Manuel d'utilisation / d'entretien du produit 9.7(0.0) du fabricant Dell
Aller à la page of 1039
Dell Networking Configuration Guide for the Z9500 Switch 9.7(0.0).
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
Contents 1 About this Guide................................................................................................. 33 Audience ..................................................................................................................
Using Hashes to Validate Software Images ........................................................................................ 53 4 Switch Management.......................................................................................... 55 Configuring Privilege Levels .
Restoring Factory-Default Boot Environment Variables .............................................................. 75 5 802.1X................................................................................................................... 78 The Port-Authentication Process .
Implementation Information ...................................................................................................... 109 Configuration Task List for Prefix Lists ............................................................................
Best Path Selection Criteria ......................................................................................................... 155 Weight .........................................................................................................
Filtering BGP Routes Using AS-PATH Information .................................................................... 194 Configuring BGP Route Reflectors ............................................................................................. 195 Aggregating Routes .
Troubleshooting CPU Packet Loss ............................................................................................. 234 Viewing Per-Protocol CoPP Counters ......................................................................................
Configuration Example for DSCP and PFC Priorities ................................................................ 264 DCBx Example .......................................................................................................................
Full Kernel Core Dumps .................................................................................................................... 316 Enabling TCP Dumps ........................................................................................
16 FCoE Transit.................................................................................................... 344 Fibre Channel over Ethernet .......................................................................................................
Configuring the Control VLAN ................................................................................................... 373 Configuring and Adding the Member VLANs ............................................................................. 374 Setting the FRRP Timers .
Designating a Multicast Router Interface ........................................................................................ 396 22 Interfaces........................................................................................................
Changing the Hash Algorithm .................................................................................................... 417 Bulk Configuration ...................................................................................................
Specifying the Local System Domain and a List of Domains ......................................................... 448 Configuring DNS with Traceroute ................................................................................................... 448 ARP .
Configuration Tasks for IPv6 ............................................................................................................. 471 Adjusting Your CAM Profile .................................................................................
Configuring Authentication Passwords ..................................................................................... 506 Setting the Overload Bit ...................................................................................................
Configure Redundant Pairs ...............................................................................................................535 Important Points about Configuring Redundant Pairs ...........................................................
32 Multicast Source Discovery Protocol (MSDP)........................................... 570 Protocol Overview ............................................................................................................................ 570 Anycast RP .
Modifying the Interface Parameters ................................................................................................. 601 Configuring an EdgePort ..........................................................................................
Assigning Area ID on an Interface .............................................................................................. 647 Assigning OSPFv3 Process ID and Router ID Globally .............................................................. 648 Configuring Stub Areas .
PBR Exceptions (Permit) ............................................................................................................. 680 Sample Configuration ............................................................................................
43 Quality of Service (QoS)................................................................................ 718 Implementation Information ............................................................................................................ 718 Port-Based QoS Configurations .
RIP Configuration Example ......................................................................................................... 757 45 Remote Monitoring (RMON)........................................................................ 763 Implementation Information .
RADIUS Authentication and Authorization ................................................................................ 800 Configuration Task List for RADIUS ...........................................................................................
Setting Rate-Limit BPDUs ........................................................................................................... 834 Debugging Layer 2 Protocol Tunneling .............................................................................
Copy a Binary File to the Startup-Configuration ....................................................................... 857 Additional MIB Objects to View Copy Statistics ......................................................................... 857 Obtaining a Value for MIB Objects .
Configuring Loop Guard ............................................................................................................ 882 Displaying STP Guard Configuration ................................................................................
57 Virtual LANs (VLANs)...................................................................................... 913 Default VLAN ............................................................................................................................
RSTP and VLT .............................................................................................................................. 950 VLT Bandwidth Monitoring ..................................................................................
Sample Configuration Scenario for VLT Proxy Gateway ........................................................... 997 Configuring an LLDP VLT Proxy Gateway ....................................................................................... 999 61 Virtual Router Redundancy Protocol (VRRP).
1 About this Guide This guide describes the protocols and features that the Dell Networking Operating Software (OS) supports on the Z9500 system and provides configuration instructions and examples for implementing them. Though this guide contains information on protocols, it is not intended to be a complete reference.
2 Configuration Fundamentals The Dell Networking OS command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
• EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information.
CLI Command Mode Prompt Access Command NOTE: Access all of the following modes from CONFIGURATION mode. AS-PATH ACL Dell(config-as-path)# ip as-path access-list 10 Gigabit Ethernet Interface Dell(conf.
CLI Command Mode Prompt Access Command ROUTE-MAP Dell(config-route-map)# route-map ROUTER BGP Dell(conf-router_bgp)# router bgp BGP ADDRESS-FAMILY Dell(conf-router_bgp_af)# (for IPv4) Dell(conf- route.
CLI Command Mode Prompt Access Command MONITOR SESSION Dell(conf-mon-sess- sessionID )# monitor session OPENFLOW INSTANCE Dell(conf-of-instance- of- id )# openflow of-instance PORT-CHANNEL FAILOVER- G.
TenGigabitEthernet 0/8 unassigned YES Manual up up TenGigabitEthernet 0/9 unassigned YES Manual up up Rainier(conf)# do show version Dell Real Time Operating System Software Dell Operating System Version: 2.0 Dell Application Software Version: 9-5 Copyright (c) 1999-2014 by Dell Inc.
Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: • To list the keywords available in the current mode, enter ? at the prompt or after a keyword. • Enter ? after a command prompt lists all of the available keywords.
Short-Cut Key Combination Action CNTL-D Deletes character at cursor. CNTL-E Moves the cursor to the end of the line. CNTL-F Moves the cursor forward one character. CNTL-I Completes a keyword. CNTL-K Deletes all characters from the cursor to the end of the command line.
• show run | grep ethernet does not return that search result because it only searches for instances containing a non-capitalized “ethernet.” • show run | grep Ethernet ignore-case returns instances containing both “Ethernet” and “ethernet.
508 290 29 10000 0.00% 0.02% 0.09% 0 confdMgr 655 270 27 10000 0.00% 0.00% 0.09% 0 login 557 180 18 10000 0.00% 0.00% 0.06% 0 ipm 579 5670 567 10000 0.00% 0.00% 1.85% 0 confd 19 410 41 10000 0.00% 0.00% 0.00% 0 mount_mfs 22 0 0 0 0.00% 0.00% 0.00% 0 mount_mfs 533 0 0 0 0.
3 Getting Started This chapter describes how you start configuring your Z9500 operating software. When you power up the chassis, the system performs a power-on self test (POST) and loads the Dell Networking operating software. Boot messages scroll up the terminal window during this process.
Accessing the Console Port To access the console port, follow these steps: For the console port pinout, refer to Accessing the RJ-45 Console Port with a DB-9 Adapter . 1. Install an RJ-45 copper cable into the console port. Use a rollover (crossover) cable to connect the Z9500 console port to a terminal server.
• Characters within the string can be letters, digits, and hyphens. To create a host name, use the following command. • Create a host name. CONFIGURATION mode hostname name Example of the hostname Command Dell(conf)#hostname R1 R1(conf)# Accessing the System Remotely You can configure the system to access it remotely by Telnet or SSH.
no shutdown Configure a Management Route Define a path from the Z9500 to the network from which you are accessing the system remotely. Management routes are separate from IP routes and are only used to manage the Z9500 through the management port. • Configure a management route to the network from which you are accessing the system.
– encryption-type : specifies how you are inputting the password, is 0 by default, and is not required. * 0 is for inputting the password in clear text. * 7 is for inputting a password that is already encrypted using a DES hash. Obtain the encrypted password from the configuration file of another Dell Networking system.
• To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location. • To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination syntax for a local file location.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration.
• View a list of files on an external flash. EXEC Privilege mode dir usbflash: • View the running-configuration. EXEC Privilege mode show running-config • View the startup-configuration.
! redundancy auto-synchronize full redundancy disable-auto-reboot ! service timestamps log datetime ! logging coredump ! hostname pt-z9500-11 ! enable password 7 b125455cf679b208e79b910e85789edf ! use.
For a particular target where VRF is enabled, the show output is similar to the following: Feature State ------------------------------ VRF enabled View Command History The command-history trace feature captures all commands entered by all users of the system with a time stamp and writes these messages to a dedicated trace log buffer.
1. Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file is displayed next to the software image file on the iSupport page. 2. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy command.
4 Switch Management This chapter describes the switch management tasks supported on the Z9500. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined.
Allowing Access to CONFIGURATION Mode Commands To allow access to CONFIGURATION mode, use the privilege exec level level configure command from CONFIGURATION mode. A user that enters CONFIGURATION mode remains at his privilege level and has access to only two commands, end and exit .
• Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command. CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level { command ||.
Dell(conf)#line vty 0 Dell(config-line-vty)#? exit Exit from line configuration mode Dell(config-line-vty)# Applying a Privilege Level to a Username To set the user privilege level, use the following command. • Configure a privilege level for a user.
Audit and Security Logs This section describes how to configure, display, and clear audit and security logs. The following is the configuration task list for audit and security logs: • Enabling Audi.
• The network administrator and network operator user roles can view system events. NOTE: If extended logging is disabled, you can only view system events, regardless of RBAC user role.
Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server Dell(conf)#ip ssh server enable 2.
3. Configure logging to a local host. locahost is “127.0.0.1” or “::1”. If you do not, the system displays an error when you attempt to enable role-based only AAA authorization. Dell(conf)# logging localhost tcp port Dell(conf)#logging 127.0.0.
no logging console Sending System Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over UDP.
Jan 21 04:11:02: %SYSTEM:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 0/0 Jan 21 03:12:54: %SYSTEM:LP %CHMGR-2-PSU_FAN_SPEED_CHANGE: PSU_Fan speed changed to 60 % of the full speed Jan 2.
NOTE: When you decrease the buffer size, the operating system deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. • Specify the number of messages that the operating system saves to its logging history table.
– uucp (UNIX to UNIX copy protocol) Example of the show running-config logging Command To view non-default settings, use the show running-config logging command in EXEC mode.
• Add timestamp to syslog messages. CONFIGURATION mode service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] Specify the following optional parameters: – You can add the keyword localtime to include the localtime , msec , and show-timezone .
CONFIGURATION mode ftp-server enable Example of Viewing FTP Configuration Dell#show running ftp ! ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters.
ip ftp source-interface interface • Configure a password. CONFIGURATION mode ip ftp password password • Enter a username to use on the FTP client. CONFIGURATION mode ip ftp username name To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enable FTP Server .
Configuring Login Authentication for Terminal Lines You can use any combination of up to six authentication methods to authenticate a user on a terminal line.
login authentication myvtymethodlist Dell(config-line-vty)# Setting Time Out of EXEC Privilege Mode EXEC time-out is a basic security feature that returns the system to EXEC mode after a period of inactivity on the terminal lines. To set time out, use the following commands.
Connected to 10.11.80.203. Exit character is '^]'. Login: Login: admin Password: Dell>exit Dell#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'.
the following users are currently configuring the system: User "admin" on line vty1 ( 10.1.1.1 ) . NOTE: The CONFIGURATION mode lock corresponds to a VTY session, not a user.
4. At the BLI prompt, set the system parameter to ignore the startup configuration and reload the system: BOOT_USER# ignore startup-config BOOT_USER# reload NOTE: You must manually enter each CLI command. The system rejects a command if you copy and paste it in the command line.
• After the restore is complete, a switch reloads immediately. The following example shows how the restore factory-defaults command restores a switch to its factory default settings.
• To enable a TFTP boot after restoring factory default settings, you must stop the boot process using the boot-line interface (BLI). • The tftpboot command does not work after you perform a reset bootvar because the management IP address, network mask, and gateway IP address are all reset to NULL.
default-gateway gateway_ip_address For example, 10.16.150.254 . 6. The environment variables are auto saved. 7. Reload the system. BOOT_USER # reload Switch Management 77.
5 802.1X 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification.
Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant . The supplicant is not allowed to communicate on the network until the authenticator authorizes the port.
3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server.
EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79.
Important Points to Remember • The system supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS- CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [ range ] 3. Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication Examples of Verifying that 802.1X is Enabled Globally or on an Interface Verify that 802.
Configuring Request Identity Re-Transmissions If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the frame.
Example of Configuring and Verifying Port Authentication The following example shows configuration information for a port for which the authenticator re- transmits an EAP Request Identity frame: • a.
Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#show dot1x interface TenGigabitEthernet 0/0 802.
The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-0/0)#dot1x reauthentication interval 7200 Dell(conf-if-Te-0/0)#dot1x reauth-max 10 Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.
The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.
Figure 7. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X ) along with relevant RADIUS server configurations (refer to the illustration in Dynamic VLAN Assignment with Port Authentication ). 2. Make the interface a switchport so that it can be assigned to a VLAN.
If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network.
! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2.
6 Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps.
• VRF based IMPLICIT DENY Rules NOTE: In order for the VRF ACLs to take effect, ACLs configured in the Layer 3 CAM region must have an implicit-permit option.
• CAM Optimization User-Configurable CAM Allocation User-configurable content-addressable memory (CAM) allows you to specify the amount of memory space that you want to allocate for ACLs. To allocate ACL CAM, use the cam-acl command in CONFIGURATION mode.
• L3 Egress Access list ACLs and VLANs There are some differences when assigning ACLs to a VLAN rather than a physical port. For example, when using a single port-pipe, if you apply an ACL to a VLAN, one copy of the ACL entries is installed in the ACL CAM on the port-pipe.
Dell(conf-policy-map-in)#exit Dell(conf)#interface tengig 1/0 Dell(conf-if-te-1/0)#service-policy input pmap IP Fragment Handling The system supports a configurable option to explicitly deny IP fragmented packets, particularly second and subsequent packets.
If a packet’s L3 information matches the L3 information in the ACL line, the packet's FO is checked. • If a packet's FO > 0, the packet is permitted.
CONFIGURATION mode ip access-list standard access-listname 2. Configure a drop or forward filter. CONFIG-STD-NACL mode seq sequence-number {deny | permit} { source [ mask ] | any | host ip-address } [count [byte]] [order] [fragments] NOTE: When assigning sequence numbers to filters, keep in mind that you might need to insert a new filter.
Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters, you can let the system assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of five.
Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses.
CONFIG-EXT-NACL mode seq sequence-number {deny | permit} tcp {source mask | any | host ip- address }} [count [byte]] [order] [fragments] Example of the seq Command When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order.
(for example, the first filter was given the lowest sequence number). The show config command in IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10. Example of Viewing Filter Sequence for a Specified Extended ACL Dell(config-ext-nacl)#deny tcp host 123.
Using ACL VLAN Groups Use an ACL VLAN group to optimize ACL CAM usage by minimizing the number of CAM entries when you apply an egress IP ACL on the member interfaces of specified VLANs. When you apply an ACL on individual VLANs, the amount of CAM space required increases greatly because the ACL rules are saved for each VLAN ID.
Configuring an ACL VLAN Group Configure an ACL VLAN group to optimize ACL CAM use. NOTE: After you configure an ACL VLAN group, you must allocate CAM memory for ACL VLAN services to enable CAM optimization. See Allocating ACL VLAN CAM for more information.
Allocating ACL VLAN CAM CAM optimization for ACL VLAN groups is not enabled by default. You must allocate blocks of ACL VLAN CAM to enable ACL CAM optimization by using the cam-acl-vlan command.
ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range ] NOTE: The number of entries allowed per ACL is hardware-dependent. For detailed specification about entries allowed per ACL, refer to your line card documentation. 4. Apply rules to the new ACL.
seq 10 deny icmp any any seq 15 permit 1.1.1.2 Configure Egress ACLs Egress ACLs are supported on interfaces and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized traffic.
CONFIGURATION mode ip control-plane [egress filter] 2. Apply Egress ACLs to IPv6 system traffic. CONFIGURATION mode ipv6 control-plane [egress filter] 3. Create a Layer 3 ACL using permit rules with the count option to describe the desired CPU traffic.
• To deny routes with a mask less than /24, enter deny x.x.x.x/x le 24 . • To permit routes with a mask greater than /20, enter permit x.x.x.x/x ge 20 . The following rules apply to prefix lists: • A prefix list without any permit or deny filters allows all routes.
Example of Assigning Sequence Numbers to Filters If you want to forward all routes that do not match the prefix list criteria, configure a prefix list filter to permit all routes ( permit 0.0.0.0/0 le 32 ). The “permit all” filter must be the last filter in your prefix list.
Dell(conf-nprefixl)#show conf ! ip prefix-list awe seq 5 permit 123.23.0.0/16 seq 10 deny 133.0.0.0/8 Dell(conf-nprefixl)# To delete a filter, enter the show config command in PREFIX LIST mode and locate the sequence number of the filter you want to delete, then use the no seq sequence-number command in PREFIX LIST mode.
• Enter RIP mode. CONFIGURATION mode router rip • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a nonexistent prefix list, all routes are forwarded. CONFIG-ROUTER-RIP mode distribute-list prefix-list-name in [ interface ] • Apply a configured prefix list to outgoing routes.
Dell(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1 distribute-list prefix awe in Dell(conf-router_ospf)# ACL Resequencing ACL resequencing allows you to re-number the rules and remarks in an access or prefix list.
EXEC mode resequence prefix-list {ipv4 | ipv6} { prefix-list-name StartingSeqNum Step- to-Increment } Examples of Resequencing ACLs When Remarks and Rules Have the Same Number or Different Numbers The example shows the resequencing of an IPv4 access-list beginning with the number 2 and incrementing by 2.
remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.1 remark 6 this remark has no corresponding rule remark 8 this remark corresponds to permit ip any host 1.1.1.2 seq 8 permit ip any host 1.1.1.2 seq 10 permit ip any host 1.
Creating a Route Map Route maps, ACLs, and prefix lists are similar in composition because all three contain filters, but route map filters do not contain the permit and deny actions found in ACLs and prefix lists. Route map filters match certain routes and set or specify values.
Set clauses: tag 35 level stub-area Dell# The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route map, use the show route-map command.
route-map for any permit statement. If there is a match anywhere, the route is permitted. However, other instances of the route-map deny it. Example of the match Command to Permit and Deny Routes Dell.
CONFIG-ROUTE-MAP mode match ipv6 next-hop { access-list-name | prefix-list prefix-list-name } • Match source routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip route-source { access-list-name | prefix-list prefix-list-name } • Match source routes specified in a prefix list (IPv6).
set local-preference value • Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode set metric {+ | - | metric-value } • Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP address as the route’s next hop.
that have a next hop of Tengigabitethernet interface 0/0 and that have a metric of 255 are redistributed into the OSPF backbone area. NOTE: When re-distributing routes using route-maps, you must create the route-map defined in the redistribute command under the routing protocol.
set community 1:1 1:2 1:3 set as-path prepend 1 2 3 4 5 continue 30! 122 Access Control Lists (ACLs).
7 Bare Metal Provisioning (BMP) Starting with Dell Networking OS Release 9.2(1.0), BMP is supported on the Z9500 switch. This chapter describes the latest Bare Metal Provisioning (BMP) enhancements that apply to the Z9500. For details about supported BMP commands and configuration procedures, refer to the Dell Networking Open Automation Guide .
8 Bidirectional Forwarding Detection (BFD) BFD is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used.
NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client. BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet.
Field Description system clears the poll bit and sets the final bit in its response. The poll and final bits are used during the handshake and in Demand mode (refer to BFD Sessions ). NOTE: The Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear.
BFD Sessions BFD must be enabled on both sides of a link in order to establish a session. The two participating systems can assume either of two roles: Active The active system initiates the BFD session. Both systems can be active for the same session.
handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated. 4. The passive system receives the control packet and changes its state to Up.
receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 10. Session State Changes Important Points to Remember • On the Z9500, the s.
• Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness Configure BFD for Static Routes Configuring BFD for static routes is supported on the Z9500 switch.. BFD offers systems a link state detection mechanism for static routes.
R1(conf)#ip route 2.2.3.0/24 2.2.2.2 R1(conf)#ip route bfd R1(conf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.
agent on the line card notifies the BFD manager, which in turn notifies the OSPF protocol that a link state change occurred. NOTE: If you enable BFD after OSPF with a large number (more than 100) of OSPF neighbors on a VLAN port-channel and if the VLAN has more than one port-channel, BFD does not come up immediately.
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state.
INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command.
To disable BFD sessions, use the following commands. • Disable BFD sessions with all OSPFv3 neighbors. ROUTER-OSPFv3 mode no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6.
Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state.
Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface.
The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.
INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence.
Figure 14. Establishing Sessions with BGP Neighbors The sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command).
typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. 1. Enable BFD globally. CONFIGURATION mode bfd enable 2.
ROUTER BGP mode neighbor { ip-address | peer-group-name } bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor.
Examples of Verifying BGP Information The following example shows viewing a BGP configuration. R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.
Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.
The following example shows viewing BFD summary information. The bold line shows the message that displays when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.
Foreign host: 2.2.2.2, Foreign port: 179 R2# R2# show ip bgp neighbors 2.2.2.3 BGP neighbor is 2.2.2.3, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 .
Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 15. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command.
The following example shows viewing sessions with VRRP neighbors. The bold line shows that VRRP BFD sessions are enabled. R1(conf-if-te-4/25)#vrrp bfd all-neighbors R1(conf-if-te-4/25)#do show bfd nei.
Disabling BFD for VRRP If you disable any or all VRRP sessions, the sessions are torn down. A final Admin Down control packet is sent to all neighbors and sessions on the remote system change to the Down state.
9 Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking OS. BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS).
Figure 16. Interior BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network.
Figure 17. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started.
Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established.
Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speakers announce only the best route for a given prefix, route reflector rules are applied after the router makes its best path decision.
• Local Preference • Multi-Exit Discriminators (MEDs) • Origin • AS Path • Next Hop Best Path Selection Criteria Paths for active routes are grouped in ascending order according to their neighboring external AS number (BGP best path selection is deterministic by default, which means the bgp non- deterministic-med command is NOT applied).
Figure 19. BGP Best Path Selection Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command.
c. Paths with no MED are treated as “worst” and assigned a MED of 4294967295. 7. Prefer external (EBGP) to internal (IBGP) paths or confederation EBGP paths. 8. Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains.
and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B. Figure 20. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path.
