored in memory. 3. If there is a match, the Dell P owerConnect de vice uses the public k ey to encr ypt a random sequence of b yt[...]

  • Page 1251

    PowerConnect B-Series FCX Configuration Guide 1209 53-1002266-01 Setting optional parameters 33 The <filename> variable is the name of the dsa public key file that you want to impor t into the Dell PowerC on nec t d evic e. The remov e parameter delet es the key fr om the system. T o display the c u rrently loaded publ ic ke ys, enter the f o[...]

  • Page 1252

    1210 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Setting opti onal parameters 33 • A specific interface t o be used as the source f or all SSH traf fic from the d evice • The maximum idle time for SSH sessions Setting the number of SSH authentication retries By default, the Dell Po werConnect device att empts to negotiat e a con[...]

  • Page 1253

    PowerConnect B-Series FCX Configuration Guide 1211 53-1002266-01 Setting optional parameters 33 T o enable empty passwor d logins, enter the f ollowing co mmand. PowerConnect(config)#ip ssh permit-empty-passwd yes Syntax: ip ssh permit-empty-passwd no | ye s Setting the SSH port number By default, SSH traffic occurs on TC P por t 22. Y o u can chan[...]

  • Page 1254

    1212 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Filtering SSH access using ACLs 33 Filtering SSH access using ACLs Y ou can permit or deny SSH access t o the Dell Po we rC on ne ct dev ic e u si ng A C Ls. T o use ACLs, fir st create the ACLs y ou want to use. Y ou can specify a numbered standar d IPv4 AC L, a named standard IPv4 A[...]

  • Page 1255

    PowerConnect B-Series FCX Configuration Guide 1213 53-1002266-01 Using Secure copy with SSH2 33 Example Syntax: show who [ begin <expression> | e xclude <expression> | include <expres sion> ] Using Secure copy with SSH2 Secure Copy (SCP) uses security built into SSH to transfer image and configuration f iles to and from the device[...]

  • Page 1256

    1214 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using Secure copy with SSH2 33 Configuration notes • When using SCP , enter the scp commands on the SCP-enabled client, rather than the console on the Dell PowerConnect device. • Cer tain SCP client options, including -p and -r , are ignored by the SCP server on the Dell de vice. [...]

  • Page 1257

    PowerConnect B-Series FCX Configuration Guide 1215 53-1002266-01 Using Secure copy with SSH2 33 Copying a software imag e file to flash memory PowerConnect B-Series FCX Devices T o copy a software image file fr om an SCP-enabled client t o the primar y flash on an Pow erConnect B-Series FCX de vice, enter one of the f ollowing commands. C:> scp[...]

  • Page 1258

    1216 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using Secure copy with SSH2 33[...]

  • Page 1259

    PowerConnect B-Series FCX Configuration Guide 1217 53-1002266-01 Chapter 34 Configuring 802.1X Port Security T a b l e 210 lists individual Dell Pow erConnect switches and the 802.1X port security features the y suppor t. IETF RFC support Dell Po werConnect de vices suppor t the IEEE 802. 1X standard f or authenticating devices attached to LAN port[...]

  • Page 1260

    1218 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 How 802.1X port security works 34 How 802.1X port security works This section explains the basic concepts behind 80 2. 1X por t security , incl uding device r oles, how the devices c ommunicate, and the pr oced ure used for authenticating clients. NOTE 802. 1X Port Security cannot be [...]

  • Page 1261

    PowerConnect B-Series FCX Configuration Guide 1219 53-1002266-01 How 802.1X port security works 34 Client/Supplicant – The device that seeks t o gain access to the network. Clients must be running software that supports the 802. 1X standar d (for e xample, the Windo ws XP operating system). Clients can either be directly connect ed to a por t on [...]

  • Page 1262

    1220 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 How 802.1X port security works 34 FIGURE 1 55 Controlled and uncontrolled ports before and af ter client authentication Before a Client is authenticated, only the uncont rolled port on the Auth enticator is open. The uncontrolled por t allows only EAPOL frames to be e xchanged betw ee[...]

  • Page 1263

    PowerConnect B-Series FCX Configuration Guide 1221 53-1002266-01 How 802.1X port security works 34 FIGURE 1 56 Message exchange between client/supplic ant, authenticat or , and authentication server In this example, the A u thenticator (the P owerConnect switch) initiates commun ication with an 802. 1X-enabled Client. When the Client responds , it [...]

  • Page 1264

    1222 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 How 802.1X port security works 34 activities. Since EAP-TLS req uires PKI digi ta l cer tificates on both the clients and the authentication ser vers, the roll out, maintenance, and scalability of this authen tication method is much more complex than o ther methods. EAP-T LS is best f[...]

  • Page 1265

    PowerConnect B-Series FCX Configuration Guide 1223 53-1002266-01 How 802.1X port security works 34 EAP pass-through support EAP pass-through is supported on PowerCo nnect devices that ha ve 802. 1X enabled. EAP pass-through suppor t is fully complia nt with RFC 3 7 48, in which, by default, compliant pass-through authenticator im plementa tions for[...]

  • Page 1266

    1224 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 How 802.1X port security works 34 FIGURE 1 57 Multiple hosts connect ed to a single 802.1X-enabled por t If there are multiple hosts connect ed to a sing le 802. 1X-enabled por t, the Dell P owerConnect devic e authenticates each of them individually . Each host authentication status [...]

  • Page 1267

    PowerConnect B-Series FCX Configuration Guide 1225 53-1002266-01 How 802.1X port security works 34 5. If authentica tion f or the C lient is unsuccessful the fir st time, multiple attem pt s to authenticat e the client will be made as det ermined by the attem pts vari ab le i n th e auth-fail-max-attempts command. • Refe r to “Specifying the nu[...]

  • Page 1268

    1226 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 How 802.1X port security works 34 • Dynamic multipl e VLAN assignment f or 802. 1X por ts. R efer “Dynamic multiple VLAN assignment fo r 802. 1X por ts” on page 12 3 1. • Configure a restriction to f or ward auth e nticated and unauthenticated tagged and untagged clients to a [...]

  • Page 1269

    PowerConnect B-Series FCX Configuration Guide 1227 53-1002266-01 Configuring 802.1X port security 34 1. A RADIUS ser ver successfully authenticates an 802 .1X client. 2. If 802. 1X accounting is enabled, the Dell P o werConnect de vice sends an 802. 1X Accounting Star t packet to the RADIUS server , in dicating the star t of a new session. 3. The R[...]

  • Page 1270

    1228 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1X port security 34 Example PowerConnect(config)#aaa authentication dot1x default radius Syntax: [ no ] aaa authentication dot1x default <method-lis t> For t h e <method-list> , ent er at least one of the fo llowing authentication methods radius – Use the[...]

  • Page 1271

    PowerConnect B-Series FCX Configuration Guide 1229 53-1002266-01 Configuring 802.1X port security 34 • Session-Timeout (2 7) – RFC 286 5 • T ermination- Action (29) – RFC 2865 • Calling-Station-ID (3 1) – RFC 2865 • NAS-Port-T ype (61) š RFC 2865 • T unnel- T ype (64) – RFC 2868 • T unnel-Med ium- T ype (65) – RFC 28 68 • E[...]

  • Page 1272

    1230 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1X port security 34 The <seconds> paramet er specifies the number of second s the devic e will wait to re-authenticat e a user af ter a timeout. The minimum value is 1 0 seconds. The maximum value is 2 16 -1 (maximum unsigned 1 6-bit value). Deny user access to t[...]

  • Page 1273

    PowerConnect B-Series FCX Configuration Guide 1231 53-1002266-01 Configuring 802.1X port security 34 NOTE When a show run command is issued during a session, th e dynamically -assigned VLAN is not display ed. Enable 802. 1X VLAN ID suppor t by adding the foll owing attribut es to a user pr ofile on the RADIUS ser ver . The device reads the attribut[...]

  • Page 1274

    1232 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1X port security 34 T o specify an untagged VLAN, use the f ollowing. "U:1 0" or "U:marketing" When the RADIUS server specifies an untag g ed VLAN ID, the por t default VLAN ID (or PVID ) is c h a n g ed f ro m t h e s y s t e m D E FAU LT-V L A N ([...]

  • Page 1275

    PowerConnect B-Series FCX Configuration Guide 1233 53-1002266-01 Configuring 802.1X port security 34 Syntax: sav e-dynamicvlan-to-config By default, the dynamic VLAN assignme nts are not sa ved to the running-config file. Entering the show running-conf ig command does not displa y dynamic VLAN assignments, although the y can be display ed with the [...]

  • Page 1276

    1234 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1X port security 34 Example PowerConnect(config)#int e 3/2 PowerConnect(config-if-e1000-3/2)#port security PowerConnect(config-port-security-e1000-3/2)#maximum 2 PowerConnect(config-port-security-e1000-3/2)#exit Refe r to Chapt er 35, “Using the MAC Port Security Fea[...]

  • Page 1277

    PowerConnect B-Series FCX Configuration Guide 1235 53-1002266-01 Configuring 802.1X port security 34 • A dynamic IP A CL will take prec edence over an IP ACL that is bound to a port (por t ACL). When a client authenticates with a dynamic IP A C L, th e port ACL will not be applied. Also, future clients on the same por t will authenticate with a d[...]

  • Page 1278

    1236 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1X port security 34 PowerConnect(config)#interface e 1 PowerConnect(config-if-e1000-1)#dot1x disable-filter-strict-security T o re-enable strict security mode for a n in ter fa c e, en te r t he fol l owi ng c om m an d. PowerConnect(config-if-e1000-1)#no dot1x disable[...]

  • Page 1279

    PowerConnect B-Series FCX Configuration Guide 1237 53-1002266-01 Configuring 802.1X port security 34 • Dynamic A CL filters are supported only for the inbound direction. Dynamic outbou nd A CL filters are not suppor ted. • MA C address filters are suppor ted only f or the inbound direction. Outbound MA C address filters are not suppor ted. • [...]

  • Page 1280

    1238 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1X port security 34 Syntax: [ no ] dot1x-enable At the do t1x configuration lev el, you can enable 802. 1X por t security on all int er faces at once, on individual interfaces, or on a range of int er faces. For e xample, to enable 802. 1X por t security on all int er [...]

