Dell MXL 10/40GbE manuel d'utilisation
- Voir en ligne ou télécharger le manuel d’utilisation
- 1094 pages
- 24.06 mb
Aller à la page of
Les manuels d’utilisation similaires
Un bon manuel d’utilisation
Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Dell MXL 10/40GbE. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Dell MXL 10/40GbE ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.
Qu'est ce que le manuel d’utilisation?
Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Dell MXL 10/40GbE décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.
Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.
Donc, ce qui devrait contenir le manuel parfait?
Tout d'abord, le manuel d’utilisation Dell MXL 10/40GbE devrait contenir:
- informations sur les caractéristiques techniques du dispositif Dell MXL 10/40GbE
- nom du fabricant et année de fabrication Dell MXL 10/40GbE
- instructions d'utilisation, de réglage et d’entretien de l'équipement Dell MXL 10/40GbE
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes
Pourquoi nous ne lisons pas les manuels d’utilisation?
Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Dell MXL 10/40GbE ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Dell MXL 10/40GbE et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Dell en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Dell MXL 10/40GbE, comme c’est le cas pour la version papier.
Pourquoi lire le manuel d’utilisation?
Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Dell MXL 10/40GbE, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.
Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Dell MXL 10/40GbE. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.
Table des matières du manuel d’utilisation
-
Page 1
Dell Networking Configuration Guide for the MXL 10/40GbE Switch I/O Module 9.8(0.0)[...]
-
Page 2
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 201[...]
-
Page 3
Contents 1 About this Guide................................................................................................. 33 Audience .............................................................................................................................................. 33 Conventions .......................................................[...]
-
Page 4
Viewing Files .................................................................................................................................. 57 Managing the File System ................................................................................................................... 58 View the Command History .................................[...]
-
Page 5
Configuring Concurrent Session Limit ......................................................................................... 81 Enabling the System to Clear Existing Sessions ........................................................................... 82 Track Login Activity .........................................................................[...]
-
Page 6
Determine the Order in which ACLs are Used to Classify Traffic .................................................... 111 Example of the order Keyword to Determine ACL Sequence ................................................... 112 IP Fragment Handling ..................................................................................................[...]
-
Page 7
Flow-Based Monitoring Support for ACLs ....................................................................................... 138 Behavior of Flow-Based Monitoring ........................................................................................... 138 Enabling Flow-Based Monitoring ..........................................................[...]
-
Page 8
Changing VRRP Session Parameters .......................................................................................... 168 Disabling BFD for VRRP ............................................................................................................... 169 Configure BFD for VLANs ...........................................................[...]
-
Page 9
Enabling MBGP Configurations .................................................................................................. 227 BGP Regular Expression Optimization ............................................................................................. 228 Debugging BGP ......................................................................[...]
-
Page 10
Using PFC and ETS to Manage Converged Ethernet Traffic in a Switch Stack ........................ 272 Applying DCB Policies in a Switch Stack .......................................................................................... 273 Configure a DCBx Operation ......................................................................................[...]
-
Page 11
Configure the System to be a DHCP Server .................................................................................... 315 Configuring the Server for Automatic Address Allocation ......................................................... 315 Configuration Tasks ..................................................................................[...]
-
Page 12
Fibre Channel over Ethernet ............................................................................................................ 349 Ensure Robustness in a Converged Ethernet Network ................................................................... 349 FIP Snooping on Ethernet Bridges ......................................................[...]
-
Page 13
Sample Configuration and Topology ............................................................................................... 381 20 GARP VLAN Registration Protocol (GVRP)................................................ 383 Important Points to Remember .............................................................................................[...]
-
Page 14
Null Interfaces ...................................................................................................................................408 Port Channel Interfaces ................................................................................................................... 408 Port Channel Definition and Standards .................[...]
-
Page 15
Enhanced Validation of Interface Ranges ........................................................................................434 Enhanced Control of Remote Fault Indication Processing ............................................................ 434 23 Internet Protocol Security (IPSec).............................................................[...]
-
Page 16
Version (4 bits) ............................................................................................................................. 457 Traffic Class (8 bits) ..................................................................................................................... 457 Flow Label (20 bits) .....................................[...]
-
Page 17
Default iSCSI Optimization Values ............................................................................................. 479 Displaying iSCSI Optimization Information ..................................................................................... 479 27 Intermediate System to Intermediate System.........................................[...]
-
Page 18
Displaying the MAC Address Table ............................................................................................. 527 MAC Learning Limit ........................................................................................................................... 527 Setting the MAC Learning Limit .........................................[...]
-
Page 19
..................................................................................................................................................... 559 32 Multicast Source Discovery Protocol (MSDP)...........................................560 Protocol Overview ......................................................................................[...]
-
Page 20
Enable BPDU Filtering Globally ........................................................................................................ 593 Modifying the Interface Parameters .................................................................................................594 Configuring an EdgePort ..................................................[...]
-
Page 21
Assigning IPv6 Addresses on an Interface ................................................................................. 643 Assigning Area ID on an Interface .............................................................................................. 643 Assigning OSPFv3 Process ID and Router ID Globally .......................................[...]
-
Page 22
Use PIM-SSM with IGMP Version 2 Hosts ........................................................................................ 681 Configuring PIM-SSM with IGMPv2 ............................................................................................681 39 Port Monitoring.........................................................................[...]
-
Page 23
Setting dot1p Priorities for Incoming Traffic .............................................................................. 721 Honoring dot1p Priorities on Ingress Traffic .............................................................................. 722 Configuring Port-Based Rate Policing ........................................................[...]
-
Page 24
45 Rapid Spanning Tree Protocol (RSTP)........................................................ 770 Protocol Overview ............................................................................................................................ 770 Configuring Rapid Spanning Tree ........................................................................[...]
-
Page 25
Configuring the SSH Server Cipher List ..................................................................................... 804 Secure Shell Authentication ....................................................................................................... 805 Troubleshooting SSH .................................................................[...]
-
Page 26
Important Points to Remember ................................................................................................. 843 Enabling and Disabling sFlow ...........................................................................................................843 Enabling and Disabling sFlow on an Interface ..................................[...]
-
Page 27
Obtaining a Value for MIB Objects ...................................................................................................870 Manage VLANs using SNMP .............................................................................................................. 871 Creating a VLAN ..........................................................[...]
-
Page 28
Stack Member FailsUnplugged Stacking CableMaster Switch FailsStack-Link Flapping ErrorMaster Switch Recovers from FailureStack Unit in Card-Problem State Due to Incorrect Dell Networking OS VersionStack Unit in Card-Problem State Due to Configuration Mismatch ..........................................................................................[...]
-
Page 29
Configuring NTP Authentication ................................................................................................ 929 Dell Networking OS Time and Date ................................................................................................. 931 Configuration Task List ...........................................................[...]
-
Page 30
VLT and IGMP Snooping ............................................................................................................. 967 VLT Port Delayed Restoration .................................................................................................... 967 PIM-Sparse Mode Support on VLT .................................................[...]
-
Page 31
Creating a VLT LAG or a VLT VLAN .......................................................................................... 1001 Associating the VLT LAG or VLT VLAN in a PVLAN ................................................................. 1002 Proxy ARP Capability on VLT Peer Nodes ................................................................[...]
-
Page 32
Verifying the DCB Configuration ..............................................................................................1063 PFC and ETS Configuration Examples ......................................................................................1073 Using PFC and ETS to Manage Data Center Traffic .............................................[...]
-
Page 33
1 About this Guide This guide describes the supported protocols and software features, and provides configuration instructions and examples, for the Dell Networking MXL 10/40GbE Switch IO Module. The MXL 10/40GbE Switch IO Module is installed in a Dell PowerEdge M1000e Enclosure. For information about how to install and perform the initial switch c[...]
-
Page 34
Information Symbols This book uses the following information symbols. NOTE: The Note icon signals important operational information. CAUTION: The Caution icon signals information about situations that could result in equipment damage or loss of data. WARNING: The Warning icon signals information about hardware handling that could result in injury. [...]
-
Page 35
2 Configuration Fundamentals The Dell Networking operating system command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege[...]
-
Page 36
The CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information. • EXEC Privilege mode has commands to view configurations, clear counters, [...]
-
Page 37
ROUTER RIP SPANNING TREE Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit [...]
-
Page 38
CLI Command Mode Prompt Access Command STANDARD ACCESS-LIST Dell(config-std-nacl)# ip access-list standard (IP ACCESS-LIST Modes) EXTENDED ACCESS-LIST Dell(config-ext-nacl)# ip access-list extended (IP ACCESS-LIST Modes) IP COMMUNITY-LIST Dell(config-community- list)# ip community-list AUXILIARY Dell(config-line-aux)# line (LINE Modes) CONSOLE Dell[...]
-
Page 39
CLI Command Mode Prompt Access Command TRACE-LIST Dell(conf-trace-acl)# ip trace-list CLASS-MAP Dell(config-class-map)# class-map CONTROL-PLANE Dell(conf-control- cpuqos)# control-plane-cpuqos DCB POLICY Dell(conf-dcb-in)# (for input policy) Dell(conf-dcb-out)# (for output policy) dcb-input for input policy dcb-output for output policy DHCP Dell(co[...]
-
Page 40
CLI Command Mode Prompt Access Command u-Boot Dell(=>)# Press any key when the following line appears on the console during a system boot: Hit any key to stop autoboot: UPLINK STATE GROUP Dell(conf-uplink-state- group- groupID )# uplink-state-group The following example shows how to change the command mode from CONFIGURATION mode to PROTOCOL SPA[...]
-
Page 41
The first bold line shows the assigned IP address, the second bold line shows the no form of the IP address command, and the last bold line shows the IP address removed. Example of Viewing Disabled Commands Dell(conf)#interface gigabitethernet 4/17 Dell(conf-if-gi-4/17)#ip address 192.168.10.1/24 Dell(conf-if-gi-4/17)#show config ! interface Gigabi[...]
-
Page 42
Entering and Editing Commands Notes for entering commands. • The CLI is not case-sensitive. • You can enter partial CLI keywords. – Enter the minimum number of letters to uniquely identify a command. For example, you cannot enter cl as a partial keyword because both the clock and class-map commands begin with the letters “cl.” You can ent[...]
-
Page 43
Command History The Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands. • When you are in CONFIGURATION mode, the UP or DOWN arrows keys recall the previously-entered CONFIGURATION mode command[...]
-
Page 44
Example of the except Keyword Example of the find Keyword Dell(conf)#do show stack-unit all stack-ports all pfc details | except 0 Admin mode is On Admin is enabled Local is enabled Link Delay 45556 pause quantum stack unit 1 stack-port all Admin mode is On Admin is enabled The find keyword displays the output of the show command beginning from the[...]
-
Page 45
If either of these messages appears, Dell Networking recommends coordinating with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes. Configuration Fundamentals 45[...]
-
Page 46
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) during which the route processor module (RPM), switch fabric module (SFM), and line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking operating s[...]
-
Page 47
Console Access The MXL 10/40GbE Switch IO Module has two management ports available for system access: a serial console port and an out-of-bounds (OOB) port. Serial Console A universal serial bus (USB) (A-Type) connector is located at the front panel. The USB can be defined as an External Serial Console (RS-232) port, and is labeled on the MXL 10/4[...]
-
Page 48
Serial Console 48 Getting Started[...]
-
Page 49
External Serial Port with a USB Connector The following table listes the pin assignments. Table 2. Pin Assignments USB Pin Number Signal Name Pin 1 RTS Pin 2 RX Pin 3 TX Pin 4 CTS Pin 5, 6 GND RxD Chassis GND Accessing the CLI Interface and Running Scripts Using SSH In addition to the capability to access a device using a console connection or a Te[...]
-
Page 50
Following are the points to remember, when you are trying to establish an SSH session to the device to run commands or script files: • There is an upper limit of 10 concurrent sessions in SSH. Therefore, you might expect a failure in executing SSH-related scripts. • To avoid denial of service (DoS) attacks, a rate-limit of 10 concurrent session[...]
-
Page 51
( 464 MB -> 2192 MB , size: 1728 MB) Modifying Default Flash Address map..Done Initialized eMMC Host Controller Detected SD Card BLC is 1 (preset 10) Hit any key to stop autoboot: 0 Boot Image selection Reading the Boot Block Info...Passed !! Images are OK A:0x0 B:0x0 Boot Selector set to Bootflash Partition A image... Verifying Copyright Inform[...]
-
Page 52
EQL detection and enabling iscsi profile-compellent on an interface may cause some automatic configurations to occur like jumbo frames on all ports and no storm control and spanning tree port-fast on the port of detection 00:00:42: %STKUNIT0-M:CP %SEC-5-LOGIN_SUCCESS: Login successful for user on line console Dell>en Password: Default Configurat[...]
-
Page 53
Accessing the System Remotely You can configure the system to access it remotely by Telnet or SSH. The MXL 10/40GbE switch IO module has a dedicated management port and a management routing table that is separate from the IP routing table. Accessing the MXL Switch Remotely Configuring the system for Telnet is a three-step process, as described in t[...]
-
Page 54
management route ip-address/mask gateway – ip-address : the network address in dotted-decimal format (A.B.C.D). – mask : a subnet mask in /prefix-length format (/ xx). – gateway : the next hop for network traffic originating from the management port. Configuring a Username and Password To access the system remotely, configure a system usernam[...]
-
Page 55
* 5 is for inputting a password that is already encrypted using an MD5 hash. Obtain the encrypted password from the configuration file of another Dell Networking system. You can only use this for the enable secret password. Configuration File Management Files can be stored on and accessed from various storage media. Rename, delete, and copy files o[...]
-
Page 56
NOTE: If all of the following conditions are true, the Portmode Hybrid configuration is not applied, because of the configuration process for server ports as switch ports by default: • The running configuration is saved in flash. • The startup configuration is deleted. • The switch is reloaded. • The saved configuration is copied to the run[...]
-
Page 57
EXEC Privilege mode copy running-config tftp: //{hostip | hostname}/ filepath/filename • Save the running-configuration to an SCP server. EXEC Privilege mode copy running-config scp: //{hostip | hostname}/ filepath/filename NOTE: When copying to a server, you can only use a host name if you have configured a DNS server. • Save the running-confi[...]
-
Page 58
Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file. Dell#dir Directory of flash: 1 drwx 4096 Jan 01 1980 00:00:00 +00:00 . 2 drwx 2048 May 10 2011 14:45:15 +00:00 .. 3 drwx 4096 Feb 17 2011 00:28:00 +00:00 TRACE_LOG_DIR 4 drwx 4096 Feb 17 2011 00:28:[...]
-
Page 59
To view file system information, use the following command. • View information about each file system. EXEC Privilege mode show file-systems The output of the show file-systems command in the following example shows the total capacity, amount of free memory, file structure, media type, read/write privileges for each storage device in use. Dell#sh[...]
-
Page 60
Example of the show command-history Command Dell#show command-history [5/18 21:58:32]: CMD-(TEL0):[enable]by admin from vty0 (10.11.68.5) [5/18 21:58:48]: CMD-(TEL0):[configure]by admin from vty0 (10.11.68.5) - Repeated 1 time. [5/18 21:58:57]: CMD-(TEL0):[interface port-channel 1]by admin from vty0 (10.11.68.5) [5/18 21:59:9]: CMD-(TEL0):[show con[...]
-
Page 61
To validate a software image: 1. Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file is displayed next to the software image file on the iSupport page. 2. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy command. [...]
-
Page 62
4 Management Management is supported on the Dell Networking MXL 10/40GbE Switch IO Module. This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 15 privilege levels, of which two are pre[...]
-
Page 63
privilege level, and has access to only two commands, end and exit. Individually specify each CONFIGURATION mode command to which you want to allow access using the privilege configure level level command. In the command, specify the privilege level of the user or terminal line, and specify all keywords in the command to which you want to allow acc[...]
-
Page 64
• allows access to CONFIGURATION mode with the banner command • allows access to INTERFACE and LINE modes with the no command Dell(conf)#do show run privilege ! Dell(conf)#privilege exec level 3 capture Dell(conf)#privilege exec level 3 configure Dell(conf)#privilege exec level 4 resequence Dell(conf)#privilege exec level 3 clear arp-cache Dell[...]
-
Page 65
• Configure a privilege level for a user. CONFIGURATION mode username username privilege level Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line, use the following command. • Configure a privilege level for a terminal line. Line mode privilege level level NOTE: When you assign a privilege level between 2[...]
-
Page 66
• Enabling Audit and Security Logs • Displaying Audit and Security Logs • Clearing Audit Logs Enabling Audit and Security Logs You enable audit and security logs to monitor configuration changes or determine if these changes affect the operation of the system in the network. You log audit and security events to a system log server, using the [...]
-
Page 67
Example of Enabling Audit and Security Logs Dell(conf)#logging extended Displaying Audit and Security Logs To display audit logs, use the show logging auditlog command in Exec mode. To view these logs, you must first enable the logging extended command. Only the RBAC system administrator user role can view the audit logs. Only the RBAC security adm[...]
-
Page 68
Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server Dell(conf)#ip ssh server enable 2. On the syslog server, create a reverse SSH t[...]
-
Page 69
In the following example the syslog server IP address is 10.156.166.48 and the listening port is 5141 . The switch IP address is 10.16.131.141 and the listening port is 5140 ssh -R 5140:10.156.166.48:5141 admin@10.16.131.141 -nNf 3. Configure logging to a local host. locahost is “127.0.0.1” or “::1”. If you do not, the system displays an er[...]
-
Page 70
To view any changes made, use the show running-config logging command in EXEC privilege mode. Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message) , are log in the internal buffer. For example, %BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enabled Configuration Task List for System Log Managemen[...]
-
Page 71
CONFIGURATION mode logging { ip-address | ipv6–address | hostname } {{udp { port }} | {tcp { port }}} Configuring a UNIX System as a Syslog Server To configure a UNIX System as a syslog server, use the following command. • Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.conf on the UNIX system and assigni[...]
-
Page 72
NOTE: When you decrease the buffer size, the system deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. • Specify the number of messages that the system saves to its logging history table. CONFIGURATION mode logging history size size To view the logging buffer and configuration, use the sh[...]
-
Page 73
To view any changes made, use the show running-config logging command in EXEC privilege mode, as shown in the example for Configuring a UNIX Logging Facility Level . Configuring a UNIX Logging Facility Level You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command. ?[...]
-
Page 74
service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10.4 Dell# Synchronizing Log Messages You can configure the system to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or belo[...]
-
Page 75
Specify the following optional parameters: – datetime : You can add the keyword localtime to include the localtime , msec , and show- timezone . If you do not add the keyword localtime , the time is UTC. – uptime : To view time since last boot. If you do not specify a parameter, the system configures uptime . To view the configuration, use the [...]
-
Page 76
Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. • Specify the directory for users using FTP to reach the system. CONFIGURATION mode ftp-server topdir dir The default is the internal flash directory. • Spec[...]
-
Page 77
ip ftp username name To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enabling the FTP Server . Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles. Terminal lines on the system provide different means of accessing the[...]
-
Page 78
line vty 0 access-class myvtyacl Dell OS Behavior: Prior to Dell OS version 7.4.2.0, in order to deny access on a VTY line, apply an ACL and accounting, authentication, and authorization (AAA) to the line. Then users are denied access only after they enter a username and password. Beginning in Dell OS version 7.4.2.0, only an ACL is required, and u[...]
-
Page 79
Dell(config-line-vty)#show config line vty 0 password myvtypassword login authentication myvtymethodlist line vty 1 password myvtypassword login authentication myvtymethodlist line vty 2 password myvtypassword login authentication myvtymethodlist Dell(config-line-vty)# Setting Time Out of EXEC Privilege Mode EXEC time-out is a basic security featur[...]
-
Page 80
telnet [ ip-address ] If you do not enter an IP address, the system enters a Telnet dialog that prompts you for one. Enter an IPv4 address in dotted decimal format (A.B.C.D). Example of the telnet Command for Device Access Dell# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'. Login: Login: adm[...]
-
Page 81
Dell#config ! Locks configuration mode exclusively. Dell(conf)# If another user attempts to enter CONFIGURATION mode while a lock is in place, the following appears on their terminal (message 1): % Error: User "" on line console0 is in exclusive configuration mode . If any user is already in CONFIGURATION mode when while a lock is in plac[...]
-
Page 82
Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this procedure: • Use the following command. CONFIGURATION m[...]
-
Page 83
Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events. When you log in using the console or VTY line, the system displays the last successful login details of the current user and the number of unsuccessful login attempts since your last successful login to the[...]
-
Page 84
Display Login Statistics To view the login statistics, use the show login statistics command. Example of the show login statistics Command The show login statistics command displays the successful and failed login details of the current user in the last 30 days or the custom defined time period. Dell#show login statistics --------------------------[...]
-
Page 85
Recovering from a Forgotten Password If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter. Use the following commands if you forget your password. 1. Log onto the system using the console. 2. Power-cycle the chassis by switching off all of the po[...]
-
Page 86
Recovering from a Forgotten Enable Password Use the following commands if you forget the enable password. 1. Log onto the system using the console. 2. Power-cycle the chassis by switching off all of the power modules and then switching them back on. 3. Hit any key to abort the boot process. You enter uBoot immediately, as indicated by the => pro[...]
-
Page 87
setenv [primary_image f10boot location | secondary_image f10boot location | default_image f10boot location ] 4. Assign an IP address to the Management Ethernet interface. uBoot mode setenv ipaddre address 5. Assign an IP address as the default gateway for the system. uBoot mode setenv gatewayip address 6. Reload the system. uBoot mode reset Managem[...]
-
Page 88
5 802.1X 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.1X employs extensible authentication protocol ([...]
-
Page 89
Figure 1. EAP Frames Encapsulated in Ethernet and RADUIS 802.1X 89[...]