Figure 21. Multi-Exit Discriminators Origin The origin indicates the origin of the prefix, or how the prefix came into BGP. There are three origin codes: IGP, EGP, INCOMPLETE. Origin Type Description IGP Indicates the prefix originated from information learned through an interior gateway protocol.
AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through. The local AS number is added by the BGP speaker when advertising to a eBGP neighbor. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold).
Implement BGP The following sections describe how BGP is implemented on the Z9500 switch. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones.
Ignore Router-ID for Some Best-Path Calculations You can avoid unnecessary BGP best-path transitions between external paths under certain conditions. The bgp bestpath router-id ignore command reduces network disruption caused by routing and forwarding plane changes and allows for faster convergence.
• All AS numbers between 0 and 65535 are represented as a decimal number, when entered in the CLI and when displayed in the show commands outputs. • AS Numbers larger than 65535 is represented using ASDOT notation as <higher 2 bytes in decimal>.
Example of the Running Configuration When AS Notation is Disabled AS NOTATION DISABLED Dell(conf-router_bgp)# no bgp asnotation Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.
Figure 22. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the “no prepend” option, the Local-AS does not prepend to the updates received from the eBGP peer.
BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances support for the BGP management information base (MIB) with many new simple network management protocol (SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4-mibv2-05 .
• High CPU utilization may be observed during an SNMP walk of a large BGP Loc-RIB. • To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number.
Table 7. BGP Default Values Item Default BGP Neighbor Adjacency changes All BGP neighbor changes are logged. Fast External Fallover feature Disabled Graceful Restart feature Disabled Local preference .
• as-number : from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format). Only one AS is supported per system. NOTE: If you enter a 4-Byte AS number, 4-Byte AS support is enabled automatically. a. Enable 4-Byte support for the BGP process.
To view the BGP configuration, enter show config in CONFIGURATION ROUTER BGP mode. To view the BGP status, use the show ip bgp summary command in EXEC Privilege mode.
The third line of the show ip bgp neighbors output contains the BGP State. If anything other than ESTABLISHED is listed, the neighbor is not exchanging information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Nettworking OS Command Line Interface Reference Guide .
neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.1 update-source Loopback 0 neighbor 192.168.10.1 no shutdown neighbor 192.168.12.2 remote-as 65123 neighbor 192.168.12.2 update-source Loopback 0 neighbor 192.
bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.
CONFIG-ROUTERBGP mode neighbor peer-group-name no shutdown By default, all peer groups are disabled. 3. Create a BGP neighbor. CONFIG-ROUTERBGP mode neighbor ip-address remote-as as-number 4. Enable the neighbor. CONFIG-ROUTERBGP mode neighbor ip-address no shutdown 5.
A neighbor may keep its configuration after it was added to a peer group if the neighbor’s configuration is more specific than the peer group’s and if the neighbor’s configuration does not affect outgoing updates.
10.68.160.1 10.68.161.1 10.68.162.1 10.68.163.1 10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.
BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.
router bgp 65517 neighbor test peer-group neighbor test fail-over neighbor test no shutdown neighbor 100.100.100.100 remote-as 65517 neighbor 100.100.100.
Maintaining Existing AS Numbers During an AS Migration The local-as feature smooths out the BGP network migration operation and allows you to maintain existing ASNs during a BGP network migration. When you complete your migration, be sure to reconfigure your routers with the new information and disable this feature.
Allowing an AS Number to Appear in its Own AS Path This command allows you to set the number of times a particular AS number can occur in the AS path. The allow-as feature permits a BGP speaker to allow the ASN to be present for a specified number of times in the update received from the peer, even if that ASN matches its own.
when they restart. This option provides support for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide .
This is the filter that is used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions. You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as Filters .
Regular Expressions as Filters Regular expressions are used to filter AS paths or community lists. A regular expression is a special character used to define a pattern that is then compared with an input string.
neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#neigh 10.155.15.2 filter-list 1 in Dell(conf-router_bgp)#ex Dell(conf)#ip as-path access-.
redistribute ospf process-id [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name ] Configure the following parameters: – process-id : the range is from 1 to 65535. – match external : the range is from 1 or 2.
The system also supports BGP Extended Communities as described in RFC 4360 — BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1. Create a community list and enter COMMUNITY-LIST mode. CONFIGURATION mode ip community-list community-list-name 2.
Configuring an IP Extended Community List To configure an IP extended community list, use these commands. 1. Create a extended community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2. Two types of extended communities are supported.
Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1. Enter the ROUTE-MAP mode and assign a name to a route map.
To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map.
Dell>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i 3.
CONFIG-ROUTER-BGP mode bgp default local-preference value – value : the range is from 0 to 4294967295. The default is 100 . To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode.
set next-hop ip-address Changing the WEIGHT Attribute To change how the WEIGHT attribute is used, enter the first command. You can also use route maps to change this and other BGP attributes. For example, you can include the second command in a route map to specify the next hop address.
• prefix lists (using the neighbor distribute-list command) • AS-PATH ACLs (using the neighbor filter-list command) • route maps (using the neighbor route-map command) Prior to filtering BGP routes, create the prefix list, AS-PATH ACL, or route map.
configure a prefix list filter to permit all routes. For example, you could have the following filter as the last filter in your prefix list permit 0.0.0.0/0 le 32). • After a route matches a filter, the filter’s action is applied. No additional filters are applied to the route.
ip as-path access-list as-path-name 2. Create a AS-PATH ACL filter with a deny or permit action. AS-PATH ACL mode {deny | permit} as-regular-expression 3. Return to CONFIGURATION mode. AS-PATH ACL exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5.
• Configure the local router as a route reflector and the neighbor or peer group identified is the route reflector client. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } route-reflector-client When you enable a route reflector, the system automatically enables route reflection to all clients.
• Specifies the confederation ID. CONFIG-ROUTER-BGP mode bgp confederation identifier as-number – as-number : from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte). • Specifies which confederation sub-AS are peers. CONFIG-ROUTER-BGP mode bgp confederation peers as-number [.
bgp dampening [ half-life | reuse | suppress max-suppress-time ] [route-map map-name ] Enter the following optional parameters to configure route dampening parameters: – half-life : the range is from 1 to 45. Number of minutes after which the Penalty is decreased.
• Change the best path selection method to non-deterministic. Change the best path selection method to non-deterministic. CONFIG-ROUTER-BGP mode bgp non-deterministic-med NOTE: When you change the b.
Changing BGP Timers To configure BGP timers, use either or both of the following commands. Timer values configured with the neighbor timers command override the timer values configured with the timers bgp command.
To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP router supports this capability, use the show ip bgp neighbors command.
Match a Clause with a Continue Clause The continue feature can exist without a match clause. Without a match clause, the continue clause executes and jumps to the specified route-map entry. With a match clause and a continue clause, the match clause executes first and the continue clause next in a specified route map entry.
• Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast support on a BGP neighbor/peer group.
• Enable soft-reconfiguration debug. EXEC Privilege mode debug ip bgp { ip-address | peer-group-name } soft-reconfiguration To enhance debugging of soft reconfig, use the bgp soft-reconfig-backup command only when route-refresh is not negotiated to avoid the peer from resending messages.
Last reset 00:00:12, due to Missing well known attribute Notification History 'UPDATE error/Missing well-known attr' Sent : 1 Recv: 0 'Connection Reset' Sent : 1 Recv: 0 Last notif.
Outgoing packet capture enabled for BGP neighbor 20.20.20.2 Available buffer size 40958758, 27 packet(s) captured using 562 bytes PDU[1] : len 41, captured 00:34:52 ago ffffffff ffffffff ffffffff ffff.
Figure 23. Sample Configurations Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int tengig 1/21 R1(conf-if-te-1/21)#ip address 10.
no shutdown R1(conf-if-te-1/31)#router bgp 99 R1(conf-router_bgp)#network 192.168.128.0/24 R1(conf-router_bgp)#neighbor 192.168.128.2 remote 99 R1(conf-router_bgp)#neighbor 192.168.128.2 no shut R1(conf-router_bgp)#neighbor 192.168.128.2 update-source loop 0 R1(conf-router_bgp)#neighbor 192.
R2(conf-if-te-2/31)#router bgp 99 R2(conf-router_bgp)#network 192.168.128.0/24 R2(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R2(conf-router_bgp)#neighbor 192.168.128.1 no shut R2(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 R2(conf-router_bgp)#neighbor 192.
no shutdown R3(conf-if-te-3/21)# R3(conf-if-te-3/21)#router bgp 100 R3(conf-router_bgp)#show config ! router bgp 100 R3(conf-router_bgp)#network 192.168.128.0/24 R3(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R3(conf-router_bgp)#neighbor 192.168.
neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown R1# R1#show ip bgp summary BGP router identifier 192.168.128.1, local AS number 99 BGP table version is 1, main routi.
Received 30 messages, 0 in queue 4 opens, 2 notifications, 4 updates 20 keepalives, 0 route refresh requests Sent 29 messages, 0 in queue 4 opens, 1 notifications, 4 updates 20 keepalives, 0 route ref.
Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.1 99 140 136 2 0 (0) 00:11:24 1 192.168.128.3 100 138 140 2 0 (0) 00:18:31 1 R2#show ip bgp neighbor BGP neighbor is 192.168.128.1, remote AS 99, internal link Member of peer-group AAA for session parameters BGP version 4, remote router ID 192.
85 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast.
Minimum time before advertisements start is 0 seconds Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) .
10 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On the Z9500, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. On a line card, there are one or two CAM (Dual-CAM) modules per port-pipe.
Current Settings(in block sizes) 1 block = 256 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 EcfmAcl : 0 nlbclusteracl: 0 Openflow : 0 -- linecard 2.
EXEC Privilege mode reload Test CAM Usage The test cam-usage command applies to both IPv4 and IPv6 CAM profiles, but is best used when verifying QoS optimization for IPv6 ACLs. Use this command to determine whether sufficient ACL CAM space is available to enable a service-policy.
IpMacAcl : 0 VmanQos : 0 EcfmAcl : 0 Openflow : 0 -- linecard 0 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 .
| | IN-L3-TrcList | 1024 | 0 | 1024 | | IN-L3-McastFib | 9215 | 0 | 9215 | | IN-L3-Qos | 8192 | 0 | 8192 | | IN-L3-PBR | 1024 | 0 | 1024 | | IN-V6 ACL | 0 | 0 | 0 | | IN-V6 FIB | 0 | 0 | 0 | | IN-V6-S.
Applications for CAM Profiling The following describes link aggregation group (LAG) hashing. LAG Hashing The Dell Networking OS includes a CAM profile and microcode that treats MPLS packets as non-IP packets. Normally, switching and LAG hashing is based on source and destination MAC addresses.
hardware forwarding-table mode Dell(conf)#hardware forwarding-table mode ? scaled-l3-hosts Forwarding table mode for scaling L3 host entries scaled-l3-routes Forwarding table mode for scaling L3 route entries Dell(conf)# Dell(conf)#hardware forwarding-table mode scaled-l3-hosts Hardware forwarding-table mode is changed.
11 Control Plane Policing (CoPP) Control plane policing (CoPP) protects the Z9500 routing, control, and line-card processors from undesired or malicious traffic and Denial of Service (DoS) attacks by filtering control-plane flows.
Queue-based Control Plane Policing When configuring a queue-based CoPP policy, take into account that there are twenty-four CP queues divided into groups of eight queues for the Route Processor, Control Processor, and line-card CPUs: • Queues 0 to 7 process packets destined to the Control Processor CPU .
19 — 1 20 Source miss, Station move, Trace flow 600 21 BFD 7000 22 HyperPull, FRRP 800 23 sFlow 5000 NOTE: In the line-card CPU, some queues have no protocol traffic mapped to them. These rows appear blank in the preceding table. CoPP Example The illustrations in this section show the benefit of using CoPP compared to not using CoPP on a switch.
Figure 25. CoPP Versus Non-CoPP Operation Configure Control Plane Policing You can create a CoPP service policy on a per-protocol and/or a per-queue basis that serves as the system-wide configuration for filtering and rate limiting control-plane traffic.
For complete information about creating ACL rules and QoS policies, refer to Access Control Lists (ACLs) and Quality of Service (QoS) . 1. Create a Layer 2 extended ACL for specified protocol traffic. CONFIGURATION mode mac access-list extended name permit {arp | frrp | gvrp | isis | lacp | lldp | stp} cpu-qos 2.
Dell(conf-ip-acl-cpuqos)#exit Dell(conf)#mac access-list extended lacp cpu-qos Dell(conf-mac-acl-cpuqos)#permit lacp Dell(conf-mac-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-icmp cpu-qos Dell(c.
Configuring CoPP for CPU Queues This section describes how to create a queue-based CoPP service policy and apply it to control plane traffic. Controlling traffic on the CPU queues of the control plane does not require ACL rules; only QoS rate- limiting policies are used.
Example of Assigning a QoS Policy to a CPU Queue Dell(conf)#policy-map-input cpuq_rate_policy cpu-qos Dell(conf-qos-policy-in)#service-queue 5 qos-policy cpuq_1 Dell(conf-qos-policy-in)#service-queue .
-------- --------------- --------- ----- ------ ----------- ARP any 0x0806 Q2/Q10/Q3/Q11 CP/RP 600 FRRP 01:01:e8:00:00:10/11 any Q22 LP 300 LACP 01:80:c2:00:00:02 0x8809 Q15 RP 500 LLDP any 0x88cc Q7 .
-------- ----- ------ --------------- ----------- ARP Q2/Q10/Q3/Q11 CP/RP 600 600 v6 ICMP NS Q2/Q10 CP/RP 600 600 v6 ICMP RS Q2/Q10 CP/RP 600 600 Viewing Complete Protocol-Queue Mapping To view the queues to which all protocol traffic is assigned, use the show protocol-queue-mapping command.
2000 ICMP Q6 CP 300 300 2000 2000 IGMP Q14 RP 300 300 2000 2000 PIM Q14 RP 300 300 2000 2000 MSDP Q14 RP 100 100 2000 2000 BFD Q13/Q21 RP/LP 7000 7000 3000 3000 802.
Troubleshooting CoPP Operation To troubleshoot CoPP operation, use the debug commands described in this section. Enabling CPU Traffic Statistics During high-traffic network conditions, you may want to manually enable the collection of CPU traffic statistics by entering the debug cpu-traffic-stats command.
system-flow layer2 [cp-switch | linecard slot-id portset port-pipe ] command. The number of hits for each system flow is also displayed. Dell#show hardware system-flow layer2 linecard 2 port-set 0 ###.
MASK=0x0000ffff ffffffff action={act=DropPrecedence, param0=1(0x1), param1=0(0), param2=0(0), param3=0(0)} action={act=Drop, param0=0(0), param1=0(0), param2=0(0), param3=0(0)} action={act=CosQCpuNew,.
--More-- ######################## FP Entry for VLT IGMP Sync frames ########################## --More-- ######################## FP Entry for VLT ARP Replies Tunneled ########################## --More.
GVRP 14988129080 551480 14987577600 ARP RESP/ARP REQ 29604578172 3559868 29601018304 802.1x 0 0 0 FEFD 0 0 0 FRRP 0 0 0 ECFM 0 0 0 L2PT 0 0 0 ISIS 0 0 0 BFD 0 0 0 BGP 0 0 0 v6 BGP 0 0 0 OSPF 0 0 0 v6 .
OSPF 0 0 0 RIP 0 0 0 VRRP 0 0 0 ICMP 0 0 0 IGMP 0 0 0 PIM 0 0 0 MSDP 0 0 0 BFD ON PHYSICAL PORTS 0 0 0 BFD ON LOGICAL PORTS 0 0 0 802.1x 0 0 0 iSCSI 0 0 0 DHCP RELAY 0 0 0 DHCP 0 0 0 NTP 0 0 0 FTP 0 0.
In the show output, Rx Counters displays the number of bytes of control-plane traffic received, on which queue-based rate limiting is applied. Tx Counters displays the number of bytes transmitted to a control- plane CPU after queue-based rate limiting is applied.
12 Data Center Bridging (DCB) NOTE: Data center bridging (DCB) is enabled in Z9500 switch. Ethernet Enhancements in Data Center Bridging The following section describes DCB.
transport protocols (for example, TCP) for reliable data transmission with the associated cost of greater processing overhead and performance impact. Storage traffic Storage traffic based on Fibre Channel media uses the Small Computer System Interface (SCSI) protocol for data transfer.
The system supports loading two DCB_Config files: • FCoE converged traffic with priority 3. • iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation.
low-latency storage or server cluster traffic in a traffic class to receive more bandwidth and restrict best- effort LAN traffic assigned to a different traffic class. The following figure shows how ETS allows you to allocate bandwidth when different traffic types are classed according to 802.
• Discovery of DCB capabilities on peer-device connections. • Determination of possible mismatch in DCB configuration on a peer link. • Configuration of a peer device over a DCB link. DCBx requires the link layer discovery protocol (LLDP) to provide the path to exchange DCB parameters with peer devices.
For DCB to operate effectively, you can classify ingress traffic according to its dot1p priority so that it maps to different data queues. The dot1p-queue assignments used are shown in the following table. To enable DCB, enable either the iSCSI optimization configuration or the FCoE configuration.
Networking OS 9.3(0.). Max Use Count mode provides the maximum value of the counters accumulated over a period of time. Priority Flow Control (PFC) provides a link level flow control mechanism, which is controlled independently for each frame priority.
percentages in all groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the committed rates. The bandwidth allocated to other priority groups is made available and allocated according to the specified percentages.
Step Task Command Command Mode Dell# interface tengigabitEthernet 1/1 Dell(config-if-te-1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port.
When configuring lossless queues on a port interface, consider the following points: • By default, no lossless queues are configured on a port. • A limit of two lossless queues are supported on a port. If the number of lossless queues configured exceeds the maximum supported limit per port (two), an error message is displayed.
The default dot1p priority-queue assignments are applied as follows: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 1 2 3 4 5 6 7 Queue : 2 0 1 3 4 5 6 7 Dell(conf)# NOTE: In Egress queue assignment (8 queues in S6000 and Z9500, 4 against in S5000 and S4810.
• Traffic may be interrupted when you reconfigure PFC no-drop priorities in a DCB map or re-apply the DCB map to an interface. • For PFC to be applied, the configured priority traffic must be supported by a PFC peer (as detected by DCBx).
• Traffic in priority groups is assigned to strict-queue or weighted round-robin (WRR) scheduling in an ETS configuration and is managed using the ETS bandwidth-assignment algorithm. Dell Networking OS de-queues all frames of strict-priority traffic before servicing any other queues.
When you configure priority groups in a DCB map: • A priority group consists of 802.1p priority values that are grouped together for similar bandwidth allocation and scheduling, and that share the same latency and loss requirements. All 802.1p priorities mapped to the same queue must be in the same priority group.
Priority group range is from 0 to 7. All priorities that map to the same queue must be in the same priority group. Leave a space between each priority group number.
context. For example, one of the Te/Fo interfaces can have pfc-dot1p priorities as 2 and 3. Whereas, the other Te/Fo interface(s) can have its pfc-dot1p priorities as 4 and 5. It is the user responsibility to have symmetric PFC configurations on the interfaces involved in a particular PFC-enabled traffic-flow to obtain lossless behavior.
Committed and peak bandwidth is in megabits per second. The range is from 0 to 40000. Committed and peak burst size is in kilobytes. Default is 50. The range is from 0 to 10000. 3. Configure the 802.1p priorities for the traffic on which you want to apply an ETS output policy.
• The DCBx port-role configurations determine the ETS operational parameters (refer to Configure a DCBx Operation ). • ETS configurations received from TLVs from a peer are validated. • If there is a hardware limitation or TLV error: – DCBx operation on an ETS port goes down.
QoS OUTPUT POLICY mode exit 5. Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port 6. Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface.
is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end).
Auto- downstream The port advertises its own configuration to DCBx peers but is not willing to receive remote peer configuration. The port always accepts internally propagated configurations from a configuration source.
NOTE: On a DCBx port, application priority TLV advertisements are handled as follows: • The application priority TLV is transmitted only if the priorities in the advertisement match the configured PFC priorities on the port.
A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports. Ports receiving auto-configuration information from the configuration source ignore their current settings and use the configuration source information.
Behavior of Tagged Packets The below is example for enabling PFC for priority 2 for tagged packets. Priority (Packet Dot1p) 2 will be mapped to PG6 on PRIO2PG setting. All other Priorities for which PFC is not enabled are mapped to default PG – PG7.
3. Dot1p->Queue Mapping Configuration is retained at the default value. Default dot1p-queue mapping is, Dell#show qos dot1p-queue-mapping Dot1p Priority : 0 1 2 3 4 5 6 7 Queue :2 0 1 3 4 5 6 7 4. Interface Configurations on server connected ports.
in the Link Layer Discovery Protocol (LLDP) chapter). If multiple DCBx peer ports are detected on a local DCBx interface, LLDP is shut down. • The CIN version of DCBx supports only PFC, ETS, and FCOE; it does not support iSCSI, backward congestion management (BCN), logical link down (LLDF), and network interface virtualization (NIV).
PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [ets-conf | ets-reco | pfc] • ets-conf : enables the advertisement of ETS Configuration TLVs. • ets-reco : enables the advertisement of ETS Recommend TLVs.
• auto : configures all ports to operate using the DCBx version received from a peer. • cee : configures a port to use CEE (Intel 1.01). cin configures a port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5 : configures a port to use IEEE 802.1Qaz (Draft 2.
The default is 0x10 . DCBx Error Messages The following syslog messages appear when an error in DCBx operation occurs. LLDP_MULTIPLE_PEER_DETECTED: DCBx is operationally disabled after detecting more than one DCBx peer on the port interface. LLDP_PEER_AGE_OUT: DCBx is disabled as a result of LLDP timing out on a DCBx peer interface.
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 11. Displaying DCB Configurations Command Output show dot1p-queue mapping Displays the current 802.