  • Page 1281

    PowerConnect B-Series FCX Configuration Guide 1239 53-1002266-01 Configuring 802.1X port security 34 When an interface control type is set to auto , the cont rolled port i s initially set to unauthorized, bu t is changed to authorized w hen the conne cting Client is success fully authenticated by an Authentication Ser ver . The por t control type c[...]

  • Page 1282

    1240 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1X port security 34 For e xample, to re-authenticate Clients connect ed to interface 3/1, enter the f ollowing command. PowerConnect#dot1x re-authenticate e 3/1 Syntax: dot1x re-aut henticat e ethernet <por t> Specify the <por t> v a ri a b l e i n th e fo [...]

  • Page 1283

    PowerConnect B-Series FCX Configuration Guide 1241 53-1002266-01 Configuring 802.1X port security 34 Setting the maximum number of EAP frame retransmissions The Dell Po werConnect device re transmits the EAP-request/identity frame a maximu m of two times. If no EAP-response/identity frame is received from the Client after two EAP-request/identity f[...]

  • Page 1284

    1242 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1X port security 34 Setting the maximum number of EAP frame retransmissions Y ou can optionally specify the number of times the Dell P owerConnect de vice will retransmit the EAP-request frame. Y ou can specify between 1 – 1 0 frame retransmissions. For exam ple, to [...]

  • Page 1285

    PowerConnect B-Series FCX Configuration Guide 1243 53-1002266-01 Configuring 802.1X port security 34 Configuring 802.1X multip le-host authentication When multiple hosts are connect ed to the same 802. 1X-enabled por t, the func tionality described in “How 802. 1X Mu ltiple-host authen tication works” on page 122 4 is enabled by def ault. Y o u[...]

  • Page 1286

    1244 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1X port security 34 • Permitted do t1x-mac-sessions, which are the dot1x-ma c-sessions for authenticated Clients, as well as f or non-authenticated Clients whose por t s ha ve been placed in the restrict ed VLAN, are aged out if no traf fic is received fr om the Clie[...]

  • Page 1287

    PowerConnect B-Series FCX Configuration Guide 1245 53-1002266-01 Configuring 802.1X port security 34 Clearing a dot1x-mac-se ssion for a MAC address Y ou can clear the dot1x-mac-session for a specified MAC address, so that the Client with that MA C address can be re-authenticat ed by the RADIUS server . Example PowerConnect#clear dot1x mac-session [...]

  • Page 1288

    1246 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring 802.1X accounting 34 Configuring 802.1X accounting 802. 1X accounting enables the recording of information about 802. 1X clients who were successfully authenticated and allo wed access to the network. When 802.1X accounting is enabled on the Dell Po werConnect device, it s[...]

  • Page 1289

    PowerConnect B-Series FCX Configuration Guide 1247 53-1002266-01 Displaying 802.1X inform ation 34 Enabling 802.1X accounting T o enable 802. 1X accounting, enter the f ollowing command. PowerConnect(config)#aaa accounting dot1x default start-stop radius none Syntax: aaa accounting dot1x default star t-stop radius | none radius – Use the list of [...]

  • Page 1290

    1248 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying 802.1X information 34 T o display inf ormation about the 802. 1X configurat ion on an individual por t, enter a command such as the fo llowing. TA B L E 21 2 Output fr om the show dot1x command This field... Displays... P AE Capability The Por t Access Entity ( PAE) r ole f[...]

  • Page 1291

    PowerConnect B-Series FCX Configuration Guide 1249 53-1002266-01 Displaying 802.1X inform ation 34 Syntax: show dot1x config ethernet <por t> Specify the <por t> v a ri a b l e i n th e fo l l ow in g fo r m a ts : • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> The follo wi ng additional inform[...]

  • Page 1292

    1250 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying 802.1X information 34 Displaying 802.1X statistics T o display 80 2.1X statistic s fo r an individual port, enter a command such as the following Syntax: show dot1x statistics ethernet <port> Specify the <por t> v a ri a b l e i n th e fo l l ow in g fo r m a ts[...]

  • Page 1293

    PowerConnect B-Series FCX Configuration Guide 1251 53-1002266-01 Displaying 802.1X inform ation 34 Clearing 802.1X statistics Y ou can clear the 802. 1X statistics counters on all inter faces at once, on in dividual int er faces, or on a range of inter faces. For e xample, to clear the 802. 1X statistics coun t ers on all inter faces on the device,[...]

  • Page 1294

    1252 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying 802.1X information 34 In this examp le, the 802.1X -enabled por t has been moved from VLAN 1 to VLAN 2. When the client disconnects, the port will be moved back t o VLAN 1. The sho w run command also indicates the VLAN to which the por t has been dynamically assigned. The o[...]

  • Page 1295

    PowerConnect B-Series FCX Configuration Guide 1253 53-1002266-01 Displaying 802.1X inform ation 34 PowerConnect#show dot1x mac-address filter Port 1/3 (User defined MAC Address Filter) : mac filter 1 permit any any Syntax: show dot1x mac-address-filter T o display the user -defined IP A CLs active on the d evice, enter the f ollowing co mmand. Synt[...]

  • Page 1296

    1254 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying 802.1X information 34 The all ke yword displays all dynamically appl ied IP ACLs activ e on the device. Specify the <por t> v a ri a b l e i n th e fo l l ow in g fo r m a ts : • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> D[...]

  • Page 1297

    PowerConnect B-Series FCX Configuration Guide 1255 53-1002266-01 Displaying 802.1X inform ation 34 • Po werConnect B-Series FCX stackable switches – <s tack-unit/slotnum/portnum> Displaying 802.1X multiple-hos t authentication information Y ou can display the fo l lowing inf ormatio n about 802. 1X multiple-host authenti cation: • Infor[...]

  • Page 1298

    1256 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying 802.1X information 34 The output of the show dot1x config command for an interface displa ys the configured por t control f or the inter face. This command also displa ys information relat ed to 802. 1X multiple host-authentication. The following is an e xampl e of the outp[...]

  • Page 1299

    PowerConnect B-Series FCX Configuration Guide 1257 53-1002266-01 Displaying 802.1X inform ation 34 Example Syntax: show dot1x mac-session Ta b l e 2 17 lists the new fields in the displa y . Displaying information about the ports in an 802.1X mu ltiple-host configuration T o display inf ormatio n about the por ts in an 802. 1X mult iple-host config[...]

  • Page 1300

    1258 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Sample 802.1X configurations 34 1/1/7 0 0 no no no 1/1/8 0 0 no no no 1/1/9 0 0 no no no 1/1/10 0 0 no no no 1/1/11 0 0 no no no 1/1/12 0 0 no no no 1/1/13 0 0 no no no 1/1/14 0 0 no no no 1/1/15 0 0 no no no 1/1/16 0 0 no no no Syntax: show dot1x mac-session brief The follo wing tabl[...]

  • Page 1301

    PowerConnect B-Series FCX Configuration Guide 1259 53-1002266-01 Sample 802.1X configurations 34 Point-to-point configuration Figure 158 illustrates a samp le 802. 1X configuration with Clients connected t o three por ts on the Dell Po werConnect device. In a point-to-point configuration, only one 802. 1X Client can be co nn ec ted to ea ch po r t.[...]

  • Page 1302

    1260 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Sample 802.1X configurations 34 Hub configuration Figure 159 illustrates a configuration where three 802. 1X-enabled Clients are connect ed to a hub, which is connect ed to a por t on the Dell P owerCo nne ct device. The configuration is similar to that in Figure 158 , except that 802[...]

  • Page 1303

    PowerConnect B-Series FCX Configuration Guide 1261 53-1002266-01 Sample 802.1X configurations 34 802.1X Authentication with dynamic VLAN assignment Figure 160 illustrates 802. 1X authen tication with dynamic VLAN assignment . In this configuration, two user PCs are co nnected to a hub, which is connected t o por t e2. Port e2 is configured as a dua[...]

  • Page 1304

    1262 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using multi-device port au thentication and 802.1X security on the same port 34 ! interface ethernet 2 dot1x port-control auto dual-mode If User 1 is successfully authenticat ed before User 2, the PVID for por t e2 would be changed fr om the default VLAN to VLAN 3. Had User 2 been the[...]

  • Page 1305

    PowerConnect B-Series FCX Configuration Guide 1263 53-1002266-01 Chapter 35 Using the MAC Port Security Feature Ta b l e 2 1 9 lists the individual Del l Po werConnect switches and the MAC port security features they suppor t. This chapter describes ho w to configure De ll Pow erConnect devices t o lea rn “secure” MAC addresses on an in te rfac[...]

  • Page 1306

    1264 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the MAC port security feature 35 Local and global resources The MAC por t security feature us es a concep t of local and global “resou rces” to deter mine how many MAC addresses can b e secured on each interfac e. In this conte xt, a “resource” is the ability to st[...]

  • Page 1307

    PowerConnect B-Series FCX Configuration Guide 1265 53-1002266-01 Configuring the MAC port security feature 35 Enabling the MAC port security feature By default, the MA C por t security feature is disabl ed on all int er faces. Y ou can enable or disable the fe a ture on all int er faces at once , or on individual int er faces. T o enable the f eatu[...]

  • Page 1308

    1266 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the MAC port security feature 35 PowerConnect(config)#interface ethernet 7/11 PowerConnect(config-if-e1000-7/11)#port security PowerConnect(config-port-security-e1000-7/11)#age 10 Syntax: [ no ] age <minutes> The <minut es> variable specifies a range fr om 0 th[...]

  • Page 1309

    PowerConnect B-Series FCX Configuration Guide 1267 53-1002266-01 Configuring the MAC port security feature 35 Syntax: [ no ] autosa ve <minut es> The <minutes> variable can be from 15 thr oug h 1 4 40 minutes. By default, sec ure MAC addresses are not autosa ved to the startu p-config file. Specifying the action taken when a security vi[...]

  • Page 1310

    1268 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Clearing port se curity statistics 35 Disabling the port f or a specified amount of time Y ou can configure the de vice to disable the port f or a specified amount of time when a security violation occurs. T o shut down the por t for 5 minut es when a security violation occurs, ent er[...]