-
Page 90
Figure 2. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant . The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X [...]
-
Page 91
2. The supplicant responds with its identity in an EAP Response Identity frame. 3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge frame. The Access-Challenge frame[...]
-
Page 92
EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 4. EAP Over RADIUS RADIUS Attributes for 802.1 Support De[...]
-
Page 93
• Configuring a Guest VLAN • Configuring an Authentication-fail VLAN Important Points to Remember • The Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • 802.1X is not supported on port-channels or port-channel members. Enabling 802.1X Enable 802.1X globally and at a inte[...]
-
Page 94
dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [ range ] 3. Enable 802.1X on an interface or a range of interfaces. INTERFACE mode dot1x authentication Example of Verifying that 802.1X is Enabled Globally Example of Verifying 802.1X is Enabled on an Interface Verify that 802.1X is ena[...]
-
Page 95
Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: 2 Host Mode: SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize Configuring Request Identity Re-Transmissions If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the fram[...]
-
Page 96
INTERFACE mode dot1x quiet-period seconds The range is from 1 to 65535. The default is 60 seconds . Example of Configuring and Verifying Port Authentication The following example shows configuration information for a port for which the authenticator re- transmits an EAP Request Identity frame: • after 90 seconds and a maximum of 10 times for an u[...]
-
Page 97
• Place a port in the ForceAuthorized, ForceUnauthorized, or Auto state. INTERFACE mode dot1x port-control {force-authorized | force-unauthorized | auto} The default state is auto . Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorize[...]
-
Page 98
INTERFACE mode dot1x reauth-max number The range is from 1 to 10. The default is 2 . Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-gi-2/1)#dot1x reauthentication interval 7200 Dell(conf-if-gi-2/1)#dot1x rea[...]
-
Page 99
The range is from 1 to 300. The default is 30 . Example of Viewing Configured Server Timeouts The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the new supplicant and server timeouts. Dell(conf-if-gi-[...]
-
Page 100
Figure 6. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X ) along with relevant RADIUS server configurations (refer to the illustration in Dynamic VLAN Assignment with Port Authentication ). 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. Create the VLAN to which the interface will be assig[...]
-
Page 101
If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also, some dumb-terminals, such as network printers, do not have 802.1X capab[...]
-
Page 102
Example of Configuring Maximum Authentication Attempts Example of Viewing Configured Authentication Dell(conf-if-gi-1/2)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 switchport dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown Dell(conf-if-gi-1/2)# View your configur[...]
-
Page 103
6 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This chapter describes the access control list (ACL) VLAN group and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs You can enable and configure the ACL CAM optimization functionality to minimize the number o[...]
-
Page 104
for the ACL VLAN groups present on the system, an appropriate error message is displayed. The ACL manager application verifies the following parameters when you enter the acl-vlan-group command: • Whether the CAM profile is set in VFP • Whether the maximum number of groups in the system has exceeded • Whether the maximum number of VLAN number[...]
-
Page 105
• The maximum number of VLANs that you can configure as a member of ACL VLAN groups is limited to 512 on the MXL switch if two slices are allocated. If only one virtual flow processing slice is allocated, the maximum number of VLANs that you can configure as a member of an ACL VLAN group is 256 for the MXL switch. • Port ACL optimization is app[...]
-
Page 106
ip access-group { group name } out implicit-permit 4. Add VLAN member(s) to an ACL VLAN group. CONFIGURATION (conf-acl-vl-grp) mode member vlan { VLAN-range } 5. Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name. CONFIGURATION (conf-acl-vl-grp) mode show acl-vlan-group { group name | detail} Dell#show acl-vlan[...]
-
Page 107
EXEC Privilege mode Dell#show cam-usage switch Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============| ============== 11 | 0 | IN-L2 ACL | 7152 | 0 | 7152 | | IN-L2 FIB | 32768 | 1081 | 31687 | | OUT-L2 ACL | 0 | 0 | 0 11 | 1 | IN-L2 ACL | 7152 | 0 | 7152 | | IN-L2 FIB [...]
-
Page 108
The following sample output displays the CAM space utilization when Layer 2 and Layer 3 ACLs are configured: Dell#show cam-usage acl Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============|============ 11 | 0 | IN-L2 ACL | 1008 | 0 | 1008 | | IN-L3 ACL | 12288 | 2 | 1228[...]
-
Page 109
You can configure only two of these features at a time. • To allocate the number of FP blocks for VLAN open flow operations, use the cam-acl-vlan vlanopenflow <0-2> command. • To allocate the number of FP blocks for VLAN iSCSI counters, use the cam-acl-vlan vlaniscsi <0-2> command. • To allocate the number of FP blocks for ACL VLA[...]
-
Page 110
7 Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, ACLs, prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer 2 . An ACL is essenti[...]
-
Page 111
accommodate the new entries. Hot lock ACLs are enabled by default and support both standard and extended ACLs. NOTE: Hot lock ACLs are supported for Ingress ACLs only. Implementing ACL on the Dell Networking OS You can assign one IP ACL per interface with the Dell Networking OS. If you do not assign an IP ACL to an interface, it is not used by the [...]
-
Page 112
ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8. Therefore (without the keyword order), packets within the range 20.1.1.0/24 match positive against cmap1 and are buffered in queue 7, though you intended for these packets to match positive against cmap2 and be buffered in queue 4. In cases such as[...]
-
Page 113
IP Fragments ACL Examples The following examples show how you can use ACL commands with the fragment keyword to filter fragmented packets. Example of Permitting All Packets on an Interface Example of Denying Second and Subsequent Fragments The following configuration permits all packets (both fragmented and non-fragmented) with destination IP 10.1.[...]
-
Page 114
Example of Layer 4 ACL Rules Example of TCP Packets In this first example, fragments or non-fragmented TCP packets from 10.1.1.1 with TCP destination port equal to 24 are permitted. All other fragments are denied. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)# permit tcp host 10.1.1.1 any eq 24 Dell(conf-ext-nacl)#deny ip any any fragm[...]
-
Page 115
seq 5 deny any seq 10 deny 10.2.0.0 /16 seq 15 deny 10.3.0.0 /16 seq 20 deny 10.4.0.0 /16 seq 25 deny 10.5.0.0 /16 seq 30 deny 10.6.0.0 /16 seq 35 deny 10.7.0.0 /16 seq 40 deny 10.8.0.0 /16 seq 45 deny 10.9.0.0 /16 seq 50 deny 10.10.0.0 /16 Dell# The following example shows how the seq command orders the filters according to the sequence number ass[...]
-
Page 116
ip access-list standard kigali seq 5 permit 10.1.0.0/16 Dell(config-std-nacl)# To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. Dell#show ip accounting access example interface gig 4/12 Extended IP access list example seq 15 deny udp any any eq 111 seq 20 deny udp any any eq 2049 seq 25 deny udp[...]
-
Page 117
NOTE: When assigning sequence numbers to filters, you might need to insert a new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or another number. The following examples shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 15 was configured be[...]
-
Page 118
seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.0 Dell(config-ext-nacl)# To view all configured IP ACLs and the number of packets processed through the ACL, use the show ip accounting access-list command in EXEC Privilege mode, as shown in the first example in Configuring a Standard IP ACL Filter . Established Flag To obtain the functionality [...]
-
Page 119
Assign an IP ACL to an Interface To pass traffic through a configured IP ACL, assign that ACL to a physical interface, a port channel interface, or a VLAN. The IP ACL is applied to all traffic entering a physical or port channel interface and the traffic is either forwarded or dropped depending on the criteria and actions specified in the ACL. The [...]
-
Page 120
no shutdown Dell(conf-if)# To filter traffic on Telnet sessions, use only standard ACLs in the access-class command. Counting ACL Hits You can view the number of packets matching the ACL by using the count option when creating ACL entries. In the MXL switch, you can configure either count (packets) or count (bytes). However, for an ACL with multipl[...]
-
Page 121
seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1.1.1.2 Configure Egress ACLs Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized traffic. These system-wide ACLs eliminate the need to apply ACLs onto each interface and[...]
-
Page 122
CPU-forwarded traffic. Using permit rules with the count option, you can track on a per-flow basis whether CPU-generated and CPU-forwarded packets were transmitted successfully. 1. Apply Egress ACLs to IPv4 system traffic. CONFIGURATION mode ip control-plane [egress filter] 2. Create a Layer 3 ACL using permit rules with the count option to describ[...]
-
Page 123
Implementation Information In the Dell Networking OS, prefix lists are used in processing routes for routing protocols (for example, router information protocol [RIP], open shortest path first [OSPF], and border gateway protocol [BGP]). NOTE: The MXL Switch platform does not support all protocols. It is important to know which protocol you are supp[...]
-
Page 124
The following example shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 20 was configured before filter 15 and 12, but the show config command displays the filters in the correct order. Dell(conf-nprefixl)#seq 20 permit 0.0.0.0/0 le 32 Dell(conf-nprefixl)#seq 12 deny 134.23.0.0 /16 Dell(c[...]
-
Page 125
seq 10 deny 133.0.0.0/8 Dell(conf-nprefixl)# To delete a filter, enter the show config command in PREFIX LIST mode and locate the sequence number of the filter you want to delete, then use the no seq sequence-number command in PREFIX LIST mode. Viewing Prefix Lists To view all configured prefix lists, use the following commands. • Show detailed i[...]
-
Page 126
To apply a filter to routes in RIP, use the following commands. • Enter RIP mode. CONFIGURATION mode router rip • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a nonexistent prefix list, all routes are forwarded. CONFIG-ROUTER-RIP mode distribute-list prefix-list-name in [ interface ] [...]
-
Page 127
Example of Viewing Configured Prefix Lists (ROUTER OSPF mode) To view the configuration, use the show config command in ROUTER OSPF mode, or the show running-config ospf command in EXEC mode. Dell(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1 distribute-list prefix awe in Dell(conf-router_ospf)# ACL Re[...]
-
Page 128
• Resequence an IPv4 or MAC ACL. EXEC mode resequence access-list {ipv4 | mac} { access-list-name StartingSeqNum Step-to- Increment } • Resequence an IPv4 prefix-list. EXEC mode resequence prefix-list {ipv4} { prefix-list-name StartingSeqNum Step-to- Increment } Example of Resequencing ACLs When Remarks and Rules Have the Same Number Example of[...]
-
Page 129
seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ! ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.1 remark 6 this remark has no [...]
-
Page 130
Configuration Task List for Route Maps Configure route maps in ROUTE-MAP mode and apply the maps in various commands in ROUTER RIP and ROUTER OSPF modes. The following list includes the configuration tasks for route maps, as described in the following sections. • Create a route map (mandatory) • Configure route map filters (optional) • Config[...]
-
Page 131
through all instances of that route map until a match is found. The following is an example with two instances of a route map. Dell#show route-map route-map zakho, permit, sequence 10 Match clauses: Set clauses: route-map zakho, permit, sequence 20 Match clauses: interface TenGigabitEthernet 0/1 Set clauses: tag 35 level stub-area Dell# To delete a[...]
-
Page 132
with different parameters, the system does a match ONLY if there is a match among ALL the match commands. In the following example, there is a match if a route has any of the tag values specified in the match commands. Example of the match Command to Match Any of Several Values Example of the match Command to Match All Specified Values Dell(conf)#r[...]
-
Page 133
The parameters are: – For a Loopback interface, enter the keyword loopback then a number between zero (0) and 16383. – For a 10-Gigabit Ethernet interface, enter the keyword tengigabitEthernet then the slot/port information. – For a VLAN, enter the keyword vlan then a number from 1 to 4094. – For a 40-Gigabit Ethernet interface, enter the k[...]
-
Page 134
• Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode set metric {+ | - | metric-value } • Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP address as the route’s next hop. CONFIG-ROUTE-MAP mode set next-hop ip-address • Specify [...]
-
Page 135
redistribute static metric 20 metric-type 2 tag 0 route-map staticospf ! route-map staticospf permit 10 match interface GigabitEthernet 0/0 match metric 255 set level backbone Configure a Route Map for Route Tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol. As the route enter[...]
-
Page 136
Logging of ACL Processes To assist in the administration and management of traffic that traverses the device after being validated by the configured ACLs, you can enable the generation of logs for access control list (ACL) processes. Although you can configure ACLs with the required permit or deny filters to provide access to the incoming packet or[...]
-
Page 137
packets in the ACL entry, and if the logging is deactivated in a specific interval because the threshold has exceeded, the count of packets that exceeded the logging threshold value during that interval is recorded when the subsequent log record (in the next interval) is generated for that ACL entry. Guidelines for Configuring ACL Logging Keep the [...]
-
Page 138
NOTE: This example describes the configuration of ACL logging for standard IP access lists. You can enable the logging capability for standard and extended IPv4 ACLs, IPv6 ACLs, and standard and extended MAC ACLs. 1. Specify the maximum number of ACL logs or the threshold that can be generated by using the threshold-in-msgs count option with the se[...]
-
Page 139
are traversing through the ingress interfaces are examined, and appropriate ACLs can be applied in the ingress direction. By default, flow-based monitoring is not enabled. You must specify the monitor option with the permit, deny , or seq command for ACLs that are assigned to the source or the monitored port (MD) to enable the evaluation and replic[...]
-
Page 140
Example Output of the show Command (conf-mon-sess-11)#show config ! monitor session 11 flow-based enable source GigabitEthernet 13/0 destination GigabitEthernet 13/1 direction both The show ip | mac | ipv6 accounting commands have been enhanced to display whether monitoring is enabled for traffic that matches with the rules of the specific ACL. Exa[...]
-
Page 141
Example of the flow-based enable Command To view an access-list that you applied to an interface, use the show ip accounting access-list command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#flow-based enable Dell(conf)# ip access-list ext testflow Dell(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor De[...]
-
Page 142
8 Bidirectional Forwarding Detection (BFD) Bidirectional forwarding detection (BFD) is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on whi[...]
-
Page 143
packet to the neighbor that indicates the state change (though it might not be received if the link or receiving interface is faulty). The BFD manager notifies the routing protocols that are registered with it (clients) that the forwarding path is down and a link state change is triggered in all protocols. NOTE: A session state change from Up to Do[...]
-
Page 144
Field Description State The current local session state. Refer to BFD Sessions . Flag A bit that indicates packet function. If the poll bit is set, the receiving system must respond as soon as possible, without regard to its transmit interval. The responding system clears the poll bit and sets the final bit in its response. The poll and final bits [...]
-
Page 145
• In Demand mode: Detection time is the local Detection Multiplier multiplied by the greater of the local Desired Min TX and the remote Required Min RX Interval. BFD Sessions You must enable BFD on both sides of a link in order to establish a session. The two participating systems can assume either of two roles: Active The active system initiates[...]
-
Page 146
1. The active system sends a steady stream of control packets that indicates that its session state is Down, until the passive system responds. These packets are sent at the desired transmit interval of the Active system. The Your Discriminator field is set to zero. 2. When the passive system receives any of these control packets, it changes its se[...]
-
Page 147
receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 9. Session State Changes Important Points to Remember • BFD for line card ports is hitless, but is not hitless for VLANs because they are instantiated on the RPM. • The Dell Networking OS supports a maximum of 100 sessions p[...]
-
Page 148
Configure BFD This section contains the following procedures. • Configure BFD for Physical Ports • Configure BFD for Port-Channels • Configure BFD for Static Routes • Configure BFD for OSPF • Configure BFD for OSPFv3 • Configure BFD for BGP • Configure BFD for VRRP • Configure BFD for VLANs • Configuring Protocol Liveness • Trou[...]
-
Page 149
The bold line shows that BFD is enabled. R1(conf)#bfd ? enable Enable BFD protocol protocol-liveness Enable BFD protocol-liveness R1(conf)#bfd enable R1(conf)#do show running-config bfd ! bfd enable R1(conf)# Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the [...]
-
Page 150
C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.1 2.2.2.2 Gi 4/24 Up 100 100 3 C To view specific information about BFD sessions, use the show bfd neighbors detail command. R1(conf-if-gi-4/24)#do show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Loca[...]
-
Page 151
bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] Changing Session Parameters for Physical Ports View session parameters using the show bfd neighbors detail command. The bold line shows the parameter changes. R1(conf-if-gi-4/24)#bfd interval 100 min_rx 100 multiplier 4 role passive R1(conf-if-gi-4/24)#do show bf[...]
-
Page 152
If the remote system state changes due to the local state administration being down, this message displays: R2>01:32:53: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.1 on interface Gi 2/1 (diag: 7) Configure BFD for Static Routes BFD offers systems a link state detection mechanism for static routes. Wi[...]
-
Page 153
ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command. The bold line shows BFD for static routes is enabled. R1(conf)#ip route 2.2.3.0/24 2.2.2.2 R1(conf)#ip route bfd R1(conf)#do show bfd neighbors * - Active session role Ad Dn [...]
-
Page 154
Configure BFD for OSPF When using BFD with OSPF, the OSPF protocol registers with the BFD manager on the RPM. BFD sessions are established with all neighboring interfaces participating in OSPF. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the OSPF protocol that a link state change[...]
-
Page 155
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 12. Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neigh[...]
-
Page 156
INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - [...]
-
Page 157
Disabling BFD for OSPF If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state. Disabling BFD does not trigger a change in BFD clients; a final Admin D[...]
-
Page 158
Changing OSPFv3 Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: desired tx interval , required min rx interval , detection multiplier , and system role . Configure these parameters for all OSPFv3 sessions or all OSPFv3 sessions on a particular interface. If you change a[...]
-
Page 159
Configure BFD for BGP In a BGP core network, bidirectional forwarding detection (BFD) provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD for BGP [...]
-
Page 160
Figure 13. Establishing Sessions with BGP Neighbors The sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command). • By establishing a BFD session with a specified BGP neighbor (the neighbor { ip-address | peer- [...]
-
Page 161
You can configure BFD for BGP on the following types of interfaces: physical port (10GE or 40GE), port channel, and VLAN. 1. Enable BFD globally. CONFIGURATION mode bfd enable 2. Specify the AS number and enter ROUTER BGP configuration mode. CONFIGURATION mode router bgp as-number 3. Add a BGP neighbor or peer group in a remote AS. CONFIG-ROUTERBGP[...]
-
Page 162
The BGP link with the neighbor returns to normal operation and uses the BFD session parameters globally configured with the bfd all-neighbors command or configured for the peer group to which the neighbor belongs. • Disable a BFD for BGP session with a specified neighbor. ROUTER BGP mode neighbor { ip-address | peer-group-name } bfd disable • R[...]
-
Page 163
• Display BFD packet counters for sessions with BGP neighbors. EXEC Privilege mode show bfd counters bgp [ interface ] • Check to see if BFD is enabled for BGP connections. EXEC Privilege mode show ip bgp summary • Displays routing information exchanged with BGP neighbors, including BFD for BGP sessions. EXEC Privilege mode show ip bgp neighb[...]
-
Page 164
Neighbor Discriminator: 10 Local Addr: 1.1.1.3 Local MAC Addr: 00:01:e8:66:da:33 Remote Addr: 1.1.1.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/0 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role[...]
-
Page 165
Protocol BGP Messages: Registration : 5 De-registration : 4 Init : 0 Up : 6 Down : 0 Admin Down : 2 Interface TenGigabitEthernet 6/2 Protocol BGP Messages: Registration : 1 De-registration : 0 Init : 0 Up : 1 Down : 0 Admin Down : 2 The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router[...]
-
Page 166
MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Neighbor is using BGP global mode BFD configuration For address family: IPv4 Unicast BGP table version 0, neighbor version 0 Prefixes accepted 0 (consume 0 bytes), withdrawn 0[...]
-
Page 167
3. On the master router, establish a VRRP BFD sessions with the backup routers. Refer to Establishing Sessions with All VRRP Neighbors . Related Configuration Tasks • Changing VRRP Session Parameters . • Disabling BFD for VRRP . Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a se[...]
-
Page 168
To establish a session with a particular VRRP neighbor, use the following command. • Establish a session with a particular VRRP neighbor. INTERFACE mode vrrp bfd neighbor ip-address Example of Viewing Sessions with VRRP Neighbors Example of Viewing VRRP Session State Information To view the established sessions, use the show bfd neighbors command[...]
-
Page 169
INTERFACE mode vrrp bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for a particular VRRP session. INTERFACE mode vrrp bfd neighbor ip-address interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neig[...]
-
Page 170
1. Enable the BFD globally. Refer to Enabling BFD Globally . 2. Establish sessions with VLAN neighbors. Refer to Establish Sessions with VLAN Neighbors . Related Configuration Task • Changing VLAN Session Parameters . • Disabling BFD for VLANs . Establish Sessions with VLAN Neighbors To establish a session, enable BFD at interface level on both[...]
-
Page 171
Changing VLAN Session Parameters BFD sessions are configured with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. You can change parameters per interface, if you make a configuration change, the change affects all sessions on that [...]
-
Page 172
• Establish sessions on port-channels. Refer to Establish Sessions on Port-Channels . Related Configuration Tasks • Changing Port-Channel Session Parameters . • Disabling BFD for Port-Channels . Establish Sessions on Port-Channels To establish a session, you must enable BFD at interface level on both ends of the link, as shown in the followin[...]
-
Page 173
Changing Physical Port Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. Configure these parameters per interface; if you change a parameter, the change affects all physical port session[...]
-
Page 174
Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in hexadecimal format, use the following command. • Examine control packet field values. CONFIGURATION mode debug bfd detail • Examine the control packets in hexadecimal format. CONFIGURATION debug b[...]
-
Page 175
9 Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking operating system. BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). [...]
-
Page 176
Figure 17. Interior BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easil[...]
-
Page 177
Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Border Ga[...]
-
Page 178
Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. Fo[...]
-
Page 179
Route Reflectors Route reflectors (RR) reorganize the iBGP core into a hierarchy and allow some route advertisement rules. Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speakers announce only the best route for a given prefix[...]