The following example shows the show dcb command. Dell#sh dcb linecard 2 port-set 0 DCB Status: Enabled, PFC Queue Count: 2 linecard Total Buffer PFC Total Buffer PFC Shared Buffer PFC Available Buffe.
Local is enabled Oper status is recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quanta Application Priority TLV Parameters : --.
Fields Description PFC DCBx Oper status Operational status for exchange of PFC configuration on local port: match (up) or mismatch (down). State Machine Type Type of state machine used for DCBx exchan.
4 0 0 5 0 0 6 0 0 7 0 0 The following example shows the show interface ets summary command. Dell(conf-qos-policy-out-ets)#do sho int te 1/3 ets su Interface TenGigabitEthernet 1/3 Max Supported TC Gro.
Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Priority# Bandwidth TSA 0 13% ETS 1 13% ETS 2 13% ETS 3 13% ET.
% Rate(Mbps) Burst(KB) Rate(Mpbs) Burst(KB) -------------------------------------------------------------------------------- -- 0 0,1,2,4,5,6,7 50 400 100 4000 400 ETS 1 3 50 - - - - ETS 2 - - - - - -.
Field Description priorities, and bandwidth allocation. If the ETS Admin mode is enabled on the remote port for DCBx exchange, the Willing bit received in ETS TLVs from the remote peer is included.
Number of Traffic Classes is 8 Admin mode is on Admin Parameters: -------------------- Admin is enabled PG-grp Priority# Bandwidth TSA ------------------------------------------------ 0 0,1,2,4,5,6,7 .
---------- Interface TenGigabitEthernet 2/12 Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx Compatibility mode is IEEEv2.5 Local DCBx Configured mode is IEEEv2.5 Peer Operating version is IEEEv2.
Table 14. show interface DCBx detail Command Description Field Description Interface Interface type with chassis slot and port number. Port-Role Configured DCBx port role: auto-upstream, auto- downstream, config-source, or manual.
Field Description Total DCBx Frames received Number of DCBx frames received from remote peer port. Total DCBx Frame errors Number of DCBx frames with errors received.
packet Dot1p and Dot1p based queue classification. This document will discuss the configurations required to support PFC for untagged packets based on incoming packet DSCP.
Figure 29. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification : The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table.
dot1p Value in the Incoming Frame Priority Group Assignment 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment.
Priority group 1 Assigns traffic to one priority queue with 20% of the link bandwidth and strict- priority scheduling. Priority group 2 Assigns traffic to one priority queue with 30% of the link bandwidth. Priority group 3 Assigns traffic to two priority queues with 50% of the link bandwidth and strict- priority scheduling.
When a device sends a pause frame to another device, the time for which the sending of packets from the other device must be stopped is contained in the pause frame. The device that sent the pause frame empties the buffer to be less than the threshold value and restarts the acceptance of data packets.
dcb enable 2. Configure the shared PFC buffer size and the total buffer size. A maximum of 4 lossless queues are supported. CONFIGURATION mode dcb pfc-shared-buffer-size 2000 dcb pfc-total-buffer-size 5000 3.
CONFIGURATION mode dcb pfc-total-buffer-size buffer-size sfm all 11. Configuring DCB global shared buffer on SFM ports. CONFIGURATION mode dcb pfc-shared-buffer-size buffer-size sfm all 12.
Sample Configurations Figure 30. Configure DCB end to end on this setup Sample configuration for RoCE traffic MXL Fab B1 and B2 Switches (RoCE Traffic Only) ! dcb enable iscsi enable ! interface TenGi.
Description Link to RoCE Adapter in Blade Server no ip address mtu 12000 portmode hybrid switchport no spanning-tree ! protocol lldp dcbx port-role auto-downstream no shutdown ! interface fortyGigE 0/.
vlt domain 2 peer-link port-channel 128 back-up destination <mgmipofremotepeer> interface Port-channel 128 no ip address mtu 12000 channel-member fortyGigE 0/56 no shutdown interface fortyGigE 0.
Description SOFS-RDMA no ip address mtu 12000 portmode hybrid switchport no spanning-tree dcb-map RoCE ! protocol lldp no shutdown ! interface TenGigabitEthernet 0/22 Description SOFS- iSCSI no ip add.
13 Debugging and Diagnostics This chapter describes the debugging and diagnostics tasks you can perform on the switch. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware.
EXEC Privilege mode show system brief 3. Start diagnostics on the switch. diag system unit When the tests complete, the system displays a syslog message: 00:13:17 : Diagnostic test results are stored on file: flash:/TestReport- LP-0.txt 00:13:19 : Diagnostic test results are stored on file: flash:/TestReport- LP-1.
Examples of Running Offline Diagnostics Example of Taking a Switch Offline Dell# offline system Warning - offline of system will bring down all the protocols and the system will be operationally down, except for running Diagnostics. The "reload" command is required for normal operation after the offline command is issued.
00:11:05 : Approximate time to complete the Diags (all levels)... 10 Mins 00:11:05: %Z9500LC12:0 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on linecard 0 00:11:05 : Approximate time to complete the Diags (all levels).
• Line-card CPU 2 is LP-2. • The Control Processor is CP. Example of a Test Log Report (All Levels) for Control Processor: TestReport-CP.txt Dell# show file flash://TestReport-CP.
PSU[2] sensor[2] temperature 23.0 C +PSU[2] test PASS PSU[3] sensor[0] temperature 37.0 C PSU[3] sensor[1] temperature 30.0 C PSU[3] sensor[2] temperature 21.0 C +PSU[3] test PASS psuTest ..................................................... PASS rtcTest .
+ HG Link Status Test for Fabric 3: PASSED + HG Link Status Test for Fabric 4: PASSED + HG Link Status Test for Fabric 5: PASSED fabricLinkStatusTest .
DELL DIAGNOSTICS-Z9500-CP00 [0] PPID -- NA PPID Rev -- NA Service Tag -- NA Part Number -- NA Part Number Revision -- NA SW Version -- 9.2(1.0B2) Available free memory: 2,646,888,448 bytes LEVEL 0 DIAGNOSTIC eepromTest ................................
ERROR: Unit 2 (Portcard 2): XE 11 is DOWN + XE Link Status Test for unit 2 (Portcard 2): FAILED portcardXELinkStatusTest .................................... FAIL qsfpOpticsTest .............................................. PASS qsfpPhyTest .........
Starting test: temperatureTest ...... Thermal Monitor Diodes: Diode[0] temperature 33.9 C Diode[1] temperature 35.0 C Diode[2] temperature 35.0 C Diode[4] temperature 34.5 C Port card[0]: Average temperature 38.3 C, maximum 41.1 C Port card[1]: Average temperature 40.
Auto Save on Reload, Crash, or Rollover Exception information for the switch is stored in the flash:/TRACE_LOG_DIR directory. This directory contains files that save trace information when there has been a task crash or timeout and trace information from the Route Processor and Control Processor CPUs.
show hardware linecard {0-2} buffer total-buffer • Display the modular packet buffers details per unit and the mode of allocation. show hardware linecard {0-2} buffer unit {0-3} total-buffer • Display the forwarding plane statistics containing the packet buffer usage per port per line card.
Troubleshoot a flap or fault condition on a HiGig backplane link by displaying the internal ports that are mapped to backplane links for control or data traffic and the status of backplane links. In the show hardware bp-link-state command output, 1 indicates that a backplane link is up; 0 indicates the a link is down.
-- Major Alarms -- Alarm Type Duration --------------------------------------------------------------------------- PEM 0 in unit 0 down 25 sec PEM 2 in unit 0 down 6 sec • Use the show environment pem command to display complete information on power supply operation.
To verify the transceiver plugged into a Z9500 port, use the show inventory media command. Dell#show inventory media Slot Port Type Media Serial Number F10Qualified -----------------------------------.
QSFP 168 BR max = 0 QSFP 168 BR min = 0 QSFP 168 Vendor SN = Z12I00005 QSFP 168 Datecode = 130117 QSFP 168 CheckCodeExt = 0xe8 QSFP 168 Diagnostic Information =================================== QSFP 168 Rx Power measurement type = Average =================================== QSFP 168 Temp High Alarm threshold = 80.
Minor Minor Off Major Major Off Shutdown S0 50 45 50 45 N/A S1 N/A N/A N/A N/A N/A S2 50 45 50 45 N/A S3 50 45 50 45 N/A S4 40 35 40 35 N/A S5 50 45 50 45 N/A S6 67 62 67 62 N/A S7 68 63 68 63 N/A S8 .
threshold crossings do not cause alarms, but are used to trigger increases in the speed of the system fans as needed to keep the component temperature within the desired range.
If the system is not able to cool down within one minute from the time the shutdown alarm is generated, a second alarm is triggered and the system shuts down immediately to avoid damaging any componen.
UNIT No: 0 Total Ingress Drops : 41694 Total IngMac Drops : 0 Total Mmu Drops : 0 Total EgMac Drops : 0 Total Egress Drops : 0 Dell#show hardware linecard 2 drops unit 0 UserPort PortNumber Ingress Dr.
0 0 0 Internal 58 0 0 0 0 0 Internal 59 0 0 0 0 0 Internal 60 0 0 0 0 0 Internal 61 0 0 0 0 0 Displaying Dataplane Statistics The show hardware linecard {0–2} cpu data-plane statistics command provides information about the packet types entering a line-card CPU.
Oversize frames recvd = 0 Fragments = 0 Jabber = 0 Dropped Frames = 0 Under/oversized frames = 0 FLR frames = 0 RCDE frames = 0 RCSE frames = 0 Dell#show hardware party-bus port 0 statistics Party Bus.
transmit statistics for a port-pipe unit on a specified line card, according to the command option you enter. Dell#show hardware linecard 0 unit 1 counters RUC.cpu0 : 528,687 +528,687 ING_NIV_RX_FRAMES.cpu0 : 528,687 +528,687 TDBGC6.cpu0 : 528,687 +528,687 PERQ_PKT(0).
NOTE: On the Z9500, when you enable core dumps of application crashes to be uploaded to an FTP server, only core dumps from the Control Processor are uploaded to the server.
command in global configuration mode. The kernel core dump is copied to flash://CORE_DUMP_DIR/ f10_ cpu _ timestamp .kcore.gz Where cpu specifies a Z9500 CPU and is one of the following values: cp (Co.
14 Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators.
Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Server Option 6 Specifies the domain name servers (DNSs) that are available to the client.
Option Number and Description Identifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Snooping Option 82 Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database.
Figure 32. Client and Server Messaging Implementation Information The following describes DHCP implementation. • Dell Networking implements DHCP based on RFC 2131 and RFC 3046.
Configure the System to be a DHCP Server A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient.
DHCP <POOL> mode network network/prefix-length • network : the subnet address. • prefix-length : specifies the number of bits used for the network portion of the address you specify. The prefix-length range is from 17 to 31. 4. Display the current pool configuration.
lease {days [hours] [minutes] | infinite} The default is 24 hours . Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client. To specify a default gateway, follow this step. • Specify default gateway(s) for the clients on the subnet, in order of preference.
Creating Manual Binding Entries An address binding is a mapping between the IP address and the media access control (MAC) address of a client. The DHCP server assigns the client an available IP address automatically, and then creates an entry in the binding table.
Configure the System to be a Relay Agent DHCP clients and servers request and offer configuration information via broadcast DHCP messages. Routers do not forward broadcasts, so if there are no DHCP servers on the subnet, the client does not receive a response to its request and therefore cannot access the network.
Figure 33. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int gig 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10.
ICMP redirects are not sent ICMP unreachables are not sent Configure the System to be a DHCP Client A DHCP client is a network device that requests an IP address and configuration parameters from a DHCP server. Implement the DHCP client functionality as follows: • The switch can obtain a dynamically assigned IP address from a DHCP server.
DHCP Client Operation with Other Features A DHCP client also operates with the following software features. Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel (LAG) interfaces as on a physical interface.
• Source Address Validation Option 82 RFC 3046 (the relay agent information option, or Option 82) is used for class-based IP address assignment. The code for the relay agent information option is 82, and is comprised of two sub-options, circuit ID and remote ID.
packet arrived on the correct port. Packets that do not pass this check are forwarded to the server for validation. This checkpoint prevents an attacker from spoofing a client and declining or releasing the real client’s address. Server-originated packets (DHCPOFFER, DHCPACK, and DHCPNACK) that arrive on a not trusted port are also dropped.
ipv6 dhcp snooping trust 3. Enable IPv6 DHCP snooping on a VLAN or range of VLANs. CONFIGURATION mode ipv6 dhcp snooping vlan vlan-id Adding a Static Entry in the Binding Table To add a static entry in the binding table, use the following command. • Add a static entry in the binding table.
Dell#show ip dhcp snooping IP DHCP Snooping : Enabled. IP DHCP Snooping Mac Verification : Disabled. IP DHCP Relay Information-option : Disabled. IP DHCP Relay Trust Downstream : Disabled.
IPv6 DHCP Snooping MAC-Address Verification Configure to enable verify source mac-address in the DHCP packet against the mac address stored in the snooping binding table.
packets addressed to the client to it. As a result, the attacker is able to sniff all packets to and from the client. Other attacks using ARP spoofing include: Broadcast An attacker can broadcast an ARP reply that specifies FF:FF:FF:FF:FF:FF as the gateway’s MAC address, resulting in all clients broadcasting all internet-bound packets.
--------------------------------------------------------------------- Internet 10.1.1.251 - 00:00:4d:57:f2:50 Te 0/2 Vl 10 CP Internet 10.1.1.252 - 00:00:4d:57:e6:f6 Te 0/1 Vl 10 CP Internet 10.1.1.253 - 00:00:4d:57:f8:e8 Te 0/3 Vl 10 CP Internet 10.1.
Enabling IP Source Address Validation IP source address validation (SAV) prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP binding table. A spoofed IP packet is one in which the IP source address is strategically chosen to disguise the attacker.
3. Reload the system. EXEC Privilege reload 4. Enable IP+MAC SAV. INTERFACE mode ip dhcp source-address-validation ipmac The system creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface.
15 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) supports multiple paths in next-hop packet forwarding to a destination device. ECMP for Flow-Based Affinity ECMP for flow-based affinity includes link bundle monitoring.
NOTE: While the seed is stored separately on each port-pipe, the same seed is used across all CAMs. NOTE: You cannot separate LAG and ECMP, but you can use different algorithms across the chassis with the same seed.
NOTE: Save the new ECMP settings to the startup-config ( write-mem ) then reload the system for the new settings to take effect. • Configure the maximum number of paths per ECMP group. CONFIGURATION mode. ip ecmp-group maximum-paths { 2-64 } • Enable ECMP group path management.
The default is 60% . • Display details for an ECMP group bundle. EXEC mode show link-bundle-distribution ecmp-group ecmp-group-id The range is from 1 to 64. Viewing an ECMP Group NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when you configure multipath routes to the same network.
-------------------------------------------------- [ 132] 20::1 00:00:20:d5:ec:a0 Fo 0/16 0 1 [ 132] 20::1 00:00:20:d5:ec:a1 Fo 0/24 0 1 To re-enable programming of IPv6 /128 route prefixes in the LPM table, use the no ipv6 unicast- host-route command.
16 FCoE Transit The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a Z9500 switch.
requirement for point-to-point connections by creating a unique virtual link for each connection between an FCoE end-device and an FCF via a transit switch.
Figure 34. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF.
FCoE- generated ACLs These take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames. The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network. The top-of-rack (ToR) switch operates as an FCF for FCoE traffic.
• Allocate CAM resources for FCoE. • Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. • To assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in, set the FCoE MAC address prefix (FC-MAP) value an FCF uses.
Important Points to Remember • Enable DCBx on the switch before enabling the FIP Snooping feature. • To enable the feature on the switch, configure FIP Snooping. • To allow FIP frames to pass through the switch on all VLANs, enable FIP snooping globally on a switch.
Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configure FIP Snooping . As soon as you enable the FCoE transit feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied.
Configure a Port for a Bridge-to-FCF Link If a port is directly connected to an FCF, configure the port mode as FCF. Initially, all FCoE traffic is blocked; only FIP frames are allowed to pass.
To enable FCoE transit on the switch and configure the FCoE transit parameters on ports, follow these steps. 1. Configure FCoE. FCoE configuration: copy flash:/ CONFIG_TEMPLATE/ FCoE_DCB_Config running-config The configuration files are stored in the flash memory in the CONFIG_TEMPLATE file.
FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch).
Example of Enabling an FC-MAP Value on a VLAN Dell(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01 NOTE: Configuring an FC-MAP value is only required if you do not use the default FC-MAP value (0x0EFC00).
Command Output show fip-snooping enode [ enode-mac- address ] Displays information on the ENodes in FIP- snooped sessions, including the ENode interface and MAC address, FCF MAC address, VLAN ID and FC-ID.
Table 22. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected.
The following example shows the show fip-snooping fcf command. Dell# show fip-snooping fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No. of Enodes ------- ------------- ---- ------ -------------- ------------- 54:7f:ee:37:34:40 Po 22 100 0e:fc:00 4000 2 The following table describes the show fip-snooping fcf command fields.
Number of FLOGI :1 Number of FDISC :16 Number of FLOGO :0 Number of Enode Keep Alive :4416 Number of VN Port Keep Alive :3136 Number of Multicast Discovery Advertisement :0 Number of Unicast Discovery.
Field Description Number of FLOGI Number of FIP-snooped FLOGI request frames received on the interface. Number of FDISC Number of FIP-snooped FDISC request frames received on the interface. Number of FLOGO Number of FIP-snooped FLOGO frames received on the interface.
The following example shows the show fip-snooping vlan command. Dell# show fip-snooping vlan * = Default VLAN VLAN FC-MAP FCFs Enodes Sessions ---- ------ ---- ------ -------- *1 - - - - 100 0X0EFC00 .
17 Enabling FIPS Cryptography Federal information processing standard (FIPS) cryptography provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.
Enabling FIPS Mode To enable or disable FIPS mode, use the console port. Secure the host attached to the console port against unauthorized access. Any attempts to enable or disable FIPS mode from a virtual terminal session are denied. When you enable FIPS mode, the following actions are taken: • If enabled, the SSH server is disabled.
Monitoring FIPS Mode Status To view the status of the current FIPS mode (enabled/disabled), use the following commands. • Use either command to view the status of the current FIPS mode.
• To disable FIPS mode from a console port. CONFIGURATION mode no fips mode enable The following Warning message displays: WARNING: Disabling FIPS mode will close all SSH/Telnet connections, restart those servers, and destroy all configured host keys.
18 Flex Hash This chapter describes the Flex Hash enhancements. Flex Hash Capability Overview This functionality is supported on the platform. The flex hash functionality enables you to configure a packet search key and matches packets based on the search key.
When load balancing RRoCE packets using flex hash is enabled, the show ip flow command is disabled. Similarly, when the show ip flow command is in use (ingress port-based load balancing is disabled), the hashing of RRoCE packets is disabled.
RRoCE packets are received and transmitted on specific interfaces called lite-subinterfaces. These interfaces are similar to the normal Layer 3 physical interfaces except for the extra provisioning that they offer to enable the VLAN ID for encapsulation.
19 Force10 Resilient Ring Protocol (FRRP) Force10 resilient ring protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses.
A virtual LAN (VLAN) is configured on all node ports in the ring. All ring ports must be members of the Member VLAN and the Control VLAN. The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring.
Multiple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system. More than the recommended number of rings may cause interface instability. You can configure multiple rings with a single switch connection; a single ring can have multiple FRRP groups; multiple rings can be connected with a common link.
Concept Explanation Control VLAN Each ring has a unique Control VLAN through which tagged ring health frames (RHF) are sent. Control VLANs are used only for sending RHF, and cannot be used for any other purpose. Member VLAN Each ring maintains a list of member VLANs.
Concept Explanation There is no periodic transmission of TCRHFs. The TCRHFs are sent on triggered events of ring failure or ring restoration only. Implementing FRRP • FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor.
Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to Layer 2 . Be sure to follow these guidelines: • All VLANS must be in Layer 2 mode.
4. Configure the Master node. CONFIG-FRRP mode. mode master 5. Identify the Member VLANs for this FRRP group. CONFIG-FRRP mode. member-vlan vlan-id { range } VLAN-ID, Range : VLAN IDs for the ring’s member VLANS.
Interface : • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Slot/Port, Range : Slot and Port ID for the interface.
Viewing the FRRP Configuration To view the configuration for the FRRP group, use the following command. • Show the configuration for this FRRP group. CONFIG-FRRP mode. show configuration Viewing the FRRP Information To view general FRRP information, use one of the following commands.
no shutdown ! interface TengigabitEthernet 1/34 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged TengigabitEthernet 1/24,34 no shutdown ! interface Vlan 201 no ip address.
! interface Vlan 101 no ip address tagged TengigabitEthernet 3/14,21 no shutdown ! interface Vlan 201 no ip address tagged TengigabitEthernet 3/14,21 no shutdown ! protocol frrp 101 interface primary .
20 GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches. GVRP-compliant switches use GARP to register and de-register attribute values, such as VLAN IDs, with each other.
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged.
Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp.
not be unconfigured when it receives a Leave PDU. Therefore, the registration mode on that interface is FIXED. • Forbidden Mode — Disables the port to dynamically register VLANs and to propagate VLAN information except information about VLAN 1.
LeaveAll Timer 5000 Dell(conf)# The system displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer .
21 Internet Group Management Protocol (IGMP) Internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group. Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group.
Figure 38. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group.
response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences.
Figure 40. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.
Figure 41. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.
Figure 42. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command.
• Fast Convergence after MSTP Topology Changes • Designating a Multicast Router Interface Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP. To view IGMP-enabled interfaces, use the following command.
IGMP version is 3 Dell(conf-if-te-1/13)# Viewing IGMP Groups To view both learned and statically configured IGMP groups, use the following command. • View both learned and statically configured IGMP groups.
INTERFACE mode ip igmp query-interval • Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval.
Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). Then, after no response, it removes the group from the outgoing interface for the subnet.
• View the configuration. CONFIGURATION mode show running-config • Disable snooping on a VLAN. INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks • Removing a Group-Port Associa.