  • Page 1311

    PowerConnect B-Series FCX Configuration Guide 1269 53-1002266-01 Displaying port se curity information 35 • The por t security settings f o r an individual por t or f or all the por ts on a specified module • The secure MA C addresses configured on the de vice • Port security sta tistics f or an inter face or f or a module Displaying port sec[...]

  • Page 1312

    1270 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying port security information 35 Displaying port security statistics Y ou can display port security st atisti cs f or an interface or for a module. For e xample, to displa y por t security statistics fo r i nte r fa c e 7 /11 , e n te r t he fo ll ow i ng co m m an d . Syntax: [...]

  • Page 1313

    PowerConnect B-Series FCX Configuration Guide 1271 53-1002266-01 Displaying port se curity information 35 Displaying restricted MAC addresses on a port T o displa y a list of restrict ed MAC addresses on a port, enter a command such as the f ollowing. PowerConnect#show port security ethernet 1/5 restricted-macs Syntax: show por t security ethernet [...]

  • Page 1314

    1272 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying port security information 35[...]

  • Page 1315

    PowerConnect B-Series FCX Configuration Guide 1273 53-1002266-01 Chapter 36 Configuring Multi-Device Port Authentication Ta b l e 2 2 4 lists individu al Dell Po werConnect switches and the Multi-device port authentication fe atures they suppor t. NOTE Po werConnect B-Series FCX devices do not suppor t: - multi-device authentication on dynamic (LAC[...]

  • Page 1316

    1274 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 How multi-device port authentication works 36 How multi-device port authentication works Multi-device port authentication is a way t o configure a Dell Po werConnect device t o forward or block traf fic from a MA C address based on information receiv ed from a RADIUS server . The mult[...]

  • Page 1317

    PowerConnect B-Series FCX Configuration Guide 1275 53-1002266-01 How multi-device port authentication works 36 Supported RADIUS attributes Dell Po werConnect devic es suppor t the fo llowin g RADIUS attribut es for multi-de vice por t authentication: • Username (1) – RFC 2865 • NAS-IP- Address (4) – RFC 2865 • NAS-Port (5) – RFC 2865 ?[...]

  • Page 1318

    1276 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using multi-device port au thentication and 802.1X security on the same port 36 Support for source guard protection The Dell proprietar y Source Guard Prot ection feature, a f orm of IP Source Guard , can be used in conjunction with multi-device por t au thentication. For details, ref[...]

  • Page 1319

    PowerConnect B-Series FCX Configuration Guide 1277 53-1002266-01 Using multi-device port authentication an d 802.1X security on the same port 36 Configuring Dell-specific attributes on the RADIUS server If the RADIUS authentication pr ocess is succe ssful, the RADIUS server sends an Access-Accept message to the Dell P owerConnec t device, authenti [...]

  • Page 1320

    1278 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring multi-device port authentication 36 Configuring multi-device port authentication Configuring mult i-device port au thentication on the Dell Po werConnect device consists of the following tasks: • Enabling mult i-device por t authentication globally and on in dividual int[...]

  • Page 1321

    PowerConnect B-Series FCX Configuration Guide 1279 53-1002266-01 Configuring multi-device port authentication 36 Y ou can also configure mult i-device port authen tication commands on a range of inter faces. Example PowerConnect(config)#int e 3/1 to 3/12 PowerConnect(config-mif-3/1-3/12)#mac-authentication enable Specifying the format of the MAC ad[...]

  • Page 1322

    1280 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring multi-device port authentication 36 PowerConnect(config)#interface e 3/1 PowerConnect(config-if-e1000-3/1)#mac-authentication auth-fail-action block-traffic Syntax: [ no ] mac-authen tication auth-fail-action block-traf fic Dropping traf fic from non-authenticat ed MAC add[...]

  • Page 1323

    PowerConnect B-Series FCX Configuration Guide 1281 53-1002266-01 Configuring multi-device port authentication 36 If one of the attributes in the Ac cess- Accept mess age specifies one or more VLAN identifiers, and the VLAN is av ailable on the Dell Pow erConnect de vice, the por t is moved fr om its default VLAN to the specified VLAN. T o enable dy[...]

  • Page 1324

    1282 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring multi-device port authentication 36 • If an untagged port had previously been assigned to a VLAN thr ough dy namic VLAN assignment, and then another MA C address is authenticat ed on the sa me por t, but the RADIUS Access- Accept m essage for the second MAC address speci[...]

  • Page 1325

    PowerConnect B-Series FCX Configuration Guide 1283 53-1002266-01 Configuring multi-device port authentication 36 Y ou can optionally specify an alt ernate VLAN to which to mov e the por t when the MAC session for the address is delet ed. For example, to place the po r t in the restricted VLAN, ent er commands such as the fo llowing. PowerConnect(co[...]

  • Page 1326

    1284 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring multi-device port authentication 36 The dynamic IP A CL is active as long as the clie nt is connected t o the network. When the c lient disconnects from the network, the IP A CL is no lo nger applied to the por t. If an IP ACL had been applied to the port prior to multi-de[...]

  • Page 1327

    PowerConnect B-Series FCX Configuration Guide 1285 53-1002266-01 Configuring multi-device port authentication 36 • The dynamic ACL must be an e xtended A C L. Standar d ACLs are no t suppor ted. • Multi-device po r t authentication and 802. 1x can be used t ogether on the same por t. How ever , Dell does not recommend the use of multi-de vice p[...]

  • Page 1328

    1286 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring multi-device port authentication 36 Enabling source guard protection Source Guar d Protec tion is a form of IP Source Guar d used in conju nction with multi-device por t authentication. When Sour ce Guar d Pr otection is enabled, IP traf fic is blocked until the system lea[...]

  • Page 1329

    PowerConnect B-Series FCX Configuration Guide 1287 53-1002266-01 Configuring multi-device port authentication 36 In the abo ve output, f or por t 6/12, Source Guar d Prot ection is enabled and the Source Guard A CL is applied to the MA C sess ion, as indicated by SG in t he AC L colu mn. For por t 6/13, Source Guard Prot ection is a lso enabled, bu[...]

  • Page 1330

    1288 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring multi-device port authentication 36 Disabling aging for authenticated MAC addresses MA C addresses that have be en authenticated or denied b y a RADIUS ser ver are aged out if no traf fic is received from the MAC ad dress for a cert ain period of time: • Authenticat ed M[...]

  • Page 1331

    PowerConnect B-Series FCX Configuration Guide 1289 53-1002266-01 Configuring multi-device port authentication 36 Aging of the Lay er 2 hardware entry for a block ed MAC address occurs in tw o phases, known as hardware aging and sof tware aging. On Po werConnect devices, the har dware aging pe riod f or blocked MA C addresses is fixed at 70 seconds [...]

  • Page 1332

    1290 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring multi-device port authentication 36 Y ou can better contr ol por t behavior when a RADIUS tim eout occurs by configuri ng a por t on the Dell Po werConnect de vice to automatically pass or fail user a uthentication . A pass essentially bypasses the authentic ation process [...]

  • Page 1333

    PowerConnect B-Series FCX Configuration Guide 1291 53-1002266-01 Displaying multi-device port authentication information 36 Multi-device port authentication password override The multi-device por t authentica tion feature commun icates with the RADIUS ser ver t o authenticate a newly f ound MA C address. The RADIUS server is configured with the use[...]

  • Page 1334

    1292 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying multi-device port aut hentication informatio n 36 Displaying authenticated MAC address information T o display inf ormation about authenticated MA C addresses on the por ts where the multi-device por t authentication feature is en abled, ent er the following command. Syntax[...]

  • Page 1335

    PowerConnect B-Series FCX Configuration Guide 1293 53-1002266-01 Displaying multi-device port authentication information 36 Displaying multi-device port authentication information for a specific MAC address or port T o display authentication inf ormation for a specif ic MAC address or port, enter a command such as the fo llowing. Syntax: show auth-[...]

  • Page 1336

    1294 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying multi-device port aut hentication informatio n 36 Displaying the authenticated MAC addresses T o display the MA C addresses that ha ve been successfully authenticat ed, enter the show auth-mac-addresses authorized-mac command. Syntax: show auth-mac-addresses authorized-mac [...]

  • Page 1337

    PowerConnect B-Series FCX Configuration Guide 1295 53-1002266-01 Displaying multi-device port authentication information 36 Displaying multi-device port authentication information for a port T o display a summary of Multi-Device P or t Authenti cation f or por ts on a device, ent er the following command Syntax: show auth-mac-address ethernet <p[...]

  • Page 1338

    1296 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying multi-device port aut hentication informatio n 36 Omitting the eth ernet <por t> parameter displays inf ormation for all int er faces where the multi-device por t authenti cation fe ature is enabled. The follo wing table describes the information displa yed by the sho[...]

  • Page 1339

    PowerConnect B-Series FCX Configuration Guide 1297 53-1002266-01 Displaying multi-device port authentication information 36 Port Default Vlan The VLAN to which the p or t is assigned, and whether the por t had been dynamically assigne d to the VLAN by a RADIUS server . Port VLA N state Indi cates the state of the por t VLAN. Th e State can be one o[...]

  • Page 1340

    1298 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying multi-device port aut hentication informatio n 36 Displaying the MAC authentication table for PowerConnect B-Series FCX devices For P owerConnect B- Series FCX devices, there are three commands you can use t o display MA C authentication information: • show table <mac [...]

  • Page 1341

    PowerConnect B-Series FCX Configuration Guide 1299 53-1002266-01 Example configurations 36 PowerConnect#show table allowed-mac ------------------------------------------------------------------------------- MAC Address PortVlanAuthenticatedTimeAgedot1x ------------------------------------------------------------------------------- 0000.0010.100a 1/[...]

  • Page 1342

    1300 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Example configurations 36 Multi-device port authentication with dynamic VLAN assignment Figure 162 illustrates multi-de vice por t auth entication with dynamic VLAN assignment on a Dell Pow erConne ct device. In this configu ration, a PC and an IP phone are connected t o a hub, which [...]

  • Page 1343

    PowerConnect B-Series FCX Configuration Guide 1301 53-1002266-01 Example configurations 36 The mac-authentication disa ble-ingress-filtering command enab les tagged packets on the por t, eve n i f t h e p o r t i s n o t a m e m b e r o f th e V L A N . I f this fe ature is not enabled, authentica tion works as in “Example 2” Example 2 Figure 1[...]