-
Page 180
BGP Attributes Routes learned using BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection is required for the design of robust networks. T[...]
-
Page 181
Figure 20. BGP Best Path Selection Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. a. Routes originated with the Originated via a network[...]
-
Page 182
c. Paths with no MED are treated as “worst” and assigned a MED of 4294967295. 7. Prefer external (EBGP) to internal (IBGP) paths or confederation EBGP paths. 8. Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. 9. The system deems the paths as equal [...]
-
Page 183
shorter (one hop instead of two), the LOCAL_PREF settings have the preferred path go through Router B and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B. Figure 21. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discri[...]
-
Page 184
Figure 22. Multi-Exit Discriminators NOTE: With the Dell Networking OS version 8.3.1.0, configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. Origin The origin indicates the origin of the prefi[...]
-
Page 185
*> 7.0.0.0/29 10.114.8.33 0 0 18508 ? *> 7.0.0.0/30 10.114.8.33 0 0 18508 ? *> 9.2.0.0/16 10.114.8.33 10 0 18508 701 i AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through. The local AS number is added by the BGP speaker when advertising to a eBGP neighbor. The AS path is shown in the fo[...]
-
Page 186
Multiprotocol BGP Multiprotocol extensions for BGP (MBGP) is defined in IETF RFC 2858. MBGP allows different types of address families to be distributed in parallel. MBGP allows information about the topology of the IP multicast-capable routers to be exchanged separately from the topology of normal IPv4 and IPv6 unicast routers. It allows a multica[...]
-
Page 187
internal configured, BGP advertises the metric configured in the redistribute command as MED. • If BGP peer outbound route-map has metric configured, all other metrics are overwritten by this configuration. NOTE: When redistributing static, connected, or OSPF routes, there is no metric option. Simply assign the appropriate route-map to the redist[...]
-
Page 188
Traditional Format DOT Format 4294967295 65535.65535 When creating Confederations, all the routers in a Confederation must be either 4-Byte or 2-Byte identified routers. You cannot mix them. Configure 4-byte AS numbers with the four-octet-support command. AS4 Number Representation The Dell Networking OS version 8.2.1.0 supports multiple representat[...]
-
Page 189
! router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 <output truncated> Dell(conf-router_bgp)#do show ip bgp BGP table version is 24901, local router ID is 172.30.1.57 <output truncated> ASDOT+ Dell(conf-router_bgp)# bgp asnotation asdot+ Dell(conf-router_bgp)#show conf ! router bgp 100 bg[...]
-
Page 190
AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress. When migrating one AS to another, perhaps combining ASs, an eBGP network may lose its routing to an iBGP if the ASN changes. Migration can be d[...]
-
Page 191
When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the no prepend option, the Local-AS does not prepend to the updates received from the eBGP peer. If you do not select no prepend (the default), the Local-AS is added to the first AS segment in the AS-PATH. If an inboun[...]
-
Page 192
• Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link-local Next-hop. • RFC 2545 and the f10BgpM2Rfc2545Group are not supported. • An SNMP query displays up to 89 AS paths. A query for a larger AS path count displays as "…" at the end of the output. • SNMP set for BGP is not supported. For all peer configu[...]
-
Page 193
• auto-summarization (the default is no auto-summary) • synchronization (the default is no synchronization) BGP Configuration To enable the BGP process and begin exchanging information, assign an AS number and use commands in ROUTER BGP mode to configure a BGP neighbor. By default, BGP is disabled. By default, the system compares the MED attrib[...]
-
Page 194
Enabling BGP By default, BGP is not enabled on the system. The Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer. In BGP, routers with an established TCP connection are called neighbors or peers. After a connection is estab[...]
-
Page 195
Use this command to enter BGP for IPv6 mode (CONF-ROUTER_BGPv6_AF). 2. Add a neighbor as a remote AS. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group name } remote-as as-number • peer-group name : 16 characters • as-number : from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format) Formats: IP Add[...]
-
Page 196
1 BGP AS-PATH entrie(s) using 47 bytes of memory 5 neighbor(s) using 23520 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 10.10.21.1 65123 0 0 0 0 0 never Active 10.10.32.3 65123 0 0 0 0 0 never Active For the router’s identifier, the system uses the highest IP address of the Loopback interfaces configured. Because [...]
-
Page 197
For address family: IPv4 Unicast BGP table version 0, neighbor version 0 0 accepted prefixes consume 0 bytes Prefix advertised 0, rejected 0, withdrawn 0 Connections established 0; dropped 0 Last reset never No active TCP connection Dell# R2#show running-config bgp ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32[...]
-
Page 198
bgp asnotation asplain NOTE: ASPLAIN is the default method the system uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot • Enable ASDOT+ AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot+ Example of the bgp asnotation asplain Command Exa[...]
-
Page 199
A maximum of 256 peer groups are allowed on the system. Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it. For information about configuring route policies for a peer group, refer to Filtering BGP Routes . NOTE: Find Sample Configurations for ena[...]
-
Page 200
Example of Viewing a Newly Created Peer Group Example of Enabling a Peer Group Example of the show ip bgp peer-group Command After you create a peer group, you can use any of the commands beginning with the keyword neighbor to configure that peer group. When you add a peer to a peer group, it inherits all the peer group’s configured parameters. A[...]
-
Page 201
To disable a peer group, use the neighbor peer-group-name shutdown command in CONFIGURATION ROUTER BGP mode. The configuration of the peer group is maintained, but it is not applied to the peer group members. When you disable a peer group, all the peers within the peer group that are in the ESTABLISHED state move to the IDLE state. To view the stat[...]
-
Page 202
CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } fail-over Example of Verifying that Fast Fail-Over is Enabled on a BGP Neighbor Example of Verifying that Fast Fail-Over is Enabled on a Peer-Group To verify fast fail-over is enabled on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fail-over is disabl[...]
-
Page 203
100.100.100.100* Dell# router bgp 65517 neighbor test peer-group neighbor test fail-over neighbor test no shutdown Configuring Passive Peering When you enable a peer-group, the software sends an OPEN message to initiate a TCP connection. If you enable passive peering for the peer group, the software does not send an OPEN message, but it responds to[...]
-
Page 204
Maintaining Existing AS Numbers During an AS Migration The local-as feature smooths out the BGP network migration operation and allows you to maintain existing ASNs during a BGP network migration. When you complete your migration, be sure to reconfigure your routers with the new information and disable this feature. • Allow external routes from t[...]
-
Page 205
• Allow this neighbor ID to use the AS path the specified number of times. CONFIG-ROUTER-BGP mode neighbor { IP address | peer-group-name } allowas-in number – Peer Group Name : 16 characters. – Number : 1 through 10. Format: IP Address: A.B.C.D. You must use Configuring Peer Groups ’before assigning it to an AS. Example of Viewing AS Numbe[...]
-
Page 206
• Speeds convergence by advertising a special update packet known as an end-of-RIB marker. This marker indicates the peer has been updated with all routes in the local RIB. If you configure your system to do so, the system can perform the following actions during a hot failover: • Save all forwarding information base (FIB) and content addressab[...]
-
Page 207
neighbor { ip-address | peer-group-name } graceful-restart • Set the maximum restart time for the neighbor or peer-group. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } graceful-restart [restart-time time- in-seconds ] The default is 120 seconds . • Local router supports graceful restart for this neighbor or peer-group as a re[...]
-
Page 208
4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Use a configured AS-PATH ACL for route filtering and manipulation. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } filter-list as-path-name {in | out} If you assign an non-existent or empty AS-PATH ACL, the software allows all routes. Example of the show ip bgp pa[...]
-
Page 209
Regular Expression Definition ^ (caret) Matches the beginning of the input string. Alternatively, when used as the first character within brackets [^ ], this matches any number except the ones specified within the brackets. $ (dollar) Matches the end of the input string. . (period) Matches any single character, including white space. * (asterisk) M[...]
-
Page 210
Dell(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 filter-list 1 in neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#ex Redistributing Routes In addition to filtering routes, you can add routes from other routing [...]
-
Page 211
Enabling Additional Paths The add-path feature is disabled by default. NOTE: Note: In some cases, while receiving 1K same routes from more than 64 iBGP neighbors, BGP sessions holdtime of 10 seconds may flap. The BGP add-path does not update packets for advertisement and cannot scale to higher numbers. Either reduce the number of routes added or in[...]
-
Page 212
ip community-list community-list-name 2. Configure a community list by denying or permitting specific community numbers or types of community. CONFIG-COMMUNITYLIST mode {deny | permit} { community-number | local-AS | no-advertise | no-export | quote-regexp regular-expression-list | regexp regular-expression } • community-number : use AA:NN format[...]
-
Page 213
• soo : route origin or site-of-origin. Support for matching extended communities against regular expression is also supported. Match against a regular expression using the following keyword. • regexp : regular expression. Example of the show ip extcommunity-lists Command To set or modify an extended community attribute, use the set extcommunit[...]
-
Page 214
neighbor { ip-address | peer-group-name } route-map map-name {in | out} To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode. To view which BGP routes meet an IP community or IP extended community list’s criteria, use t[...]
-
Page 215
• none : remove the COMMUNITY attribute. • additive : add the communities to already existing communities. 3. Return to CONFIGURATION mode. CONFIG-ROUTE-MAP mode exit 4. Enter the ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Apply the route map to the neighbor or peer group’s incoming or outgoing routes. CONFIG-ROUTER-BGP mode [...]
-
Page 216
CONFIG-ROUTER-BGP mode bgp bestpath med {confed | missing-as-best} – confed : Chooses the bestpath MED comparison of paths learned from BGP confederations. – missing-as-best : Treat a path missing an MED as the most preferred one. To view the nondefault values, use the show config command in CONFIGURATION ROUTER BGP mode. Changing the LOCAL_PRE[...]
-
Page 217
Changing the NEXT_HOP Attribute You can change how the NEXT_HOP attribute is used. To change how the NEXT_HOP attribute is used, enter the first command. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode. You can also use route maps to change thi[...]
-
Page 218
maximum-paths {ebgp | ibgp} number The show ip bgp network command includes multipath information for that network. Filtering BGP Routes Filtering routes allows you to implement BGP policies. You can use either IP prefix lists, route maps, AS-PATH ACLs or IP community lists (using a route map) to control which routes the BGP neighbor or peer group [...]
-
Page 219
CONFIGURATION mode router bgp as-number 5. Filter routes based on the criteria in the configured prefix list. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } distribute-list prefix-list-name {in | out} Configure the following parameters: • ip-address or peer-group-name : enter the neighbor’s IP address or the peer group’s nam[...]
-
Page 220
CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } route-map map-name {in | out} Configure the following parameters: • ip-address or peer-group-name : enter the neighbor’s IP address or the peer group’s name. • map-name : enter the name of a configured route map. • in : apply the route map to inbound routes. • out : apply [...]
-
Page 221
Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information. Configure clusters of routers where one router is a concentration router and t[...]
-
Page 222
redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 7.0.0.0/29 10.114.8.33 0 0 18508 ? *> 7.0.0.0/30 10.114.8.33 0 0 18508 ? * >a 9.0.0.0/8 192.0.0.0 32768 18508 701 {7018 2686 3786} ? Configuring BGP Confederations Another way to organize routers within an AS and reduce t[...]
-
Page 223
• Withdraw • Readvertise • Attribute change When dampening is applied to a route, its path is described by one of the following terms: • history entry — an entry that stores information on a downed route • dampened path — a path that is no longer advertised • penalized path — a path that is assigned a penalty To configure route fl[...]
-
Page 224
EXEC Privilege clear ip bgp dampening [ ip-address mask ] • View all flap statistics or for specific routes meeting the following criteria. EXEC or EXEC Privilege mode show ip bgp flap-statistics [ ip-address [ mask ]] [filter-list as-path-name ] [regexp regular-expression ] – ip-address [ mask ] : enter the IP address and mask. – filter-list[...]
-
Page 225
To view a count of dampened routes, history routes, and penalized routes when you enable route dampening, look at the seventh line of the show ip bgp summary command output, as shown in the following example (bold). Dell>show ip bgp summary BGP router identifier 10.114.8.131, local AS number 65515 BGP table version is 855562, main routing table [...]
-
Page 226
Enabling BGP Neighbor Soft-Reconfiguration BGP soft-reconfiguration allows for faster and easier route changing. Changing routing policies typically requires a reset of BGP sessions (the TCP connection) for the policies to take effect. Such resets cause undue interruption to traffic due to hard reset of the BGP cache and the time it takes to re-est[...]
-
Page 227
Example of Soft-Reconfigration of a BGP Neighbor The example enables inbound soft reconfiguration for the neighbor 10.108.1.1. All updates received from this neighbor are stored unmodified, regardless of the inbound policy. When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates. Dell[...]
-
Page 228
When you configure a peer to support IPv4 multicast, the system takes the following actions: • Send a capability advertisement to the peer in the BGP Open message specifying IPv4 multicast as a supported AFI/SAFI (Subsequent Address Family Identifier). • If the corresponding capability is received in the peer’s Open message, BGP marks the pee[...]
-
Page 229
• View information about local BGP state changes and other BGP events. EXEC Privilege mode debug ip bgp [ ip-address | peer-group peer-group-name ] events [in | out] • View information about BGP KEEPALIVE messages. EXEC Privilege mode debug ip bgp [ ip-address | peer-group peer-group-name ] keepalive [in | out] • View information about BGP no[...]
-
Page 230
Sent 48 messages, 0 in queue 3 opens, 2 notifications, 0 updates 43 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertise[...]
-
Page 231
Figure 24. Sample Configurations Example of Enabling BGP (Router 1) Example of Enabling BGP (Router 2) Example of Enabling BGP (Router 3) Example of Enabling Peer Groups (Router 1) Example of Enabling Peer Groups (Router 2) Example of Enabling Peer Groups (Router 3) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-i[...]
-
Page 232
no shutdown R1(conf-if-gi-1/21)#int gig 1/31 R1(conf-if-gi-1/31)#ip address 10.0.3.31/24 R1(conf-if-gi-1/31)#no shutdown R1(conf-if-gi-1/31)#show config ! interface GigabitEthernet 1/31 ip address 10.0.3.31/24 no shutdown R1(conf-if-gi-1/31)#router bgp 99 R1(conf-router_bgp)#network 192.168.128.0/24 R1(conf-router_bgp)#neighbor 192.168.128.2 remote[...]
-
Page 233
R2(conf-if-gi-2/31)#ip address 10.0.2.2/24 R2(conf-if-gi-2/31)#no shutdown R2(conf-if-gi-2/31)#show config ! interface GigabitEthernet 2/31 ip address 10.0.2.2/24 no shutdown R2(conf-if-gi-2/31)# R2(conf-if-gi-2/31)#router bgp 99 R2(conf-router_bgp)#network 192.168.128.0/24 R2(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R2(conf-router_bgp)#ne[...]
-
Page 234
R3(conf-if-lo-0)#int gig 3/21 R3(conf-if-gi-3/21)#ip address 10.0.2.3/24 R3(conf-if-gi-3/21)#no shutdown R3(conf-if-gi-3/21)#show config ! interface GigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown R3(conf-if-gi-3/21)# R3(conf-if-gi-3/21)#router bgp 100 R3(conf-router_bgp)#show config ! router bgp 100 R3(conf-router_bgp)#network 192.168.128.[...]
-
Page 235
neighbor BBB peer-group neighbor BBB no shutdown neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 peer-group AAA neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 peer-group BBB neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.[...]
-
Page 236
Local host: 192.168.128.1, Local port: 179 Foreign host: 192.168.128.2, Foreign port: 65464 BGP neighbor is 192.168.128.3, remote AS 100, external link Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.3 BGP state ESTABLISHED, in this state for 00:00:37 Last read 00:00:36, last write 00:00:36 Hold time is 1[...]
-
Page 237
BGP router identifier 192.168.128.2, local AS number 99 BGP table version is 2, main routing table version 2 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory 2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s[...]
-
Page 238
BGP state ESTABLISHED, in this state for 00:00:21 Last read 00:00:09, last write 00:00:08 Hold time is 180, keepalive interval is 60 seconds Received 93 messages, 0 in queue 5 opens, 0 notifications, 5 updates 83 keepalives, 0 route refresh requests Sent 99 messages, 0 in queue 5 opens, 4 notifications, 5 updates 85 keepalives, 0 route refresh requ[...]
-
Page 239
Hold time is 180, keepalive interval is 60 seconds Received 138 messages, 0 in queue 7 opens, 2 notifications, 7 updates 122 keepalives, 0 route refresh requests Sent 140 messages, 0 in queue 7 opens, 4 notifications, 7 updates 122 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before adverti[...]
-
Page 240
10 Content Addressable Memory (CAM) Content addressable memory (CAM) is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation Allocate space for IPV4 ACLs and quality of service (QoS) [...]
-
Page 241
The ipv6acl and vman-dual-qos allocations must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges. You must save the new CAM settings to the startup-config ( write-mem or copy run start ) then reload the system for the new settings to take effect. 1. Select a cam-acl action. CONFIG[...]
-
Page 242
View CAM-ACL Settings View the current cam-acl settings using the show cam-acl command. Example of Viewing CAM-ACL Settings Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) L2Acl : 6 Ipv4Acl : 2 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl : 0 iscsiOptAcl : 2 -- Stac[...]
-
Page 243
11 Control Plane Policing (CoPP) Control plane policing (CoPP) is supported on the MXL switch. CoPP uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, t[...]
-
Page 244
Figure 26. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The MXL switch can process maximum of 4200 PPS (packets per second). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though Per Protocol CoPP is applied. This happens because Queue-Ba[...]
-
Page 245
same queue. If you are not aware of the incoming protocol traffic rate, you cannot set the required queue rate limit value. You must complete queue bandwidth tuning carefully because the system cannot open up to handle any rate, including traffic coming at the line rate. CoPP policies are assigned on a per-protocol or a per-queue basis, and are ass[...]
-
Page 246
8. Assign the protocol based the service policy on the control plane. Enabling this command on a port- pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword. CONTROL-PLANE mode service-policy rate-limit-protocols Example of Creating the IP/IPv6/MAC Extended ACL Example of Creating the QoS Input Policy Example of Creating[...]
-
Page 247
Dell(conf)#policy-map-input egressFP_rate_policy cpu-qos Dell(conf-policy-map-in-cpuqos)#class-map class_ospf qos-policy rate_limit_500k Dell(conf-policy-map-in-cpuqos)#class-map class_bgp qos-policy rate_limit_400k Dell(conf-policy-map-in-cpuqos)#class-map class_lacp qos-policy rate_limit_200k Dell(conf-policy-map-in-cpuqos)#class-map class-ipv6 q[...]
-
Page 248
Dell(conf)#policy-map-input cpuq_rate_policy cpu-qos Dell(conf-qos-policy-in)#service-queue 5 qos-policy cpuq_1 Dell(conf-qos-policy-in)#service-queue 6 qos-policy cpuq_2 Dell(conf-qos-policy-in)#service-queue 7 qos-policy cpuq_1 Dell#conf Dell(conf)#control-plane Dell(conf-control-plane)#service-policy rate-limit-cpu-queues cpuq_rate_policy Show C[...]
-
Page 249
To view the queue mapping for the MAC protocols, use the show mac protocol-queue-mapping command. Dell#show mac protocol-queue-mapping Protocol Destination Mac EtherType Queue EgPort Rate (kbps) -------- ---------------- ----------- ----- ------ ----------- ARP any 0x0806 Q5/Q6 CP _ FRRP 01:01:e8:00:00:10/11 any Q7 CP _ LACP 01:80:c2:00:00:02 0x880[...]
-
Page 250
12 Data Center Bridging (DCB) Data center bridging (DCB) is supported on the FC Flex IO module installed in the MXL 10/40GbE Switch. Ethernet Enhancements in Data Center Bridging The following section describes DCB. • The device supports the following DCB features: – Data center bridging exchange protocol (DCBx) – Priority-based flow control [...]
-
Page 251
InterProcess Communicatio n (IPC) traffic InterProcess Communication (IPC) traffic within high-performance computing clusters to share information. Server traffic is extremely sensitive to latency requirements. To ensure lossless delivery and latency-sensitive scheduling of storage and service traffic and I/O convergence of LAN, storage, and server[...]
-
Page 252
Ethernet (FCoE) converged traffic and one for Internet Small Computer System Interface (iSCSI) storage traffic. Configure the same lossless queues on all ports. • PFC delay constraints place an upper limit on the transmit time of a queue after receiving a message to pause a specified priority. • By default, PFC is enabled on an interface with n[...]
-
Page 253
Figure 28. Enhanced Transmission Selection The following table lists the traffic groupings ETS uses to select multiprotocol traffic for transmission. Table 9. ETS Traffic Groupings Traffic Groupings Description Priority group A group of 802.1p priorities used for bandwidth allocation and queue scheduling. All 802.1p priority traffic in a group must[...]
-
Page 254
Data Center Bridging Exchange Protocol (DCBx) DCBx allows a switch to automatically discover DCB-enabled peers and exchange configuration information. PFC and ETS use DCBx to exchange and negotiate parameters with peer devices. DCBx capabilities include: • Discovery of DCB capabilities on peer-device connections. • Determination of possible mis[...]
-
Page 255
Enabling Data Center Bridging Data center bridging is enabled by default on an MXL 10/40GbE Switch to support converged enhanced Ethernet (CEE) in a data center network. A prerequisite for configuring DCB: • Priority-based flow control • Enhanced transmission selection • Data center bridging exchange protocol • FCoE initialization protocol [...]