• Configure the switch to only forward unregistered packets to ports on a VLAN that are connected to mrouter ports. CONFIGURATION mode no ip igmp snooping flood Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN, use the following commands.
ip igmp snooping last-member-query-interval Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, the system sends a general query out of all ports except the multicast router ports.
22 Interfaces This chapter describes interface types, both physical and logical, and how to configure them on the Z9500 switch. • 10-Gigabit Ethernet and 40-Gigabit Ethernet interfaces are supported on the Z9500.
to top in multiples of four, starting with zero; for example, 0, 4, 8, 12, and so on. When a breakout cable is installed, the resulting four 10GbE ports are numbered with the remaining numbers. For example, 40GbE port 0 contains 10GbE ports 0, 1, 2, and 3; 40GbE port 4 contains 10GbE ports 4, 5, 6, and 7.
• Lists all configurable interfaces on the chassis. EXEC mode show interfaces This command has options to display the interface status, IP and MAC addresses, and multiple counters for the amount and type of traffic passing through the interface.
To view which interfaces are enabled for Layer 3 data transmission, use the show ip interfaces brief command in EXEC Privilege mode. In the following example, TengigabitEthernet interface 1/5 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally up.
• For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. 2. Enable the interface. INTERFACE mode no shutdown To confirm that the interface is enabled, use the show config command in INTERFACE mode. To leave INTERFACE mode, use the exit command or end command.
interconnect links run across 40-Gigabit Ethernet internal ports. A 40-Gigabit Ethernet internal port is also referred to as a HiGig port. On the Z9500, each NPU that constitutes a port pipe processes traffic from a set of front-end I/O ports. In the command-line interface, a Z9500 NPU is entered as unit unit-number .
Example of a Basic Layer 2 Interface Configuration Dell(conf-if)#show config ! interface Port-channel 1 no ip address switchport no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands.
no ip address switchport no shutdown Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Te 1/2. Dell(conf-if)# To determine the configuration of an interface, use the show config command in INTERFACE mode or the various show interface commands in EXEC mode.
Egress Interface Selection (EIS) EIS allows you to isolate the management and front-end port domains by preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports.
Management Interfaces The Z9500 supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system. Configuring a Dedicated Management Interface The dedicated Management interface provides management access to the system.
Global IPv6 address: 1::1/ Global IPv6 address: 2::1/64 Virtual-IP is not set Virtual-IP IPv6 address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode full duplex ARP type: ARPA,.
Example of the show interface and show ip route Commands To display the configuration for a given port, use the show interface command in EXEC Privilege mode, as shown in the following example. To display the routing table, use the show ip route command in EXEC Privilege mode.
• Configure an IP address and mask on the interface. INTERFACE mode ip address ip-address mask [secondary] – ip-address mask : enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). – secondary : the IP address is the interface’s backup IP address.
• Enter INTERFACE mode of the Null interface. CONFIGURATION mode interface null 0 The only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.
Member ports of a LAG are added and programmed into the hardware in a predictable order based on the port ID, instead of in the order in which the ports come up. With this implementation, load balancing yields predictable results across line card resets and chassis reloads.
• Adding a Physical Interface to a Port Channel (mandatory) • Reassigning an Interface to a New Port Channel (optional) • Configuring the Minimum Oper Up Links in a Port Channel (optional) • A.
To add a physical interface to a port, use the following commands. 1. Add the interface to a port channel. INTERFACE PORT-CHANNEL mode channel-member interface The interface variable is the physical interface type and slot/port information. 2. Double check that the interface was added to the port channel.
When more than one interface is added to a Layer 2-port channel, the system selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief command indicates the primary port.
Dell(conf-if-portch)#int port 5 Dell(conf-if-portch)#channel te 1/8 Dell(conf-if-portch)#show conf ! interface Port-channel 5 no ip address channel-member TengigabitEthernet 1/8 shutdown Dell(conf-if-.
no untagged port-channel id number • Identify which port channels are members of VLANs. EXEC Privilege mode show vlan Assigning an IP Address to a Port Channel You can assign an IP address to a port channel and use port channels in Layer 3 routing protocols.
Load-Balancing Methods By default, LAG hashing uses the source IP, destination IP, source transmission control protocol (TCP)/ user datagram protocol (UDP) port, and destination TCP/UDP port for hash computation. For packets without a Layer 3 header, the system automatically uses load-balance mac source-dest-mac .
Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor1 lag crc16 Dell(conf)# The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crc- lower . This command takes the lower 32 bits of the hash key to compute the egress port.
• Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single range. Example of the interface range Command (Single Range) Dell(config)# interface ran.
Commas The following is an example of how to use commas to add different interface types to the range, enabling all Ten Gigabit Ethernet interfaces in the range 5/1 to 5/23 and both Ten Gigabit Ethernet interfaces 1/1 and 1/2.
Define the Interface Range The following example shows how to define an interface-range macro named “test” to select 10– GigabitEthernet interfaces 5/1 through 5/4.
• a — Page down • q — Quit Dell#monitor interface te 3/1 FTOS uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.
Use the clear hardware sfm hg-stats and clear hardware linecard hg-stats commands to reset HiGig port statistics. Link Bundle Monitoring Monitoring linked LAG bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time.
You can enable the capability to detect uneven traffic distribution in the member links of a HiGig link bundle on a line-card or SFM NPU. You can also enable a notification to be sent using alarms and SNMP traps. The algorithm used to determine uneven distribution of traffic is predefined.
• You can enable SNMP traps and syslog messages to be generated when an uneven traffic distribution is detected in a HiGig link bundle. • Traffic distribution in a HiGig link bundle is calculated as the bandwidth-weighted mean use of all links in the bundle.
Splitting QSFP Ports to SFP+ Ports The Z9500 supports splitting a single 40G QSFP port into four 10G SFP+ ports without reload using a supported breakout cable. (For the link to a list of supported cables, refer to the Z9500 Installation Guide or the Z9500 Release Notes ).
NOTE: Trident2 chip sets do not work at 1G speeds with auto-negotiation enabled. As a result, when you peer any device using SFP, the link does not come up if auto-negotiation is enabled. Therefore, you must disable auto-negotiation on platforms that currently use Trident2 chip sets (S6000 and Z9000).
SFP+ 0 Encoding = 0x00 ……………… ……………… SFP+ 0 Diagnostic Information =================================== SFP+ 0 Rx Power measurement type = OMA =================================== SFP+ 0 Temp High Alarm threshold = 0.000C SFP+ 0 Voltage High Alarm threshold = 0.
NOTE: In the following show interfaces tengigbitethernet transceiver commands, the ports 5,6, and 7 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is inserted into these ports.
QSFP 0 Diagnostic Information =================================== QSFP 0 Rx Power measurement type = OMA =================================== QSFP 0 Temp High Alarm threshold = 0.000C QSFP 0 Voltage High Alarm threshold = 0.000V QSFP 0 Bias High Alarm threshold = 0.
Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP type is 1GBASE …………………… LineSpeed 1000 Mbit Dell#show interfaces ten.
the interface becomes stable and the penalty decays below a certain threshold, the interface comes up again and the routing protocols re-converge. Link dampening: • reduces processing on the CPUs by reducing excessive interface flapping. • improves network stability by penalizing misbehaving interfaces and redirecting traffic.
Clearing Dampening Counters To clear dampening counters and accumulated penalties, use the following command. • Clear dampening counters. clear dampening Example of the clear dampening Command Dell#.
The globally assigned 48-bit Multicast address 01-80-C2-00-00-01 is used to send and receive pause frames. To allow full-duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to this multicast address.
– tx on : enter the keywords tx on to send control frames from this port to the connected device when a higher rate of traffic is received. – tx off : enter the keywords tx off so that flow control frames are not sent from this port to the connected device when a higher rate of traffic is received.
• The VLAN link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the VLAN members. For example, the VLAN contains tagged members with Link MTU of 1522 and IP MTU of 1500 and untagged members with Link MTU of 1518 and IP MTU of 1500.
View Advanced Interface Information The following options have been implemented for the show [ip | running-config] interfaces commands for (only) linecard interfaces. When you use the configured keyword, only interfaces that have non-default configurations are displayed.
The following example shows how to configure rate interval when changing the default value. To configure the number of seconds of traffic statistics to display in the show interfaces output, use the following command. • Configure the number of seconds of traffic statistics to display in the show interfaces output.
Rate info (interval 100 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h42m Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB.
– (OPTIONAL) To clear statistics for all VRRP groups configured, enter the keyword vrrp . Enter a number from 1 to 255 as the vrid . – (OPTIONAL) To clear unknown source address (SA) drop counters when you configure the MAC learning limit on the interface, enter the keywords learning-limit .
23 Internet Protocol Security (IPSec) Internet protocol security (IPSec) is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways.
Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. 1. Define the transform set. CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp- encryption des 2. Define the crypto policy.
24 IPv4 Routing IPv4 routing and various IP addressing features are supported. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS.
• Configuring Static Routes (optional) • Configure Static Routes for the Management Interface (optional) For a complete listing of all commands related to IP addressing, refer to the Dell Networking OS Command Line Reference Guide .
! Dell(conf-if)# Dell(conf-if)#show conf ! interface TengigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown ! Dell(conf-if)# Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF).
S 6.1.2.14/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.15/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.16/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.
To view the configuration, use the show config command in INTERFACE mode. Resolution of Host Names Domain name service (DNS) maps host names to IP addresses. This feature simplifies such commands as Telnet and FTP by allowing you to enter a name instead of an IP address.
Specifying the Local System Domain and a List of Domains If you enter a partial domain, the system can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot.
Dell#traceroute www.force10networks.com Translating "www.force10networks.com"...domain server (10.11.0.1) [OK] Type Ctrl-C to abort. ---------------------------------------------------------------------- Tracing the route to www.force10networks.
Configuring Static ARP Entries ARP dynamically maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static ARP) for the ARP cache. To configure a static ARP entry, use the following command.
– ip ip-address (OPTIONAL): enter the keyword ip then the IP address of the ARP entry you wish to clear. – no-refresh (OPTIONAL): enter the keywords no-refresh to delete the ARP entry from CAM. Or to specify which dynamic ARP entries you want to delete, use this option with interface or ip ip-address .
Figure 44. ARP Learning via ARP Request When you enable ARP learning via gratuitous ARP, the system installs a new ARP entry, or updates an existing entry for all received ARP requests.
CONFIGURATION mode arp backoff-time The default is 30 . The range is from 1 to 3600. • Display all ARP entries learned via gratuitous ARP. EXEC Privilege mode show arp retries ICMP For diagnostics, .
UDP Helper User datagram protocol (UDP) helper allows you to direct the forwarding IP/UDP broadcast traffic by creating special broadcast addresses and rewriting the destination IP address of packets to match those addresses. Configure UDP Helper Configuring the system to direct UDP broadcast is a two-step process: 1.
-------------------------------------------------- Te 1/1 1000 Configuring a Broadcast Address To configure a broadcast address, use the following command. • Configure a broadcast address on an interface. ip udp-broadcast-address Examples of Configuring and Viewing a Broadcast Address The following example shows configuring a broadcast address.
1. Packet 1 is dropped at ingress if you did not configure UDP helper address. 2. If you enable UDP helper (using the ip udp-helper udp-port command), and the UDP destination port of the packet matches the UDP port configured, the system changes the destination address to the configured broadcast 1.
Figure 47. UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces.
• If the Incoming packet has a destination IP address that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command.
25 IPv6 Routing Internet protocol version 6 (IPv6) routing is the successor to IPv4. Due to the rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion.
NOTE: The system provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS). By default, RA response messages are sent when an RS message is received. The manipulation of IPv6 stateless autoconfiguration supports the router side only.
IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 49. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling.
The following lists the Next Header field values. Value Description 0 Hop-by-Hop option header 4 IPv4 6 TCP 8 Exterior Gateway Protocol (EGP) 41 IPv6 43 Routing header 44 Fragmentation header 50 Encry.
However, if the Destination Address is a Hop-by-Hop options header, the Extension header is examined by every forwarding router along the packet’s route. The Hop-by-Hop options header must immediately follow the IPv6 header, and is noted by the value 0 (zero) in the Next Header field.
of double colons is supported in a single address. Any number of consecutive 0000 groups may be reduced to two colons, as long as there is only one double colon used in an address. Leading and/or trailing zeros in a group can also be omitted (as in ::1 for localhost, 1:: for network addresses and :: for unspecified addresses).
IPv6 Implementation on the Dell Networking OS The Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform.
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location Z9000 IS-IS for IPv6 support for redistribution 8.3.11 Intermediate System to Intermediate System IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide .
Configuring the LPM Table for IPv6 Extended Prefixes The LPM CAM table consists of two partitions: Partition I for IPv6 /65-/128 route-prefix entries and Partition II for IPv6 0/0-/64 and IPv4 0/0-0/32 route-prefix entries. You must reconfigure LPM CAM to allow IPv6 /65-/128 route prefixes to be stored in Partition I.
Figure 50. Path MTU Discovery Process IPv6 Neighbor Discovery The IPv6 neighbor discovery protocol (NDP) is a top-level protocol for neighbor discovery on an IPv6 network.
Figure 51. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers.
Example for Configuring an IPv6 Recursive DNS Server The following example configures a RDNNS server with an IPv6 address of 1000::1 and a lifetime of 1 second.
ff02::1 ff02::2 ff02::1:ff00:12 ff02::1:ff8b:7570 ND MTU is 0 ICMP redirects are not sent DAD is enabled, number of DAD attempts: 3 ND reachable time is 20120 milliseconds ND base reachable time is 30.
Adjusting Your CAM Profile Although adjusting your CAM profile is not a mandatory step, if you plan to implement IPv6 ACLs, Dell Networking recommends that you adjust your CAM settings. The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks.
You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host, per RFC 4861.
Configuring Telnet with IPv6 The Telnet client and server on a switch supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router. • Enter the IPv6 Address for the device.
prefix-list List IPv6 prefix lists route IPv6 routing information rpf RPF table Dell# Displaying an IPv6 Configuration To view the IPv6 configuration for a specific interface, use the following command. • Display the currently running configuration for a specified interface.
• Display IPv6 routing information for the specified route type. EXEC mode show ipv6 route type The following keywords are available: – To display information about a network, enter ipv6 address (X:X:X:X::X). – To display information about a host, enter hostname .
S 8888:9999:5555:6666:1111:2222::/96 [1/0] via 2222:2222:3333:3333::1, Te 9/1, 00:03:16 S 9999:9999:9999:9999::/64 [1/0] via 8888:9999:5555:6666:1111:2222:3333:4444, 00:03:16 Displaying the Running Configuration for an Interface To view the configuration for any interface, use the following command.
26 iSCSI Optimization This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic.
• iSCSI monitoring sessions — the switch monitors and tracks active iSCSI sessions in connections on the switch, including port information and iSCSI session information. • iSCSI QoS — A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic.
Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 27. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting iSCSI CoS mode (802.
NOTE: Content addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks.
• ip-address specifies the IP address of the iSCSI target. When you enter the no form of the command, and the TCP port you want to delete is one bound to a specific IP address, include the IP address value in the command.
[no] iscsi profile-compellent . The default is: Compellent disk arrays are not detected. Displaying iSCSI Optimization Information To display information on iSCSI optimization, use the following show commands. • Display the currently configured iSCSI settings.
Dell# show iscsi session detailed Session 0: ------------------------------------------------------------ Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.
NOTE: By default, CAM allocation for iSCSI is set to 0. This disables session monitoring. Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer The following behavior occurs during synchronization of iSCSI sessions.
If more than 256 simultaneous sessions are logged continuously, the following message displays indicating the queue rate limit has been reached: %Z9500LC48:1 %ACL_AGENT-3-ISCSI_OPT_MAX_SESS_LIMIT_REAC.
• Configure a port connected to a Dell Compellent storage array. INTERFACE Configuration mode iscsi profile-compellent The command configures a port for the best iSCSI traffic conditions.
27 Intermediate System to Intermediate System The intermediate system to intermediate system (IS-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. The IS-IS protocol standards are listed in the Standards Compliance chapter.
• area address — within your routing domain or area, each area must have a unique area value. The first byte is called the authority and format indicator (AFI). • system address — the router’s MAC address. • N-selector — this is always 0.
area or domain are operating in multi-topology IPv6 mode, the topological restrictions of single- topology mode are no longer in effect. Interface Support MT IS-IS is supported on physical Ethernet in.
• The T2 timer is the maximum time that the system waits for LSP database synchronization. This timer applies to the database type (level-1, level-2, or both). • The T3 timer sets the overall wait time after which the router determines that it has failed to achieve database synchronization (by setting the overload bit in its own LSP).
IS-IS Parameter Default Value Designated Router priority 64 Circuit Type Level 1 and Level 2 IS Type Level 1 and Level 2 Equal Cost Multi Paths 16 Configuration Information To use IS-IS, you must conf.
NOTE: Even though you enable IS-IS globally, enable the IS-IS process on an interface for the IS-IS process to exchange protocol information and form adjacencies. To configure IS-IS globally, use the following commands. 1. Create an IS-IS routing process.
The IPv6 address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 6. Enable IS-IS on the IPv4 interface. ROUTER ISIS mode ip router isis [ tag ] If you configure a tag variable, it must be the same as the tag variable assigned in step 1.
IS-IS: Level-1 DR Elections : 2 IS-IS: Level-2 DR Elections : 2 IS-IS: Level-1 SPF Calculations : 29 IS-IS: Level-2 SPF Calculations : 29 IS-IS: LSP checksum errors received : 0 IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same.
Configuring IS-IS Graceful Restart To enable IS-IS graceful restart globally, use the following commands. Additionally, you can implement optional commands to enable the graceful restart settings.
– adjacency : the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. – manual : allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds.
Level-1 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.01 Hello Interval: 10, Hello Multiplier: 3, CSNP Interval: 10 Number of active level-1 adjacencies: 1 Level-2 Metric: 10, Priority: 64, Circuit ID: 0000.
Dell#show running-config isis ! router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00 Dell# Configuring the IS-IS Metric Style All IS-IS links or interfaces are associated with a cost that is used in the shortest path first (SPF) calculations.
The default is Level 1 and Level 2 ( level-1–2 ) To view which metric types are generated and received, use the show isis protocol command in EXEC Privilege mode. The IS-IS matrixes settings are in bold. Example of Viewing IS-IS Metric Types Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.
Metric Sytle Correct Value Range wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 To view the interface’s current metric, use the show config command in INTERFACE mode or the show isis interface command in EXEC Privilege mode.
eljefe.02-00 * 0x00000001 0x2E7F 1113 0/0/0 Force10.00-00 0x00000002 0xD1A7 1102 0/0/0 IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL B233.00-00 0x00000006 0xC38A 1124 0/0/0 eljefe.00-00 * 0x0000000D 0x51C6 1129 0/0/0 eljefe.
– For the Loopback interface on the RPM, enter the keyword loopback then a number from 0 to 16383. – For a port channel, enter the keywords port-channel then a number. – For a SONET interface, enter the keyword sonet then the slot/port information.
distribute-list prefix-list-name out [bgp as-number | connected | ospf process-id | rip | static] You can configure one of the optional parameters: – connected : for directly connected routes. – ospf process-id : for OSPF routes only. – rip : for RIP routes only.
– metric value the range is from 0 to 16777215. The default is 0 . – match external the range is from 1 or 2. – match internal – metric-type : external or internal. – map-name : enter the name of a configured route map. Redistributing IPv6 Routes To add routes from other routing instances or protocols, use the following commands.
Configuring Authentication Passwords You can assign an authentication password for routers in Level 1 and for routers in Level 2. Because Level 1 and Level 2 routers do not communicate with each other, you can assign different passwords for Level 1 routers and for Level 2 routers.
Example of Viewing the Overload Bit Setting When the bit is set, a 1 is placed in the OL column in the show isis database command output. The overload bit is set in both the Level-1 and Level-2 database because the IS type for the router is Level-1-2.
– interface : Enter the type of interface and slot/port information to view IS-IS information on that interface only. • View the events that triggered IS-IS shortest path first (SPF) events for debugging purposes. EXEC Privilege mode debug isis spf-triggers • View sent and received LSPs.
Metric Style Correct Value Range for the isis metric Command wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route.
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value transition narrow original value transition narrow original value transition wide transition original value narrow transition wid.
Leaks from One Level to Another In the following scenarios, each IS-IS level is configured with a different metric style. Table 32. Metric Value with Different Levels Configured with Different Metric .
NOTE: Whenever you make IS-IS configuration changes, clear the IS-IS process (re-started) using the clear isis command. The clear isis command must include the tag for the ISIS process. The following example shows the response from the router: Dell#clear isis * % ISIS not enabled.
ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell(conf-router_isis)#show config ! router isis metric-style wide level-1 metric-style wide level-2 net 34.
28 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP The Dell Networking OS uses LACP to create dynamic LAGs.
– The shutdown command on LAG “xyz” disables the LAG and retains the user commands. However, the system does not allow the channel number “xyz” to be statically created. – The no interface port-channel channel-number command deletes the specified LAG, including a dynamically created LAG.
[no] port-channel number mode [active | passive | off] – number : cannot statically contain any links. The default is LACP active . • Configure port priority. LACP mode [no] lacp port-priority priority-value The range is from 1 to 65535 (the higher the number, the lower the priority).
Configuring the LAG Interfaces as Dynamic After creating a LAG, configure the dynamic LAG interfaces. To configure the dynamic LAG interfaces, use the following command.
Dell(conf-if-po-32)#switchport Dell(conf-if-po-32)#lacp long-timeout Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.
Figure 55. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). the system has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking.
As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 56.
• You can configure shared LAG state tracking on one side of a link or on both sides. • If a LAG that is part of a failover group is deleted, the failover group is deleted. • If a LAG moves to the Down state due to this feature, its members may still be in the Up state.
Flowcontrol rx on tx on ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:02:11 Queueing strategy: fifo Input statistics: 132 packets, 163668 bytes 0 Vlans 0.
Figure 59. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP) 523.
Figure 60. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 2/31 Alpha(conf-if-te-2/31)#no ip address Alpha(conf-i.
interface TengigabitEthernet 2/31 no ip address Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(co.