  • Page 1344

    1302 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Example configurations 36 The par t of the running-config related to multi-de vic e por t auth entication wou ld be a s follo w s. mac-authentication enable mac-authentication auth-fail-vlan-id 1023 interface ethernet 1 mac-authentication enable mac-authentication auth-fail-action res[...]

  • Page 1345

    PowerConnect B-Series FCX Configuration Guide 1303 53-1002266-01 Example configurations 36 FIGURE 1 63 Us ing multi-device port authentication an d 802.1X authentication on the same port When the devices att empt to connect t o the networ k, they are first subject to multi-device por t authentication. When the MAC ad dress of the IP phone is authen[...]

  • Page 1346

    1304 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Example configurations 36 When the PC is authenticat ed using multi-device po rt authentication, the por t PVID is cha nged to “Login-VLAN”, which is VLAN 1 02 4 in this example. When User 1 is authenticat ed using 802. 1X authentication, the por t PVID is changed t o “User -V L[...]

  • Page 1347

    PowerConnect B-Series FCX Configuration Guide 1305 53-1002266-01 Example configurations 36 Since there is no pr ofile for the PC MA C addr ess on the RADIUS ser ver , multi-device port authentication for this MA C address fails. Or dina rily, this would mean that the PVID for the por t would be changed to that of the restrict ed VLAN, or t raf fic [...]

  • Page 1348

    1306 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Example configurations 36[...]

  • Page 1349

    PowerConnect B-Series FCX Configuration Guide 1307 53-1002266-01 Chapter 37 Configuring Web Authentication Ta b l e 2 31 lists individual Dell Pow erConnect switches and the Web A uthentication features they suppor t. Overview Authentication is impor tant i n enterprise netw orks because the network is considered a secure area: it contains sensitiv[...]

  • Page 1350

    1308 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuration considerations 37 While a MAC add ress is in the authenticated st at e, the host can forward data thr ough the Po werConnect switch. The MA C address remains au thenticat ed un til one of the f ollowing events occurs: • The host MAC address is remo ved from a list of M[...]

  • Page 1351

    PowerConnect B-Series FCX Configuration Guide 1309 53-1002266-01 Configuration tasks 37 • Each Web A uthentication VLAN must have a virtual inter face (VE). • The VE must ha ve at least one assigned IPv4 address. Web A uthentication is enabled on a VLAN. That VLAN becomes a W eb Authentication VLAN that does the f ollowing: • Forwards traffic[...]

  • Page 1352

    1310 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuration tasks 37 • On a Lay er 3 Pow erConnect switch, assign an IP address to a vir tual inter face (VE) for each VLAN on which W eb Auth entic ation will be enabled. PowerConnect#configure terminal PowerConnect(config)#vlan 10 PowerConnect(config-vlan-10)#router-interface ve[...]

  • Page 1353

    PowerConnect B-Series FCX Configuration Guide 1311 53-1002266-01 Enabling and disablin g web authentication 37 Once enabled, the CLI changes t o the "webauth " c onfiguration level. In the example abo ve, VLAN 10 will require hosts to be authenticated using Web Authentication bef ore they can forward traffic. 6. Configure the We b Authent[...]

  • Page 1354

    1312 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the web a uthentication mo de 37 Using local user databases Web A uthentication suppor ts the use of local user databases consisti ng of usernames and passwords, t o authenticate devices. Users are bl ock ed from accessing the switch until they enter a valid username and p[...]

  • Page 1355

    PowerConnect B-Series FCX Configuration Guide 1313 53-1002266-01 Configuring the web authentication mode 37 The first command changes the configuration le v el to the local user database level f or user db1 . If the database does not already exist, it is crea ted. The second command adds the user recor d marcia to the userdb1 database. Syntax: user[...]

  • Page 1356

    1314 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the web a uthentication mo de 37 For <password1> , <passwor d2> , etc., enter up to 29 ASCII charact ers. Be sure to Insert a cursor return ( <cr> ) after each user record. Y ou can enter up to 30 user recor ds per text file. Importing a text file of user[...]

  • Page 1357

    PowerConnect B-Series FCX Configuration Guide 1315 53-1002266-01 Configuring the web authentication mode 37 PowerConnect(config-vlan-10-webauth)#auth-mode username-password auth-methods local Syntax: auth-mode username-p asswor d auth-methods local T o rev er t back to using the RADIUS server , enter the follo wing command. PowerConnect(config-vlan[...]

  • Page 1358

    1316 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the web a uthentication mo de 37 Configuration steps Follo w the steps giv en below to config ure the de vice t o use the passcode authentication mode. 1. Optionally create up to four static passcodes 2. Enable passcode authen tication 3. Configure other options Creating s[...]

  • Page 1359

    PowerConnect B-Series FCX Configuration Guide 1317 53-1002266-01 Configuring the web authentication mode 37 The next dynamically-created passcode will be 1 0 digits in length, for e xample, 0 123456789. Syntax: auth-mode passcode length <value> For <value> , enter a number fro m 4 to 1 6. Configuring the passcode refresh method Passcode[...]

  • Page 1360

    1318 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the web a uthentication mo de 37 T o c on f ig ur e t h e s wi t ch to r ef r es h p as sc o de s a t a c er ta in t im e o f day, en ter c om ma n ds su ch a s t he following. PowerConnect(config-vlan-10-webauth)#auth-mode passcode refresh-type time 6:00 PowerConnect(conf[...]

  • Page 1361

    PowerConnect B-Series FCX Configuration Guide 1319 53-1002266-01 Configuring the web authentication mode 37 Syntax: auth-mode passcode flush-ex pired Disabling and re-enab ling passcode logging The sof tware generat es a Syslog message and SN MP trap message every time a new passcode is generat ed and passcode authentication is attempted ,. This is[...]

  • Page 1362

    1320 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring web authentication option s 37 Using automatic authentication By default, if W eb Authentication is enabled, hosts need t o login and enter authentication credentials in order to gain access t o the network. If a re-authentic ation period is configured, the host will be as[...]

  • Page 1363

    PowerConnect B-Series FCX Configuration Guide 1321 53-1002266-01 Configuring web authenticati on options 37 Syntax: [ no ] accounting Enter the no accounting command to disable RADIUS acc ounting for W eb Authentication. Changing the login mode (HTTPS or HTTP) Web A uthentication can be configured to use secure (HTTPS) or non-secure (HTTP) login an[...]

  • Page 1364

    1322 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring web authentication option s 37 Instead of just entering a duration f or how long the MA C address remains authenticated, you can specify the MA C address to be added by th e specified por t that is a member of the VLAN. T o do this, enter v alues for the ethernet <port&[...]

  • Page 1365

    PowerConnect B-Series FCX Configuration Guide 1323 53-1002266-01 Configuring web authenticati on options 37 Enter a number from 0 to 64, whe re 0 means there is no limit to the number of W eb Authentication attempts. The default is 5. Clearing authenticated hosts from the web authentication table Use the f ollowing commands to clear dynamically- au[...]

  • Page 1366

    1324 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring web authentication option s 37 Enter 0 – 128000 for <seconds> . The default is the current v alue of block duration comman d. Entering a va lue of "0" means the MAC address is block ed permanently . Entering no block mac <mac-address> duration <s[...]

  • Page 1367

    PowerConnect B-Series FCX Configuration Guide 1325 53-1002266-01 Configuring web authenticati on options 37 PowerConnect(config-vlan-10-webauth)#port-down-auth-mac-cleanup Syntax: [ no ] por t-down-auth-mac-cleanup While this command is enabled, the de vice checks the link stat e of all por ts that are members of the We b Authentication VLAN. If th[...]

  • Page 1368

    1326 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring web authentication option s 37 For <string> , enter up to 64 alphanumeric characters. Y ou can enter any v alue for <string> , but entering the name on the security cer tificate pre ven ts the display of err or messages saying that the security cer tificate doe[...]

  • Page 1369

    PowerConnect B-Series FCX Configuration Guide 1327 53-1002266-01 Configuring web authenticati on options 37 FIGURE 1 67 Ex ample of a login page when automatic authenti cation is disabled and local user database is enabled The user enters a user name and password, which are then sent for authentication. If passcode authentication is enabl ed, the f[...]

  • Page 1370

    1328 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring web authentication option s 37 FIGURE 1 69 Ex ample of a tr y again page If the limit f or the number of authenticated user s on the network is e xceeded, the Maximum Host Limit page is displa yed ( Figure 1 70 ). FIGURE 1 70 Example of a maximum Host limit page If the num[...]

  • Page 1371

    PowerConnect B-Series FCX Configuration Guide 1329 53-1002266-01 Configuring web authenticati on options 37 FIGURE 1 72 Example of a web authentication success page Once a host is authenticat ed, that host can ma nually de-authenticate by clicking the ’Logout’ button in the Login Success pa ge . The host remains logged in until the re-authentic[...]

  • Page 1372

    1330 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring web authentication option s 37 Syntax: show webauth vlan <vlan-id> webpag e Customizing web authentication pages Y ou can customize the f ollowing objects in the W eb Authentication pages sho wn in Figure 166 through Figure 1 72 : • Title bar • Banner imag e (the[...]

  • Page 1373

    PowerConnect B-Series FCX Configuration Guide 1331 53-1002266-01 Configuring web authenticati on options 37 FIGURE 1 73 Objects in the web authentication pages that can be cust omized Customizing t he title bar Y ou can customize the title bar that appear s on all Web A u thentication pages (refer t o Figure 1 73 ). T o do so, enter a command such [...]

  • Page 1374

    1332 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring web authentication option s 37 NOTE This command downloads the image file and stores it in the de vice flash memor y . Theref ore, it is not necessar y to f ollow this command with a write memo r y . The <ip-address> parameter spec ifies the address of the TFTP serve[...]

  • Page 1375

    PowerConnect B-Series FCX Configuration Guide 1333 53-1002266-01 Displaying web authen tication information 37 The <filename> parameter is the name of the text file on the TFTP ser ver . T o rev er t back to the default t ext box (none), enter the command no webpage terms . Customizing t he login button Y ou can customize the Login butt on th[...]