-
Page 256
Configuring DCB Maps and its Attributes This topic contains the following sections that describe how to configure a DCB map, apply the configured DCB map to a port, configure PFC without a DCB map, and configure lossless queues. DCB Map: Configuration Procedure A DCB map consists of PFC and ETS parameters. By default, PFC is not enabled on any 802.[...]
-
Page 257
Important Points to Remember • If you remove a dot1p priority-to-priority group mapping from a DCB map ( no priority pgid command), the PFC and ETS parameters revert to their default values on the interfaces on which the DCB map is applied. By default, PFC is not applied on specific 802.1p priorities; ETS assigns equal bandwidth to each 802.1p pr[...]
-
Page 258
Step Task Command Command Mode 1 Enter interface configuration mode on an Ethernet port. interface {tengigabitEthernet slot / port | fortygigabitEthernet slot / port } CONFIGURATION 2 Enable PFC on specified priorities. Range: 0-7. Default: None. Maximum number of lossless queues supported on an Ethernet port: 2. Separate priority values with a com[...]
-
Page 259
Step Task Command Command Mode 4 Return to interface configuration mode. exit DCB MAP 5 Apply the DCB map, created to disable the PFC operation, on the interface dcb-map { name | default } INTERFACE 6 Configure the port queues that still function as no-drop queues for lossless traffic. The maximum number of lossless queues globally supported on a p[...]
-
Page 260
Interworking of DCB Map With DCB Buffer Threshold Settings The dcb-input and dcb-output configuration commands are deprecated. You must use the dcp-map command to create a DCB map to configure priority flow control (PFC) and enhanced transmission selection (ETS) on Ethernet ports that support converged Ethernet traffic. Configure the dcb-buffer-thr[...]
-
Page 261
Configuring Priority-Based Flow Control PFC provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default when you enable DCB. As an enhancement to the existing Ethernet pause mechanism, PFC stops traffic transmission for specified priorities (Class of Service (CoS)[...]
-
Page 262
To honor a PFC pause frame multiplied by the number of PFC-enabled ingress ports, the minimum link delay must be greater than the round-trip transmission time the peer requires. NOTE: You cannot enable PFC and link-level flow control at the same time on an interface. The Dell Networking OS does not support MACsec Bypass Capability (MBC). Configurin[...]
-
Page 263
interface type slot/port 2. Configure the port queues that still functions as no-drop queues for lossless traffic. INTERFACE mode pfc no-drop queues queue-range For the dot1p-queue assignments, refer to the dot1p Priority-Queue Assignment table. The maximum number of lossless queues globally supported on the switch is four. The range is from 0 to 3[...]
-
Page 264
The only valid port-set ID (port-pipe number) is 0. Dell Networking OS Behavior: If you configure PFC on a 40GbE port, count the 40GbE port as four PFC- enabled ports in the pfc-port number you enter in the command syntax. To achieve lossless PFC operation, the PFC port count and queue number used for the reserved buffer size that is created must b[...]
-
Page 265
used to process. For example, you can assign a higher priority for time-sensitive applications and a lower priority for other services, such as file transfers. You can configure the amount of buffer space to be allocated for each priority and the pause or resume thresholds for the buffer. This method of configuration enables you to effectively mana[...]
-
Page 266
ETS Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure ETS bandwidth allocation or queue scheduling and apply a QoS ETS output policy on an interface. • Configuring ETS bandwidth allocation or a queue scheduler for dot1p priorities in a priority group is applicable if the DCBx version used on a po[...]
-
Page 267
PRIORITY-GROUP mode exit 5. Repeat Steps 1 to 4 to configure all remaining dot1p priorities in an ETS priority group. Dell Networking OS Behavior: A priority group consists of 802.1p priority values that are grouped for similar bandwidth allocation and scheduling, and that share latency and loss requirements. All 802.1p priorities mapped to the sam[...]
-
Page 268
If you configure only the priority group in an ETS output policy or only the dot1p priority for strict- priority scheduling, the flow is handled with group strict priority. Configuring Bandwidth Allocation for DCBx CIN After you apply an ETS output policy to an interface, if the DCBx version used in your data center network is CIN, you may need to [...]
-
Page 269
7. Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, you can apply ETS output policies with the followi[...]
-
Page 270
dcb-policy output stack-unit {all | stack-unit-id } stack-ports all dcb- output-policy-name Entering this command removes all DCB input policies applied to stacked ports. Dell Networking Behavior: A dcb-policy output stack-unit all command overwrites any previous dcb-policy output stack-unit stack-unit-id configurations. Similarly, a dcb-policy out[...]
-
Page 271
Figure 30. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification : The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment . dot1p Valu[...]
-
Page 272
dot1p Value in Incoming Frame Queue Assignment 4 2 5 3 6 3 7 3 The following describes the dot1p-priority class group assignment dot1p Value in the Incoming Frame Priority Group Assignment 0 LAN 1 LAN 2 LAN 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 5[...]
-
Page 273
Example of Applying DCB PFC Input Policy and ETS Output Policy in a Switch Stack dcb-map stack-unit all stack-ports all <dcb-map-name> Applying DCB Policies in a Switch Stack You can apply a DCB policy with PFC configuration to all stacked ports in a switch stack or on a stacked switch. You can apply different DCB policies to different stacke[...]
-
Page 274
DCBx Port Roles To enable the auto-configuration of DCBx-enabled ports and propagate DCB configurations learned from peer DCBx devices internally to other switch ports, use the following DCBx port roles. Auto-upstream The port advertises its own configuration to DCBx peers and receives its configuration from DCBX peers (ToR or FCF device). The port[...]
-
Page 275
The internally propagated configuration is not stored in the switch’s running configuration. On a DCBX port in an auto-downstream role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. Configuration source The port is configured to serve as a source of configuration information on the switch. Peer DCB configur[...]
-
Page 276
DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced transmission selection (ETS) and priority-based flow control (PFC) DCB features. DCBx uses the following methods to exchange DCB configuration parameters: Asymmetric DCB parameters are exchanged between a DCBx-enabled por[...]
-
Page 277
• If the configuration received from the peer is not compatible with the internally propagated configuration used by the configuration source, the port is disabled as a client for DCBx operation and synchronization and a syslog error message is generated. The port keeps the peer link up and continues to exchange DCBx packets. If a compatible conf[...]
-
Page 278
On the MXL switch, PFC and ETS use DCBx to exchange link-level configuration with DCBx peer devices. Figure 31. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, enable LLDP in both Send (TX) and Receive (RX) mod[...]
-
Page 279
Configuring DCBx To configure DCBx, follow these steps. For DCBx, to advertise DCBx TLVs to peers, enable LLDP. For more information, refer to Link Layer Discovery Protocol (LLDP) . Configure DCBx operation at the interface level on a switch or globally on the switch. To configure an MXL switch for DCBx operation in a data center network, you must:[...]
-
Page 280
[no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [ets-conf | ets-reco | pfc] • ets-conf : enables the advertisement of ETS Configuration TLVs. • ets-reco : enables the advertisement of ETS Recommend TLVs. • pfc enables : the advertisement of PFC TLVs. The default is All PFC and ETS TLVs are advertised. NOTE: You[...]
-
Page 281
• auto : configures all ports to operate using the DCBx version received from a peer. • cee : configures a port to use CEE (Intel 1.01). cin configures a port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5 : configures a port to use IEEE 802.1Qaz (Draft 2.5). The default is Auto . NOTE: To configure the DCBx port role the interfaces use to [...]
-
Page 282
[no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x10 . DCBx Error Messages The following syslog messages appear when an error in DCBx operation occurs. LLDP_MULTIPLE_PEER_DETECTED: DCBx is operationally disabled after detecting more than one DCBx peer on the port interface. LLDP_PEER_AGE_OUT: DCBx [...]
-
Page 283
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 10. Displaying DCB Configurations Command Output show dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number ] Displays the data center bridging status, number of PFC-enabled ports, and number of PF[...]
-
Page 284
Example of the show dot1p-queue mapping Command Example of the show dcb Command Example of the show interfaces pfc summary Command Example of the show interface pfc statistics Command Example of the show interface ets summary Command Example of the show interface ets detail Command Example of the show stack-unit all stack-ports all pfc details Comm[...]
-
Page 285
PFC Link Delay 45556 pause quanta Application Priority TLV Parameters : -------------------------------------- FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Local ISCSI PriorityMap is 0x10 Remote FCOE PriorityMap is 0x8 Remote ISCSI PriorityMap is 0x8 0 Input TLV pkts, 1 Output TLV pkts, 0 Error pkts, [...]
-
Page 286
Fields Description • Symmetric: for an IEEE version TLV Tx Status Status of PFC TLV advertisements: enabled or disabled. PFC Link Delay Link delay (in quanta) used to pause specified priority traffic. Application Priority TLV: FCOE TLV Tx Status Status of FCoE advertisements in application priority TLVs from local DCBx port: enabled or disabled. [...]
-
Page 287
Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------ Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Priority# Bandwidth TSA 0 13% ETS 1 13% ETS 2 13% ETS 3 13% ETS 4 12% ETS 5 12% ETS 6 12% ETS 7 12% ETS Remote Parameters: ---[...]
-
Page 288
Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------ Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Priority# Bandwidth TSA 0 13% ETS 1 13% ETS 2 13% ETS 3 13% ETS 4 12% ETS 5 12% ETS 6 12% ETS 7 1[...]
-
Page 289
Table 12. show interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on or off. When on, the scheduling and bandwidth allo[...]
-
Page 290
Field Description ETS TLV Statistic: Error Conf TLV pkts Number of ETS Error Configuration TLVs received. Dell(conf)# show stack-unit all stack-ports all pfc details stack unit 0 stack-port all Admin mode is On Admin is enabled, Priority list is 4-5 Local is enabled, Priority list is 4-5 Link Delay 45556 pause quantum 0 Pause Tx pkts, 0 Pause Rx pk[...]
-
Page 291
Dell(conf)# show interface tengigabitethernet 0/49 dcbx detail Dell#show interface te 0/49 dcbx detail E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE enabled f-Applicat[...]
-
Page 292
Field Description Configuration Source Specifies whether the port serves as the DCBx configuration source on the switch: true (yes) or false (no). Local DCBx Compatibility mode DCBx version accepted in a DCB configuration as compatible. In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. Local DCBx Configure[...]
-
Page 293
QoS dot1p Traffic Classification and Queue Assignment The following section describes QoS dot1P traffic classification and assignments. DCB supports PFC, ETS, and DCBx to handle converged Ethernet traffic that is assigned to an egress queue according to the following QoS methods: Honor dot1p You can honor dot1p priorities in ingress traffic at the [...]
-
Page 294
Configuring the Dynamic Buffer Method To configure the dynamic buffer capability, perform the following steps: 1. Enable the DCB application. By default, DCB is enabled and link-level flow control is disabled on all interfaces. CONFIGURATION mode S6000-109-Dell(conf)#dcb enable 2. Configure the shared PFC buffer size and the total buffer size. A ma[...]
-
Page 295
8. Create a QoS policy buffer and enter the QoS Policy Buffer Configuration mode to configure the no- drop queues, ingress buffer size, buffer limit for pausing, and buffer offset limit for resuming. CONFIGURATION mode Dell(conf)# qos-policy-buffer test Dell (conf-qos-policy-buffer)#queue 0 pause no-drop buffer-size 128000 pause-threshold 103360 re[...]
-
Page 296
13 Debugging and Diagnostics This chapter describes debugging and diagnostics for the MXL switch. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various components and perf[...]
-
Page 297
You cannot enter this command on a MASTER or Standby stack unit. NOTE: The system reboots when the offline diagnostics complete. This is an automatic process. The following warning message appears when you implement the offline stack- unit <id> command: Warning - Diagnostic execution will cause stack-unit to reboot after completion of diags. [...]
-
Page 298
Example of the diag command (Standalone unit) Dell#diag stack-unit 0 level0 Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports Proceed with Diags [confirm yes/no]: yes FTOS#Dec 15 04:14:07: %MXL-10/40GbE:0 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 0 00:12:10 : S[...]
-
Page 299
PRESENT Test 9 - SD Flash Access Test ....................................... PASS Test 10.000 - Qsfp Plus Power Mode Test ............................. PASS Test 10.001 - Qsfp Plus Power Mode Test ............................. PASS Test 10 - Qsfp Plus Power Mode Test ................................. PASS Test 11 - CPLD Presence Test .............[...]
-
Page 300
Example of the dir flash: Command Dell#dir flash://TRACE_LOG_DIR Directory of flash:/TRACE_LOG_DIR 1 drwx 4096 Jan 17 2011 15:02:16 +00:00 . 2 drwx 4096 Jan 01 1980 00:00:00 +00:00 .. 3 -rwx 100583 Feb 11 2011 20:41:36 +00:00 failure_trace0_RPM0_CP flash: 2143281152 bytes total (2069291008 bytes free) Using the Show Hardware Commands The show hardw[...]
-
Page 301
show hardware stack-unit { 0-5 } cpu party-bus statistics • View the ingress and egress internal packet-drop counters, MAC counters drop, and FP packet drops for the stack unit on per port basis. EXEC Privilege mode show hardware stack-unit { 0-5 } drops unit { 0-0 } port { 33–56 } This view helps identifying the stack unit/port pipe/port that [...]
-
Page 302
Example of the show interfaces transceiver Command Dell#show int ten 0/49 transceiver SFP is present SFP 49 Serial Base ID fields SFP 49 Id = 0x03 SFP 49 Ext Id = 0x04 SFP 49 Connector = 0x07 SFP 49 Transceiver Code = 0x00 0x00 0x00 0x01 0x20 0x40 0x0c 0x01 SFP 49 Encoding = 0x01 SFP 49 BR Nominal = 0x0c SFP 49 Length(9um) Km = 0x00 SFP 49 Length(9[...]
-
Page 303
Recognize an Over-Temperature Condition An overtemperature condition occurs, for one of two reasons: the card genuinely is too hot or a sensor has malfunctioned. Inspect cards adjacent to the one reporting the condition to discover the cause. • If directly adjacent cards are not normal temperature, suspect a genuine overheating condition. • If [...]
-
Page 304
* Management Unit -- Thermal Sensor Readings (deg C) -- Unit Sensor0 Sensor1 Sensor2 Sensor3 Sensor4 Sensor5 Sensor6 Sensor7 Sensor8 Sensor9 -------------------------------------------------------------------------------- ---------- 0 45 43 66 61 66 62 70 65 67 71 Recognize an Under-Voltage Condition If the system detects an under-voltage condition[...]
-
Page 305
OID String OID Name Description .1.3.6.1.4.1.6027.3.16.1.1.5 fpStatsPerPortTable View the forwarding plane statistics containing the packet buffer usage per port per stack unit. .1.3.6.1.4.1.6027.3.16.1.1.6 fpStatsPerCOSTable View the forwarding plane statistics containing the packet buffer statistics per COS per port. Troubleshooting Packet Loss T[...]
-
Page 306
Total IngMac Drops :0 Total Mmu Drops :0 Total EgMac Drops :0 Total Egress Drops :0 Dell#show hardware stack-unit 0 drops unit 0 Port# :Ingress Drops :IngMac Drops :Total Mmu Drops :EgMac Drops :Egress Drops 1 0 0 0 0 0 2 0 0 0 0 0 3 0 0 0 0 0 4 0 0 0 0 0 5 0 0 0 0 0 6 0 0 0 0 0 7 0 0 0 0 0 8 0 0 0 0 0 Dataplane Statistics The show hardware stack-u[...]
-
Page 307
txPkt(COS1) :0 txPkt(COS2) :0 txPkt(COS3) :0 txPkt(COS4) :0 txPkt(COS5) :0 txPkt(COS6) :0 txPkt(COS7) :0 txPkt(UNIT0) :0 The show hardware stack-unit cpu party-bus statistics command displays input and output statistics on the party bus, which carries inter-process communication traffic between CPUs Dell#sh hardware stack-unit 2 cpu party-bus stati[...]
-
Page 308
RDBGC0.ge0 : 34 +24 RDBGC1.ge0 : 366 +235 RDBGC5.ge0 : 16 +12 RDBGC7.ge0 : 18 +12 GR64.ge0 : 5,176 +24 GR127.ge0 : 1,566 +1,433 GR255.ge0 : 4 +4 GRPKT.ge0 : 1,602 +1,461 GRBYT.ge0 : 117,600 +106,202 GRMCA.ge0 : 366 +235 GRBCA.ge0 : 12 +9 GT64.ge0 : 4 +3 GT127.ge0 : 964 +964 GT255.ge0 : 4 +4 GT511.ge0 : 1 +1 GTPKT.ge0 : 973 +972 GTBCA.ge0 : 1 +1 GTB[...]
-
Page 309
The panic string contains key information regarding the crash. Several panic string types exist, and they are displayed in regular English text to allow easier understanding of the crash cause. Example of Application Mini Core Dump Listings Example of a Mini Core Text File Dell#dir Directory of flash: 1 drw- 16384 Jan 01 1980 00:00:00 +00:00 . 2 dr[...]
-
Page 310
The tcpdump command has a finite run process. When you enable the tcpdump command, it runs until the capture-duration timer and/or the packet-count counter threshold is met. If you do not set a threshold, the system uses a default of a 5 minute capture-duration and/or a single 1k file as the stopping point for the dump. You can use the capture-dura[...]
-
Page 311
14 Dynamic Host Configuration Protocol (DHCP) The dynamic host configuration protocol (DHCP) is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually [...]
-
Page 312
Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Server Option 6 Specifies the domain name servers (DNSs) that are available to the client. Domain Name Option 15 Specifies the domain name that clien[...]
-
Page 313
Option Number and Description Identifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Snooping Option 82 Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database. End Option 255 Signals the last option in the DHCP packe[...]
-
Page 314
Figure 33. Client and Server Messaging Implementation Information The following describes DHCP implementation. • Dell Networking implements DHCP based on RFC 2131 and RFC 3046. • IP source address validation is a sub-feature of DHCP Snooping; the Dell Networking operating system (OS) uses access control lists (ACLs) internally to implement this[...]
-
Page 315
Configure the System to be a DHCP Server Configuring the system to be a DHCP server is supported on the MXL switch. A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient. The follow[...]
-
Page 316
DHCP mode pool name 3. Specify the range of IP addresses from which the DHCP server may assign addresses. DHCP <POOL> mode network network/prefix-length • network : the subnet address. • prefix-length : specifies the number of bits used for the network portion of the address you specify. The prefix-length range is from 17 to 31. 4. Displa[...]
-
Page 317
Specifying an Address Lease Time To specify an address lease time, use the following command. • Specify an address lease time for the addresses in a pool. DHCP <POOL> lease {days [hours] [minutes] | infinite} The default is 24 hours . Specifying a Default Gateway The IP address of the default router should be on the same subnet as the clien[...]
-
Page 318
Figure 34. Enabling the DHCP Server Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Using DNS for Address Resolution A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host name[...]
-
Page 319
Creating Manual Binding Entries An address binding is a mapping between the IP address and the media access control (MAC) address of a client. The DHCP server assigns the client an available IP address automatically, and then creates an entry in the binding table. However, the administrator can manually create an entry for a client; manual bindings[...]
-
Page 320
clear ip dhcp binding ip address • Clear a DHCP address conflict. EXEC Privilege mode. clear ip dhcp conflict • Clear DHCP server counters. EXEC Privilege mode. clear ip dhcp server statistics Configure the System to be a Relay Agent DHCP clients and servers request and offer configuration information via broadcast DHCP messages. Routers do not[...]
-
Page 321
Figure 35. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command Dell#show ip int tengig 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24 Broadcast address is 10.11.0.255 Address[...]
-
Page 322
ICMP redirects are not sent ICMP unreachables are not sent Configure the System to be a DHCP Client A DHCP client is a network device that requests an IP address and configuration parameters from a DHCP server. Implement the DHCP client functionality as follows: • The switch can obtain a dynamically assigned IP address from a DHCP server. A start[...]
-
Page 323
command when the lease timer for the dynamic IP address is expired. The interface acquires a new dynamic IP address from the DHCP server. If you later enter the no shutdown command and the lease timer for the dynamic IP address has expired, the IP address is released. You cannot configure a secondary (backup) IP address on an interface using the ip[...]
-
Page 324
EXEC Privilege mode release dhcp interface type slot/port 4. Acquire a new IP address with renewed lease time from a DHCP server. EXEC Privilege mode renew dhcp interface type slot/port Example of the show ip dhcp client statistics Command Example of the show ip dhcp lease command DHCP Client: Debug Messages Logged during DHCP Client Enabling/Disab[...]
-
Page 325
Interface Te 0/1 : DHCP ENABLE CMD Received in state START May 27 15:52:48: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_EVT: Interface Te 0/1: Transitioned to state SELECTING May 27 15:52:48: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_PKT: DHCP DISCOVER sent in Interface Te 0/1 May 27 15:52:48: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIE[...]
-
Page 326
Interface Te 0/1 May 27 15:55:31: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_PKT: Received DHCPOFFER packet in Interface Te 0/1 with Lease-Ip:10.16.134.250, Mask:255.255.0.0,Server-Id: 10.16.134.249 The following shows an example of the packet- and event-level debug messages displayed for the packet transmissions and state transitions on[...]
-
Page 327
• Management routes added by the DHCP client are not added to the running configuration. NOTE: Management routes added by the DHCP client include the specific routes to reach a DHCP server in a different subnet and the management route. DHCP Client Operation with Other Features The DHCP client operates with other Dell Networking OS features, as t[...]
-
Page 328
To use the router as the VRRP owner, if you enable a DHCP client on an interface that is added to a VRRP group, assign a priority less than 255 but higher than any other priority assigned in the group. Configure Secure DHCP DHCP as defined by RFC 2131 provides no authentication or security mechanisms. Secure DHCP is a suite of features that protect[...]