Figure 61. Inspecting a LAG Port on BRAVO Using the show interface Command 526 Link Aggregation Control Protocol (LACP).
Figure 62. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP) 527.
Figure 63. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode.
29 Layer 2 This chapter describes the Layer 2 features supported on the Z9500. Manage the MAC Address Table You can perform the following management tasks inr the MAC address table.
The range is from 10 to 1000000. Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table.
interface ) before the system verifies that sufficient CAM space exists. If the CAM check fails, a message is displayed: %E90MH:5 %ACL_AGENT-2-ACL_AGENT_LIST_ERROR: Unable to apply access-list Mac- Limit on TengigabitEthernet 5/84 In this case, the configuration is still present in the running-config and show output.
To save all sticky MAC addresses into a configuration file that can be used as a startup configuration file, use the write config command. If the number of existing MAC addresses is fewer than the configured MAC learning limit, additional MAC addresses are converted to sticky MACs addresse on the port.
Learning Limit Violation Actions Learning limit violation actions are user-configurable. To configure the system to take an action when the MAC learning limit is reached on an interface and a new address is received using one the following options with the mac learning-limit command, use the following commands.
NOTE: Alternatively, you can reset the interface by shutting it down using the shutdown command and then re-enabling it using the no shutdown command. • Reset interfaces in the ERR_Disabled state caused by a learning limit violation or station move violation.
address-table station-move refresh-arp command on the switch at the time that NIC teaming is being configured on the server. NOTE: If you do not configure the mac-address-table station-move refresh-arp command, traffic continues to be forwarded to the failed NIC until the ARP entry on the switch times out.
Figure 66. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command. Initially, the primary interface is active and transmits traffic and the backup interface remains down.
To ensure that existing network applications see no difference when a primary interface in a redundant pair transitions to the backup interface, be sure to apply identical configurations of other traffic parameters to each interface.
3/42 00:24:55: %SYSTEM-P:CP %IFMGR-5-ACTIVE: Changed Vlan interface state to active: Vl 1 00:24:55: %SYSTEM-P:CP %IFMGR-5-STATE_STBY_ACT: Changed interface state from standby to active: Te 3/42 Dell(c.
Figure 67. Configuring Far-End Failure Detection The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not available.
4. If the FEFD enabled system is configured to use FEFD in Normal mode and neighboring echoes are not received after three intervals, (you can set each interval can be set between 3 and 300 seconds) the state changes to unknown.
To report interval frequency and mode adjustments, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address , switchport 2. Activate the necessary ports administratively. INTEFACE mode no shutdown 3.
To set up and activate two or more connected interfaces, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address , switchport 2. Activate the necessary ports administratively. INTERFACE mode no shutdown 3.
inactive: Vl 1 2w1d22h : FEFD state on Te 4/0 changed from Bi-directional to Unknown The following example shows the debug fefd packets command. Dell#debug fefd packets Dell#2w1d22h : FEFD packet sent.
30 Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP) on the Z9500 switch. 802.
Table 34. Type, Length, Value (TLV) Types Type TLV Description 0 End of LLDPDU Marks the end of an LLDPDU. 1 Chassis ID An administratively assigned name that identifies the LLDP agent. 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received.
Figure 70. Organizationally Specific TLV IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs.
Type TLV Description 127 Protocol Identity Indicates the protocols that the port can process. The Dell Networking OS does not currently support this TLV.
Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: • manage inventory • manage Power over Ethernet (PoE) • identify physical location • identify network policy LLDP-MED is designed for, but not limited to, VoIP endpoints.
Type SubType TLV Description None or all TLVs must be supported. The Dell Networking OS does not currently support these TLVs. 127 5 Inventory — Hardware Revision Indicates the hardware revision of the LLDP- MED device. 127 6 Inventory — Firmware Revision Indicates the firmware revision of the LLDP- MED device.
Figure 71. LLDP-MED Capabilities TLV Table 37. LLDP-MED Capabilities Bit Position TLV Supported? 0 LLDP-MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6–15 reserved No Table 38.
NOTE: As shown in the following table, signaling is a series of control packets that are exchanged between an endpoint device and a network connectivity device to establish and maintain a connection. These signal packets might require a different network policy than the media packets for which a connection is made.
Extended Power via MDI TLV The extended power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices. Advertise the extended power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device.
Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000.
Enabling LLDP LLDP is disabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs. To enable LLDP, use the following command. 1. Enter Protocol LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp 2.
3. Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no . Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces.
Figure 74. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Examples of Viewing LLDP Configurations The following example shows viewing an LLDP global configuration.
Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • Display brief information about adjacent devices. show lldp neighbors • Display all of the information that neighbors are advertising.
Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds . To configure LLDPDU intervals, use the following command.
• Return to the default setting. CONFIGURATION mode or INTERFACE mode no mode Example of Configuring a Single Mode R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv.
advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#multiplier ? <2-10&g.
Figure 75. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects The system supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on the local agent • IEEE 802.
MIB Object Category LLDP Variable LLDP MIB Object Description msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs.
Table 41. LLDP System MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object 1 Chassis ID chassis ID subtype Local lldpLocChassisIdSub type Remote lldpRemChassisIdSu btype chassid ID Local .
TLV Type TLV Name TLV Variable System LLDP MIB Object interface numbering subtype Local lldpLocManAddrIfSu btype Remote lldpRemManAddrIfS ubtype interface number Local lldpLocManAddrIfId Remote lldpRemManAddrIfId OID Local lldpLocManAddrOID Remote lldpRemManAddrOI D Table 42.
Table 43. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object 1 LLDP-MED Capabilities LLDP-MED Capabilities Local lldpXMedPortCapSu pported lldpXMedPortConfig TLV.
TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object 3 Location Identifier Location Data Format Local lldpXMedLocLocatio nSubtype Remote lldpXMedRemLocati onSubtype Location ID Data Local lld.
31 Microsoft Network Load Balancing Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems.
With NLB, the data frame is forwarded to all servers in the cluster for the servers to perform load- balancing. NLB Multicast Mode Example Consider a sample topology in which four servers, namely S1 through S4, are configured as a cluster or a farm. This set of servers is connected to a Layer 3 switch, which in turn is connected to the end-clients.
NLB VLAN Flooding To preserve Microsoft server failover and load-balancing, configure a switch to forward the traffic destined for a server cluster on all member ports of the VLAN connected to the cluster ( ip vlan- flooding command). Configure the switch for NLB VLAN flooding when you configure the server cluster.
32 Multicast Source Discovery Protocol (MSDP) This chapter describes how to configure and use the multicast source discovery protocol (MSDP) on the Z9500 switch. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains.
Figure 76. Multicast Source Discovery Protocol (MSDP) RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected.
Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows you to configure two or more RPs with the same IP address on Loopback interfaces.
• Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active Cache • Preventing MSDP from Caching a Local Source • Preventing MSDP.
Figure 79. Configuring OSPF and BGP for MSDP 574 Multicast Source Discovery Protocol (MSDP).
Figure 80. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP) 575.
Figure 81. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2.
Example of Configuring MSDP Example of Viewing Peer Information R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3(conf)#do show ip msdp summary Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode.
Limiting the Source-Active Cache Set the upper limit of the number of active sources that the system caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the reverse path forwarding (RPF) and policy check.
Figure 82. MSDP Default Peer, Scenario 1 Multicast Source Discovery Protocol (MSDP) 579.
Figure 83. MSDP Default Peer, Scenario 2 580 Multicast Source Discovery Protocol (MSDP).
Figure 84. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP) 581.
Figure 85. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check.
Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 73 00:13:49 229.
Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache.
R3(conf)#do show ip msdp sa-cache R3(conf)# R3(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.0(639) Connect Source: Lo 0 State: Listening Up/Down Time: 00:01:19 Timers: KeepAlive.
Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a Peership MSDP uses TCP as its transport protocol.
Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.
technique is less effective as traffic increases because preemptive load balancing requires prior knowledge of traffic distributions. • lack of scalable register decasulation : With only a single RP.
Configuring Anycast RP To configure anycast RP: 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2. Make this address the RP for the group.
CONFIGURATION mode ip msdp originator-id Example of R1 Configuration for MSDP with Anycast RP Example of R2 Configuration for MSDP with Anycast RP Example of R3 Configuration for MSDP with Anycast RP ip multicast-routing ! interface TenGigabitEthernet 1/1 ip pim sparse-mode ip address 10.
ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.22/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.
neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.22 update-source Loopback 0 neighbor 192.168.0.22 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0 ip msdp sa-filter out 192.
interface TenGigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface TenGigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.
redistribute connected redistribute bgp 200 ! router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-multihop 255 neighbor 192.168.0.2 update-source Loopback 0 neighbor 192.168.0.2 no shutdown ! ip multicast-msdp ip msdp peer 192.
33 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+).
Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 44. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .
• Enabling SNMP Traps for Root Elections and Topology Changes Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands. When you enable MSTP, all physical, VLAN, and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the MSTI 0.
Examples of Creating and Viewing MSTP Instances The following example shows using the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)# msti 1 vlan 100 Dell(conf-mstp)# msti 2 vlan.
Influencing MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it becomes the root bridge. To change the bridge priority, use the following command. • Assign a number as the bridge priority.
NOTE: Some non-Dell equipment may implement a non-null default region name, such as the Bridge ID or a MAC address. Changing the Region Name or Revision To change the region name or revision, use the following commands. • Change the region name. PROTOCOL MSTP mode name name • Change the region revision number.
The default is 15 seconds . 2. Change the hello-time parameter. PROTOCOL MSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10.
• Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost. The following lists the default values for port cost by interface.
• Enable EdgePort on an interface. INTERFACE mode spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] Dell Networking OS Behavior : Regarding bpduguard shutdown-on-violation behavior: – If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Figure 88. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology.
no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs.
name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface TenGigabitEthernet 3/11 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21 no ip address switchp.
(Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands.
– Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others.
INST 2: Flags: 0x70, Reg Root: 32768:0001.e8d5.cbbd, Int Root Cost Brg/Port Prio: 32768/128, Rem Hops: 20 Multiple Spanning Tree Protocol (MSTP) 609.
34 Multicast Features The Dell Networking OS supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Enabling IP Multicast Before enabling any multicast protocols, you must enable IP multicast routing.
Figure 89. Multicast with ECMP Implementation Information Because protocol control traffic is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, the system might forward data traffic with certain MAC addresses to the CPU in addition to control traffic.
Protocol Ethernet Address PIM-SM 01:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner- traceroute-ipm . • Multicast is not supported on secondary IP addresses. • Egress L3 ACL is not applied to multicast data traffic if you enable multicast routing.
When the multicast route limit is reached, the following message is displayed: 3w1d13h: %RPM0-P:RP2 %PIM-3-PIM_TIB_LIMIT: PIM TIB limit reached. No new routes will be learnt until TIB level falls below low watermark. 3w1d13h: %RPM0-P:RP2 %PIM-3-PIM_TIB_LIMIT: PIM TIB below low watermark.
Figure 90. Preventing a Host from Joining a Group Table 46. Preventing a Host from Joining a Group — Description Location Description 1/21 • Interface GigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.
Location Description • no shutdown 2/1 • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface GigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.
Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied.
Figure 91. Preventing a Source from Transmitting to a Group Table 47. Preventing a Source from Transmitting to a Group — Description Location Description 1/21 • Interface GigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.
Location Description • no shutdown 2/1 • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface GigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.
Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router.
35 Open Shortest Path First (OSPFv2 and OSPFv3) This chapter describes how to configure and use Open Shortest Path First (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) on the Z9500. NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3.
Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers.
In the previous example, Routers A, B, C, G, H, and I are the Backbone. • A stub area (SA) does not receive external route information, except for the default route. These areas do receive information from inter-area (IA) routes. NOTE: Configure all routers within an assigned stub area as stubby, and not generate LSAs that do not apply.
Figure 93. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example.
An ABR can connect to many areas in an AS, and is considered a member of each area it connects to. Autonomous System Border Router (ASBR) The autonomous system border area router (ASBR) connects to more than one AS and exchanges information with the routers in other ASs.
available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement originated. The link-state ID for Type 4 LSAs is the router ID of the described ASBR). • Type 5: LSA — These LSAs contain information imported into OSPF from other routing processes.
Virtual Links In the case in which an area cannot be directly connected to Area 0, you must configure a virtual link between that area and Area 0. The two endpoints of a virtual link are ABRs, and you must configure the virtual link in both routers. The common non-backbone area to which the two routers belong is called a transit area.
OSPF Implementation The Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within the 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes. Multiple OSPF processes (OSPF MP) are supported on OSPFv2 only; up to 32 simultaneous processes are supported.
Processing SNMP and Sending SNMP Traps Though there are may be several OSPFv2 processes, only one process can process simple network management protocol (SNMP) requests and send SNMP traps. The mib-binding command identifies one of the OSPVFv2 processes as the process responsible for SNMP management.
To confirm that you enabled RFC-2328–compliant OSPF flooding, use the show ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes It is an A.
Configuration Information The interfaces must be in Layer 3 mode (assigned an IP address) and enabled so that they can send and receive traffic. The OSPF process must know about these interfaces. To make the OSPF process aware of these interfaces, they must be assigned to OSPF areas.
If implementing multi-process OSPF, create an equal number of Layer 3 enabled interfaces and OSPF process IDs. For example, if you create four OSPFv2 process IDs, you must have four interfaces with Layer 3 enabled. 1. Assign an IP address to an interface.
• Reset the OSPFv2 process. EXEC Privilege mode clear ip ospf process-id • View the current OSPFv2 status. EXEC mode show ip ospf process-id Example of Viewing the Current OSPFv2 Status Dell#show ip ospf 55555 Routing Process ospf 55555 with ID 10.
If you try to enable more OSPF processes than available Layer 3 interfaces, the following message displays: Dell(conf)#router ospf 1 % Error: No router ID available. Assigning an OSPFv2 Area After you enable OSPFv2, assign the interface to an OSPF area.
Dell(conf)#router ospf 1 Dell(conf-router_ospf-1)#network 1.2.3.4/24 area 0 Dell (conf-router_ospf-1)#network 10.10.10.10/24 area 1 Dell(conf-router_ospf-1)#network 20.20.20.20/24 area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting.
Loopback 0 is up, line protocol is up Internet Address 10.168.253.2/32, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Dell# Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas.
Configuring LSA Throttling Timers Configured link-state advertisement (LSA) timers replace the standard transmit and acceptance times for LSAs. The LSA throttling timers are configured in milliseconds. The interval time increases exponentially until a maximum time is reached.
To enable both receiving and sending routing updates, use the no passive-interface interface command. Example of Viewing Passive Interfaces When you configure a passive interface, the show ip ospf process-id interface command adds the words passive interface to indicate that the hello packets are not transmitted on that interface (shown in bold).
NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support.
The dead interval must be the same on all routers in the OSPF network. • Change the time interval between hello-packet transmission. CONFIG-INTERFACE mode ip ospf hello-interval seconds – seconds : the range is from 1 to 65535 (the default is 10 seconds ).
The bold lines in the example show the change on the interface. The change is reflected in the OSPF configuration. Dell(conf-if)# ip ospf cost 45 Dell(conf-if)#show config ! interface TengigabitEthernet 0/0 ip address 10.
• retransmit-interval — LSA retransmit interval • transmit-delay — LSA transmission delay • dead-interval — dead router detection time • authentication-key — authentication key • message-digest-key — MD5 authentication key To configure virtual links, use the following command.
ip prefix-list prefix-name You are in PREFIX LIST mode. • Create a prefix list with a sequence number and a deny or permit action. CONFIG- PREFIX LIST mode seq sequence-number {deny |permit} ip-pref.
Example of Viewing OSPF Configuration after Redistributing Routes To view the current OSPF configuration, use the show running-config ospf command in EXEC mode or the show config command in ROUTER OSPF mode. Dell(conf-router_ospf)#show config ! router ospf 34 network 10.
• View the configuration of OSPF neighbors connected to the local router. EXEC Privilege mode show ip ospf neighbor • View the LSAs currently in the queue.
Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI.
OSPF Area 0 — Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 ! interface Loopback 30 ip address 192.168.100.100/24 no shutdown ! interface TengigabitEthernet 3/1 ip address 10.
NOTE: The OSPFv2 network area command enables OSPF on multiple interfaces with the single command. Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3. All IPv6 addresses on an interface are included in the OSPFv3 process that is created on the interface.
ipv6 ospf process-id area area-id – process-id : the process ID number assigned. – area-id : the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands.
• Specify whether some or all some of the interfaces are passive. CONF-IPV6-ROUTER-OSPF mode passive-interface {type slot/port} Interface : identifies the specific interface that is passive.
default-information originate [always [metric metric-value ] [metric-type type-value ]] [route-map map-name ] Configure the following required and optional parameters: – always : indicate that default route information is always advertised. – metric metric-value : The range is from 0 to 4294967295.
You decide the set of IPsec protocols that are employed for authentication and encryption and the ways in which they are employed. When you correctly implement and deploy IPsec, it does not adversely affect users or hosts. AH and ESP are designed to be cryptographic algorithm-independent.
– Configuring IPsec Encryption for an OSPFv3 Area – Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands.
• Enable IPsec encryption for OSPFv3 packets on an IPv6-based interface. INTERFACE mode ipv6 ospf encryption {null | ipsec spi number esp encryption-algorithm [ key- encryption-type ] key authentication-algorithm [ key-authentication-type ] key } – null : causes an encryption policy configured for the area to not be inherited on the interface.
• Enable IPSec authentication for OSPFv3 packets in an area. CONF-IPV6-ROUTER-OSPF mode area- id authentication ipsec spi number {MD5 | SHA1} [ key-encryption-type ] key – area area-id : specifies the area for which OSPFv3 traffic is to be authenticated.
– key : specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AES-CBC - 32 or 64 hex digits for AES-128 and 48 or 96 hex digits for AES-192.
Policy name : OSPFv3-1-502 Policy refcount : 1 Inbound ESP SPI : 502 (0x1F6) Outbound ESP SPI : 502 (0x1F6) Inbound ESP Auth Key : 123456789a123456789b123456789c12 Outbound ESP Auth Key : 123456789a12.
Interface: TenGigabitEthernet 0/1 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des es.
• View the summary information for the OSPFv3 database. EXEC Privilege mode show ipv6 ospf database • View the configuration of OSPFv3 neighbors. EXEC Privilege mode show ipv6 ospf neighbor • View debug messages for all OSPFv3 interfaces.
36 Pay As You Grow The Pay As You Grow (PAYG) software feature allows you to purchase a Z9500 switch with 36 40G ports (144 10G ports) and upgrade to a larger number of ports as your networking needs grow. A Z9500 switch with a 36 40G-port license has only the ports on line card 0 enabled.
To install a license on a Z9500 switch: 1. Check the currently installed port license. show license EXEC Privilege mode In the command output, System Service Tag displays the service tag of the switch on which you enter the command. License Service Tag displays the service tag read from the license file.
Enter Yes at the prompt to continue the installation; for example: Dell# install license tftp://10.11.8.12/132.lic ! 3594 bytes successfully copied Retrieving license .
unmounting /usr/pkg (/dev/wd0i)... unmounting /boot (/dev/wd0b)... unmounting /usr (mfs:30)... unmounting /force10 (mfs:25)... unmounting /lib (mfs:22)... unmounting /f10 (mfs:19)... unmounting /tmp (mfs:12)... unmounting /kern (kernfs)... unmounting / (/dev/md0a).
-- Power Supplies -- Unit Bay Status Type FanStatus FanSpeed(rpm) Power Usage (W) ----------------------------------------------------------------------------- 0 0 up AC up 23008 217.8 0 1 up AC up 22912 189.5 0 2 up AC up 23008 184.8 0 3 up AC up 22912 192.
37 PIM Sparse-Mode (PIM-SM) Protocol-independent multicast sparse-mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM- Dense mode, which forwards multicast traffic to all subnets until a request to stop.
3. If a host on the same subnet as another multicast receiver sends an IGMP report for the same multicast group, the gateway takes no action. If a router between the host and the RP receives a PIM Joi.
Configuring PIM-SM Configuring PIM-SM is a three-step process. 1. Enable multicast routing (refer to the following step). 2. Select a rendezvous point. 3. Enable PIM-SM on an interface. Enable multicast routing. CONFIGURATION mode ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks.
To display PIM neighbors for each interface, use the show ip pim neighbor command EXEC Privilege mode. Dell#show ip pim neighbor Neighbor Interface Uptime/Expires Ver DR Address Prio/Mode 127.87.5.5 Te 0/11 01:44:59/00:01:16 v2 1 / S 127.87.3.5 Te 0/12 01:45:00/00:01:16 v2 1 / DR 127.
ip access-list extended access-list-name 3. Specify the source and group to which the timer is applied using extended ACLs with permit rules only. CONFIG-EXT-NACL mode [seq sequence-number ] permit ip source-address/mask | any | host source- address } { destination-address/mask | any | host destination-address } 4.
Dell#sh run pim ! ip pim rp-address 1.1.1.1 group-address 224.0.0.0/4 Overriding Bootstrap Router Updates PIM-SM routers must know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration.
Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs). PMBRs connect each PIM domain to the rest of the Internet.
38 PIM Source-Specific Mode (PIM-SSM) PIM source-specific mode (PIM-SSM) is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only.
Configure PIM-SMM Configuring PIM-SSM is a two-step process. 1. Configure PIM-SMM. 2. Enable PIM-SSM for a range of addresses. Related Configuration Tasks • Use PIM-SSM with IGMP Version 2 Hosts Enabling PIM-SSM To enable PIM-SSM, follow these steps.
• You may enter multiple ssm-map commands for different access lists. You may also enter multiple ssm-map commands for the same access list, as long as they use different source addresses. • When an extended ACL is associated with this command, an error message is displayed.
Uptime 00:00:05 Expires Never Router mode INCLUDE Last reporter 10.11.4.2 Last reporter mode INCLUDE Last report received ALLOW Group source list Source address Uptime Expires 10.
39 Policy-based Routing (PBR) Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. This chapter covers the following topics: • Overview •.