  • Page 1376

    1334 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying web authentication information 37 authentication mode: username and password (Default) authentication methods: radius Local user database name: <none> Radius accounting: Enable (Default) Trusted port list: None Secure Login (HTTPS): Enable (Default) Web Page Customiza[...]

  • Page 1377

    PowerConnect B-Series FCX Configuration Guide 1335 53-1002266-01 Displaying web authen tication information 37 Syntax: show webauth [ vlan <vlan-id> ] The show webauth command b y its elf displays inf ormation for all VLANs on which Web Authentication is enabled. Use the vlan <vlan-id> parameter t o display inf ormation for a specific V[...]

  • Page 1378

    1336 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying web authentication information 37 Displaying a list of hosts attempting to authenticate Enter the following command t o display a list of hosts that are tr ying to authenticate. The repor t shows the f ollowing information. Syntax: show webauth authenticating -list Displayi[...]

  • Page 1379

    PowerConnect B-Series FCX Configuration Guide 1337 53-1002266-01 Displaying web authen tication information 37 Syntax: show webauth blocked-list Displaying a list of local user databases The following command displays a list of a ll loca l user databases configur ed on the P owerConnect switch and the number of users in each datab ase. Syntax: show[...]

  • Page 1380

    1338 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying web authentication information 37 Syntax: show local-userdb <db-name> Displaying passcodes If the passcode Web authentication mode is enab led, you can use the follo wing command to display current passcodes. Syntax: show webauth vlan <vlan-id> passcode PowerCon[...]

  • Page 1381

    PowerConnect B-Series FCX Configuration Guide 1339 53-1002266-01 Chapter 38 Protecting Against Denial of Service Attacks Ta b l e 2 3 2 lists individual Dell PowerCo n nect switch es and the DoS pr otection f eatures they suppor t. This chapter explains ho w to prot ect your Dell Pow erConnect devices fr om Denial of Service (DoS) attacks. In a Den[...]

  • Page 1382

    1340 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Protecting against Smurf a ttacks 38 For each ICMP echo request packet sent by the attacker , a number of ICMP replies eq ual to the number of hosts on the intermediary network are se nt to the victim. If the attacker generates a large volume of ICMP echo req uest packets, and the in [...]

  • Page 1383

    PowerConnect B-Series FCX Configuration Guide 1341 53-1002266-01 Protecting against TCP SYN attacks 38 The burst-max <value> paramter can be fr om 1 through 1 00,000 packe ts per second. The lockup < v alue> parameter can be fr om 1 through 1 0,000 seconds. This command is suppor t ed on Et hernet and Layer 3 inte r faces. The number o [...]

  • Page 1384

    1342 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Protecting against TCP SYN attacks 38 For La yer 3 r outer code, if the int er face is part of a VLAN that has a rout er VE, you must conf igure T CP/SYN attack pr otection at the VE lev el. Ot her wise, y ou can configure this f eature at the interface level as shown in the pre vio u[...]

  • Page 1385

    PowerConnect B-Series FCX Configuration Guide 1343 53-1002266-01 Protecting against TCP SYN attacks 38 • Blind TCP reset attack using the synchronization (S YN) bit • Blind TCP pack et injection attack The T C P security enhanceme nt is automatically enabled. Protecting against a blind TCP reset attack using the RST bit In a blind T CP reset at[...]

  • Page 1386

    1344 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Protecting against TCP SYN attacks 38 Syntax: show statistics dos-attack T o clear statistics about ICMP and TCP S YN packets dro pped beca use burst thresholds were ex ceeded, enter the f ollowing command. PowerConnect#clear statistics dos-attack Syntax: clear statistics dos-attack P[...]

  • Page 1387

    PowerConnect B-Series FCX Configuration Guide 1345 53-1002266-01 Chapter 39 Inspecting and Tracking DHCP Packets Ta b l e 2 3 3 lists individual Dell PowerCo n nect switch es and the DHCP pack et inspection and tracking features th ey suppor t. Dynamic ARP inspection For enhanced ne twork security , you can configure the Dell P owerConnect de vice [...]

  • Page 1388

    1346 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Dynamic ARP inspection 39 How DAI works DAI allo ws only valid ARP requests and responses to be f o rwarded. A Dell Pow erConnect device on which D AI is configured does the following: • Inter cepts ARP packe ts received by the syst em CPU • Inspects all ARP requests and responses[...]

  • Page 1389

    PowerConnect B-Series FCX Configuration Guide 1347 53-1002266-01 Dynamic ARP inspection 39 • DHCP-Snooping ARP – inf ormation collected fr om snooping DHCP packets when DHCP snooping is enabled on VLANs. The status of an ARP entry is either pending or valid: • Va l i d – the mapping is valid, and the port is resolv ed. This is always the ca[...]

  • Page 1390

    1348 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Dynamic ARP inspection 39 Configuring an inspection ARP entry Static ARP and static inspection ARP entries need to be configured for hosts on untrusted ports. Other wise, when DAI checks ARP packets from these hosts against e ntries in the ARP table, it will not find an y entries for [...]

  • Page 1391

    PowerConnect B-Series FCX Configuration Guide 1349 53-1002266-01 DHCP snooping 39 Displaying ARP inspection status and ports T o display the ARP inspection status f or a VLAN and the trusted/untrust ed por t, enter the f ollowing command. Syntax: show ip arp inspection [ vlan <vlan_id> ] The <vlan_id> variable specifies the ID of a conf[...]

  • Page 1392

    1350 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 DHCP snooping 39 How DHCP snooping works When enabled on a VLAN, DHCP snooping stands between untrusted por ts (those connect ed to host por ts) and trusted por ts (those connected to DHCP servers). A VLAN with DHCP snooping enabled f or wards D HCP request packe ts from clie nts and [...]

  • Page 1393

    PowerConnect B-Series FCX Configuration Guide 1351 53-1002266-01 DHCP snooping 39 About client IP-to-MAC address mappings Client IP addresses need not be on directly-connect ed networ ks, as long as the client MA C address is learned on the client port and the client por t is in the same VLAN as the DHCP server por t. In this case, the system will [...]

  • Page 1394

    1352 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 DHCP snooping 39 1. Enable DHCP snooping on a VLAN.Ref er to “E nabling DHCP snooping on a VLAN” on page 1352. 2. For ports that are connected t o a DHCP ser ver , change their trust setting to trusted.R efer t o “Enabling trust on a por t” on page 1 352. The f ollowing shows [...]

  • Page 1395

    PowerConnect B-Series FCX Configuration Guide 1353 53-1002266-01 DHCP snooping 39 T o remove all entries fr om the DHCP bind ing database, enter the f ollowing command. PowerConnect#clear dhcp T o clear entries for a specific IP addres s, enter a command such as the f ollowing. PowerConnect#clear dhcp 10.10.102.4 Syntax: clear dhcp [ <ip-addr>[...]

  • Page 1396

    1354 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 DHCP relay agent information (DHCP Option 82) 39 PowerConnect(config)#vlan 2 PowerConnect(config-vlan-2)#untagged ethe 1/3 to 1/4 PowerConnect(config-vlan-2)#router-interface ve 2 PowerConnect(config-vlan-2)#exit PowerConnect(config)#ip dhcp snooping vlan 2 PowerConnect(config)#vlan 2[...]

  • Page 1397

    PowerConnect B-Series FCX Configuration Guide 1355 53-1002266-01 DHCP relay agent information (DHCP Option 82) 39 As illustrated in Figure 1 78 , the DHC P relay agent (the PowerConne ct switch), inserts DH CP option 82 attributes when relaying a DHCP req uest pack et to a DHCP ser ver . FIGURE 1 78 DHCP Option 82 attribut es added to t he DHCP pac[...]

  • Page 1398

    1356 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 DHCP relay agent information (DHCP Option 82) 39 Sub-option 1 – circuit id The Circuit ID (CID) identifies the circuit or port from which a DHCP client req uest was sent. The PowerC on nec t s wit ch use s th is infor ma tio n to r el ay DH CP r esp on ses ba ck to th e prop er ci r[...]

  • Page 1399

    PowerConnect B-Series FCX Configuration Guide 1357 53-1002266-01 DHCP relay agent information (DHCP Option 82) 39 Configuring DHCP option 82 When DHCP snooping is enabled on a VLAN, b y defaul t, DHCP option 82 also is enabled . Y ou do not need t o per form any e xtra configuration steps t o enable this feature. T o enable DHCP snooping, ref er to[...]

  • Page 1400

    1358 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 DHCP relay agent information (DHCP Option 82) 39 Changing the forwarding policy When the Dell Pow erConnect device receives a DHCP message that contains rela y agent information, by default, the de vice replaces the info rmation with its own relay a gent inf ormation. If desired, y ou[...]

  • Page 1401

    PowerConnect B-Series FCX Configuration Guide 1359 53-1002266-01 DHCP relay agent information (DHCP Option 82) 39 Viewing information about DHCP option 82 processing Use the commands in this section to view inf ormation about DH CP option 82 processing. Viewing the circuit Id, remo te id, and forwarding policy Use the show ip dhcp rela y informatio[...]

  • Page 1402

    1360 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IP source g uard 39 Viewing the status of DHCP op tion 82 and the subscriber id Use the show interface s ethernet co mm and to o bta in infor ma tio n a b out the status of DHCP option 82 and the configured subscriber ID, if applicable. In the ex ample below , the te xt in bold type d[...]

  • Page 1403

    PowerConnect B-Series FCX Configuration Guide 1361 53-1002266-01 IP source guard 39 When a new IP source entry binding on the por t is creat ed or deleted, the ACL will be recalculat ed an d r e ap p li e d i n h a rd wa r e to re f l ec t t h e c h a ng e i n I P s ou rc e b in d i ng . B y de f au l t , i f IP S o u rc e G u a rd is enabled witho[...]

  • Page 1404

    1362 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IP source g uard 39 • The number of configured A C L rules affect the rat e at which hardwa re resources are used when IP Sourc e Guard is enabled. Use the sho w access -list hw-usage on command to enable hardw are usage for an AC L, follow ed by a show access-list <access-list-i[...]