-
Page 329
DHCP Snooping DHCP snooping protects networks from spoofing. In the context of DHCP snooping, ports are either trusted or not trusted. By default, all ports are not trusted. Trusted ports are ports through which attackers cannot connect. Manually configure ports connected to legitimate servers and relay agents as trusted. When you enable DHCP snoop[...]
-
Page 330
ip dhcp snooping trust 3. Enable DHCP snooping on a VLAN. CONFIGURATION mode ip dhcp snooping vlan Enabling IPv6 DHCP Snooping To enable IPv6 DHCP snooping, use the following commands. 1. Enable IPv6 DHCP snooping globally. CONFIGURATION mode ipv6 dhcp snooping 2. Specify ports connected to IPv6 DHCP servers as trusted. INTERFACE mode ipv6 dhcp sno[...]
-
Page 331
Clearing the DHCP IPv6 Binding Table To clear the DHCP IPv6 binding table, use the following command. • Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the content[...]
-
Page 332
Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic IPv6 Address MAC Address Expires(Sec) Type VLAN Interface ========================================================================= 11:11::22 11:22:1[...]
-
Page 333
Dynamic ARP Inspection Dynamic address resolution protocol (ARP) inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding table. ARP is a stateless protocol that provides no authentication mechanism. Network devices accept ARP requests and replies from any device. ARP replies are accepted even[...]
-
Page 334
NOTE: Dynamic ARP inspection (DAI) uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system. However, the ExaScale default CAM profile allocates only nine entries to the L2SysFlow region for DAI. You can configure 10 to 16 DAI-enabled[...]
-
Page 335
--------------------------------------- Valid ARP Requests : 0 Valid ARP Replies : 1000 Invalid ARP Requests : 1000 Invalid ARP Replies : 0 Dell# Bypassing the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environments. ARPs received on trusted ports bypass valid[...]
-
Page 336
packet. Likewise, if the IP address is fake, the address is not on the list of permissible addresses for the port and the packet is dropped. To enable IP source address validation, use the following command. • Enable IP source address validation. INTERFACE mode ip dhcp source-address-validation DHCP MAC Source Address Validation DHCP MAC source a[...]
-
Page 337
15 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) is supported on the MXL switch. ECMP for Flow-Based Affinity ECMP for flow-based affinity is available on the MXL switch. NOTE: IPv6 /128 routes having multiple paths do not form ECMPs. The /128 route is treated as a host entry and finds its place in the host table. NOTE: Using XOR algori[...]
-
Page 338
Link Bundle Monitoring Monitoring linked ECMP bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time. A threshold of 60% is defined as an acceptable amount of traffic on a member link. Links are monitored in 15-second intervals for three consecutive instances. Any deviation within that time c[...]
-
Page 339
Example of the ip ecmp-group maximum-paths Command Dell(conf)#ip ecmp-group maximum-paths 3 User configuration has been changed. Save the configuration and reload to take effect Dell(conf)# Equal Cost Multi-Path (ECMP) 339[...]
-
Page 340
16 FC FLEXIO FPORT FC FlexIO FPort is now supported on the MXL switch platform. FC FLEXIO FPORT The MXL blade switch is a Trident+ based switch which is plugged into the Dell M1000 Blade server chassis. The blade module contains two slots for pluggable flexible module. The goal is to provide support for direct connectivity to FC equipments through [...]
-
Page 341
INTERFACE mode fcoe-map <fcoe-map-name> {tengigabitEthernet slot/port | fortygigabitEthernet slot/port} The FCoE map contains FCoE and FC parameter settings (refer to FCoE Maps ). Manually apply the fcoe-map to any Ethernet ports used for FCoE. Name Server Each participant in the FC environment has a unique ID, which is called the World Wide [...]
-
Page 342
FCoE Maps To identify the SAN fabric to which FCoE storage traffic is sent, use an FCoE map. Using an FCoE map, an NPG operates as an FCoE-FC bridge between an FC SAN and FCoE network by providing FCoE-enabled servers and switches with the necessary parameters to log in to a SAN fabric. An FCoE map applies the following parameters on server-facing [...]
-
Page 343
The values for the FCoE VLAN, fabric ID, and FC-MAP must be unique. Apply an FCoE map on downstream server-facing Ethernet ports and upstream fabric-facing Fibre Channel ports. 1. Create an FCoE map which contains parameters used in the communication between servers and a SAN fabric. CONFIGURATION mode fcoe-map map-name 2. Configure the association[...]
-
Page 344
7. Configure the time interval (in seconds) used to transmit FIP keepalive advertisements. FCoE MAP mode fka-adv-period seconds The range is from 8 to 90 seconds. The default is 8 seconds . Zoning The zoning configurations are supported for Fabric FCF Port mode operation on the MXL. In FCF Port mode, the fcoe-map fabric map-name has the default Zon[...]
-
Page 345
Creating Zone Alias and Adding Members To create a zone alias and add devices to the alias, follow these steps. 1. Create a zone alias name. CONFIGURATION mode fc alias ZoneAliasName 2. Add devices to an alias. ALIAS CONFIGURATION mode member word The member can be WWPN (00:00:00:00:00:00:00:00), port ID (000000), or alias name (word). Example of C[...]
-
Page 346
Activating a Zoneset Activating a zoneset makes the zones within it effective. On a switch, only one zoneset can be active. Any changes in an activated zoneset do not take effect until it is re-activated. By default, the fcoe-map fabric map-name does not have any active zonesets. 1. Enter enter the fc-fabric command in fcoe-map to active or de-acti[...]
-
Page 347
Example of the show config Command Dell(conf-fcoe-SAN_FABRIC)#show config ! fcoe-map SAN_FABRIC description SAN_FABRIC fc-map 0efc00 fabric-id 1002 vlan 1002 ! fc-fabric default-zone-allow all Dell(conf-fcoe-SAN_FABRIC)# Example of the show fcoe-map Command Dell(conf)#do show fcoe-map Fabric Name map Fabric Type Fport Fabric Id 1002 Vlan Id 1002 Vl[...]
-
Page 348
Intf# Domain FC-ID Enode-WWPN Enode-WWNN Fc 0/3 1 01:35:00 10:00:8c:7c:ff:17:f8:01 20:00:8c:7c:ff:17:f8:01 Dell# Example of the show fc zoneset Command Dell#show fc zoneset ZoneSetName ZoneName ZoneMember ======================================== fcoe_srv_fc_tgt brcd_sanb brcd_cna1_wwpn1 sanb_p2tgt1_wwpn Active Zoneset: fcoe_srv_fc_tgt ZoneName Zone[...]
-
Page 349
17 FCoE Transit The Fibre Channel over Ethernet (FCoE) Transit feature is supported on the MXL 10/40GbE switch. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FCoE transit is not supported on Fibre Channel interfaces. Fibre Channel over Ethernet FCoE provides a converged Ethernet network that allow[...]
-
Page 350
FIP enables FCoE devices to discover one another, initialize and maintain virtual links over an Ethernet network, and access storage devices in a storage area network (SAN). FIP satisfies the Fibre Channel requirement for point-to-point connections by creating a unique virtual link for each connection between an FCoE end-device and an FCF via a tra[...]
-
Page 351
Figure 36. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF[...]
-
Page 352
Port-based ACLs These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs. FCoE- generated ACLs These take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames. Th[...]
-
Page 353
Figure 37. FIP Snooping on an MXL 10/40GbE Switch The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. • To assign a MAC a[...]
-
Page 354
FIP Snooping in a Switch Stack FIP snooping supports switch stacking as follows: • A switch stack configuration is synchronized with the standby stack unit. • Dynamic population of the FCoE database (ENode, Session, and FCF tables) is synchronized with the standby stack unit. The FCoE database is maintained by snooping FIP keep-alive messages. [...]
-
Page 355
Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configuring FIP Snooping procedure. As soon as you enable the FCoE transit feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied[...]
-
Page 356
FCoE traffic is allowed on the port only after the switch learns the FC-MAP value associated with the specified FCF MAC address and verifies that it matches the configured FC-MAP value for the FCoE VLAN. Configure a Port for a Bridge-to-FCF Link If a port is directly connected to an FCF, configure the port mode as FCF. Initially, all FCoE traffic i[...]
-
Page 357
Bridging (DCB) chapter). Dell Networking recommends also enabling enhanced transmission selection (ETS); however, ETS is recommended but not required. If you enable DCBx and PFC mode is on (PFC is operationally up) in a port configuration, FIP snooping is operational on the port. If the PFC parameters in a DCBx exchange with a peer are not synchron[...]
-
Page 358
The default is 0x0EFC00. The valid values are from 0EFC00 to 0EFCFF. 4. Enter interface configuration mode to configure the port for FIP snooping links. CONFIGURATION mode interface port-type slot/port By default, a port is configured for bridge-to-ENode links. 5. Configure the port for bridge-to-FCF links. INTERFACE or CONFIGURATION mode fip-snoop[...]
-
Page 359
Command Output show fip-snooping statistics [interface vlan vlan-id | interface port-type port/ slot | interface port-channel port- channel-number ] Displays statistics on the FIP packets snooped on all interfaces, including VLANs, physical ports, and port channels. clear fip-snooping statistics [interface vlan vlan-id | interface port-type port/sl[...]
-
Page 360
Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/ port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FCoE MAC MAC address of the FCoE session assigned by the FCF. FC-ID Fibre Channel ID assigned by the FCF. Port WWPN Worldwide port name of the CNA port. Port WWNN Worldwide node n[...]
-
Page 361
Table 22. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FC-MAP FC-Map value advertised by the FCF. ENode Interface Slot/number of the interface connected to the ENode. FKA_ADV_PERIOD P[...]
-
Page 362
Number of FLOGO Accepts :0 Number of FLOGO Rejects :0 Number of CVL :0 Number of FCF Discovery Timeouts :0 Number of VN Port Session Timeouts :0 Number of Session failures due to Hardware Config :0 Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications :2 Number of Multicast Discovery So[...]
-
Page 363
Field Description Number of VN Port Keep Alives Number of FIP-snooped VN port keep-alive frames received on the interface. Number of Multicast Discovery Advertisements Number of FIP-snooped multicast discovery advertisements received on the interface. Number of Unicast Discovery Advertisements Number of FIP-snooped unicast discovery advertisements [...]
-
Page 364
FCoE Transit Configuration Example The following illustration shows an MXL switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. In this example, DCBx and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch. On the FIP snoop[...]
-
Page 365
The following example shows how to configure FIP snooping on FCoE VLAN 10, on an FCF-facing port (0/50), on an ENode server-facing port (0/1), and to configure the FIP snooping ports as tagged members of the FCoE VLAN enabled for FIP snooping. Example of Enabling the FIP Snooping Feature on the Switch (FIP Snooping Bridge) Example of Enabling FIP S[...]
-
Page 366
18 FIPS Cryptography Federal information processing standard (FIPS) cryptography is supported on the MXL switch platform. This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standar[...]
-
Page 367
• FIPS mode is enabled. – If you enable the SSH server when you enter the fips mode enable command, it is re-enabled for version 2 only . – If you re-enable the SSH server, a new RSA host key-pair is generated automatically. You can also manually create this key-pair using the crypto key generate command. NOTE: Under certain unusual circumsta[...]
-
Page 368
Example of the show fips status Command Example of the show system Command Dell#show fips status FIPS Mode : Enabled for the system using the show system command. Dell#show system Stack MAC : 00:01:e8:8a:ff:0c Reload Type : normal-reload [Next boot : normal-reload] -- Unit 0 -- Unit Type : Management Unit Status : online Next Boot : online Required[...]
-
Page 369
all configured host keys. Proceed (y/n) ? FIPS Cryptography 369[...]
-
Page 370
19 Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge [...]
-
Page 371
Figure 39. Normal Operating FRRP Topology A virtual LAN (VLAN) is configured on all node ports in the ring. All ring ports must be members of the Member VLAN and the Control VLAN. The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pas[...]
-
Page 372
Ring Failure If a Transit node detects a link down on any of its ports on the FRRP ring, it immediately sends a link- down control frame on the Control VLAN to the Master node. When the Master node receives this control frame, the Master node moves from the Normal state to the Ring-Fault state and unblocks its Secondary port. The Master node clears[...]
-
Page 373
Figure 40. Multiple Rings Connected by a Single Switch Example Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks. The Master node originates a high-speed frame that circulates around the ring. This frame, appropriately, sets up or breaks down the ring. • The Master node t[...]
-
Page 374
• Transit node ring port states — blocking, pre-forwarding, forwarding, and disabled. • STP disabled on ring interfaces. • Master node secondary port is in blocking state during Normal operation. • Ring health frames (RHF) – Hello RHF: sent at 500ms (hello interval); Only the Master node transmits and processes these. – Topology Chang[...]
-
Page 375
Concept Explanation VLAN, and Master and Transit node information must be configured for the ring to be up. • Ring-Up — Ring is up and operational. • Ring-Down — Ring is broken or not set up. Ring Health-Check Frame (RHF) The Master node generates two types of RHFs. RHFs never loop the ring because they terminate at the Master node’s seco[...]
-
Page 376
– Configure Primary and Secondary ports • Setting the FRRP Timers Other FRRP related commands are: • Clearing the FRRP Counters • Viewing the FRRP Configuration • Viewing the FRRP Information Creating the FRRP Group Create the FRRP group on each switch in the ring. To create the FRRP group, use the command. • Create the FRRP group with [...]
-
Page 377
• For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Etherne[...]
-
Page 378
• Tag control VLAN ports. Member VLAN ports, except the Primary/Secondary interface, can be tagged or untagged. • The control VLAN must be the same for all nodes on the ring. To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring. 1. Create a VLAN with this ID number. CONFIGURATION[...]
-
Page 379
CONFIG-FRRP mode. member-vlan vlan-id { range } VLAN-ID, Range : VLAN IDs for the ring’s Member VLANs. 6. Enable this FRRP group on this switch. CONFIG-FRRP mode. no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. • Enter the desired intervals for He[...]
-
Page 380
Viewing the FRRP Information To view general FRRP information, use one of the following commands. • Show the information for the identified FRRP group. EXEC or EXEC PRIVELEGED mode. show frrp ring-id Ring ID: the range is from 1 to 255. • Show the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is fr[...]
-
Page 381
Sample Configuration and Topology The following example shows a basic FRRP topology. Figure 41. Basic Topology and CLI Commands Example of R1 MASTER Example of R2 TRANSIT Example of R3 TRANSIT interface GigabitEthernet 1/24 no ip address switchport no shutdown ! interface GigabitEthernet 1/34 no ip address switchport no shutdown ! interface Vlan 10[...]
-
Page 382
interface primary GigabitEthernet 1/24 secondary GigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master no disable interface GigabitEthernet 2/14 no ip address switchport no shutdown ! interface GigabitEthernet 2/31 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! interf[...]
-
Page 383
20 GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP) is supported on the MXL switch platform. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol that pro[...]
-
Page 384
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, that type of port is referred to as a VLAN trunk [...]
-
Page 385
Related Configuration Tasks • Configure GVRP Registration • Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config ! p[...]
-
Page 386
Configure GVRP Registration Configure GVRP registration. There are three GVRP registration modes: • Normal Registration — Allows dynamic creation, registration, and de-registration of VLANs (if you enabled dynamic VLAN creation). By default, the registration mode is set to Normal when you enable GVRP on a port. This default mode enables the por[...]
-
Page 387
• LeaveAll — After startup, a GARP device globally starts a LeaveAll timer. After expiration of this interval, it sends out a LeaveAll message so that other GARP devices can re-register all relevant attribute information. The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of [...]
-
Page 388
21 Internet Group Management Protocol (IGMP) Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. IGMP is a Layer 3 multicast protocol that hosts use to join or leave a multicast group. Multicast routing protocols (such as protocol-independent multicast [[...]
-
Page 389
Figure 43. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. • Responding to an IGMP Query – One router on a subnet is elected as the querier. The querier periodically multicasts (to[...]
-
Page 390
group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability to filter by multicast source, which helps multicast routing protocols avoid forwarding traffic to su[...]
-
Page 391
Figure 45. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. 2. T[...]
-
Page 392
Figure 46. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 a[...]
-
Page 393
Figure 47. Membership Queries: Leaving and Staying IGMP Snooping IGMP snooping enables switches to use information in IGMP packets to generate a forwarding table that associates ports with multicast groups so that when they receive multicast frames, they can forward them only to interested receivers. Multicast packets are addressed with multicast M[...]
-
Page 394
• IGMP snooping is supported on all MXL 10/40GbE stack members. • IGMP snooping reacts to spanning tree protocol (STP) and multiple spanning tree protocol (MSTP) topology changes by sending a general query on the interface that transitions to the forwarding state. • Configuring IGMP Snooping Configuring IGMP snooping is a one-step process. To[...]
-
Page 395
Example of the show config Command Dell(conf-if-vl-100)#show config ! interface Vlan 100 no ip address ip igmp snooping fast-leave shutdown Dell(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all p[...]
-
Page 396
Adjusting the Last Member Query Interval To adjust the last member query interval, use the following command. When the querier receives a Leave message from a receiver, it sends a group-specific query out of the ports specified in the forwarding table. If no response is received, it sends another. The amount of time that the querier waits to receiv[...]
-
Page 397
22 Interfaces This chapter describes 100/1000/10000 Mbps Ethernet, 10 Gigabit Ethernet, and 40 Gigabit Ethernet interface types, both physical and logical, and how to configure them with the Dell Networking operating software (OS). Basic Interface Configuration • Interface Types • View Basic Interface Information • Enabling a Physical Interfa[...]
-
Page 398
Interface Types The following table describes different interface types. Interface Type Modes Possible Default Mode Requires Creation Default State Physical L2, L3 Unset No Shutdown (disabled) Management N/A N/A No No Shutdown (enabled) Loopback L3 L3 Yes No Shutdown (enabled) Null N/A N/A No Enabled Port Channel L2, L3 L3 Yes Shutdown (disabled) V[...]
-
Page 399
Example of the show interfaces Command Example of the show ip interfaces brief Command Example of the show running-config Command to View Physical Interfaces The following example shows the configuration and status information for one interface. Dell#show interfaces tengigabitethernet 0/16 TenGigabitEthernet 0/16 is up, line protocol is up Hardware[...]
-
Page 400
GigabitEthernet 1/2 unassigned YES Manual up up GigabitEthernet 1/3 unassigned YES Manual up up GigabitEthernet 1/4 unassigned YES Manual up up GigabitEthernet 1/5 10.10.10.1 YES Manual up up GigabitEthernet 1/6 unassigned NO Manual administratively down down GigabitEthernet 1/7 unassigned NO Manual administratively down down GigabitEthernet 1/8 un[...]
-
Page 401
To confirm that the interface is enabled, use the show config command in INTERFACE mode. To leave INTERFACE mode, use the exit command or end command. You cannot delete a physical interface. Physical Interfaces The switch interfaces support Layer 2 and Layer 3 traffic over the 100/1000/10000, 10-Gigabit, and 40- Gigabit Ethernet interfaces. These i[...]
-
Page 402
Type of Interface Possible Modes Requires Creation Default State Port Channel Layer 2 Layer 3 Yes Shutdown (disabled) VLAN Layer 2 Layer 3 Yes, except for the default VLAN. No shutdown (active for Layer 2) Shutdown (disabled for Layer 3) Configuring Layer 2 (Data Link) Mode Do not configure switching or Layer 2 protocols such as spanning tree proto[...]
-
Page 403
Configuring Layer 3 (Network) Mode When you assign an IP address to a physical interface, you place it in Layer 3 mode. To enable Layer 3 mode on an individual interface, use the following commands. In all interface types except VLANs, the shutdown command prevents all traffic from passing through the interface. In VLANs, the shutdown command preve[...]
-
Page 404
INTERFACE mode ip address ip-address mask [secondary] The ip-address must be in dotted-decimal format (A.B.C.D) and the mask must be in slash format (/ xx). Add the keyword secondary if the IP address is the interface’s backup IP address. Example of the show ip interface Command You can only configure one primary IP address per interface. You can[...]
-
Page 405
The MXL switch system supports the management Ethernet interface as well as the standard interface on any front-end port. You can use either method to connect to the system. Configuring Management Interfaces on the MXL Switch On the MXL Switch IO Module, the dedicated management interface provides management access to the system. You can configure [...]
-
Page 406
Server Port AdminState is Down Pluggable media not present Interface index is 38080769 Internet address is not set Mode of IP Address Assignment : NONE DHCP Client-ID :tenG145001ec9bb02c2 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counte[...]
-
Page 407
INTERFACE mode ip address ip-address mask [secondary] – ip-address mask : enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). – secondary : the IP address is the interface’s backup IP address. You can configure up to eight secondary IP addresses. Example of a Configuration for a VLAN Participating in a[...]
-
Page 408
Null Interfaces The Null interface is another virtual interface. There is only one Null interface. It is always up, but no traffic is transmitted through this interface. To enter INTERFACE mode of the Null interface, use the following command. • Enter INTERFACE mode of the Null interface. CONFIGURATION mode interface null 0 The only configurable [...]
-
Page 409
With this feature, you can create larger-capacity interfaces by utilizing a group of lower-speed links. For example, you can build a 40-Gigabit interface by aggregating four 10-Gigabit Ethernet interfaces together. If one of the five interfaces fails, traffic is redistributed across the three remaining interfaces. Port Channel Implementation The De[...]
-
Page 410
In this example, you can change the common speed of the port channel by changing its configuration so the first enabled interface referenced in the configuration is a 1000 Mb/s speed interface. You can also change the common speed of the port channel here by setting the speed of the TenGig 0/0 interface to 1000 Mb/s. Configuration Tasks for Port Ch[...]