To enable a PBR, you create a redirect list. Redirect lists are defined by rules, or routing policies. The following parameters can be defined in the routing policies or rules: • IP address of the f.
a tunnel interface user needs to provide tunnel id mandatory. Instead if user provides the tunnel destination IP as next hop, that would be treated as IPv4 next hop and not tunnel next hop.
Use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose ip redirect-list redirect-list- name CONFIGURATION Create a redirect list by entering the list name. Format: 16 characters Delete the redirect list with the no ip redirect-list command.
destination ip-address or any or host ip-address is the Destination’s IP address FORMAT: A.B.C.D/NN, or ANY or HOST IP address Delete a rule with the no redirect command.
Creating multiple rules for a redirect-list: Dell(conf)#ip redirect-list test Dell(conf-redirect-list)#seq 10 redirect 10.1.1.2 ip 20.1.1.0/24 any Dell(conf-redirect-list)#seq 15 redirect 10.1.1.3 ip 20.1.1.0/25 any Dell(conf-redirect-list)#seq 20 redirect 10.
NOTE: When you apply a redirect-list on a port-channel, when traffic is redirected to the next hop and the destination port-channel is shut down, the traffic is dropped. However, on the S-Series, the traffic redirected to the destination port-channel is sometimes switched.
show cam pbr show cam-usage EXEC View the redirect list entries programmed in the CAM. List the redirect list configuration using the show ip redirect-list redirect-list-name command. The non- contiguous mask is displayed in dotted format (x.x.x.x). The contiguous mask is displayed in /x format.
Cam Port VlanID Proto Tcp Src Dst SrcIp DstIp Next-hop Egress Index Flag Port Port MAC Port -------------------------------------------------------------------------------- --------------------------------- 06080 0 N/A IP 0x0 0 0 200.200.200.200 200.200.
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.
View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23) seq 10 redirect 10.
40 Port Monitoring Port monitoring (also referred to as mirroring ) allows you to monitor ingress and/or egress traffic on specified ports. The mirrored traffic can be sent to a port to which a network analyzer is connected to inspect or troubleshoot the traffic.
Example of Changing the Destination Port in a Monitoring Session Dell(conf-mon-sess-5)#do show moni session SessID Source Destination Dir Mode Source IP Dest IP ------ ------ ----------- --- ---- ----.
Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs. If the MD port is a Layer 3 port, the frames are tagged with VLAN ID 4095. If the MD port is in a Layer 3 VLAN, the frames are tagged with the respective Layer 3 VLAN ID.
Figure 97. Port Monitoring Example Remote Port Mirroring While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port on the same switc.
The reserved VLANs transport the mirrored traffic in sessions (blue pipes) to the destination analyzers in the local network. Two destination sessions are shown: one for the reserved VLAN that transports orange-circle traffic; one for the reserved VLAN that transports green-circle traffic.
• You cannot configure a private VLAN or a GVRP VLAN as the reserved RPM VLAN. • The L3 interface configuration should be blocked for the reserved VLAN. • The member port of the reserved VLAN should have MTU and IPMTU value as MAX+4 (to hold the VLAN tag parameter).
• You can configure the same source port to be used in multiple source sessions. • You cannot configure a source port channel or source VLAN in a source session if the port channel or VLAN has a member port that is configured as a destination port in a remote-port mirroring session.
Step Command Description 1 configure terminal Enter global configuration mode. 2 monitor session id type rpm Specify a unique session ID number and RPM as the session type, and enter Monitoring-Session configuration mode.
Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir both Dell(conf-mon-sess-3)#no disabl.
------ ------ ----------- --- ---- --------- -------- 1 remote-vlan 10 Te 0/3 N/A N/A N/A N/A 2 remote-vlan 20 Te 0/4 N/A N/A N/A N/A 3 remote-vlan 30 Te 0/5 N/A N/A N/A N/A Dell# Configuring RPM Source Sessions to Avoid BPD Issues When you configure an RPM source session, you can avoid BPDU issues by using the configuration: 1.
Encapsulated Remote-Port Monitoring Encapsulated Remote Port Monitoring (ERPM) copies traffic from source ports/port-channels or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the destination IP address specified in the session.
6 flow-based enable Specify ERPM to be performed on a flow- by-flow basis or if you configure a VLAN source interface. Enter no flow-based disable to disable flow-based ERPM. 7 no disable Enter the no disable command to activate the ERPM session. The following example shows a sample ERPM configuration.
41 Private VLANs (PVLAN) Private VLANs (PVLANs) extend Dell Networking OS security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN). A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair.
– A primary VLAN has one or more secondary VLANs. – A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. – A primary VLAN has one or more promiscuous ports. – A primary VLAN might have one or more trunk ports, or none.
INTERFACE VLAN mode [no] private-vlan mapping secondary-vlan vlan-list • Display type and status of PVLAN interfaces. EXEC mode or EXEC Privilege mode show interfaces private-vlan [interface interface ] • Display PVLANs and/or interfaces that are part of a PVLAN.
4. Select the PVLAN mode. INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • host (isolated or community VLAN port) • promiscuous (intra-VLAN communication port) • trunk .
INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be: • Specified in comma-delimited ( VLAN-ID,VLAN-ID ) or hyphenated-range format ( VLAN-ID- VLAN-ID ). • Specified with this command even before they have been created.
INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited ( slot/ port,port,port ) or hyphenated ( slot/ port-port ). You can only add host (isolated) ports to the VLAN. Creating an Isolated VLAN An isolated VLAN is a secondary VLAN of a primary VLAN.
Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 98. Sample Private VLAN Topology The following configuration is based on the example diagram for the C300–1: • Te 0/0 and Te 23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000.
• All the ports in the secondary VLANs (both community and isolated VLANs) can only communicate with ports in the other secondary VLANs of that PVLAN over Layer 3, and only when the ip local- proxy-arp command is invoked in the primary VLAN.
show vlan private-vlan mapping This command is specific to the PVLAN feature. Examples of Viewing a Private VLANs The show arp and show vlan commands are revised to display PVLAN data. The following example shows viewing a private VLAN for a C300 system.
no ip address switchport switchport mode private-vlan host no shutdown ! interface TengigabitEthernet 0/5 no ip address switchport switchport mode private-vlan host no shutdown ! interface TengigabitE.
42 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview A sample PVST+ topology is shown below.
Table 48. Spanning Tree Versions Supported Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .
no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration.
Figure 100. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker.
Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.
PROTOCOL PVST mode vlan max-age The range is from 6 to 40. The default is 20 seconds . The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command.
The range is from 0 to 240, in increments of 16. The default is 128 . The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
PVST+ in Multi-Vendor Networks Some non-Dell Networking systems which have hybrid ports participating in PVST+ transmit two kinds of BPDUs: an 802.1D BPDU and an untagged PVST+ BPDU. Dell Networking systems do not expect PVST+ BPDU (tagged or untagged) on an untagged port.
Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5 ), Address 0001.
interface Vlan 100 no ip address tagged TengigabitEthernet 2/12,32 no shutdown ! interface Vlan 200 no ip address tagged TengigabitEthernet 2/12,32 no shutdown ! interface Vlan 300 no ip address tagge.
43 Quality of Service (QoS) This chapter describes how to use and configure Quality of Service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Figure 102.
• RFC 2475, An Architecture for Differentiated Services • RFC 2597, Assured Forwarding PHB Group • RFC 2598, An Expedited Forwarding PHB You cannot configure port-based and policy-based QoS on the same interface. Port-Based QoS Configurations You can configure the following QoS features on an interface.
Honoring dot1p Priorities on Ingress Traffic By default, the system does not honor dot1p priorities on ingress traffic. You can configure this feature on physical interfaces and port-channels, but you cannot configure it on individual interfaces in a port channel.
Example of Configuring and Viewing Rate Policing The following example shows configuring rate policing. Dell#config t Dell(conf)#interface tengigabitethernet 1/2 Dell(conf-if)#rate police 100 40 peak 150 50 Dell(conf-if)#end Dell# The following example shows viewing the rate policing status.
Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 103. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic.
Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value, IP precedence, VLANs, or characteristics defined in an IP ACL. You can also use VLAN IDs and VRF IDs to classify the traffic using layer 3 class-maps.
The following example matches IPv6 traffic with a DSCP value of 40. Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40 The following example matches IPv4 and IPv6 traffic with a precedence value of 3.
Dell(conf)# interface fo 0/0 INTERFACE mode Dell(conf-if-fo-0/0)# ip address 90.1.1.1/16 2. Configure a Layer 2 QoS policy with Layer 2 (Dot1p or source MAC-based) match criteria. CONFIGURATION mode Dell(conf)# policy-map-input l2p layer2 3. Apply the Layer 2 policy on a Layer 3 interface.
6. Create an input policy map. CONFIGURATION mode Dell(conf)#policy-map-input pp_policmap 7. Create a service queue to associate the class map and QoS policy map.
class-map match-any ClassAF1 match ip access-group AF1-FB1 set-ip-dscp 10 match ip access-group AF1-FB2 set-ip-dscp 12 match ip dscp 10 set-ip-dscp 14 match ipv6 dscp 20 set-ip-dscp 14 ! class-map match-all ClassAF2 match ip access-group AF2 match ip dscp 18 Dell#show running-config ACL ! ip access-list extended AF1-FB1 seq 5 permit ip host 23.
Create a QoS Policy There are two types of QoS policies — input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. • Layer 3 — QoS input policies allow you to rate police and set a DSCP or dot1p value.
to which you should apply the QoS policy (using the service-queue from POLICY-MAP-IN mode). If you apply the QoS policy to a queue other than the one specified in the informational message, Dell Networking OS replaces the first 3–bits in the DSCP field with the queue ID you specified.
Configuring Policy-Based Rate Shaping To configure policy-based rate-shaping, use the rate-shape command. • Configure rate-shaping on egress traffic.
Queue Default Bandwidth Percentage for 4–Queue System Default Bandwidth Percentage for 8–Queue System 7 — 50% When you assign a percentage to one queue, note that this change also affects the amount of bandwidth that is allocated to other queues.
Applying a Class-Map or Input QoS Policy to a Queue To apply a class-map or input QoS policy to a queue, use the following command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following command.
Table 53. Default dot1p to Queue Mapping dot1p Queue ID 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 The dot1p value is also honored for frames on the default VLAN. For more information, refer to Priority- Tagged Frames on the Default VLAN . • Enable the trust dot1p feature.
• You cannot apply a class-map and QoS policies to the same interface. • You cannot apply an input Layer 2 QoS policy on an interface you also configure with vlan-stack access. • If you apply a service policy that contains an ACL to more than one interface, the system uses ACL optimization to conserve CAM space.
You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configuration.
qos dscp-color-policy color-map-name Example: Create a DSCP Color Map The following example creates a DSCP color map profile, color-awareness policy, and applies it to interface te 0/11 .
TE 0/10 mapONE TE0/11 mapTWO Display summary information about a color policy for a specific interface. Dell# show qos dscp-color-policy summary te 0/10 Interface dscp-color-map TE 0/10 mapONE Display.
Enabling Strict-Priority Queueing In strict-priority queuing, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast queue, using the strict-priority command • Policy-based per-queue rate shaping is not supported on the queue configured for strict-priority queuing.
Figure 104. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 54. Pre-Defined WRED Profiles Default Profile Name Minimum Threshold Maxim.
Applying a WRED Profile to Traffic After you create a WRED profile, you must specify on which traffic the system applies the profile. The system assigns a color-coded drop precedence — red, yellow, or green — to each packet based on the fourth bit of the 6-bit DSCP field in the packet header before queuing it.
Explicit Congestion Notification Explicit Congestion Notification (ECN) enhances and extends WRED functionality by marking packets for later transmission instead of dropping them when a threshold value is exceeded. Use ECN for WRED to reduce the packet transmission rate in a congested, heavily-loaded network.
• match ip vlan By default, all packets are marked for green handling if the rate-police and trust-diffserv commands are not used in an ingress policy map.
ip access-list standard dscp_40 seq 5 permit any dscp 40 ip access-list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ip access-list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 c.
thresholds. You can configure different weights for WRED and ECN operation to finely tune how different types of traffic are handled when a WRED threshold is exceeded. Benefits of Using a Configurable Weight for WRED with ECN On the Z9500, using a configurable weight for WRED and ECN allows you to specify how the average queue size is calculated.
Global Service-Pools for WRED with ECN You can enable WRED with ECN to work with global service-pools. Global service pools that function as shared buffers are accessed by multiple queues when the minimum guaranteed buffers for a queue are consumed. The Z9500 switch supports four global service-pools in the egress direction.
Queue Configuration Service-Pool Configuration WRED Threshold Relationship Q threshold = Q-T Service-pool threshold = SP-T Expected Functionality Enabled Enabled Disabled N/A N/A Queue-based ECN marking above queue threshold. ECN marking up to shared buffer limits of the service-pool and then packets are tail dropped.
mode Dell(conf)#service-pool wred green pool0 thresh-1 pool1 thresh-2 Dell(conf)#service-pool wred yellow pool0 thresh-3 pool1 thresh-4 Dell(conf)#service-pool wred weight pool0 11 pool1 4 5. Enable ECN marking on specific queues on backplane ports with a service class.
– Allowed — indicates that the policy-map can be applied because the estimated number of CAM entries is less or equal to the available number of CAM entries. The number of interfaces in the port-pipe to which the policy-map can be applied is given in parentheses.
44 Routing Information Protocol (RIP) The Routing Information Protocol (RIP) tracks distances or hop counts to nearby routers when establishing network connections and is based on a distance-vector algorithm. RIP protocol standards are listed in the Standards Compliance chapter.
Implementation Information The Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the default values for RIP parameters on the switch.
Enabling RIP Globally By default, RIP is disabled on the switch. To enable RIP globally, use the following commands. 1. Enter ROUTER RIP mode and enable the RIP process. CONFIGURATION mode router rip 2. Assign an IP network address as a RIP network to exchange routing information.
192.162.2.0/24 [120/1] via 29.10.10.12, 00:01:21, Fa 0/0 192.162.2.0/24 auto-summary 192.161.1.0/24 [120/1] via 29.10.10.12, 00:00:27, Fa 0/0 192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.12, 00:01:22, Fa 0/0 192.162.3.0/24 auto-summary To disable RIP globally, use the no router rip command in CONFIGURATION mode.
distribute-list prefix-list-name in • Assign a configured prefix list to all outgoing RIP routes. ROUTER RIP mode distribute-list prefix-list-name out To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode.
• Set the RIP versions received on that interface. INTERFACE mode ip rip receive version [1] [2] • Set the RIP versions sent out on that interface. INTERFACE mode ip rip send version [1] [2] Examples of Setting the RIP Process To see whether the version command is configured, use the show config command in ROUTER RIP mode.
Outgoing filter for all interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface Recv Send FastEthernet 0/0 2 1 2 Routing for Networks: 10.
Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link. To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the offset command.
Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command. RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration — Core 2 and Core 3 .
Core 2 RIP Output The examples in the section show the core 2 RIP output. Examples of the show ip Command with Core 2 Output • To display Core 2 RIP database, use the show ip rip database command. • To display Core 2 RIP setup, use the show ip route command.
To view the RIP configuration activity on Core 2, use the show ip protocols command. Core2#show ip protocols Routing Protocol is "RIP" Sending updates every 30 seconds, next due in 17 Invali.
Examples of the show ip Command with Core 3 Output To view learned RIP routes on Core 3, use the show ip rip database command. Core3#show ip rip database Total number of routes in RIP database: 7 10.11.10.0/24 [120/1] via 10.11.20.2, 00:00:13, TenGigabitEthernet 3/21 10.
10.11.20.0 10.11.30.0 192.168.2.0 192.168.1.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.2 120 00:00:22 Distance: (default is 120) Core3# RIP Configuration Summary Examples of Viewing the RIP Configuration on Core 2 and Core 3 The following example shows viewing the RIP configuration on Core 2.
! router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.168.1.0 network 192.168.2.0 762 Routing Information Protocol (RIP).
45 Remote Monitoring (RMON) Remote monitoring (RMON) is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces.
• Platform Adaptation — RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object.
increase of 15 or more (such as from 100000 to 100015). The alarm then triggers event number 1, which is configured with the RMON event command. Possible events include a log entry or an SNMP trap. If the 1.3.6.1.2.1.2.2.1.20.1 value changes to 0 (falling-threshold 0), the alarm is reset and can be triggered again.
– integer : a value from 1 to 65,535 that identifies the RMON Statistics Table. The value must be unique in the RMON Statistic Table. – owner : (Optional) specifies the name of the owner of the RMON group of statistics. – ownername : (Optional) records the name of the owner of the RMON group of statistics.
46 Rapid Spanning Tree Protocol (RSTP) The Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP).
• All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology. • Adding a group of ports to a range of VLANs sends multiple messages to the RSTP task, avoid using the range command.
Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Enabling Rapid Spanning Tree Protocol Globally Enable RSTP globally on all participating bridges; it is not enabled by default.
Figure 106. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output.
BPDU : sent 121, received 2 The port is not in the Edge port mode Port 379 (TengigabitEthernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.
Modifying Global Parameters You can modify RSTP parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in the Rapid Spanning Tree group.
• Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds . To view the current values for global parameters, use the show spanning-tree rstp command from EXEC privilege mode.
Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge. To change the bridge priority, use the following command. • Assign a number as the bridge priority or designate it as the primary or secondary root.
– Disable the shutdown-on-violation command on the interface (the no spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] command). – Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). – Disable global spanning tree (the no spanning-tree command in CONFIGURATION mode).
NOTE: The hello time is encoded in BPDUs in increments of 1/256ths of a second. The standard minimum hello time in seconds is 1 second, which is encoded as 256. Millisecond. hello times are encoded using values less than 256; the millisecond hello time equals (x/1000)*256.
47 Security This chapter describes several ways to provide access security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide .
allows you to change permissions based on the role. You can modify the permissions specific to that command and/or command option. For more information, see Modifying Command Permissions for Roles . NOTE: When you enter a user role, you have already been authenticated and authorized.
For consistency, the best practice is to define the same authorization method list across all lines, in the same order of comparison; for example VTY and console port. You could also use the default authorization method list to apply to all the LINES (console port, VTY).
Role Modes netoperator netadmin Exec Config Interface Router IP Route-map Protocol MAC secadmin Exec Config Line sysadmin Exec Config Interface Line Router IP Route-map Protocol MAC User Roles This section describes how to create a new user role and configure command permissions and contains the following topics.
Example of Creating a User Role The configuration in the following example creates a new user role, myrole , which inherits the security administrator (secadmin) permissions. Create a new user role, myrole and inherit security administrator permissions.
The following example denies the netadmin role from using the show users command and then verifies that netadmin cannot access the show users command in exec mode. Note that the netadmin role is not listed in the Role access: secadmin,sysadmin , which means the netadmin cannot access the show users command.
The following example removes the secadmin access to LINE mode and then verifies that the security administrator can no longer access LINE mode, using the show role mode configure line command in EXEC Privilege mode.
The following example adds a user, to the secadmin user role. Dell (conf)#username john role secadmin password 0 password AAA Authentication and Authorization for Roles This section describes how to configure AAA Authentication and Authorization for Roles.
their session; for example, Exec mode or Exec Privilege mode. For information about how to configure authentication for roles, see Configure AAA Authentication for Roles.
line vty 7 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 8 login authentication ucraaa authorization exec ucraaa accounting commands role neta.
Role Accounting This section describes how to configure role accounting and how to display active sessions for roles. This sections consists of the following topics: • Configuring AAA Accounting for.
service=shell Display Information About User Roles This section describes how to display information about user roles. This sections consists of the following topics: • Displaying User Roles • Dis.
the output and both the privilege and roles for all users is also displayed. If the role is not defined, the system displays "unassigned" . Example of Displaying Information About Users Logg.
– default | name : enter the name of a list of accounting methods. – start-stop : use for more accounting information, to send a start-accounting notice at the beginning of the requested event and a stop-accounting notice at the end.
Example of Enabling AAA Accounting with a Named Method List Dell(config-line-vty)# accounting commands 15 com15 Dell(config-line-vty)# accounting exec execAcct Monitoring AAA Accounting The system does not support periodic interim accounting because the periodic command can cause heavy congestion when many users are logged in to the network.
• Configuring AAA Authentication Login Methods • Enabling AAA Authentication • Enabling AAA Authentication—RADIUS For a complete list of all commands related to login authentication, refer to the Security chapter in the Dell Networking OS Command Reference Guide .
NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH). You can create multiple method lists and assign them to different terminal lines.
To use local authentication for enable secret on the console, while using remote authentication on VTY lines, issue the following commands. Dell(config)# aaa authentication enable mymethodlist radius .
AAA Authorization The system enables AAA new-model by default. You can set authorization to be either local or remote . Different combinations of authentication and authorization yield different results.
For a complete listing of all commands related to privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide . Configuring a Username and Password In the Dell Networking OS, you can assign a specific username to limit user access to the system.
Configuring Custom Privilege Levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels. Within the Dell Networking OS, commands have certain privilege levels.
• command : a CLI keyword (up to five keywords allowed). • reset : return the command to its default privilege mode. Examples of Custom Privilege Level Commands To view the configuration, use the show running-config command in EXEC Privilege mode.
end Exit from Configuration mode exit Exit from Configuration mode no Reset a command snmp-server Modify SNMP parameters Dell(conf)# Specifying LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines.
RADIUS Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system).
ACL Configuration Information The RADIUS server can specify an ACL. If an ACL is configured on the RADIUS server, and if that ACL is present, the user may be allowed access based on that ACL. If the ACL is absent, authorization fails, and a message is logged indicating this.
To view the configuration, use the show config in LINE mode or the show running-config command in EXEC Privilege mode. Defining a AAA Method List to be Used for RADIUS To configure RADIUS to authenticate or authorize users on the system, create a AAA method list.
radius-server host { hostname | ip-address } [auth-port port-number ] [retransmit retries ] [timeout seconds ] [key [ encryption-type ] key ] Configure the optional communication parameters for the specific host: – auth-port port-number : the range is from 0 to 65335.
radius-server retransmit retries – retries : the range is from 0 to 100. Default is 3 retries . • Configure the time interval the system waits for a RADIUS server host response. CONFIGURATION mode radius-server timeout seconds – seconds : the range is from 0 to 1000.