  • Page 1405

    PowerConnect B-Series FCX Configuration Guide 1363 53-1002266-01 IP source guard 39 The [vlan <vlannum> ] parameter is optional. If y ou enter a VLAN number , the binding applies to that VLAN only . If you do no t ent er a VLAN number , the static binding applies to all VLANs associated with the por t . Not e that since static IP sour ce bind[...]

  • Page 1406

    1364 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 IP source g uard 39[...]

  • Page 1407

    PowerConnect B-Series FCX Configuration Guide 1365 53-1002266-01 Chapter 40 Securing SNMP Access Ta b l e 2 3 6 lists individual Dell PowerConnect swit ches and the SNMP access me thods they suppor t. These f eatures are suppor ted in th e Layer 2, base Lay er 3, edge Lay er 3, and full Lay er 3 soft ware images, e xcept where explicitly no ted. SN[...]

  • Page 1408

    1366 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Establishing SNMP community strings 40 Restricting SNMP access using A CL, VLAN, or a speci fic IP address constitute the first leve l of defense when the packet arrives at a Dell PowerConnect device. The next le vel uses on e of the following methods: • Community string match In SN[...]

  • Page 1409

    PowerConnect B-Series FCX Configuration Guide 1367 53-1002266-01 Establishing SNMP community strings 40 T o add an en cr ypted community string, enter commands such as the f ollowing. PowerConnect(config)#snmp-server community private rw PowerConnect(config)#write memory Syntax: snmp-server community [ 0 | 1 ] <string> ro | rw [ vie w <vie[...]

  • Page 1410

    1368 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Establishing SNMP community strings 40 The view <viewname> paramet er is optional. It allows y o u to associat e a view t o the members of this community string. Enter up to 32 alphanumeric charact ers. If no view is specified, access to the full MIB is granted. The view that yo[...]

  • Page 1411

    PowerConnect B-Series FCX Configuration Guide 1369 53-1002266-01 Using the user-based security model 40 NOTE If display o f the strings is encr ypted, the strings ar e not display ed. Encr yption is enabled by default. Using the user-based security model SNMP version 3 ( RFC 25 70 through 25 75) introduc es a User -Based Security model (RFC 25 7 4)[...]

  • Page 1412

    1370 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using the user-based security model 40 Defining the engine id A default engine ID is generat ed during system star t up. T o determine what the default engine ID of the device is, enter the show snmp engineid command and find the follo wing line: Local SNMP Engine ID: 800007c70300e052[...]

  • Page 1413

    PowerConnect B-Series FCX Configuration Guide 1371 53-1002266-01 Using the user-based security model 40 NOTE This command is not used for SNMP version 1 and SNMP version 2. In these version s, gr o ups and group views are created int ernal ly using community strings. (ref er to “Establishing SNMP community strings” on page 1366.) When a com mun[...]

  • Page 1414

    1372 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Using the user-based security model 40 PowerConnect(config)#snmp-s user bob admin v3 access 2 auth md5 bobmd5 priv des bobdes The CLI for creating SNMP v ersion 3 users has been updat ed as follows. Syntax: [ no ] snmp-server user <n ame> <groupname> v3 [[ access <stand[...]

  • Page 1415

    PowerConnect B-Series FCX Configuration Guide 1373 53-1002266-01 Defining SNMP views 40 • If AES is the priv acy prot ocol to be used, ente r aes follo wed by the AES password k ey . F or a small pa sswor d ke y , enter 12 charact ers. For a big passwor d key , enter 1 6 characters. If you include the encrypted ke yword, ent er a password string [...]

  • Page 1416

    1374 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 SNMP version 3 traps 40 Y ou can exclude por tions of the MIB within an inclusion scope. For example, if y ou want to e xclude the snAgentSys objects, which begin with 1.3.6. 1.4.1 .1 99 1.1 . 1.2 object identi fier from the admin view , enter a second command such as the follo wing. [...]

  • Page 1417

    PowerConnect B-Series FCX Configuration Guide 1375 53-1002266-01 SNMP version 3 traps 40 Defining the UDP port for SNMP v3 traps The SNMP host command enhancemen ts allow configuration of notif ications in SMIv2 format, with or without encr yption, in addition to the previously suppor ted SMIv1 trap f orma t. Y ou can define a por t that receives t[...]

  • Page 1418

    1376 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 SNMP version 3 traps 40 Backward compatibility with SMIv1 trap format T h e D e l l P owe r C o n n e c t d ev i c e w i ll c o n t i n u e to s u p p o r t c r e a t i o n o f tr a p s i n S M I v 1 for m a t , a s b e fo r e . T o allow the device to send notifications in SMIv 2 for[...]

  • Page 1419

    PowerConnect B-Series FCX Configuration Guide 1377 53-1002266-01 Displaying SNMP Information 40 Displaying SNMP Information This section lists the commands for viewing SNMP-related information. Displaying the Engine ID T o display the engine ID of a managem ent mo dule, enter a comm and such as the follo wing. PowerConnect#show snmp engineid Local [...]

  • Page 1420

    1378 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displaying SNMP Information 40 PowerConnect#show snmp group groupname = exceptifgrp security model = v3 security level = authNoPriv ACL id = 2 readview = exceptif writeview = <none> Syntax: show snmp gr oup The value f or security lev el can be one of the f ollowing. Displaying [...]

  • Page 1421

    PowerConnect B-Series FCX Configuration Guide 1379 53-1002266-01 SNMP v3 Configuration examples 40 SNMP v3 Configuration examples The follo wing sections present examples of ho w to configure SNMP v3. Simple SNMP v3 configuration PowerConnect(config)#snmp-s group admingrp v3 priv read all write all notify all PowerConnect(config)#snmp-s user adminu[...]

  • Page 1422

    1380 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 SNMP v3 Configuration examples 40[...]

  • Page 1423

    PowerConnect B-Series FCX Configuration Guide 1381 53-1002266-01 Chapter 41 Using Syslog Ta b l e 2 37 li sts individual Dell PowerConnect switches and the Syslog f e atures they support. This chapter describes ho w to displa y Syslog mess ages and ho w to configure the Syslog f acility , and lists the Syslog messages th at De ll PowerCo n nect de [...]

  • Page 1424

    1382 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Displayi ng Syslog messages 41 • Errors • War n i ng s • Notifications • Informational • Debugging The device writ es the messages to a loc al buf fer . Y ou also can specify the IP address or host name of up to six Syslog servers. When you specify a Syslog server , the Dell[...]

  • Page 1425

    PowerConnect B-Series FCX Configuration Guide 1383 53-1002266-01 Configuring the Syslog service 41 Enabling real-time display of Syslog messages By d e fa ul t , to vi ew S ys l o g m e s sa g e s g e ne r a te d b y a Dell Pow erConnect device, you need t o display the Syslog buffer or the log on a Syslog ser ver used b y the Dell Po werConnect de[...]

  • Page 1426

    1384 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the Syslog s ervice 41 • Specify a Syslog server . Y ou ca n configure the Dell P owerConnect de vice to use up t o six Syslog servers. (Use of a Syslog server is op tional. The system can ho ld up t o 1 000 Syslog messages in an internal buffer .) • Change the lev el [...]

  • Page 1427

    PowerConnect B-Series FCX Configuration Guide 1385 53-1002266-01 Configuring the Syslog service 41 Static and dynamic buffers T he s oft w ar e pr o vi d es tw o b uff er s : • Static – logs pow er supply failures, fan f a ilures, and temp erature warning or shutdown messages • Dynamic – logs all other mes sage types In the static log, ne w[...]

  • Page 1428

    1386 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the Syslog s ervice 41 When you clear log entries, you can selectively clea r the static or dynamic buffer , or you can clear both. Fo r example, t o clear only the dynamic buf f er , enter the f ollowing command at the Privileged EXEC lev el. PowerConnect#clear logging dy[...]

  • Page 1429

    PowerConnect B-Series FCX Configuration Guide 1387 53-1002266-01 Configuring the Syslog service 41 Example of Syslog messages on a device wih the onboard clock not set The example sho ws the format of messages on a devi ce where th e onboard syst em clock is not set. Each time stamp shows the amount of time the device had been running when the mess[...]

  • Page 1430

    1388 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the Syslog s ervice 41 This command enables local Syslog logging with the f ollowing def aults: • Messages of all sev erity levels (E mergencies – Debugging) are logged. • Up t o 50 messages are retained in the local Syslog buffer . • No Syslog ser ver is spec ifie[...]

  • Page 1431

    PowerConnect B-Series FCX Configuration Guide 1389 53-1002266-01 Configuring the Syslog service 41 Changing the number of entr ies the local buffer can hold Y ou also can use the logging buf f ered command to change the number of entries the local Syslog buffer can stor e. For exam ple. PowerConnect(config)#logging buffered 100 PowerConnect(config)[...]

  • Page 1432

    1390 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring the Syslog s ervice 41 • sys1 0 – reser ved f or system use • sys1 1 – reser ved f or system use • sys12 – re ser ved f or system use • sys13 – reserved for syst em use • sys1 4 – reser ved f or system use • cron – cr on/at subsystem • local0 – [...]

  • Page 1433

    PowerConnect B-Series FCX Configuration Guide 1391 53-1002266-01 Syslog messages 41 T o display T CP or UDP por t numbers instead of their names, enter the f ollowing command. PowerConnect(config)#ip show-service-number-in-log Syntax: [ no ] ip show-ser vice-number-in-log Retaining Syslog messages after a soft reboot Y ou can configure the device t[...]

  • Page 1434

    1392 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 TA B L E 2 3 9 Syslog messages Message level Message Explanation Aler t <num-modules> modules and 1 po wer supply , need more power sup ply!! Indicat es that the chassis needs more power supplies to run the modules in the chassis. The <num-modules> param[...]

  • Page 1435

    PowerConnect B-Series FCX Configuration Guide 1393 53-1002266-01 Syslog messages 41 Alert Management module at slot <slot-num> state changed fr om <modu le-state> to <module-s tate> . Indicat es a stat e change in a m anagement module. The <slot-num> indicat es the chassis slo t containing the module . The <module-stat e&[...]

  • Page 1436

    1394 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Aler t System: Mod ule in slot <slot-num> encountered unreco verable PCI config read failure. M odule will be deleted. The module encount ered an unrecov erable hardware conf igurat ion read failure. The module will be disabl ed or powered down. Aler t System:[...]