-
Page 411
• description • shutdown/no shutdown • mtu • ip mtu (if the interface is on a Jumbo-enabled by default) NOTE: The MXL switch supports jumbo frames by default (the default maximum transmission unit [MTU] is 1554 bytes) You can configure the MTU using the mtu command from INTERFACE mode. To view the interface’s configuration, enter INTERFAC[...]
-
Page 412
Last clearing of "show interface" counters 00:05:44 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statisti[...]
-
Page 413
INTERFACE PORT-CHANNEL mode interface port-channel id number 3. Add the interface to the second port channel. INTERFACE PORT-CHANNEL mode channel-member interface Example of Moving an Interface to a New Port Channel The following example shows moving the TenGigabitEthernet 1/8 interface from port channel 4 to port channel 3. Dell(conf-if-po-1)#show[...]
-
Page 414
• Add the port channel to the VLAN as a tagged interface. INTERFACE VLAN mode tagged port-channel id number An interface with tagging enabled can belong to multiple VLANs. • Add the port channel to the VLAN as an untagged interface. INTERFACE VLAN mode untagged port-channel id number An interface without tagging enabled can belong to only one V[...]
-
Page 415
When you disable a port channel, all interfaces within the port channel are operationally down also. Load Balancing through Port Channels Dell Networking OS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among ECMP paths and LAG members. The distribution is b[...]
-
Page 416
– ipv6-selection — Set the IPV6 key fields to use in hash computation. – tunnel — Set the tunnel key fields to use in hash computation. Hash Algorithm The load-balance command selects the hash criteria applied to port channels. If even distribution is not obtained with the load-balance command, the hash-algorithm command can be used to sele[...]
-
Page 417
Default Configuration without Start-up Config This feature is enabled by default and can be enabled on reload by deleting the start-up config file. On reload, all the server ports (1-32) come up as switch ports in No Shut mode. Uplinks remain in Shut mode ensuring that there are no network loops. With this feature, you can install servers and test [...]
-
Page 418
The interface range prompt offers the interface (with slot and port information) for valid interfaces. The maximum size of an interface range prompt is 32. If the prompt size exceeds this maximum, it displays (...) at the end of the output. NOTE: Non-existing interfaces are excluded from the interface range prompt. NOTE: When creating an interface [...]
-
Page 419
Dell(conf)#interface range tengigabitethernet 2/0 - 23 , tengigabitethernet 2/0 - 23 , tengigab 2/0 - 23 Dell(conf-if-range-te-2/0-23)# Exclude a Smaller Port Range The following is an example show how the smaller of two port ranges is omitted in the interface-range prompt. Example of the Interface-Range Prompt for Multiple Port Ranges Dell(conf)#i[...]
-
Page 420
To define an interface-range macro, use the following command. • Defines the interface-range macro and saves it in the running configuration file. CONFIGURATION mode define interface-range macro_name {vlan vlan_ID - vlan_ID } | {{tengigabitethernet | fortyGigE} slot/ interface - interface } [ , {vlan vlan_ID - vlan_ID } {{tengigabitethernet | for[...]
-
Page 421
– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Example of the monitor interface Command The information displays in a continuous run, refreshing every 2 seconds by default. To manage the[...]
-
Page 422
the signal that returns. By examining the reflection, TDR is able to indicate whether there is a cable fault (when the cable is broken, becomes unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link; that is, when the link is flapping or not coming up. TDR is not intended to b[...]
-
Page 423
– portmode quad : Identifies the uplink port as a split 10GbE SFP+ port. To display the stack-unit number, enter the show system brief command. • Save the configuration and reload the switch. CONFIGURATION mode write memory reload Merging SFP+ Ports to QSFP 40G Ports To remove FANOUT mode in 40G QSFP Ports, use the following commands. 1. Merge [...]
-
Page 424
Because different networking vendors define MTU differently, check their documentation when planning MTU sizes across a network. The following table lists the various Layer 2 overheads found in the Dell Networking OS and the number of bytes. Table 24. Layer 2 Overhead Transmission Media MTU Range (in bytes) Ethernet 594-12000 = link MTU 576-11982 =[...]
-
Page 425
Important Points to Remember • Before using the QSA to convert a 40 Gigabit Ethernet port to a 10 Gigabit SFP or SFP+ port, enable 40 G to 4*10 fan-out mode on the device. • When you insert a QSA into a 40 Gigabit port, you can use only the first 10 Gigabit port in the fan-out mode to plug-in SFP or SFP+ cables. The remaining three 10 Gigabit p[...]
-
Page 426
The globally assigned 48-bit Multicast address 01-80-C2-00-00-01 is used to send and receive pause frames. To allow full duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with a destination address equal to this multicast address. The pause frame is defined by IEEE 802.3x and uses MAC Cont[...]
-
Page 427
Configure MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be enough to include the Layer 2 header. For example, for VLAN packets, if the IP MTU is 1400, the Link MTU must be no less than 1422: 1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The MTU range is from 5[...]
-
Page 428
Port-Pipes A high-speed data bus connection used to switch traffic between front-end ports is known as the port pipe. A port pipe is a Dell Networking-specific term for the hardware path that packets follow through a system. The MXL switch supports single port pipe only. Auto-Negotiation on Ethernet Interfaces By default, auto-negotiation of speed [...]
-
Page 429
5. Set the local port speed. INTERFACE mode speed {100 | 1000 | 10000 | auto} 6. Optionally, set full- or half-duplex. INTERFACE mode duplex {half | full} 7. Disable auto-negotiation on the port. INTERFACE mode no negotiation auto If the speed was set to 1000, do not disable auto-negotiation. 8. Verify configuration changes. INTERFACE mode show con[...]
-
Page 430
speed 100 duplex full no shutdown Set Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave after you enable auto-negotiation. CAUTION: Ensure that only one end of the node is configured as forced-master and the other is configured as forced-slave. If both are [...]
-
Page 431
Dell#show interfaces configured Dell#show interfaces tengigabitEthernet 0 configured Dell#show ip interface configured Dell#show ip interface tengigabitEthernet 1 configured Dell#show interfaces fortygigabitEthernet 0 configured Dell#show ip interface fortygigabitEthernet 1 configured Dell#show ip interface brief configured Dell#show running-config[...]
-
Page 432
The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100. Dell#show interfaces TenGigabitEthernet 10/0 is down, line protocol is down Hardware is Dell Force10Eth, address is 00:01:e8:01:9e:d9 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10000 Mbit ARP typ[...]
-
Page 433
NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by the Dell Networking OS: • Egress VLAN • Ingress VLAN • Next Hop 2 • Next Hop 1 • Egress ACLs • ILM • IP FLOW • IP ACL • IP FIB • L2 ACL • L[...]
-
Page 434
Enhanced Validation of Interface Ranges You can avoid specifying spaces between the range of interfaces, separated by commas, that you configure by using the interface range command. For example, if you enter a list of interface ranges, such as interface range fo 2/0-1,te 10/0,gi 3/0,fa 0/0 , this configuration is considered valid. The comma-separa[...]
-
Page 435
23 Internet Protocol Security (IPSec) IPSec is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and file transfer protocols (FTPs) and can operate in Transpo[...]
-
Page 436
Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. 1. Define the transform set. CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp- encryption des 2. Define the crypto policy. CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXf[...]
-
Page 437
24 IPv4 Routing The Dell Networking OS supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking operating system (OS). IP Feature Default DNS Disabled Directed Broadcast Disabled Proxy ARP Enabled[...]
-
Page 438
Configuration Tasks for IP Addresses The following describes the tasks associated with IP address configuration. Configuration tasks for IP addresses includes: • Assigning IP Addresses to an Interface (mandatory) • Configuring Static Routes (optional) • Configure Static Routes for the Management Interface (optional) For a complete listing of [...]
-
Page 439
Example the show config Command Example of the show ip interface Command To view the configuration, use the show config command in INTERFACE mode or use the show ip interface command in EXEC privilege mode, as shown in the second example. Dell(conf-if-te-0/16)#show conf ! interface TenGigabitEthernet 0/16 no ip address shutdown Dell(conf-if-te-0/16[...]
-
Page 440
----------- ------- ----------- ----------- S 2.1.2.0/24 Direct, Nu 0 0/0 00:02:30 S 6.1.2.0/24 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.2/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.3/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.4/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.5/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.6/32 via 6.1.20.2, Te 5/[...]
-
Page 441
172.31.1.0/24 ManagementEthernet 1/0 Connected Dell# IPv4 Path MTU Discovery Overview The size of the packet that can be sent across each hop in the network path without being fragmented is called the path maximum transmission unit (PMTU). This value might vary for the same route between two devices, mainly over a public network, depending on the n[...]
-
Page 442
Configuring the ICMP Source Interface You can enable the ICMP error and unreachable messages to contain the configured IP address of the source device instead of the previous hop's IP address. This configuration helps identify the devices along the path because the DNS server maps the loopback IP address to the host name, and does not translat[...]
-
Page 443
Enabling Directed Broadcast By default, the system drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable the system to receive directed broadcasts, use the following command. • Enable directed broadcast. INTERFACE mode ip directed-broadcast To v[...]
-
Page 444
Name servers are not set Host Flags TTL Type Address -------- ----- ---- ---- ------- ks (perm, OK) - IP 2.2.2.2 patch1 (perm, OK) - IP 192.68.69.2 tomm-3 (perm, OK) - IP 192.68.99.2 gxr (perm, OK) - IP 192.71.18.2 f00-3 (perm, OK) - IP 192.71.23.1 Dell> To view the current configuration, use the show running-config resolve command. Specifying t[...]
-
Page 445
a probe count (default is 3 ), minimum TTL (default is 1 ), maximum TTL (default is 30 ), and port number (default is 33434 ). CONFIGURATION mode traceroute [ host | ip-address ] To keep the default setting for these parameters, press the ENTER key. Example of the traceroute Command The following text is example output of DNS using the traceroute c[...]
-
Page 446
Configuration Tasks for ARP For a complete listing of all ARP-related commands, refer to the Dell Networking OS Command Line Reference Guide . Configuration tasks for ARP include: • Configuring Static ARP Entries (optional) • Enabling Proxy ARP (optional) • Clearing ARP Cache (optional) • ARP Learning via Gratuitous ARP • ARP Learning via[...]
-
Page 447
• Re-enable Proxy ARP. INTERFACE mode ip proxy-arp To view if Proxy ARP is enabled on the interface, use the show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only non-default information is displayed in the show config command output. Clearing ARP Cache To clear the ARP cache of dynamica[...]
-
Page 448
ARP Learning via ARP Request In the Dell Networking OS versions prior to 8.3.1.0, the system learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address. If the target IP does not match the incoming interface[...]
-
Page 449
Configuring ARP Retries In the Dell Networking OS versions prior to 8.3.1.0, the number of ARP retries is set to five and is not configurable. After five retries, the system backs off for 20 seconds before it sends a new request. Beginning with the Dell Networking OS version 8.3.1.0, the number of ARP retries is configurable. The default backoff in[...]
-
Page 450
For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide . Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled. When enabled, ICMP unreachable messages are created and sent out all interfaces. To disable and re-enable ICMP unreachable messages, use the fol[...]
-
Page 451
Example of Enabling UDP Helper Example of the show ip udp-helper Command Dell(conf-if-te-1/1)#ip udp-helper udp-port 1000 Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 ip address 2.1.1.1/24 ip udp-helper udp-port 1000 no shutdown To view the interfaces and ports on which you enabled UDP helper, use the show ip udp-helper comma[...]
-
Page 452
3. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured. Figure 50. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface,[...]
-
Page 453
UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101. If you enabled UDP [...]
-
Page 454
5/1 TenGig 5/ 2 Vlan 3 01:44:54: Pkt rcvd on TenGig 7/0 is handed over for DHCP processing. When using the IP helper and UDP helper on the same interface, use the debug ip dhcp command. Example Output from the debug ip dhcp Command Packet 0.0.0.0:68 -> 255.255.255.255:67 TTL 128 2005-11-05 11:59:35 %RELAY-I-PACKET, BOOTP REQUEST (Unicast) receiv[...]
-
Page 455
25 IPv6 Addressing Internet protocol version 6 (IPv6) is supported on the MXL switch platform. NOTE: The IPv6 basic commands are supported on all platforms. However, not all features are supported on all platforms, nor for all releases. To determine the Dell Networking OS version supporting which features and platforms, refer to Implementing IPv6 w[...]
-
Page 456
• Duplicate Address Detection (DAD) — Before configuring its IPv6 address, an IPv6 host node device checks whether that address is used anywhere on the network using this mechanism. • Prefix Renumbering — Useful in transparent renumbering of hosts in the network when an organization changes its service provider. NOTE: As an alternative to s[...]
-
Page 457
IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 53. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits defi[...]
-
Page 458
Payload Length (16 bits) The Payload Length field specifies the packet payload. This is the length of the data following the IPv6 header. IPv6 Payload Length only includes the data following the header, not the header itself. The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Ex[...]
-
Page 459
Source Address (128 bits) The Source Address field contains the IPv6 address for the packet originator. Destination Address (128 bits) The Destination Address field contains the intended recipient’s IPv6 address. This can be either the ultimate destination or the address of the next hop router. Extension Header Fields Extension headers are used o[...]
-
Page 460
This field can contain one or more options. The first byte if the field identifies the Option type, and directs the router how to handle the option. 00 Skip and continue processing. 01 Discard the packet. 10 Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet’s Source IP Address identifying the unknown option type. [...]
-
Page 461
Link-local Addresses Link-local addresses, starting with fe80:, are assigned only in the local link area. The addresses are generated usually automatically by the operating system's IP layer for each network interface. This provides instant automatic network connectivity for any IPv6 host and means that if several hosts connect to a common hub[...]
-
Page 462
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location MXL IPv6 stateless autoconfiguration 9.2(0.0) Stateless Autoconfiguration in this chapter IPv6 MTU path discovery 9.2(0.0) Path MTU Discovery in this chapter IPv6 ICMPv6 9.2(0.0) ICMPv6 in this chapter IPv6 ping 9.2(0.0) ICMPv6 in this chapter IPv6 [...]
-
Page 463
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location MXL IPv6 Services and Management 9.2(0.0) Telnet client over IPv6 (outbound Telnet) 9.2(0.0) Configuring Telnet with IPv6 in this chapter Control and Monitoring in the Dell Networking OS Command Line Reference Guide . Telnet server over IPv6 (inboun[...]
-
Page 464
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location MXL Multicast IPv6 in the Dell Networking OS Command Line Reference Guide . IPv6 QoS trust DSCP values N/A IPv6 Multicast in this chapter ICMPv6 ICMPv6 is supported on the MXL switch platform. ICMP for IPv6 combines the roles of ICMP, IGMP and ARP i[...]
-
Page 465
Figure 54. Path MTU Discovery Process IPv6 Neighbor Discovery IPv6 neighbor discovery protocol (NDP) is supported on the MXL swtich platform. NDP is a top-level protocol for neighbor discovery on an IPv6 network. In lieu of address resolution protocol (ARP), NDP uses “Neighbor Solicitation” and “Neighbor Advertisement” ICMPv6 messages for d[...]
-
Page 466
Figure 55. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets With the Dell Networking OS version 8.3.1.0, you can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate. For[...]
-
Page 467
• invalid host addresses If you specify this information in the IPv6 RDNSS configuration, a DNS error is displayed. Example for Configuring an IPv6 Recursive DNS Server The following example configures a RDNNS server with an IPv6 address of 1000::1 and a lifetime of 1 second. Debugging IPv6 RDNSS Information Sent to the Host To verify that the IP[...]
-
Page 468
rendezvous point (RP) of the share tree distribution tree to distribute multicast traffic to a multicast group. Messages to join the multicast group (Join messages) are sent towards the RP and data is sent from senders to the RP so receivers can discover who are the senders and begin receiving traffic destined to the multicast group. For more infor[...]
-
Page 469
• L3 QoS (ipv4qos): 1 • L2 QoS (l2qos): 1 To have the changes take effect, save the new CAM settings to the startup-config ( write-mem or copy run start ) then reload the system for the new settings. • Allocate space for IPV6 ACLs. Enter the CAM profile name then the allocated amount. CONFIGURATION mode cam-acl { ipv6acl } When not selecting [...]
-
Page 470
NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits. Separate each group by a colon (:). Omitting zeros is accepted as described in Addressing . Assigning a Static IPv6 Route IPv6 static routes are supported on the MXL switch platform. To configure IPv6 static routes, use the ipv6 route command. NOTE: After you conf[...]
-
Page 471
– mask : prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing . SNMP over IPv6 The simple network management protocol (SNMP) is supported on the MXL switch platform. You can configure[...]
-
Page 472
• Show the currently running configuration for the specified interface. EXEC mode show ipv6 interface type { slot/port } Enter the keyword interface then the type of interface and slot/port information: – For all brief summary of IPv6 status and configuration, enter the keyword brief . – For all IPv6 configured interfaces, enter the keyword c[...]
-
Page 473
Example of the show ipv6 route summary Command Example of the show ipv6 route Command Example of the show ipv6 route static Command Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0 static 0 0 Total 5 0 Dell#show ipv6 route Codes: C - connected, L - local, S - static, R - RIP, B - BGP, IN - internal BGP, EX - e[...]
-
Page 474
– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Example of the show running-config interface Command Dell#show run int gi 2/2 ! interface GigabitEthernet 2/2 no ip address ipv6 address 3:[...]
-
Page 475
26 iSCSI Optimization The MXL switch enables internet small computer system interface (iSCSI) optimization with default iSCSI parameter settings and is auto-provisioned to support the following features. • Detection and Auto-Configuration for Dell EqualLogic Arrays • Configuring Detection and Ports for Dell Compellent Arrays To display informat[...]
-
Page 476
• iSCSI monitoring sessions — the switch monitors and tracks active iSCSI sessions in connections on the switch, including port information and iSCSI session information. • iSCSI QoS — A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used to direct the iSCSI data traffic to queues [...]
-
Page 477
Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets. When you enable iSCSI optimization, by default the swit[...]
-
Page 478
• At the first detection of an EqualLogic array, an MTU of 12000 is enabled on all ports and port- channels (if it has not already been enabled). • Spanning-tree portfast is enabled on the interface LLDP identifies. • Unicast storm control is disabled on the interface LLDP identifies. Configuring Detection and Ports for Dell Compellent Arrays[...]
-
Page 479
Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 26. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Enabled iSCSI CoS mode (802.1p priority queue mapping) Enabled: dot1p priority 4 without the remark setting iSCSI CoS Treatment iSCSI packe[...]
-
Page 480
iSCSI COS : dot1p is 4 no-remark Session aging time: 10 Maximum number of connections is 256 ------------------------------------------------ iSCSI Targets and TCP Ports: ------------------------------------------------ TCP Port Target IP Address 3260 860 VLT PEER1 Dell#show isci session Session 0: --------------------------------------------------[...]
-
Page 481
27 Intermediate System to Intermediate System Intermediate system to intermediate system (Is-IS) is supported on the MXL switch platform. • The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. • The IS-IS protocol standards are listed i[...]
-
Page 482
IS area address, system ID, and N-selector. The last byte is the N-selector. All routers within an area have the same area portion. Level 1 routers route based on the system address portion of the address, while the Level 2 routers route based on the area address. The NET length is variable, with a maximum of 20 bytes and a minimum of 8 bytes. It i[...]
-
Page 483
• MT ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi- topology. A router operating in multi-topology mode does not recognize the ability of the single- topology mode router to support IPv6 traffic, which leads to holes i[...]
-
Page 484
by an active RPM have been downloaded into the forwarding information base (FIB) on the line cards (the data plane) and are still resident. For packets that have existing FIB/content addressable memory (CAM) entries, forwarding between ingress and egress ports can continue uninterrupted while the control plane IS-IS process comes back to full funct[...]
-
Page 485
To support IPv6, the Dell Networking implementation of IS-IS performs the following tasks: • Advertises IPv6 information in the PDUs. • Processes IPv6 information received in the PDUs. • Computes routes to IPv6 destinations. • Downloads IPv6 routes to the RTM for installing in the FIB. • Accepts external IPv6 information and advertises th[...]
-
Page 486
• Configuring the IS-IS Metric Style • Configuring the IS-IS Cost • Changing the IS-Type • Controlling Routing Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debugging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS[...]
-
Page 487
• For a VLAN, enter the keyword vlan then a number from 1 to 4094. 4. Enter an IPv4 Address. INTERFACE mode ip address ip-address mask Assign an IP address and mask to the interface. The IP address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 5. Enter an IPv6 Address. INTERFAC[...]
-
Page 488
Redistributing: Distance: 115 Generate narrow metrics: level-1-2 Accept narrow metrics: level-1-2 Generate wide metrics: none Accept wide metrics: none Dell# To view IS-IS protocol statistics, use the show isis traffic command in EXEC Privilege mode. Dell#show isis traffic IS-IS: Level-1 Hellos (sent/rcvd) : 4272/1538 IS-IS: Level-2 Hellos (sent/rc[...]
-
Page 489
ROUTER ISIS AF IPV6 mode set-overload-bit 3. Set the minimum interval between SPF calculations. ROUTER ISIS AF IPV6 mode spf-interval [level-l | level-2 | interval] [initial_wait_interval [second_wait_interval]] Use this command for IPv6 route computation only when you enable multi-topology. If using Single- Topology mode, to apply to both IPv4 and[...]
-
Page 490
– interval : wait time (the range is from 5 to 120. The default is 5 .) – retry-times : number of times an unacknowledged restart request is sent before the restarting router gives up the graceful restart engagement with the neighbor. (The range is from 1 to 10 attempts. The default is 1 .) • Configure the time for the graceful restart timer [...]