Use this command multiple times to configure multiple TACACS+ server hosts. 2. Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method. CONFIGURATION mode aaa authentication login { method-list-name | default} tacacs+ [ .
on vty0 (10.11.9.209) %SYSTEM-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0 ( 10.11.9.209 ) Monitoring TACACS+ To view information on TACACS+ transactions, use the following command. • View TACACS+ transactions to troubleshoot problems.
CONFIGURATION mode tacacs-server host { hostname | ip-address } [port port-number ] [timeout seconds ] [key key ] Configure the optional communication parameters for the specific host: – port port-number : the range is from 0 to 65335. Enter a TCP port number.
Protection from TCP Tiny and Overlapping Fragment Attacks Tiny and overlapping fragment attack is a class of attack where configured ACL entries — denying TCP port-specific traffic — is bypassed and traffic is sent to its destination although denied by the ACL.
Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. To disable SSH server functions, use the no ip ssh server enable command.
Dell#copy scp: flash: Address or name of remote host []: 10.10.10.1 Port number of the server [22]: 99 Source file name []: test.cfg User name to login remote host: admin Password to login remote host.
The following ciphers are available. • 3des-cbc • aes128-cbc • aes192-cbc • aes256-cbc • aes128-ctr • aes192-ctr • aes256-ctr The default cipher list is 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr Example of Configuring a Cipher List The following example shows you how to configure a cipher list.
Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server ciphers cipher-list command in CONFIGURATION mode. cipher-list- : Enter a space-delimited list of ciphers the SSH server will support.
• Enable SSH password authentication. CONFIGURATION mode ip ssh password-authentication enable Example of Enabling SSH Password Authentication To view your SSH configuration, use the show ip ssh command from EXEC Privilege mode. Dell(conf)#ip ssh server enable % Please wait while SSH Daemon initializes .
Configuring Host-Based SSH Authentication Authenticate a particular host. This method uses SSH version 2. To configure host-based authentication, use the following commands. 1. Configure RSA Authentication. Refer to Using RSA Authentication of SSH . 2.
The following example shows creating rhosts . admin@Unix_client# ls id_rsa id_rsa.pub rhosts shosts admin@Unix_client# cat rhosts 10.16.127.201 admin Using Client-Based SSH Authentication To SSH from the chassis to the SSH client, use the following command.
VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in the Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote.
Example of Configuring VTY Authorization Based on Access Class Retrieved from a Local Database (Per User) Dell(conf)#user gooduser password abc privilege 10 access-class permitall Dell(conf)#user badu.
Dell(config-line-vty)#access-class sourcemac Dell(config-line-vty)#end 818 Security.
48 Service Provider Bridging Service provider bridging provides the ability to add a second VLAN ID tag in an Ethernet frame and is referred to as VLAN stacking in the Dell Networking OS. VLAN Stacking Virtual local area network (VLAN) stacking is supported on the platform.
Figure 107. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLAN- stack-enabled VLAN.
Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1. Creating Access and Trunk Ports 2. Assign access and trunk ports to a VLAN ( Creating Access and Trunk Ports ).
! interface TenGigabitEthernet 2/12 no ip address switchport vlan-stack trunk no shutdown Enable VLAN-Stacking for a VLAN To enable VLAN-Stacking for a VLAN, use the following command.
To configure trunk ports, use the following commands. 1. Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making it a hybrid port. INTERFACE mode portmode hybrid NOTE: You can add a trunk port to an 802.1Q VLAN as well as a Stacking VLAN only when the TPID 0x8100.
Example of Debugging a VLAN and its Ports The port notations are as follows: • MT — stacked trunk • MU — stacked access port • T — 802.1Q trunk port • U — 802.
Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Figure 108. Single and Double-Tag TPID Match Service Provider Bridging 825.
Figure 109. Single and Double-Tag First-byte TPID Match 826 Service Provider Bridging.
Figure 110. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested.
Table 60. Drop Eligibility Behavior Ingress Egress DEI Disabled DEI Enabled Normal Port Normal Port Retain CFI Set CFI to 0. Trunk Port Trunk Port Retain inner tag CFI Retain inner tag CFI.
Marking Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress. For ingress information, refer to Honoring the Incoming DEI Value . To mark egress packets, use the following command. • Set the DEI value on egress according to the color currently assigned to the packet.
• Option 1: Mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. In this case, you must have other dot1p QoS configurations; this option is classic dot1p marking. • Option 2: Mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p.
service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly, use the following commands. 1. Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag.
Figure 112. VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region. Layer 2 protocol tunneling enables BPDUs to trave.
Figure 113. VLAN Stacking with L2PT Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. • No protocol packets are tunneled when you enable VLAN stacking. • L2PT requires the default CAM profile. Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command.
show cam-profile 2. Enable protocol tunneling globally on the system. CONFIGURATION mode protocol-tunnel enable 3. Tunnel BPDUs the VLAN. INTERFACE VLAN mode protocol-tunnel stp Specifying a Destination MAC Address for BPDUs By default, the system uses a Dell Networking-unique MAC address for tunneling BPDUs.
The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel Provider Backbone Bridging IEEE 802.
49 sFlow sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high-speed networks with many switches and routers. Overview The Dell Networking OS supports sFlow version 5.
Important Points to Remember • The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via snmpset. • By default, sFlow collection is supported only on data ports.
INTERFACE mode sflow max-header-size extended By default, the maximum header size of a packet is 128 bytes. When sflow max-header-size extended is enabled, 256 bytes are copied. These bytes are useful for VxLAN, NvGRE, IPv4, and IPv6 tunneled packets.
sFlow Show Commands You can display sFlow statistics at the switch, interface, and line card level. • Displaying Show sFlow Globally • Displaying Show sFlow on an Interface • Displaying Show sFlow on a Line Card Displaying Show sFlow Global To view sFlow statistics, use the following command.
The following example shows the show running-config interface command. Dell#show running-config interface tengigabitethernet 1/16 ! interface TenGigabitEthernet 1/16 no ip address mtu 9252 ip mtu 9234.
• Change the global default counter polling interval. CONFIGURATION mode or INTERFACE mode sflow polling-interval interval value – interval value : in seconds.
Global default sampling rate: 4096 Global default counter polling interval: 15 Global extended information enabled: gateway, router, switch 1 collectors configured Collector IP addr: 10.
IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description source and destination IP addresses are learned by different routing protocols, and for cases where is source is reachable over ECMP. BGP BGP Exported Exported Extended gateway data is packed.
50 Simple Network Management Protocol (SNMP) The Simple Network Management Protocol (SNMP) is designed to manage devices on IP networks by monitoring device operation, which might require administrator intervention.
Configuring SNMP version 3 requires configuring SNMP users in one of three methods. Refer to Setting Up User-Based Security (SNMPv3) . Related Configuration Tasks • Managing Overload on Startup • .
To choose a name for the community you create, use the following command. • Choose a name for the community. CONFIGURATION mode snmp-server community name {ro | rw} Example of Creating an SNMP Community To view your SNMP configuration, use the show running-config snmp command from EXEC Privilege mode.
snmp-server group groupname { oid-tree } auth read name write name • Configure an SNMPv3 view. CONFIGURATION mode snmp-server view view-name 3 noauth {included | excluded} NOTE: To give a user read and write privileges, repeat this step for each privilege type.
Examples of Reading Managed Object Values In the following example, the value “4” displays in the OID before the IP address for IPv4. For an IPv6 IP address, a value of “16” displays. > snmpget -v 2c -c mycommunity 10.11.131.161 sysUpTime.0 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (32852616) 3 days, 19:15:26.
snmp-server contact text You may use up to 55 characters. The default is None . • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmp-server location text You may use up to 55 characters.
snmp-server host ip-address [traps | informs] [version 1 | 2c |3] [ community-string ] To send trap messages, enter the keyword traps . To send informational messages, enter the keyword informs . To send the SNMP version to use for notification messages, enter the keyword version .
TASK SUSPENDED: SUSPENDED - svce:%d - inst:%d - task:%s SYSTEM-P:CP %CHMGR-2-CARD_PARITY_ERR ABNORMAL_TASK_TERMINATION: CRASH - task:%s %s CPU_THRESHOLD: Cpu %s usage above threshold. Cpu5SecUsage (%d) CPU_THRESHOLD_CLR: Cpu %s usage drops below threshold.
Level 7 VLAN 1000 entity Enable entity change traps Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1487406) 4:07:54.06, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 4 Trap SNMPv2-MIB::sysUpTime.
MIB Object OID Object Values Description and copySrcFileName. copySrcFileLocation . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.3 1 = flash 2 = slot0 3 = tftp 4 = ftp 5 = scp 6 = usbflash Specifies the location of source file. • If copySrcFileLocation is FTP or SCP, you must specify copyServerAddress, copyUserName, and copyUserPassword.
MIB Object OID Object Values Description copyServerAddress . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.8 IP Address of the server. The IP address of the server. • If you specify copyServerAddress, you must also specify copyUserName and copyUserPassword. copyUserName .
• -c : View the community, either public or private. • -m : View the MIB files for the SNMP command. • -r : Number of retries using the option • -t : View the timeout. • -v : View the SNMP version (either 1, 2, 2d, or 3). The following examples show the snmpset command to copy a configuration.
FTOS-COPY-CONFIG-MIB::copySrcFileType.7 = INTEGER: runningConfig(3) FTOS-COPY-CONFIG-MIB::copyDestFileType.7 = INTEGER: startupConfig(2) The following example shows copying configuration files from a UNIX machine using the OID. >snmpset -c public -v 2c 10.
Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP.
MIB Object OID Values Description 7 = unknown copyEntryRowStatus . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.15 Row status Specifies the state of the copy operation. Uses CreateAndGo when you are performing the copy. The state is set to active when the copy is completed.
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory.
MIB Object OID Description chSysCoresStackUnitNumber 1.3.6.1.4.1.6027.3.25.1.2.8.1.4 Contains information that includes which stack unit or processor the core file was originated from. chSysCoresProcess 1.3.6.1.4.1.6027.3.25.1.2.8.1.5 Contains information that includes the process names that generated each core file.
Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN. Example of Assigning a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.1.
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNMPv2-SMI::mib-2.17.7.1.4.3.1.4.1107787786 = Hex-STRING: 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0.
and 1.3.6.1.4.1.6027.3.18.1.6 Enabling and Disabling a Port using SNMP To enable and disable a port using SNMP, use the following commands. 1. Create an SNMP community on the Dell system.
Table 66. MIB Objects for Fetching Dynamic MAC Entries in the Forwarding Database MIB Object OID MIB Description dot1dTpFdbTable .1.3.6.1.2.1.17.4.3 Q-BRIDGE MIB List the learned unicast MAC addresses on the default VLAN. dot1qTpFdbTable .1.3.6.1.2.1.
-------------Query from Management Station---------------------- >snmpwalk -v 2c -c techpubs 10.11.131.162 .1.3.6.1.4.1.6027.3.2.1.1.5 SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.1.1000.0.1.232.6.149.172.1 = INTEGER: 1000 SNMPv2-SMI::enterprises.6027.
For example, the interface index 51528196 for the FortyGigE 0/4 port is 0000 0011 0001 0010 0100 0010 0000 0100 in binary format as shown in the following figure. In this example, if you start from the least significant bit on the right: • The first 14 bits (00001000000010) identify a Z9500 line card.
Example of Viewing Status of Learned MAC Addresses If we learn MAC addresses for the LAG, status is shown for those as well. dot3aCurAggVlanId SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.1.1.0.0.0.0.0.1.1 = INTEGER: 1 dot3aCurAggMacAddr SNMPv2-SMI::enterprises.
51 Storm Control Storm control allows you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking OS Behavior : The switch supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic.
52 Spanning Tree Protocol (STP) The spanning tree protocol (STP) is a Layer 2 protocol — specified by IEEE 802.1d — that eliminates loops in a bridged topology by enabling only a single path through the network.
• The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time.
INTERFACE mode no ip address 2. Place the interface in Layer 2 mode. INTERFACE switchport 3. Enable the interface. INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode.
Figure 115. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1. Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2.
To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output.
spanning-tree 0 To remove a Layer 2 interface from the spanning tree topology, enter the no spanning-tree 0 command. Modifying Global Parameters You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hello- time, and max-age and overwrites the values set on other bridges participating in STP.
the default is 2 seconds . • Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology). PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds .
only implement bpduguard , although the interface is placed in an Error Disabled state when receiving the BPDU, the physical interface remains up and spanning-tree drops packets in the hardware after a BPDU violation. BPDUs are dropped in the software after receiving the BPDU violation.
• If the interface to be shut down is a port channel, all the member ports are disabled in the hardware. • When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware.
• disables spanning tree on an interface • drops all BPDUs at the line card without generating a console message Example of Blocked BPDUs Dell(conf-if-te-0/7)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.
Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the bridge- priority command) is selected as the root bridge.
Figure 117. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior : The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface.
INTERFACE mode or INTERFACE PORT-CHANNEL mode spanning-tree {0 | mstp | rstp | pvst} rootguard – 0 : enables root guard on an STP-enabled port assigned to instance 0. – mstp : enables root guard on an MSTP-enabled port. – rstp : enables root guard on an RSTP-enabled port.
As soon as a BPDU is received on an STP port in a Loop-Inconsistent state, the port returns to a blocking state. If you disable STP loop guard on a port in a Loop-Inconsistent state, the port transitions to an STP blocking state and restarts the max-age timer.
– Rapid Spanning Tree Protocol (RSTP) – Multiple Spanning Tree Protocol (MSTP) – Per-VLAN Spanning Tree Plus (PVST+) • You cannot enable root guard and loop guard at the same time on an STP port.
Te 0/2 0 LIS Loopguard Te 0/3 0 EDS (Shut) Bpduguard 884 Spanning Tree Protocol (STP).
53 System Time and Date System time and date settings are user-configurable and maintained through the network time protocol (NTP). System times and dates are also set in hardware settings using the Dell Networking OS CLI.
time and adjust the local clock accordingly. In addition, the message includes information to calculate the expected timekeeping accuracy and reliability, as well as select the best from possibly several servers.
Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a Source IP Address for NTP Packets (optional) Enabling NTP NTP is disabled by default.
Example of Configuring NTP Broadcasts 2w1d11h : NTP: Maximum Slew:-0.000470, Remainder = -0.496884 Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, the system drops any NTP packets sent to that interface.
Dell Networking OS version in which you have configured ntp authentication-key , the system cannot correctly decrypt the key and cannot authenticate the NTP packets. In this case, re-enter this command and save the running-config to the startup-config.
To configure the switch as NTP Server use the ntp master<stratum> command. stratum number identifies the NTP Server's hierarchy. Examples of Configuring and Viewing an NTP Configuration The following example shows configuring an NTP server.
NOTE: • Leap Indicator ( sys.leap , peer.leap , pkt.leap ) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day.
Time and Date You can set the time and date in the Dell Networking OS using the CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings.
– timezone-name : enter the name of the timezone. Do not use spaces. – offset : enter one of the following: * a number from 1 to 23 as the number of hours in addition to UTC for the timezone. * a minus sign (-) then a number from 1 to 23 as the number of hours.
00:00:00 pacific Sat Nov 7 2009" Setting Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight saving time on a specific day every year.
Examples of Configuring and Viewing the Clock Summer-Time Recurring Option The following example shows using the clock summer-time recurring command. Dell(conf)#clock summer-time pacific recurring Mar.
54 Tunneling Tunnel interfaces create a logical tunnel for IPv4 or IPv6 traffic. Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported.
interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in .
Configuring a Tunnel Interface You can configure the tunnel interface using the ip unnumbered and ipv6 unnumbered commands. To configure the tunnel interface to operate without a unique explicit ip or ipv6 address, select the interface from which the tunnel will borrow its address.
Configuring Tunnel source anylocal Decapsulation The tunnel source anylocal command allows a multipoint receive-only tunnel to decapsulate tunnel packets addressed to any IPv4 or IPv6 (depending on the tunnel mode) address configured on the switch that is operationally UP.
• IP tunnel interfaces are supported over ECMP paths to the next hop. ECMP paths over IP tunnel interfaces are supported. ARP and neighbor resolution for the IP tunnel next-hop are supported.
55 Upgrade Procedures For detailed upgrade procedures, refer to the Dell Networking OS Release Notes for your switch. The release notes describe the requirements and steps to follow to upgrade to a desired OS version. Upgrade Overview To upgrade system software on the switch, follow these general steps: 1.
local flash. This image contains independent images for the CPUs: Control Processor (CP), Route Processor (RP), and line-card processor (LP). Each separate image runs on a different CPU and are unpacked and downloaded on the appropriate CPU via the party bus.
56 Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. Feature Description A switch provides upstream connectivity for devices, such as servers.
Figure 120. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group .
Figure 121. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state.
– An uplink-state group is considered to be operationally down if it has no upstream interfaces in the Link-Up state. No uplink-state tracking is performed when a group is disabled or in an Operationally Down state. • You can assign physical port or port-channel interfaces to an uplink-state group.
• Port channel: enter port-channel { 1-512 | port-channel-range } Where port-range and port-channel-range specify a range of ports separated by a dash (-) and/or individual ports/port channels in an.
Clearing a UFD-Disabled Interface You can manually bring up a downstream interface in an uplink-state group that UFD disabled and is in a UFD-Disabled Error state. To re-enable one or more disabled downstream interfaces and clear the UFD-Disabled Error state, use the following command.
down: Te 0/47 02:37:29: %SYSTEM-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 0/47 02:37:29 : UFD: Group:3, UplinkState: DOWN 02:37:29: %SYSTEM-P:CP %IFMGR-5-OSTATE_DN: Changed uplink s.
If a downstream interface in an uplink-state group is disabled (Oper Down state) by uplink-state tracking because an upstream port is down, the message error-disabled[UFD] displays in the output. • Display the current configuration of all uplink-state groups or a specified group.
Interface index is 280544512 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing o.
• Add a text description for the group. • Verify the configuration with various show commands. Example of Configuring UFD (S50) Dell(conf)# uplink-state-group 3 00:08:11: %STKUNIT0-M:CP %IFMGR-5-A.
57 Virtual LANs (VLANs) Virtual LANs (VLANs) are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices.
By default, VLAN 1 is the Default VLAN. To change that designation, use the default vlan-id command in CONFIGURATION mode. You cannot delete the Default VLAN. NOTE: You cannot assign an IP address to the Default VLAN. To assign an IP address to a VLAN that is currently the Default VLAN, create another VLAN and assign it to be the Default VLAN.
preserved as the frame moves through the network. The following example shows the structure of a frame with a tag header. The VLAN ID is inserted in the tag header.
• Configure a port-based VLAN (if the VLAN-ID is different from the Default VLAN ID) and enter INTERFACE VLAN mode. CONFIGURATION mode interface vlan vlan-id To activate the VLAN, after you create a VLAN, assign interfaces in Layer 2 mode to the VLAN.
The following example shows the steps to add a tagged interface (in this case, port channel 1) to VLAN 4. To view the interface’s status. Interface (po 1) is tagged and in VLAN 2 and 3, use the show vlan command. In a port-based VLAN, use the tagged command to add the interface to another VLAN.
untagged interface This command is available only in VLAN interfaces. Move an Untagged Interface to Another VLAN The no untagged interface command removes the untagged interface from a port-based VLAN and places the interface in the Default VLAN. You cannot use the no untagged interface command in the Default VLAN.
NOTE: You cannot assign an IP address to the Default VLAN (VLAN 1). To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command. You can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic.
switchport 4. Add the interface to a tagged or untagged VLAN. VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, servic.
58 Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.
Figure 123. VRF Network Example VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs).
Dell Networking OS uses both the VRF name and VRF ID to manage VRF instances. The VRF name and VRF ID number are assigned using the ip vrf command. The VRF ID is displayed in show ip vrf command output. The VRF ID is not exchanged between routers. VRF IDs are local to a router.
Feature/Capability Support Status for Default VRF Support Status for Non-default VRF NOTE: ACLs supported on all VRF VLAN ports. IPv4 ACLs are supported on non- default-VRFs also. IPv6 ACLs are supported on default- VRF only. PBR supported on default-VRF only.
DHCP DHCP requests are not forwarded across VRF instances. The DHCP client and server must be on the same VRF instance. VRF Configuration The VRF configuration tasks are: 1.
Task Command Syntax Command Mode Assign an interface to a VRF instance. ip vrf forwarding vrf- name INTERFACE Assigning a Front-end Port to a Management VRF Starting in 9.7(0.0) release, you can assign a front-end port to a management VRF and make the port to act as a host interface.
Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. Refer to Open Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance . Return to CONFIGURATION mode to enable the OSPF process.
Task Command Syntax Command Mode View VRRP command output for the VRF vrf1 show vrrp vrf vrf1 ------------------ TenGigabitEthernet 1/13, IPv4 VRID: 10, Version: 2, Net: 10.
Task Command Syntax Command Mode Configure a static neighbor. ipv6 neighbor vrf management 1::1 tengigabitethernet 1/1 xx:xx:xx:xx:xx:xx CONFIGURATION Sample VRF Configuration The following configuration illustrates a typical VRF set-up.
Figure 125. Setup VRF Interfaces The following example relates to the configuration shown in Figure1 and Figure 2 . Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1 ip vrf forwarding blue ip address 10.
interface TenGigabitEthernet 1/2 ip vrf forwarding orange ip address 20.0.0.1/24 no shutdown ! interface TenGigabitEthernet 1/3 ip vrf forwarding green ip address 30.
interface TenGigabitEthernet 2/2 ip vrf forwarding orange ip address 21.0.0.1/24 no shutdown ! interface TenGigabitEthernet 2/3 ip vrf forwarding green ip address 31.
orange 2 Te 1/2, Vl 192 green 3 Te 1/3, Vl 256 Dell#show ip ospf 1 neighbor Neighbor ID Pri State Dead Time Address Interface Area 1.0.0.2 1 FULL/DR 00:00:32 1.0.0.2 Vl 128 0 Dell#sh ip ospf 2 neighbor Neighbor ID Pri State Dead Time Address Interface Area 2.