  • Page 1437

    PowerConnect B-Series FCX Configuration Guide 1395 53-1002266-01 Syslog messages 41 Inf ormational IPv6: IPv6 prot ocol enabled on the device from <se ssion-id> IPv6 pro tocol was enabled on the de vice during the speci fied session. Inf ormational MAC Filt er applied to port <port-id> by <usernam e> from <session-id> (filte[...]

  • Page 1438

    1396 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Informational Bridge root changed, vlan <vlan-id> , new root ID <string> , root interface <por tnum> A Spanni ng T ree Protocol (STP) topology change has occurred. The <vlan- id> i s t he ID of th e VL AN in wh ic h the STP topology cha nge o[...]

  • Page 1439

    PowerConnect B-Series FCX Configuration Guide 1397 53-1002266-01 Syslog messages 41 Informational DOT1X : por t <por tnum> - mac <mac address> is unauthorized because syst em resource is not enough or the invalid infor mation to set the dynamic assigne d IP ACLs or MA C address filters 802. 1X authentica tion failed for the Client with [...]

  • Page 1440

    1398 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Informational ER R_DISABLE : Inter face ethernet 16, err-di sable recovery timeout If the w ait time (port is down an d is waiting to come up) expires and t he por t is br ought up the fo llowing message is di splaye d. Inf ormational ERR_DISABLE: Link flaps on port[...]

  • Page 1441

    PowerConnect B-Series FCX Configuration Guide 1399 53-1002266-01 Syslog messages 41 Inf ormational Security: t elnet | SSH logout by <username> from sr c IP <ip-address> , src MA C <mac-a ddress> to USE R | PRIVILEGE EXEC mode The specified user logged out of th e device. The user was using T elnet or SSH to access the de vice fro[...]

  • Page 1442

    1400 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Informational Sy slog ser ver <IP-address> deleted | added | modified from console | t elnet | ssh | web | snmp OR Syslog operation e nabled | disabled from console | telne t | ssh | web | snmp A user made Syslog configurati on changes to the specifi ed Syslog[...]

  • Page 1443

    PowerConnect B-Series FCX Configuration Guide 1401 53-1002266-01 Syslog messages 41 Inf ormational telnet | SSH | w eb access [by <username> ] from sr c IP <source ip address>, sr c MAC <source MAC address> reje cted, <n> attempt s There were failed web, SSH, or T elnet login access atte mpts from the specified source IP and[...]

  • Page 1444

    1402 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Inf ormational vlan <vlan-id> Bridge is R ootBridge <mac-a ddress> (MgmtPriChg) 802. 1W changed the curr ent bridge to be the root bridge o f the given topol ogy due to administrative change in bridge pr iority. Inf ormational vlan <vlan-id> Bridge[...]

  • Page 1445

    PowerConnect B-Series FCX Configuration Guide 1403 53-1002266-01 Syslog messages 41 Notification Authentication Disabled on <por tnum> The multi-de vice por t authentication feature was disabled on the on the specified <portnum> . Notification Authentication Enabled on <portnum> The multi-device port authentication f eature was en[...]

  • Page 1446

    1404 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Notification Local ICMP ex ceeds <burst-max> burst packets , stopping f or <lockup> seconds!! The number of ICMP pack ets exceeds the <burst-max> threshold se t by the ip icmp burst command. The Dell P owerConnect device ma y be the victim of a Den[...]

  • Page 1447

    PowerConnect B-Series FCX Configuration Guide 1405 53-1002266-01 Syslog messages 41 Notification OSPF inter face stat e changed, rid <rout er-id> , intf addr <ip-addr> , state <ospf-state> Indicat es that the state of an OSPF interface has changed. The <router -id> is the router ID of the De ll Po werConnect device. The <[...]

  • Page 1448

    1406 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Notification OSPF intf config error , rid <router -id> , intf addr <ip-addr> , pkt src addr <src-ip-addr> , error type <error-type> , pkt type <pkt-type> Indicat es that an OSPF inter face configuration error has occurred. The <route[...]

  • Page 1449

    PowerConnect B-Series FCX Configuration Guide 1407 53-1002266-01 Syslog messages 41 Notification OSPF intf rcvd bad pkt: Bad Chec ksum, rid <ip-addr> , intf add r <ip-addr> , pkt size <num> , che cksum <num> , pkt src addr <ip-addr> , pkt type <type> The device receiv ed an OSPF packet that had an invalid checksu[...]

  • Page 1450

    1408 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Notification OSPF intf retransmit, r id <router -id> , intf addr <ip-addr> , nbr rid <nbr -router -id>, pkt type is <pkt-type> , LSA type <lsa-ty pe> , LSA id <lsa-id > , LSA rid <lsa-rout er-id> An OSPF inter face on the D [...]

  • Page 1451

    PowerConnect B-Series FCX Configuration Guide 1409 53-1002266-01 Syslog messages 41 Notification OSPF nbr state changed, rid <rout er-id> , nbr addr <ip-addr> , nbr rid <nbr-r outer -Id>, state <ospf- stat e> Indicat es that the state of an OSPF neighbor h as changed. The <router -id> is the router ID of the De ll Po w[...]

  • Page 1452

    1410 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Notification OSPF vir tual intf authen fai lure, rid <rout er-id> , intf addr <ip-addr> , pkt src addr <sr c-ip-addr>, error type <error-type> , pkt typ e <pkt-type> Indicat es that an OSPF vir tual r outing interface authenticatio n fa[...]

  • Page 1453

    PowerConnect B-Series FCX Configuration Guide 1411 53-1002266-01 Syslog messages 41 Notification OSPF vir tual intf config erro r , rid <rout er-id> , intf addr <ip-addr> , pkt src addr <sr c-ip-addr>, error type <error-type> , pkt typ e <pkt-type> Indicat es that an OSPF vir tual r outing interface configuration err o[...]

  • Page 1454

    1412 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Notification OSPF vir tual intf retransmit, rid <r outer-id> , intf addr <ip-addr> , nbr rid <nbr -router -id>, pkt type is <pkt-type> , LSA type <lsa-ty pe> , LSA id <lsa-id > , LSA rid <lsa-router-id> An OSPF inter face on[...]

  • Page 1455

    PowerConnect B-Series FCX Configuration Guide 1413 53-1002266-01 Syslog messages 41 Notification OSPF vir tua l nbr state changed, rid <rout er-id> , nbr addr <ip-a d dr> , nbr rid <nbr-r outer -id>, state <ospf-s tate> Indicat es that the state of an OSPF virtual neighbor h as changed. The <router -id> is the router I[...]

  • Page 1456

    1414 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Notification V RRP intf stat e changed, intf <portnum> , vrid <vir tual-router-id>, state <vrrp-state> A state change has occurred in a Virtual Router Redundancy Protocol (VRRP) interface. The <portnum> is the por t. The <virtual-rout er-i[...]

  • Page 1457

    PowerConnect B-Series FCX Configuration Guide 1415 53-1002266-01 Syslog messages 41 War n in g li s t <ACL -num> denied <ip-proto> <src-ip-addr> (<src-tcp/ud p-por t>) (Ethernet <por tnum> <mac-addr> ) -> <dst-ip-addr> (<dst -tcp/udp-por t>), 1 ev ent(s) Indicates that an A ccess Control List (ACL)[...]

  • Page 1458

    1416 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Syslog messages 41 Warning N o global IP! cannot se nd IGMP msg. The device is config ured for ip multicast active but th er e i s n o c o nf ig ur ed IP ad dr es s and the device can not send out IGMP queries. War ning No of prefixes received fr om BGP peer <ip-addr> ex ceeds w[...]

  • Page 1459

    PowerConnect B-Series FCX Configuration Guide 1417 53-1002266-01 Appendix A Network Monitoring Ta b l e 24 0 lists the individual Dell Pow erConnect swit ches and the netw ork monitoring features they support. Basic management The following sections contain procedur es f or basic sys tem management tasks. Viewing system information Y ou can access [...]

  • Page 1460

    1418 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic manageme nt A The follo wing hardware details are list ed in the output of the show version co mmand: • Chassis type • PROM type (if applicable) • Chassis serial number • Management and int er f ace module serial numbers and ASIC types For a description of the sof tware [...]

  • Page 1461

    PowerConnect B-Series FCX Configuration Guide 1419 53-1002266-01 Basic manageme nt A T o determine the available show c ommands for the syste m or a specific level of the CLI, enter the following command. PowerConnect#show ? Syntax: show <option> Y ou also can enter “show” at the c ommand prompt, then press the T AB ke y . Viewing port st[...]

  • Page 1462

    1420 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic manageme nt A Link T he link state. State T he S TP state. Dupl The mode (full-duplex or half-duplex). Speed The por t speed (1 0M, 100M, or 1 000M). T runk The trun k group number , if the por t is a member of a trunk group. T ag Whether the por t is a tagge d member o f a VLAN[...]

  • Page 1463

    PowerConnect B-Series FCX Configuration Guide 1421 53-1002266-01 Basic manageme nt A Viewing STP statistics Y ou can view a summar y of STP statistics f or Laye r 2 Switches and La yer 3 Switches. S TP statistics are by def ault polled ev er y 10 seconds. T o view spanning tree statistics, enter the show span command. T o view S TP statistics for a[...]

  • Page 1464

    1422 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Basic manageme nt A Viewing egress queue counters on Po werConnect B-Series FCX devices The show int er face command displays the number of packets on a port that were queued f or each QoS priority (traff ic class) an d dropped bec ause of congestion. NOTE These counters do no t inclu[...]

  • Page 1465

    PowerConnect B-Series FCX Configuration Guide 1423 53-1002266-01 RMON su pport A Clearing the egress queue counters Y ou can clear egress queue statistics (reset them to zero), using the clear statistics and clear statistics ethernet < por t > command. Syntax: clear statistics [ ethernet < port >] Specify the <por t> variable in t[...]

  • Page 1466

    1424 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 RMON support A Statistics (RMON group 1) Count inf ormation on multicas t and br oa dcast packets, to tal packets sent, under sized and ov er sized packets, CRC alignment errors, jabbers, collision, fragments and dropped e vents is collecte d for each port on a Lay er 2 Switch or Lay [...]