-
Page 491
Suppress Adj rcv count : 0 (level-1), 0 (level-2) Restart CSNP rcv count : 0 (level-1), 0 (level-2) Database Sync count : 0 (level-1), 0 (level-2) Circuit GigabitEthernet 2/10: Mode: Normal L1-State:NORMAL, L2-State: NORMAL L1: Send/Receive: RR:0/0, RA: 0/0, SA:0/0 T1 time left: 0, retry count left:0 L2: Send/Receive: RR:0/0, RA: 0/0, SA:0/0 T1 tim[...]
-
Page 492
lsp-mtu size – size : the range is from 128 to 9195. The default is 1497 . • Set the LSP refresh interval. ROUTER ISIS mode lsp-refresh-interval seconds – seconds : the range is from 1 to 65535. The default is 900 seconds . • Set the maximum time LSPs lifetime. ROUTER ISIS mode max-lsp-lifetime seconds – seconds : the range is from 1 to 6[...]
-
Page 493
Table 28. Metric Styles Metric Style Characteristics Cost Range Supported on IS-IS Interfaces narrow Sends and accepts narrow or old TLVs (Type, Length, Value). 0 to 63 wide Sends and accepts wide or new TLVs. 0 to 16777215 transition Sends both wide (new) and narrow (old) TLVs. 0 to 63 narrow transition Sends narrow (old) TLVs and accepts both nar[...]
-
Page 494
Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with IS-IS enabled, you can assign a cost or metric that is used in the link state calculation. To change the metric or cost of the interface, use the following commands. • Assign an IS-IS metric. INTERFA[...]
-
Page 495
Changing the IS-Type To change the IS-type, use the following commands. You can configure the system to act as a Level 1 router, a Level 1-2 router, or a Level 2 router. To change the IS-type for the router, use the following commands. • Configure IS-IS operating level for a router. ROUTER ISIS mode is-type {level-1 | level-1-2 | level-2-only} De[...]
-
Page 496
– For the Loopback interface on the RPM, enter the keyword loopback then a number from 0 to 16383. – For a port channel, enter the keywords port-channel then a number from 1 to 255. – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/ port information. – For a 40-Gigabit Ethernet interface, enter the ke[...]
-
Page 497
– static : for user-configured routes. – bgp : for BGP routes only. • Deny RTM download for pre-existing redistributed IPv4 routes. ROUTER ISIS mode distribute-list redistributed-override in Applying IPv6 Routes To apply prefix lists to incoming or outgoing IPv6 routes, use the following commands. NOTE: These commands apply to IPv6 IS-IS only[...]
-
Page 498
Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process. With the redistribute command syntax, you can include BGP, OSPF, RIP, static, or directly connected routes in the IS-IS process. NOTE: Do not route iBGP routes to IS-IS unless there are route-maps associated[...]
-
Page 499
redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value ] [metric-type {external | internal}] [route-map map-name ] Configure the following parameters: – level-1 , level-1-2 , or level-2 : assign all redistributed routes to a level. The default is level-2 . – metric-value : the range is from 0 [...]
-
Page 500
The Dell Networking OS supports both DES and HMAC-MD5 authentication methods. This password is inserted in Level 2 LSPs, Complete SNPs, and Partial SNPs. To view the passwords, use the show config command in ROUTER ISIS mode or the show running- config isis command in EXEC Privilege mode. To remove a password, use either the no area-password or no [...]
-
Page 501
• View all IS-IS information. EXEC Privilege mode debug isis • View information on all adjacency-related activity (for example, hello packets that are sent and received). EXEC Privilege mode debug isis adj-packets [ interface ] To view specific information, enter the following optional parameter: – interface : Enter the type of interface and [...]
-
Page 502
To disable all debugging, use the undebug all command. IS-IS Metric Styles The following sections provide additional information about the IS-IS metric styles. • Configuring the IS-IS Metric Style • Configure Metric Values The Dell Networking OS supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] [...]
-
Page 503
Table 29. Metric Value When the Metric Style Changes Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide narrow default value (10) if the original value is greater than 63. A message is sent to the console. wide transition truncated value (the truncated value appears in the LSP only). The original isis metric value is displa[...]
-
Page 504
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide transition narrow transition default value (10) if the original value is greater than 63. A message is sent to the console. wide transition transition truncated value (the truncated value appears in the LSP only). The original isis metric value is displayed in the show conf[...]
-
Page 505
Level-1 Metric Style Level-2 Metric Style Resulting Metric Value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narrow transition transition original value transition wide original value transition narrow original value transition wide transition original value transiti[...]
-
Page 506
Figure 58. IPv6 IS-IS Sample Topography IS-IS Sample Configuration — Router 1 IS-IS Sample Configuration — Router 2 IS-IS Sample Configuration — Router 3 The following is a sample configuration for enabling IPv6 IS-IS. R1(conf)#interface Loopback 0 R1(conf-if-lo-0)#ip address 192.168.1.1/24 R1(conf-if-lo-0)#ipv6 address 2001:db8:9999:1::/48 R[...]
-
Page 507
R1#show ip route Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter a[...]
-
Page 508
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is 172.21.212.1 to network 0.0.0.0 Destination Gateway Dist/Metric Last Change ----------- ------- --[...]
-
Page 509
L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- C 10.0.13.0/24 Direct, Gi 3/14 0/0 00:00:10 C 10.0.23.0/24 Direct, Gi 3/21 0/0 00:00:03 C 192.168.1.0/24 Direct, Lo 0 0[...]
-
Page 510
28 Link Aggregation Control Protocol (LACP) Link aggregation control protocol (LACP) is supported on the MXL switch platform. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel , can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. The benefit[...]
-
Page 511
– If a physical interface is a part of a dynamic LAG, it cannot be added as a member of a static LAG. The channel-member gigabitethernet x/y command is rejected in the static LAG interface for that physical interface. • A dynamic LAG can be created with any type of configuration. • There is a difference between the shutdown and no interface p[...]
-
Page 512
[no] port-channel-protocol lacp The default is LACP disabled . This command creates context. • Configure LACP mode. LACP mode [no] port-channel number mode [active | passive | off] – number : cannot statically contain any links. The default is LACP active . • Configure port priority. LACP mode [no] lacp port-priority priority-value The range [...]
-
Page 513
Example of Configuring a LAG Interface Example of the tagged Command Dell(conf)#interface port-channel 32 Dell(conf-if-po-32)#no shutdown Dell(conf-if-po-32)#switchport The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG. Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#tagged port-channel 32 [...]
-
Page 514
default timeout value to be 30 seconds . Invoking the longer timeout might prevent the LAG from flapping if the remote system is up but temporarily unable to transmit PDUs due to a system interruption. NOTE: The 30-second timeout is available for dynamic LAG interfaces only. You can enter the lacp long-timeout command for static LAGs, but it has no[...]
-
Page 515
As shown in the following illustration, the line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2. Traffic is equally distributed between LAGs 1 and 2. If LAG 1 fails, all traffic from R1 to R4 flows across LAG 2 only. This condition over-subscribes the link and packets are dropped. Figure 59. Shared LAG State Tracking To a[...]
-
Page 516
Dell#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the sa[...]
-
Page 517
Important Points about Shared LAG State Tracking The following is more information about shared LAG state tracking. • This feature is available for static and dynamic LAGs. • Only a LAG can be a member of a failover group. • You can configure shared LAG state tracking on one side of a link or on both sides. • If a LAG that is part of a fail[...]
-
Page 518
switchport no shutdown ! Alpha(conf-if-po-10)# The following example inspects a LAG port configuration on ALPHA. Alpha#sh int gig 2/31 GigabitEthernet 2/31 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface Index is 109101113 Port will not be[...]
-
Page 519
Figure 62. Inspecting the LAG Configuration Link Aggregation Control Protocol (LACP) 519[...]
-
Page 520
Figure 63. Inspecting Configuration of LAG 10 on ALPHA 520 Link Aggregation Control Protocol (LACP)[...]
-
Page 521
Figure 64. Verifying LAG 10 Status on ALPHA Using the show lacp Command Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/31)#shutdown Alpha(conf-if-gi-2/31)#port-channel-protocol lacp Alpha(conf-if-gi-2/31-lacp)#port-channel 10 mode active Alpha(conf-if-gi-2/31-lacp)#no s[...]
-
Page 522
interface GigabitEthernet 2/31 no ip address Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip addre[...]
-
Page 523
Figure 65. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP) 523[...]
-
Page 524
Figure 66. Inspecting LAG 10 Using the show interfaces port-channel Command 524 Link Aggregation Control Protocol (LACP)[...]
-
Page 525
Figure 67. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry [...]
-
Page 526
29 Layer 2 Layer 2 features are supported on the MXL switch platform. Manage the MAC Address Table The Dell Networking OS provides the following management activities for the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries • Configuring a Static MAC Address • Displaying the MAC Address Table [...]
-
Page 527
CONFIGURATION mode mac-address-table aging-time seconds The range is from 10 to 1000000. Dell Networking OS Behavior : The time elapsed before the configured MAC aging time expires is not precisely as configured. For example, the VLAN configuration mac-address-table aging-time 1 , does not remove dynamic entries from the CAM after precisely 1 secon[...]
-
Page 528
interface/VLAN. After the limit is reached, the system drops all traffic from a device with an unlearned MAC address. This section describes the following: • mac learning-limit Dynamic • mac learning-limit station-move • Learning Limit Violation Actions • Setting Station Move Violation Actions • Recovering from Learning Limit and Station [...]
-
Page 529
mac learning-limit station-move The station-move option, allows a MAC address already in the table to be learned off of another interface. For example, if you disconnect a network device from one interface and reconnect it to another interface, the MAC address is learned on the new interface. When the system detects this “station move,” the sys[...]
-
Page 530
• Display a list of all of the interfaces configured with MAC learning limit or station move violation. CONFIGURATION mode show mac learning-limit violate-action NOTE: When the MAC learning limit (MLL) is configured as no-station-move , the MLL will be processed as static entries internally. For static entries, the MAC address will be installed i[...]
-
Page 531
Figure 68. Redundant NICs with NIC Teaming When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (shown in the following) and Port 0/5 is the failover port. When the NIC fails, the system automatically sends an ARP request for the gateway or host NIC to resolve the ARP and refresh the egress [...]
-
Page 532
Figure 69. Configuring the mac-address-table station-move refresh-arp Command MAC Move Optimization MAC move optimization is supported only on the E-Series platform. Station-move detection takes 5000ms because this is the interval at which the detection algorithm runs. The threshold option is the number of times a station move must be detected in a[...]
-
Page 533
30 Link Layer Discovery Protocol (LLDP) The link layer discovery protocol (LLDP) is supported on the MXL switch platform. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infras[...]
-
Page 534
Table 32. Type, Length, Value (TLV) Types Type TLV Description 0 End of LLDPDU Marks the end of an LLDPDU. 1 Chassis ID An administratively assigned name that identifies the LLDP agent. 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received. 3 Time to Live A value that tells the receiving agent h[...]
-
Page 535
Management TLVs A management TLV is an optional TLVs sub-type. This kind of TLV contains essential management information about the sender. Organizationally Specific TLVs A professional organization or a vendor can define organizationally specific TLVs. They have two mandatory fields (as shown in the following illustration) in addition to the basic[...]
-
Page 536
Type TLV Description Dell Networking OS does not currently support this TLV. IEEE 802.1 Organizationally Specific TLVs 127 Port-VLAN ID On Dell Networking systems, indicates the untagged VLAN to which a port belongs. 127 Port and Protocol VLAN ID On Dell Networking systems, indicates the tagged VLAN to which a port belongs (and the untagged VLAN to[...]
-
Page 537
Type TLV Description does not currently support this TLV. 127 Maximum Frame Size Indicates the maximum frame size capability of the MAC and PHY. TIA-1057 (LLDP-MED) Overview Link layer discovery protocol — media endpoint discovery (LLDP-MED) as defined by ANSI/ TIA-1057— provides additional organizationally specific TLVs so that endpoint device[...]
-
Page 538
Type SubType TLV Description • LLDP device class 127 2 Network Policy Indicates the application type, VLAN ID, Layer 2 Priority, and DSCP value. 127 3 Location Identification Indicates that the physical location of the device expressed in one of three possible formats: • Coordinate Based LCI • Civic Address LCI • Emergency Call Services ELI[...]
-
Page 539
Type SubType TLV Description 127 11 Inventory — Asset ID Indicates a user specified device number to manage inventory. 127 12–255 Reserved — LLDP-MED Capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LLDP-MED network connectivity devices must tra[...]
-
Page 540
Value Device Type 4 Network Connectivity 5–255 Reserved LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations. LLDP-MED network policies TLV include: • VLAN ID • VLAN tagged or untagged status • Layer 2 priority • DSCP value An integer[...]
-
Page 541
Type Application Description 6 Video Conferencing Specify this application type for dedicated video conferencing and other similar appliances supporting real-time interactive video. 7 Streaming Video Specify this application type for dedicated video conferencing and other similar appliances supporting real-time interactive video. 8 Video Signaling [...]
-
Page 542
Figure 75. Extended Power via MDI TLV Configure LLDP Configuring LLDP is a two-step process. 1. Enable LLDP globally. 2. Advertise TLVs out of an interface. Related Configuration Tasks • Viewing the LLDP Configuration • Viewing Information Advertised by Adjacent LLDP Agents • Configuring LLDPDU Intervals • Configuring Transmit and Receive M[...]
-
Page 543
Example of the protocol lldp Command (CONFIGURATION Level) R1(conf)#protocol lldp R1(conf-lldp)#? advertise Advertise TLVs dcbx Configure Dcbx Parameters disable Disable LLDP protocol globally end Exit from configuration mode exit Exit from LLDP configuration mode fcoe Configure priority bits for FCoE traffic hello LLDP hello configuration iscsi Co[...]
-
Page 544
To undo an LLDP configuration, precede the relevant command with the keyword no . Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • If you configure the system globally, all interfaces send LLDPDUs with the specified TLVs. • If you configure an interface, only the interface se[...]
-
Page 545
Figure 76. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Example of Viewing LLDP Global Configurations Example of Viewing LLDP Interface Configurations R1(conf)#protocol lldp R1(conf-lldp)#show config ! protoc[...]
-
Page 546
Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • Display brief information about adjacent devices. show lldp neighbors • Display all of the information that neighbors are advertising. show lldp neig[...]
-
Page 547
Total In Error Frames: 0 Total Unrecognized TLVs: 0 Total TLVs Discarded: 0 Next packet will be sent after 4 seconds The neighbors are given below: ----------------------------------------------------------------------- Remote Chassis ID Subtype: Mac address (4) Remote Chassis ID: 00:00:c9:ad:f6:12 Remote Port Subtype: Mac address (3) Remote Port I[...]
-
Page 548
Configuring Transmit and Receive Mode After you enable LLDP, Dell Networking systems transmit and receive LLDPDUs by default. To configure the system to transmit or receive only and return to the default, use the following commands. • Transmit only. CONFIGURATION mode or INTERFACE mode mode tx • Receive only. CONFIGURATION mode or INTERFACE mod[...]
-
Page 549
Configuring a Time to Live The information received from a neighbor expires after a specific amount of time (measured in seconds) called a time to live (TTL). The TTL is the product of the LLDPDU transmit interval (hello) and an integer called a multiplier. The default multiplier is 4 , which results in a default TTL of 120 seconds. • Adjust the [...]
-
Page 550
• View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. debug lldp detail Figure 77. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networkings OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TL[...]
-
Page 551
Table 38. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplie r Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value. [...]
-
Page 552
MIB Object Category LLDP Variable LLDP MIB Object Description statsTLVsUnrecognizedTota l lldpStatsRxPortTLVsUnreco gnizedTotal Total number of all TLVs the local agent does not recognize. Table 39. LLDP System MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object 1 Chassis ID chassis ID subtype Local lldpLocChassisIdSub type Remote lld[...]
-
Page 553
TLV Type TLV Name TLV Variable System LLDP MIB Object Remote lldpRemManAddrSu btype management address Local lldpLocManAddr Remote lldpRemManAddr interface numbering subtype Local lldpLocManAddrIfSu btype Remote lldpRemManAddrIfS ubtype interface number Local lldpLocManAddrIfId Remote lldpRemManAddrIfId OID Local lldpLocManAddrOID Remote lldpRemMan[...]
-
Page 554
TLV Type TLV Name TLV Variable System LLDP MIB Object Remote lldpXdot1RemVlanN ame VLAN name Local lldpXdot1LocVlanNa me Remote lldpXdot1RemVlanN ame Table 41. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object 1 LLDP-MED Capabilities LLDP-MED Capabilities Local lldpXMedPortCapSu pported lldpXMedPortConfig TLV[...]
-
Page 555
TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object L2 Priority Local lldpXMedLocMediaP olicyPriority Remote lldpXMedRemMedia PolicyPriority DSCP Value Local lldpXMedLocMediaP olicyDscp Remote lldpXMedRemMedia PolicyDscp 3 Location Identifier Location Data Format Local lldpXMedLocLocatio nSubtype Remote lldpXMedRemLocati onSubtype Locatio[...]
-
Page 556
TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Power Value Local lldpXMedLocXPoEPS EPortPowerAv lldpXMedLocXPoEP DPowerReq Remote lldpXMedRemXPoEP SEPowerAv lldpXMedRemXPoEP DPowerReq 556 Link Layer Discovery Protocol (LLDP)[...]
-
Page 557
31 Microsoft Network Load Balancing Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or [...]
-
Page 558
With NLB, the data frame is forwarded to all the servers for them to perform load-balancing. NLB Multicast Mode Scenario Consider a sample topology in which four servers, namely S1 through S4, are configured as a cluster or a farm. This set of servers is connected to a Layer 3 switch, which in turn is connected to the end-clients. They contain a si[...]
-
Page 559
Enable and Disable VLAN Flooding • The older ARP entries are overwritten whenever newer NLB entries are learned. • All ARP entries, learned after the feature is enabled, are deleted when the feature is disabled, and RP2 triggers an ARP resolution. The feature is disabled with the no ip vlan-flooding command. • When a port is added to the VLAN[...]
-
Page 560
32 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on the MXL switch platform. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common bo[...]
-
Page 561
Figure 78. Multicast Source Discovery Protocol (MSDP) RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Multicast Source Discovery Protocol ([...]
-
Page 562
Figure 79. MSDP SA Message Format Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows you to configure two or more RPs with the same IP [...]
-
Page 563
Configure the Multicast Source Discovery Protocol Configuring MSDP is a four-step process. 1. Enable an exterior gateway protocol (EGP) with at least two routing domains. Refer to the following figures. The MSDP Sample Configurations show the OSPF-BGP configuration used in this chapter for MSDP. Also, refer to Open Shortest Path First (OSPFv2 and O[...]
-
Page 564
Figure 80. Configuring Interfaces for MSDP 564 Multicast Source Discovery Protocol (MSDP)[...]
-
Page 565
Figure 81. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP) 565[...]
-
Page 566
Figure 82. Configuring PIM in Multiple Routing Domains 566 Multicast Source Discovery Protocol (MSDP)[...]
-
Page 567
Figure 83. Configuring MSDP Enabling MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains. CONFIGURATION mode Multicast Source Discovery Protocol (MSDP) 567[...]
-
Page 568
ip msdp peer connect-source Example of Configuring MSDP Example of Viewing Peer Information R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr Local Addr State Source SA Up/Down Description 192.168.0.1 192.168.0.3 Established Lo 0 1 00:05:29 To view detail[...]
-
Page 569
Example of the show ip msdp sa-cache Command R3_E600#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.0.0.1 10.11.4.2 192.168.0.1 192.168.0.1 76 00:10:44 Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking operating system c[...]
-
Page 570
• In Scenario 1, all MSPD peers are up. • In Scenario 2, the peership between RP1 and RP2 is down, but the link (and routing protocols) between them is still up. In this case, RP1 learns all active sources from RP3, but the sources from RP2 and RP4 are rejected because the reverse path to these routers is through Interface A. • In Scenario 3,[...]
-
Page 571
Figure 85. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP) 571[...]
-
Page 572
Figure 86. MSDP Default Peer, Scenario 3 572 Multicast Source Discovery Protocol (MSDP)[...]
-
Page 573
Figure 87. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the p[...]
-
Page 574
Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr L[...]
-
Page 575
CONFIGURATION mode ip msdp redistribute list Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache. To apply the redistribute filter to entri[...]
-
Page 576
! ip access-list extended myremotefilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 R3_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.0.0.1 10.11.4.2 192.168.0.1 192.168.0.1 1 00:03:59 R3_E600(conf)#do show ip msdp sa-cache R3_E600(conf)# R3_E600(conf)#do show ip m[...]
-
Page 577
To display the configured SA filters for a peer, use the show ip msdp peer command from EXEC Privilege mode. Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a Peership MSDP uses TCP as its transport protocol.[...]
-
Page 578
Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics. CONFIGURATION mode clear ip msdp peer peer-address Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Ad[...]
-
Page 579
03:17:10 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:17:27 : MSDP-0: Peer 192.168.0.3, sent Source Active msg Input (S,G) filter: none Output (S,G) filter: none MSDP with Anycast RP Anycast RP uses MSDP with PIM-SM to allow more than one active group to use RP mapping. PIM-SM allows only active groups to use RP mapping, which has several impl[...]
-
Page 580
Figure 88. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2. Make this address the RP for the group. CONFIGURATION[...]
-
Page 581
3. In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address. CONFIGURATION mode interface loopback 4. Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect-source. CONFIGURATION mode ip msdp peer 5. Advertise the[...]
-
Page 582
! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network[...]
-
Page 583
redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.11 connect-source Loopback 1 ip msdp mesh-group [...]
-
Page 584
MSDP Sample Configurations The following examples show the running-configurations described in this chapter. For more information, refer to the illustrations in the Related Configuration Tasks section. MSDP Sample Configuration: R1 Running-Config MSDP Sample Configuration: R2 Running-Config MSDP Sample Configuration: R3 Running-Config MSDP Sample C[...]