O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,.
L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- C 1.0.0.0/24 Direct, Vl 128 0/0 00:27:21 O 10.
0/0 00:20:19 Dell# Route Leaking VRFs Static routes can be used to redistribute routes between non-default to default/non-default VRF and vice-versa. You can configure route leaking between two VRFs using the following command: ip route vrf x.x.x.x s.
After the target VRF learns routes that are leaked by the source VRF, the source VRF in turn can leak the export target corresponding to the destination VRFs that have imported its routes. The source VRF learns the export target corresponding to the destinations VRF using the ip route-import tag or ipv6 route-import tag command.
! ip vrf VRF-Blue ip route-export 3:3 ip route-import 1:1 ! ip vrf VRF-Green ! ip vrf VRF-shared ip route-export 1:1 ip route-import 2:2 ip route-import 3:3 Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red O 11.
C 133.3.3.0/24 Direct, Te 1/13 0/0 22:39:61 Dell# show ip route vrf VRF-Shared O 11.1.1.1/32 via VRF-Red:111.1.1.1 110/0 00:00:10 C 111.1.1.0/24 Direct, VRF-Red:Te 1/11 0/0 22:39:59 O 22.2.2.2/32 via VRF-Blue:122.2.2.2 110/0 00:00:11 C 122.2.2.0/24 Direct, VRF-Blue:Te 1/22 0/0 22:39:61 O 44.
route-map import_ospf_protocol and then specify the match criteria as OSPF using the match source- protocol ospf command. You can then use the ip route-import route-map command to import routes matching the filtering criteria defined in the import_ospf_protocol route-map.
The show VRF commands displays the following output: Dell# show ip route vrf VRF-Blue C 122.2.2.0/24 Direct, Te 1/22 0/0 22:39:61 O 22.2.2.2/32 via 122.2.2.2 110/0 00:00:11 O 44.4.4.4/32 via vrf-red:144.4.4.4 0/0 00:32:36 << only OSPF and BGP leaked from VRF-red Important Points to Remember • Only Active routes are eligible for leaking.
59 Virtual Link Trunking (VLT) Virtual link trunking (VLT) allows physical links between two chassis to appear as a single virtual link to the network core or other switches such as Edge, Access, or top-of-rack (ToR).
Figure 126. Example of VLT Deployment VLT on Core Switches You can also deploy VLT on core switches. Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing.
Figure 127. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches.
Configure Virtual Link Trunking VLT requires that you enable the feature and then configure the same VLT domain, backup link, and VLT interconnect on both peer switches. Important Points to Remember • VLT port channel interfaces must be switch ports.
If this scenario occurs, use the clear mac-address-table sticky all command on the primary or secondary peer to correctly sync the MAC addresses. • If static ARP is enabled on only one VLT peer, entries may be overwritten during bulk sync. Configuration Notes When you configure VLT, the following conditions apply.
– If you shut down the port channel used in the VLT interconnect on a peer switch in a VLT domain in which you did not configure a backup link, the switch’s role displays in the show vlt brief command output as Primary instead of Standalone. – When you change the default VLAN ID on a VLT peer switch, the VLT interconnect may flap.
– VLT allows multiple active parallel paths from access switches to VLT chassis. – VLT supports port-channel links with LACP between access switches and VLT peer switches.
the master or backup for all VRRP groups configured on its interfaces. For more information, refer to Setting VRRP Group (Virtual Router) Priority . – To verify that a VLT peer is consistently configured for either the master or backup role in all VRRP groups, use the show vrrp command on each peer.
RSTP and VLT VLT provides loop-free redundant topologies and does not require RSTP. RSTP can cause temporary port state blocking and may cause topology changes after link or node failures.
• VLT Sync — Entries learned on the VLT interface are synced on both VLT peers. • Non-VLT Sync — Entries learned on non-VLT interfaces are synced on both VLT peers.
Figure 128. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches.
To route traffic to and from the multicast source and receiver, enable PIM on the L3 side connected to the PIM router using the ip pim sparse-mode command.
Layer 3 on the other node. Configuration mismatches are logged in the syslog and display in the show vlt mismatch command output. If you enable VLT unicast routing, the following actions occur: • L3 routing is enabled on any new IP or IPv6 address configured for a VLAN interface that is up.
Important Points to Remember • You cannot configure a VLT node as a rendezvous point (RP), but any PIM-SM compatible VLT node can serve as a designated router (DR). • You can only use one spanned VLAN from a PIM-enabled VLT node to an external neighboring PIM router.
RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the VLT startup phase. You may also use RSTP for loop prevention in the network outside of the VLT port channel.
In the case of a primary VLT switch failure, the secondary switch starts sending BPDUs with its own bridge ID and inherits all the port states from the last synchronization with the primary switch. An access device never detects the change in primary/secondary roles and does not see it as a topology change.
no ip address 3. Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface : specify one of the following interface types: • 1-Gigabit Ethernet: Enter gigabitethernet slot/port . • 10-Gigabit Ethernet: Enter tengigabitethernet slot/port .
lacp ungroup member-independent {vlt | port-channel port-channel-id } LACP on VLT ports (on a VLT switch or access device), which are members of the virtual link trunk, is not brought up until the VLT domain is recognized on the access device.
Reconfiguring the Default VLT Settings (Optional) To reconfigure the default VLT settings, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000.
Connecting a VLT Domain to an Attached Access Device (Switch or Server) To connect a VLT domain to an attached access device, use the following commands. On a VLT peer switch : To connect to an attached device, configure the same port channel ID number on each peer switch in the VLT domain.
Configuring a VLT VLAN Peer-Down (Optional) To configure a VLT VLAN peer-down, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000.
vlt domain domain-id The range of domain IDs is from 1 to 1000. 4. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number The range is from 1 to 128.
9. Place the interface in Layer 2 mode. INTERFACE PORT-CHANNEL mode switchport 10. Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device. INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number Valid port-channel ID numbers are from 1 to 128.
interface port-channel port-channel id NOTE: To benefit from the protocol negotiations, Dell Networking recommends configuring VLTs used as facing hosts/switches with LACP. Ensure both peers use the same port channel ID. 4. Configure the peer-link port-channel in the VLT domains of each peer unit.
Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. Dell-2(conf)#vlt domain 5 Dell-2(conf-vlt-domain)# Dell-4(conf)#vlt domain 5 Dell-4(conf-vlt-domain)# Configure the VLTi between VLT peer 1 and VLT peer 2. 1. You can configure the LACP/static LAG between the peer units (not shown).
! port-channel-protocol LACP port-channel 2 mode active no shutdown Dell-2#show running-config interface port-channel 2 ! interface Port-channel 2 no ip address switchport vlt-peer-lag port-channel 2 .
Role Priority: 32768 ICL Link Status: Up HeartBeat Status: Up VLT Peer Status: Up Local System MAC address: 00:01:e8:8c:4d:08 Remote System MAC address: 00:01:e8:8c:4d:1c Dell-2#show vlt detail Local .
Configure PVST+ on VLT Peers to Prevent Forwarding Loops (VLT Peer 2) Dell_VLTpeer2(conf)#protocol spanning-tree pvst Dell_VLTpeer2(conf-pvst)#no disable Dell_VLTpeer2(conf-pvst)#vlan 1000 bridge-priority 4096 Configure both ends of the VLT interconnect trunk with identical PVST+ configurations.
Figure 129. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1.
Domain_1_Peer2(conf-vlt-domain)# back-up destination 10.16.130.12 Domain_1_Peer2(conf-vlt-domain)# system-mac mac-address 00:0a:00:0a:00:0a Domain_1_Peer2(conf-vlt-domain)# unit-id 1 Configure eVLT on Peer 2.
Configure eVLT on Peer 4. Domain_2_Peer4(conf)#interface port-channel 100 Domain_2_Peer4(conf-if-po-100)# switchport Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4.
VLT_Peer2(conf-if-vl-4001)#exit VLT_Peer2(conf)#end Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation.
Examples of the show vlt and show spanning-tree rstp Commands The following example shows the show vlt backup-link command. Dell_VLTpeer1# show vlt backup-link VLT Backup Link ----------------- Destination: 10.
The following example shows the show vlt detail command. Dell_VLTpeer1# show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active VLANs ------------ ----------- ------------ -----------.
Dell_VLTpeer2# show vlt statistics VLT Statistics ---------------- HeartBeat Messages Sent: 994 HeartBeat Messages Received: 978 ICL Hello's Sent: 89 ICL Hello's Received: 89 The following example shows the show spanning-tree rstp command. The bold section displays the RSTP state of port channels in the VLT domain.
Configuring Virtual Link Trunking (VLT Peer 1) Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi). Dell_VLTpeer1(conf)#vlt domain 999 Dell_VLTpeer1(conf-vlt-domain)# peer-link port-channel 100 Dell_VLTpeer1(conf-vlt-domain)# back-up destination 10.
Configure the backup link. Dell_VLTpeer2(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer2(conf-if-ma-0/0)# ip address 10.11.206.35/ Dell_VLTpeer2(conf-if-ma-0/0)#no shutdown Dell_VLTpeer2(conf-if-ma-0/0)#exit Configure the VLT interconnect (VLTi).
Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative.
Description Behavior at Peer Up Behavior During Run Time Action to Take that the MAC address is the same on both units. Unit ID mismatch The VLT peer does not boot up. The VLTi is forced to a down state. A syslog error message is generated. The VLT peer does not boot up.
Specifying VLT Nodes in a PVLAN You can configure VLT peer nodes in a private VLAN (PVLAN). VLT enables redundancy without the implementation of Spanning Tree Protocol (STP), and provides a loop-free network with optimal bandwidth utilization.
not validated if you associate an ICL to a PVLAN. Similarly, if you dissociate an ICL from a PVLAN, although the PVLAN parity exists, ICL is removed from that PVLAN.
PVLAN Operations When a VLT Peer is Restarted When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back online, a verification is performed with the newly received PVLAN configuration from the peer.
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 Promiscuo us Trunk Primary Primary Yes No Trunk Access Primary Secondary No No Promiscuo us Promiscu.
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 Access Access Secondary (Community) Secondary (Community) No No - Primary VLAN Y - Primary VLAN X No.
4. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 5. To configure the VLT interconnect, repeat Steps 1–4 on the VLT peer switch. 6. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000.
interface vlan vlan-id 6. Enable the VLAN. INTERFACE VLAN mode no shutdown 7. To obtain maximum VLT resiliency, configure the PVLAN IDs and mappings to be identical on both the VLT peer nodes. Set the PVLAN mode of the selected VLAN to primary. INTERFACE VLAN mode private-vlan mode primary 8.
request for 20.1.1.1 reaches node 1, node 1 will not perform the ARP request for 20.1.1.2. Proxy ARP is supported only for the IP address belongs to the received interface IP network. Proxy ARP is not supported if the ARP requested IP address is different from the received interface IP subnet.
VLT Nodes as Rendezvous Points for Multicast Resiliency You can configure virtual link trunking (VLT) peer nodes as rendezvous points (RPs) in a Protocol Independent Multicast (PIM) domain. PIM uses a VLT node as the RP to distribute multicast traffic to a multicast group.
vlan-stack {access | trunk} 2. Configure VLAN as VLAN-stack compatible on both the peers. INTERFACE VLAN mode vlan-stack compatible 3. Add the VLT LAG as a member to the VLAN-stack on both the peers. INTERFACE VLAN mode member port-channel port—channel ID 4.
Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 .
vlt domain 1 peer-link port-channel 1 back-up destination 10.16.151.115 system-mac mac-address 00:00:00:11:11:11 unit-id 1 Dell# Configure VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interfa.
Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C - Community, I - Isolated O - Openflow Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged o - Ope.
60 VLT Proxy Gateway You can configure a proxy gateway in VLT domains. A proxy gateway enables you to locally route the packets that are destined to a L3 endpoint in another VLT domain.
When the routing table across DCs is not symmetrical, there is a possibility of a routing miss by a DC that do not have the route for the L3 traffic. Since routing protocols will enabled and both the DC’s comes in same subnet there will not be route asymmetry dynamically.
8. LLDP port channel interface can’t be changed to legacy lag when proxy gateway is enabled. 9.“vlt-peer-mac transmit” is recommended only for square VLT without any diagonal links. 10. VRRP and IPv6 routing is not supported now. 11. With the existing hardware capabilities, only 512 my_station_tcam entries can be supported.
• There are only a couple of MACs for each unit to be transmitted so that all current active MACs can definitely be carried on the newly defined TLV. • This TLV is recognizable only by FTOS devices with this feature support. Other device will ignore this field and should still be able to process other standard TLVs.
2. Trace route across VLT domains may show extra hops. 3. IP route symmetry must be maintained across the VLT domains. Assume if the route to a destination is not available at C2, though the packet hits the MY_STATION_TCAM and routing is enabled for that VLAN, if there is no entry for that prefix in the routing table it will dropped to CPU.
8. Packet duplication – Assume exclude-vlan (say VLAN 10) is configured on C2/D2 for C1’s MAC. If packets for VLAN 10 with C1’s MAC get a hit at C2, they will be switched to both D2 (via ICL) and C1 via inter DC link. This could lead to packet duplication.
61 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP Overview VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).
Figure 130. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables.
decreases based on the dynamics of the network, the advertisement intervals may increase or decrease accordingly. CAUTION: Increasing the advertisement interval increases the VRRP Master dead interval, resulting in an increased failover time for Master/Backup election.
• Create a virtual router for that interface with a VRID. INTERFACE mode vrrp-group vrid The VRID range is from 1 to 255. NOTE: The interface must already have a primary IP address defined and be enabled, as shown in the second example. • Delete a VRRP group.
You can use the version both command in INTERFACE mode to migrate from VRRPv2 to VRRPv3. When you set the VRRP version to both , the switch sends only VRRPv3 advertisements but can receive VRRPv2 or VRRPv3 packets. To migrate an IPv4 VRRP group from VRRPv2 to VRRPv3: 1.
group and the interface’s physical MAC address is changed to that of the owner VRRP group’s MAC address. • If you configure multiple VRRP groups on an interface, only one of the VRRP Groups can contain the interface primary or secondary IP address.
Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.10 Authentication: (none) ------------------ TenGigabitEthernet 1/2, VRID: 111 , Net: 10.
TenGigabitEthernet 1/2, VRID: 111, Net: 10.10.2.1 State: Master, Priority: 125, Master: 10.10.2.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 601, Gratuitous ARP sent: 2 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.
NOTE: You must configure all virtual routers in the VRRP group the same: you must configure all with preempt enabled or configure all with preempt disabled. Because preempt is enabled by default, disable the preempt function with the following command.
To change the advertisement interval in seconds or centisecs, use the following command. A centisecs is 1/100 of a second. • Change the advertisement seconds interval setting. INTERFACE-VRID mode advertise-interval seconds The range is from 1 to 255 seconds.
default value of 10 (also known as cost ). If the tracked interface’s state goes up, the VRRP group’s priority increases by 10. The lowered priority of the VRRP group may trigger an election.
• (Optional) Display the configuration of tracked objects in VRRP groups on a specified interface. EXEC mode or EXEC Privilege mode show running-config interface interface Example of Configuring and Verifying the Tracking Configuration The following example shows configuring VRRP tracking.
Virtual IP address: 2007::1 fe80::1 Tracking states for 2 resource Ids: 2 - Up IPv6 route, 2040::/64, priority-cost 20, 00:02:11 3 - Up IPv6 route, 2050::/64, priority-cost 30, 00:02:11 The following example shows viewing the VRRP configuration on an interface.
The seconds range is from 0 to 900. The default is 0 . Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP.
Figure 131. VRRP for IPv4 Topology Example of Configuring VRRP for IPv4 Router 2 R2(conf)#int te 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.
no shutdown R2(conf-if-te-2/31)#end R2#show vrrp ------------------ TenGigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.
Figure 132. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address.
Although R2 and R3 have the same default, priority (100), R2 is elected master in the VRRPv3 group because the TenGigE 0/0 interface has a higher IPv6 address than the TenGigE 1/0 interface on R3.
VRRP in a VRF Configuration The following example shows how to enable VRRP operation in a VRF virtualized network for the following scenarios. • Multiple VRFs on physical interfaces running VRRP.
Figure 133. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 2/1 S1(conf-if-te-2/1)#ip vrf forwarding VRF-1 S1(conf-if-te-2/1)#ip address 10.
! S1(conf)#interface TenGigabitEthernet 2/3 S1(conf-if-te-2/3)#ip vrf forwarding VRF-3 S1(conf-if-te-2/3)#ip address 20.1.1.5/24 S1(conf-if-te-2/3)#vrrp-group 15 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-te-2/3-vrid-105)#priority 255 S1(conf-if-te-2/3-vrid-105)#virtual-address 20.
VRRP in VRF: Switch-1 VLAN Configuration VRRP in VRF: Switch-2 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEt.
S2(conf-if-vl-100-vrid-101)#priority 255 S2(conf-if-vl-100-vrid-101)#virtual-address 10.10.1.2 S2(conf-if-vl-100)#no shutdown ! S2(conf-if-te-2/4)#interface vlan 200 S2(conf-if-vl-200)#ip vrf forwarding VRF-2 S2(conf-if-vl-200)#ip address 10.
192.168.0.254 Authentication: (none) Virtual Router Redundancy Protocol (VRRP) 1023.
62 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.
SFF-8431 SFP+ Direct Attach Cable (10GSFP+Cu) MTU 9,252 bytes RFC and I-D Compliance The system supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of the Dell Networking OS first supports the standard.
RFC# Full Name S-Series/Z- Series C-Series E-Series TeraScale E-Series ExaScale Services Field (DS Field) in the IPv4 and IPv6 Headers 2615 PPP over SONET/SDH √ 2698 A Two Rate Three Color Marker √ 8.1.1 3164 The BSD syslog Protocol 7.6.1 7.5.1 √ 8.
RFC# Full Name S-Series/Z-Series draft-ietf-idrrestart- 06 Graceful Restart Mechanism for BGP 7.8.1 General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols.
RFC# Full Name S-Series/Z- Series C-Series E-Series TeraScale E-Series ExaScale 1812 Requirements for IP Version 4 Routers 7.6.1 7.5.1 √ 8.1.1 2131 Dynamic Host Configuration Protocol 7.6.1 7.5.1 √ 8.1.1 2338 Virtual Router Redundancy Protocol (VRRP) 7.
RFC# Full Name S-Series/Z- Series C-Series E-Series TeraScale E-Series ExaScale 2675 IPv6 Jumbograms 7.8.1 7.8.1 √ 8.2.1 2711 IPv6 Router Alert Option 8.3.12.0 3587 IPv6 Global Unicast Address Format 7.8.1 7.8.1 √ 8.2.1 4007 IPv6 Scoped Address Architecture 8.
RFC# Full Name S-Series C-Series E-Series TeraScale E-Series ExaScale Mechanism for IS- IS 2966 Domain-wide Prefix Distribution with Two-Level IS- IS √ 8.1.1 3373 Three-Way Handshake for Intermediate System to Intermediate System (IS-IS) Point-to-Point Adjacencies √ 8.
Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 78. Network Management RFC# Full Name S4810 S4820T Z-Series 1155 Structure and Identification of Management Information for TCP/IP-based Internets 7.
RFC# Full Name S4810 S4820T Z-Series 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2 7.6.1 2024 Definitions of Managed Objects for Data Link Switching using SMIv2 7.
RFC# Full Name S4810 S4820T Z-Series 2578 Structure of Management Information Version 2 (SMIv2) 7.6.1 2579 Textual Conventions for SMIv2 7.6.1 2580 Conformance Statements for SMIv2 7.
RFC# Full Name S4810 S4820T Z-Series 2865 Remote Authentication Dial In User Service (RADIUS) 7.6.1 3273 Remote Network Monitoring Management Information Base for High Capacity Networks (64 bits): Ethernet Statistics High-Capacity Table, Ethernet History High- Capacity Table 7.
RFC# Full Name S4810 S4820T Z-Series ANSI/TIA-1057 The LLDP Management Information Base extension module for TIA-TR41.4 Media Endpoint Discovery information 7.7.1 draft-grant-tacacs -02 The TACACS+ Protocol 7.6.1 draft-ietf-idr-bgp4 -mib-06 Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol (BGP-4) using SMIv2 7.
RFC# Full Name S4810 S4820T Z-Series (LLDP DOT1 MIB and LLDP DOT3 MIB) IEEE 802.1AB The LLDP Management Information Base extension module for IEEE 802.3 organizationally defined discovery information. (LLDP DOT1 MIB and LLDP DOT3 MIB) 7.7.1 ruzin-mstp-mib-0 2 (Traps) Definitions of Managed Objects for Bridges with Multiple Spanning Tree Protocol 7.
RFC# Full Name S4810 S4820T Z-Series FORCE10- LINKAGG-MIB Force10 Enterprise Link Aggregation MIB 7.6.1 FORCE10- CHASSIS-MIB Force10 E-Series Enterprise Chassis MIB FORCE10-COPY- CONFIG-MIB Force10 File Copy MIB (supporting SNMP SET operation) 7.7.1 FORCE10-MONMIB Force10 Monitoring MIB 7.
RFC# Full Name S-Series C-Series E-Series TeraScale E-Series ExaScale 3569 An Overview of Source-Specific Multicast (SSM) 7.8.1 SSM for IPv4 7.7.1 SSM for IPv4 7.5.1 SSM for IPv4/IPv6 8.2.1 SSM for IPv4 3618 Multicast Source Discovery Protocol (MSDP) √ 8.
RFC# Full Name S-Series/Z-Series 2740 OSPF for IPv6 9.1(0.0) 3623 Graceful OSPF Restart 7.8.1 4222 Prioritized Treatment of Specific OSPF Version 2 Packets and Congestion Avoidance 7.6.1 Routing Information Protocol (RIP) The following table lists the Dell Networking OS support per platform for RIP protocol.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Dell 9.7(0.0) c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Dell 9.7(0.0) - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Dell 9.7(0.0), vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Dell 9.7(0.0) va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Dell 9.7(0.0), mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Dell 9.7(0.0).
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Dell 9.7(0.0). Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Dell 9.7(0.0) ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.