  • Page 1467

    PowerConnect B-Series FCX Configuration Guide 1425 53-1002266-01 RMON su pport A Multicast pkts The total number of good pack ets received that wer e directed to a multicast address. This number does not include pack ets directed t o the broadcas t address. CRC alignment err ors The to tal number of packets receiv ed that were from 64 – 15 18 oct[...]

  • Page 1468

    1426 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 RMON support A History (RMON group 2) All active por ts by default will generat e two hist ory control data entries per activ e Lay er 2 Switch por t or Lay er 3 Switch inter face. An active port is defined as one with a link up. If the link goes down the tw o entries are automaticall[...]

  • Page 1469

    PowerConnect B-Series FCX Configuration Guide 1427 53-1002266-01 sFlow A PowerConnect(config)#rmon event 1 description ‘testing a longer string’ log-and-trap public owner nyc02 Syntax: rmon ev ent <event-e ntr y> description <text-s tring> log | trap | log-and-trap owner <rmon-station> sFlow NOTE Po werConnect device s suppor [...]

  • Page 1470

    1428 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 sFlow A The configuration procedures for sFlow v ersio n 5 ar e the same as f or sFlow v ersion 2, ex cept where explicitly not ed. Conf iguration procedures for sFlo w are in the sectio n “Configuring and enabling sFlow” on page 1 430. The features and CLI commands that are speci[...]

  • Page 1471

    PowerConnect B-Series FCX Configuration Guide 1429 53-1002266-01 sFlow A Configuration considerations This section lists the sFlow configu ration considerations on Dell PowerConnect de vices. Po werConnect B-Series FC X devices, y ou can use QoS queue 1 for priority traffic, ev en when sFlow is enabled on the port. • If an Pow erConnect B-Series [...]

  • Page 1472

    1430 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 sFlow A NOTE If an IP address is not already configured when y ou enable sFlow , the feature uses the source address 0.0.0.0. T o display the agent_address, enable sFlow , then enter the sho w sflow command. Refe r to “Enabling sFlo w forwarding” on page 14 35 and “Displaying sF[...]

  • Page 1473

    PowerConnect B-Series FCX Configuration Guide 1431 53-1002266-01 sFlow A Specifying the collector sFlow e xpor ts traf fic statistics to an ex ternal collect or . Y ou can specify up to four collect ors. Y ou can specify more than one collector with the same IP address if the UDP port numbers are unique. Y ou can hav e up to four unique combination[...]

  • Page 1474

    1432 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 sFlow A The default polling interval is 20 seco nds. Y ou ca n change the int er val to a value fr om 1 to any higher value. The interval value applies to all inte r faces on which sFlo w is enabled. If you set the po lli ng in ter va l to 0, co un ter d at a s amp li ng is d is ab le[...]

  • Page 1475

    PowerConnect B-Series FCX Configuration Guide 1433 53-1002266-01 sFlow A While different por ts on a module may be config ured to ha ve different sampling rat es, the hardware f or the module will be programmed t o take samples at a single rate (the module sampling rate). The module sampling rat e will be the high est sampli ng rate (i.e. lowest nu[...]

  • Page 1476

    1434 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 sFlow A • 209 7 152 • 8388608 • 33554432 • 13421 7728 • 5368 709 12 • 2 14 7 483648 For e xample, if the configured sampling rate is 1 000, then the actual rate is 2048 and 1 in 2048 packets are sampled by the hardw are. Changing the sampling rat e of a module Y ou cannot [...]

  • Page 1477

    PowerConnect B-Series FCX Configuration Guide 1435 53-1002266-01 sFlow A Enabling sFlow forwarding sFlow ex por t s data only for the int er faces on wh ich you enable sFlow f or warding. Y ou can enable sFlow forwarding on Ethernet interfaces . T o enable sFlow f or war ding,per form the f ollowing: • Globally enable the sFlow f eature • Enabl[...]

  • Page 1478

    1436 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 sFlow A NOTE When you enable sFlow f or war ding on a trunk por t, only the primar y por t of the trunk group f orwards sFlow samples. T o enable sFlow f or war ding on a trunk po r t, e nter commands s uch as the following. PowerConnect(config)#sflow enable PowerConnect(config)#trunk[...]

  • Page 1479

    PowerConnect B-Series FCX Configuration Guide 1437 53-1002266-01 sFlow A Specifying the sFlo w agent IP address The sampled sFlow data sent to the collectors includ es an agent_address field. This field identifies the device (the sFlo w agent) that sent the data. By default, the de vice automatically selects the sFlow agent IP address based on the [...]

  • Page 1480

    1438 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 sFlow A Exporting CPU and memo ry usage information to the sFlow collector With sFlow verion 5, you can optionally c onfigure the sFlow agent on the Dell Pow erConnect device to e xpor t inf o rmation about CPU and me mor y usage to the sFlow collector . T o expor t CPU usage and memo[...]

  • Page 1481

    PowerConnect B-Series FCX Configuration Guide 1439 53-1002266-01 sFlow A Syntax: [ no ] sflow export cpu-traf fic <rate> The default sam pling rate depends on the Dell P owerConnect de vice being configured. Re fer t o “Changing the sampling rate” on page 1 432 for the def ault sampling rate f or each kind of Dell Pow erCon nect device. D[...]

  • Page 1482

    1440 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 sFlow A PowerConnect#show sflow sFlow version:5 sFlow services are enabled. sFlow agent IP address: 123.123.123.1 4 collector destinations configured: Collector IP 192.168.4.204, UDP 6343 Collector IP 192.168.4.200, UDP 6333 Collector IP 192.168.4.202, UDP 6355 Collector IP 192.168.4.[...]

  • Page 1483

    PowerConnect B-Series FCX Configuration Guide 1441 53-1002266-01 sFlow A Syntax: show sflow This command shows the following inf ormation. TA B L E 24 4 sFlow information This field... Displays... sFlow v ersion The version of sFlo w enabled on the device, which can be one of the fol l ow i ng : • 2 • 5 sFlow services The feature s tate, which [...]

  • Page 1484

    1442 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring a utilization list for an uplink port A Clearing sFlow statistics T o clear the UDP packet and sF low sample counters in th e show sflow displa y, ent er the following command. PowerConnect#clear statistics Syntax: clear statistics This command clears the values in the fol[...]

  • Page 1485

    PowerConnect B-Series FCX Configuration Guide 1443 53-1002266-01 Configuring a utilization list for an uplink port A • One or more uplink por ts • One or more downlink por ts Each list displays the uplink port and the percenta ge of that por t bandwidth that was utilized by the downlink ports over the most recent 30-second int er val. Y ou can [...]

  • Page 1486

    1444 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Configuring a utilization list for an uplink port A NOTE The example abov e represe nts a pure configura tion in which traf fic is exchanged only by ports 1/2 and 1/1, and b y por ts 1/3 and 1/1. F or this reason, the percentages f or the two do wnlink por ts equal 1 00%. In some case[...]

  • Page 1487

    PowerConnect B-Series FCX Configuration Guide 1445 53-1002266-01 Appendix B Software Specifications IEEE compliance Dell Po werConnect devices suppo r t the f ollowing standards. RFC support The f ollowing table lists the RFCs supported by Dell P owerConnect de vices. TA B L E 24 5 IEEE compliance Standard Description PowerConnect B-Series FCX 802.[...]

  • Page 1488

    1446 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 RFC support B NOTE Some device s suppor t only a subset of the RFCs . For e xample, Lay er 2 Switches do not suppor t rout er- specific RFCs. For a list o f features supported on y our device, ref er to the data she et or the soft ware release not es for the v er sion of software runn[...]

  • Page 1489

    PowerConnect B-Series FCX Configuration Guide 1447 53-1002266-01 RFC support B 12 12 Concise MIB Definitions Y es 12 13 MI B II Definition s Y es 12 15 SNMP generic traps Y es 1256 ICMP Router Discovery Protocol (IRDP) Y e s 1267 Border Gatew ay Prot ocol version 3 Y es 1269 Definitions of Managed Objects for the Border Gatewa y Protocol: Version 3[...]

  • Page 1490

    1448 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 RFC support B 1850 OSPF T raps Y es 1850 OSPF version 2 MIB Y es 1905 Protocol Operations f or version 2 of the Simple Netw ork Management Prot ocol (SNMPv2) Ye s 1906 T ranspor t Mappings for v ersion 2 of the Simple Netw ork Management Prot ocol (SNMPv2) Ye s 1965 Autonomous Syst em[...]

  • Page 1491

    PowerConnect B-Series FCX Configuration Guide 1449 53-1002266-01 RFC support B 2336 IGMP version 2 Y es 2338 Vir tual Router R edundancy Protocol (VRRP) Ye s 2362 IP Multicast PIM Spar se Y es 23 70 The OSPF Opaque LSA Option Y es 2385 TCP MD5 Signature Option (for BGP4) Y es 2 439 BG P Route Flap Dampen ing Y es 2 482 Language T agging in Unicode [...]

  • Page 1492

    1450 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 RFC support B 2866 RADIUS Accounting Y es 2869 RADIUS Extensions Y es 2889 Benchmarking Methodology for LAN Switching Devices Ye s 2918 Rou te Re f re sh Ca p ab il it y fo r B GP 4 Y e s 2932 IPv4 Multicast Routing MIB Y es 2933 Internet Group Management Pr otocol MIB Y es 2934 Proto[...]

  • Page 1493

    PowerConnect B-Series FCX Configuration Guide 1451 53-1002266-01 RFC support B 4252 The Secure Shell (SSH) Authentication Prot ocol Ye s 4253 The Secure Shell (SSH) T ranspor t Prot ocol Y es 4254 The Secure Shell (SSH) Connection Prot ocol Ye s 4330 Simple Network Time Prot ocol (SNTP) ver s io n 4 Ye s Authentication , Authorization , and Account[...]

  • Page 1494

    1452 PowerConnect B-Series FCX Configuration Guide 53-1002266-01 Internet drafts B Internet drafts In addit ion to the RFCs listed in “RFC suppor t” on page 1 4 45, Dell PowerC onnect devices support the fo llowing Internet drafts: • ietf-idmr -dvmrp version 3.05, obsolet es RFC 1 0 75 • draft-ietf-magma-igmp-pr oxy .txt • draft-ietf-pim-[...]