-
Page 585
ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.2/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as[...]
-
Page 586
ip msdp peer 192.168.0.1 connect-source Loopback 0 ! ip route 192.168.0.2/32 10.11.0.23 ip multicast-routing ! interface GigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface GigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown ! interface GigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shut[...]
-
Page 587
33 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). Protocol Overview MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spa[...]
-
Page 588
Spanning Tree Variations The Dell Networking operating system (OS) supports four variations of spanning tree, as shown in the following table. Table 42. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multicast Source Discovery Protocol (MSDP) 802 .1s [...]
-
Page 589
• Configuring an EdgePort • Flush MAC Addresses after a Topology Change • Debugging and Verifying MSTP Configurations • Prevent Network Disruptions with BPDU Guard • SNMP Traps for Root Elections and Topology Changes Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands.[...]
-
Page 590
Example of the msti Command Example of Viewing MSTP Port States Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)# msti 1 vlan 100 Dell(conf-mstp)#msti 2 vlan 200-300 Dell(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP region must have the same VLAN-to-instance mappin[...]
-
Page 591
A lower number increases the probability that the bridge becomes the root bridge. The range is from 0 to 61440, in increments of 4096. The default is 32768 . Example of Assigning and Verifying the Root Bridge Priority By default, the simple configuration shown previously yields the same forwarding path for both MSTIs. The following example shows ho[...]
-
Page 592
The range is from 0 to 65535. The default is 0 . Example of the name Command To view the current region name and revision, use the show spanning-tree mst configuration command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MST[...]
-
Page 593
The default is 2 seconds . 3. Change the max-age parameter. PROTOCOL MSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds . 4. Change the max-hops parameter. PROTOCOL MSTP mode max-hops number The range is from 1 to 40. The default is 20 . Example of the forward-delay Parameter To view the current values for MSTP parameter[...]
-
Page 594
edge-port bpdu filter default Figure 90. BPDU Filtering Enabled Globally Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port. • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port is select[...]
-
Page 595
To change the port cost or priority of an interface, use the following commands. 1. Change the port cost of an interface. INTERFACE mode spanning-tree msti number cost cost The range is from 0 to 200000. For the default, refer to the default values shown in the table. 2. Change the port priority of an interface. INTERFACE mode spanning-tree msti nu[...]
-
Page 596
* Use the shutdown command on the interface. * Disable the shutdown-on-violation command on the interface (using the no spanning- tree mstp edge-port [bpduguard | [shutdown-on-violation]]) command). * Disable spanning tree on the interface (using the no spanning-tree command in INTERFACE mode). * Disabling global spanning tree (using the no spannin[...]
-
Page 597
Figure 91. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the V[...]
-
Page 598
no shutdown ! interface Vlan 300 no ip address tagged GigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag [...]
-
Page 599
name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface GigabitEthernet 3/11 no ip address switchport no shutdown ! interface GigabitEthernet 3/21 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged GigabitEthernet 3/11,21 no shutdown ! interface Vlan 200 no ip address tagged GigabitEthe[...]
-
Page 600
(Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs. EXEC Privilege mode debug spanning-tree mstp bpdu • [...]
-
Page 601
– Is the Region name blank? That may mean that a name was configured on one router and but was not configured or was configured differently on another router (spelling and capitalization counts). • MSTP Instances. – To verify the VLAN to MSTP instance mapping, use the show commands. – Are there “extra” MSTP instances in the Sending or R[...]
-
Page 602
INST 2: Flags: 0x70, Reg Root: 32768:0001.e8d5.cbbd, Int Root Cost Brg/Port Prio: 32768/128, Rem Hops: 20 602 Multiple Spanning Tree Protocol (MSTP)[...]
-
Page 603
34 Multicast Features Multicast features are supported on the MXL switch platform. The Dell Networking operating system (OS) supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • PIM Source-Specific Mode (PIM-SSM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Enabling IP Multicas[...]
-
Page 604
Protocol Ethernet Address RIP 01:00:5e:00:00:09 NTP 01:00:5e:00:01:01 VRRP 01:00:5e:00:00:12 PIM-SM 01:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner- traceroute-ipm . • Multicast is not supported on secondary IP addresses. • Egress L3 ACL is not applied to multicast data traffic[...]
-
Page 605
• Preventing a PIM Router from Processing a Join Limiting the Number of Multicast Routes When the total number of multicast routes on a system limit is reached, the Dell Networking OS does not process any IGMP or multicast listener discovery protocol (MLD) joins to PIM — though it still processes leave messages — until the number of entries d[...]
-
Page 606
ip igmp access-group access-list-name Dell Networking OS Behavior : Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, the system clears multicast routing table and re- learns all groups, even those not covered by the rules in the access-list, because there is an implicit d[...]
-
Page 607
Figure 92. Preventing a Host from Joining a Group Table 44. Preventing a Host from Joining a Group — Description Location Description 1/21 • Interface GigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13.1/24 Multicast Feat[...]
-
Page 608
Location Description • no shutdown 2/1 • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface GigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.11.23.1/24 • no s[...]
-
Page 609
Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied. • Limit the rate at which n[...]
-
Page 610
Figure 93. Preventing a Source from Transmitting to a Group Table 45. Preventing a Source from Transmitting to a Group — Description Location Description 1/21 • Interface GigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.11.13[...]
-
Page 611
Location Description • no shutdown 2/1 • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface GigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.11.23.1/24 • no s[...]
-
Page 612
Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems w[...]
-
Page 613
35 Open Shortest Path First (OSPFv2 and OSPFv3) Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on the MXL switch platform. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking operating system (OS). NOTE: The fundamental mech[...]
-
Page 614
You can divide an AS into a number of areas, which are groups of contiguous networks and attached hosts. Routers with multiple interfaces can participate in multiple areas. These routers, called area border routers (ABRs), maintain separate databases for each area. Areas are a logical grouping of OSPF routers identified by an integer or dotted-deci[...]
-
Page 615
An OSPF backbone is responsible for distributing routing information between areas. It consists of all area border routers, networks not wholly contained in any area, and their attached routers. The backbone is the only area with a default area number. All other areas can have their Area ID assigned in the configuration. In the previous example, Ro[...]
-
Page 616
Figure 95. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. 616 Open Shortest Path First (OSPFv2 and OSPFv3)[...]
-
Page 617
Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An ABR takes information it has learned on one of its attached areas and can summarize it before send[...]
-
Page 618
• Type 4: AS Border Router Summary LSA (OSPFv2), Inter-Area-Router LSA (OSPFv3) — In some cases, Type 5 External LSAs are flooded to areas where the detailed next-hop information may not be available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement originated. The link-state ID for Type 4 LSAs [...]
-
Page 619
Router Priority and Cost Router priority and cost is the method the system uses to “rate” the routers. For example, if not assigned, the system selects the router with the highest priority as the DR. The second highest priority is the BDR. • Priority is a numbered rating 0 to 255. The higher the number, the higher the priority. • Cost is a [...]
-
Page 620
On OSPFv3, the system supports only one process at a time for all platforms. Prior to the Dell Networking OS version 7.8.1.0, the system supported one OSPFv2 and one OSPFv3 process ID per system. OSPFv2 and OSPFv3 can coexist but you must configure them individually. The Dell Networking OS supports stub areas, totally stub (no summary) and not so s[...]
-
Page 621
• Restarting role in which an enabled router performs its own graceful restart. • Helper role in which the router's graceful restart function is to help a restarting neighbor router in its graceful restarts. • Helper-reject role in which OSPF does not participate in the graceful restart of a neighbor. • OSPFv2 supports helper-only and [...]
-
Page 622
example, if you create five OSPFv2 processes on a system, there must be at least five interfaces assigned in Layer 3 mode. Each OSPFv2 process is independent. If one process loses adjacency, the other processes continue to function. Processing SNMP and Sending SNMP Traps Though there are may be several OSPFv2 processes, only one process can process[...]
-
Page 623
00:10:41 : OSPF(1000:00): Rcv. v:2 t:4(LSUpd) l:100 rid:6.1.0.0 aid:0 chk:0xccbd aut:0 auk: keyid:0 from:Gi 10/21 Number of LSA:2 LSType:Type-5 AS External(5) Age:1 Seq:0x8000000c id:170.1.1.0 Adv:6.1.0.0 Netmask:255.255.255.0 fwd:0.0.0.0 E2, tos:0 metric:0 LSType:Type-5 AS External(5) Age:1 Seq:0x8000000c id:170.1.2.0 Adv:6.1.0.0 Netmask:255.255.2[...]
-
Page 624
Dell(conf-if-te-2/2)# In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell (conf-if-te-2/2)#ip ospf dead-interval 20 Dell (conf-if-te-2/2)#do show ip os int tengig 1/3 TenGigabitEthernet 2/2 is up, line protocol is up Internet Address 20.0.0.1/24, Area 0 Process ID 10, Router ID 1.1.1.2, Network Type BRO[...]
-
Page 625
• Troubleshooting OSPFv2 1. Configure a physical interface. Assign an IP address, physical or Loopback, to the interface to enable Layer 3 routing. 2. Enable OSPF globally. Assign network area and neighbors. 3. Add interfaces or configure other attributes. 4. Set the time interval between when the switch receives a topology change and starts a sh[...]
-
Page 626
• vrf name : enter the keyword VRF and the instance name to tie the OSPF instance to the VRF. All network commands under this OSPF instance are later tied to the VRF instance. The range is from 0 to 65535. The OSPF process ID is the identifying number assigned to the OSPF process. The router ID is the IP address associated with the OSPF process. [...]
-
Page 627
Enabling Multi-Process OSPF (OSPFv2, IPv4 Only) Multi-process OSPF allows multiple OSPFv2 processes on a single router. The MXL switch supports up to 16 OSPFv2 processes. When configuring a single OSPF process, follow the same steps previously described. Repeat them as often as necessary for the desired number of processes. After the process is cre[...]
-
Page 628
You can assign the area in the following step by a number or with an IP interface address. • Enable OSPFv2 on an interface and assign a network address range to a specific OSPF area. CONFIG-ROUTER-OSPF-id mode network ip-address mask area area-id The IP Address Format is A.B.C.D/M. The area ID range is from 0 to 65535 or A.B.C.D/M. Enable OSPFv2 [...]
-
Page 629
To view currently active interfaces and the areas assigned to them, use the show ip ospf interface command. Dell>show ip ospf 1 interface TenGigabitEthernet 12/17 is up, line protocol is up Internet Address 10.2.2.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.1.2.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 De[...]
-
Page 630
To configure a stub area, use the following commands. 1. Review all areas after they were configured to determine which areas are NOT receiving type 5 LSAs. EXEC Privilege mode show ip ospf process-id database database-summary 2. Enter CONFIGURATION mode. EXEC Privilege mode configure 3. Enter ROUTER OSPF mode. CONFIGURATION mode router ospf proces[...]
-
Page 631
• start-interval : set the minimum interval between the initial sending and resending the same LSA. The range is from 0 to 600,000 milliseconds. • hold-interval : set the next interval to send the same LSA. This interval is the time between sending the same LSA after the start-interval has been attempted. The range is from 1 to 600,000 millisec[...]
-
Page 632
Dell#show ip ospf 34 int TenGigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface [...]
-
Page 633
In the examples below, Convergence Level shows the fast-converge parameter setting and Min LSA origination shows the LSA parameters (shown in bold). Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0) routes SPF schedule de[...]
-
Page 634
– seconds : the range is from 1 to 65535 (the default is 10 seconds ). The hello interval must be the same on all routers in the OSPF network. • Use the MD5 algorithm to produce a message digest or key, which is sent instead of the key. CONFIG-INTERFACE mode ip ospf message-digest-key keyid md5 key – keyid : the range is from 1 to 255. – Ke[...]
-
Page 635
interface TenGigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface GigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priorit[...]
-
Page 636
• role — the role or roles the configured router can perform. NOTE: By default, OSPFv2 graceful restart is disabled. To enable and configure OSPFv2 graceful restart, use the following commands. 1. Enable OSPFv2 graceful-restart globally and set the grace period. CONFIG-ROUTEROSPF- id mode graceful-restart grace-period seconds The seconds range [...]
-
Page 637
Dell#show run ospf ! router ospf 1 graceful-restart grace-period 300 graceful-restart role helper-only graceful-restart mode unplanned-only graceful-restart helper-reject 10.1.1.1 graceful-restart helper-reject 20.1.1.1 network 10.0.2.0/24 area 0 Dell# Creating Filter Routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming [...]
-
Page 638
Redistributing Routes You can add routes from other routing instances or protocols to the OSPF process. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. NOTE: Do not route iBGP routes to OSPF unless there are route-maps associated with the OSPF redistribution. To redistribute routes, use [...]
-
Page 639
• Have the OSPF routes been included in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • show interfaces • show protocols • debug IP OSPF events and/or packets • show neighbors • show routes To help troubleshoot OSPFv2, use the following commands. • View the summary of all OSPF process IDs en[...]
-
Page 640
router ospf 3 ! router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 ! router ospf 5 ! router ospf 6 ! router ospf 7 mib-binding ! router ospf 8 ! router ospf 90 area 2 virtual-link 4.4.4.4 area 2 virtual-link 90.90.90.90 retransmit-interval 300 ! ipv6 router ospf 999 default-information originate always router-id 10.10.10.10 Dell# Sample Conf[...]
-
Page 641
OSPF Area 0 — Gl 1/1 and 1/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface GigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.2.12.2/24 no shutdown ! interface Loopback 10 ip address 192.168.100.100/24 no shutdown OSPF Area 0[...]
-
Page 642
Configuration Task List for OSPFv3 (OSPF for IPv6) The configuration options of OSPFv3 are the same as those options for OSPFv2, but you may configure OSPFv3 with differently labeled commands. Specify process IDs and areas and include interfaces and addresses in the process. Define areas as stub or totally stubby. The interfaces must be in IPv6 Lay[...]
-
Page 643
Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following command. • Enable IPv6 unicast routing globally. CONFIGURATION mode ipv6 unicast routing Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands. 1. Assign an IPv6 address to the interface. CONF-INT-type slot/port [...]
-
Page 644
Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf { process ID } The range is from 0 to 65535. • Assign the router ID for this OSPFv3 process. CONF-IPV6-ROUTER-OSPF mode route[...]
-
Page 645
passive-interface {type slot/port} Interface : identifies the specific interface that is passive. – For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information (for example, passive-interface gi 2/1 ). – For a port channel, enter the keywords port-channel then a number from 1 to 255 (for example, passive-i[...]
-
Page 646
default-information originate [always [metric metric-value ] [metric-type type-value ]] [route-map map-name ] Configure the following required and optional parameters: – always : indicate that default route information is always advertised. – metric metric-value : The range is from 0 to 4294967295. – metric-type metric-type : enter 1 for OSPF[...]
-
Page 647
before the system switches over to the secondary RPM. OSPFv3 is notified that a planned restart is happening. – Unplanned-only : the OSPFv3 router supports graceful-restart only for unplanned restarts. During an unplanned restart, OSPFv3 sends out a Grace LSA once the secondary RPM comes online. The default is both planned and unplanned restarts [...]
-
Page 648
Process 1 database summary Type Count/Status Oper Status 1 Admin Status 1 Area Bdr Rtr Status 0 AS Bdr Rtr Status 1 AS Scope LSA Count 0 AS Scope LSA Cksum sum 0 Originate New LSAS 73 Rx New LSAS 114085 Ext LSA Count 0 Rte Max Eq Cost Paths 5 GR grace-period 180 GR mode planned and unplanned Area 0 database summary Type Count/Status Brd Rtr Count 2[...]
-
Page 649
With IPsec-based authentication, Crypto images are used to include the IPsec secure socket application programming interface (API) required for use with OSPFv3. To ensure integrity, data origin authentication, detection and rejection of replays, and confidentiality of the packet, RFC 4302 and RFC 4303 propose using two security protocols — authen[...]
-
Page 650
– AH is used to authenticate OSPFv3 headers and certain fields in IPv6 headers and extension headers. – MD5 and SHA1 authentication types are supported; encrypted and unencrypted keys are supported. • In an OSPFv3 encryption policy: – Both encryption and authentication are used. – IPsec security associations (SAs) are supported only in Tr[...]
-
Page 651
– key : specifies the text string used in authentication. All neighboring OSPFv3 routers must share key to exchange information. For MD5 authentication, the key must be 32 hex digits (non- encrypted) or 64 hex digits (encrypted). For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted). • Remove an IP[...]
-
Page 652
– key-authentication-type : (optional) specifies if the authentication key is encrypted. The valid values are 0 or 7 . • Remove an IPsec encryption policy from an interface. no ipv6 ospf encryption ipsec spi number • Remove null encryption on an interface to allow the interface to inherit the encryption policy configured for the OSPFv3 area. [...]
-
Page 653
Configuring IPsec Encryption for an OSPFv3 Area To configure, remove, or display IPsec encryption in an OSPFv3 area, use the following commands. Prerequisite : Before you enable IPsec encryption in an OSPFv3 area, first enable OSPFv3 globally on the router (refer to Configuration Task List for OSPFv3 (OSPF for IPv6) ). The SPI value must be unique [...]
-
Page 654
Displaying OSPFv3 IPsec Security Policies To display the configuration of IPsec authentication and encryption policies, use the following commands. • Display the AH and ESP parameters configured in IPsec security policies, including the SPI number, key, and algorithms used. EXEC Privilege mode show crypto ipsec policy [name name ] – name : disp[...]
-
Page 655
bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Transform set : ah-md5-hmac Crypto IPSec client security policy data Policy name : OSPFv3-0-501 Policy refcount : 1 Inbound ESP SPI : 501 (0x1F5) Outbound ESP SPI : 501 (0x1F5) Inbound ESP Auth Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97eb7c0c30808825fb5 Outb[...]
-
Page 656
replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 The Dell Networking OS has several tools to make troubleshooting easier. Consider the following information as these are typical issues that interrupt the OSPFv3 process. NOTE: The following troubleshooting section is not meant to be a comprehensive list, only examples of typical t[...]
-
Page 657
– packet : View OSPF packets. – For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information (for example, passive-interface gi 2/1 ). – For a port channel, enter the keywords port-channel then a number from 1 to 255. – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the s[...]
-
Page 658
36 Policy-based Routing (PBR) Policy-based Routing is supported on the MXL platform. This chapter covers the following topics: • Overview • Implementing Policy-based Routing with Dell Networking OS • Configuration Task List for Policy-based Routing • Sample Configuration Overview Policy-based Routing (PBR) enables you to make routing decisi[...]
-
Page 659
To enable a PBR, you create a Redirect List. Redirect lists are defined by rules, or routing policies. The following parameters can be defined in the routing policies or rules: • IP address of the forwarding router (next-hop IP address) • Protocol as defined in the header • Source IP address and mask • Destination IP address and mask • So[...]
-
Page 660
a tunnel interface user needs to provide tunnel id mandatory. Instead if user provides the tunnel destination IP as next hop, that would be treated as IPv4 next hop and not tunnel next hop. PBR with Multiple Tacking Option: Policy based routing with multiple tracking option extends and introduces the capabilities of object tracking to verify the ne[...]
-
Page 661
Create a Redirect List Use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose ip redirect-list redirect-list- name CONFIGURATION Create a redirect list by entering the list name. Format: 16 characters Delete the redirect list with the no ip redirect-list command. The following example creates a redirect list by the nam[...]
-
Page 662
Delete a rule with the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The below step shows a step-by-step example of how to create a rule for a redirect list by configuring: • IP address of the next-hop router in the forwarding route • IP protocol number • Source address wi[...]
-
Page 663
seq 20 redirect 10.1.1.3 ip 20.1.1.0/24 any Dell(conf-redirect-list)# NOTE: Starting in release 9.4(0.0), Dell Networking OS supports the use of multiple recursive routes with the same source-address and destination-address combination in a redirect policy on an router. A recursive route is a route for which the immediate next-hop address is learne[...]
-
Page 664
Command Syntax Command Mode Purpose ip redirect-group redirect- list-name INTERFACE Apply a redirect list (policy-based routing) to an interface. redirect-list-name is the name of a redirect list to apply to this interface. FORMAT: up to 16 characters Delete the redirect list from this interface with the [no] ip redirect-group command. In this exam[...]
-
Page 665
Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 2 udp 155.55.0.0/16 host 144.144.144.144, Track 1 [up], Next-hop reachable (via Te 1/32) seq 35 redirect 155.1[...]
-
Page 666
Sample Configuration The following configuration is an example for setting up a PBR. These are not comprehensive directions. They are intended to give you a some guidance with typical configurations. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP Addresses, Interfaces, Names, et[...]
-
Page 667
EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ! ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD. seq 5 redirect 10.99.99.254 ip[...]
-
Page 668
Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the Status of the Track Objects (Up/Down): Dell#show track brief ResId Resource Parameter State LastChange 1 Interface ip routing Tunnel 1 Up 00:02:16 2 Interface ipv6 routing Tunnel 2 Up 00:03:31 3 IP Host reachability 42.1.1[...]
-
Page 669
Dell(conf-if-tu-2)#tunnel keepalive 601:10::2 Dell(conf-if-tu-2)#ipv6 address 601:10::1/64 Dell(conf-if-tu-2)#no shutdown Dell(conf-if-tu-2)#end Dell# Create Track Objects to track the Tunnel Interfaces: Dell#configure terminal Dell(conf)#track 1 interface tunnel 1 ip routing Dell(conf-track-1)#exit Dell(conf)#track 2 interface tunnel 2 ipv6 routin[...]
-
Page 670
Te 2/28 Dell# 670 Policy-based Routing (PBR)[...]
-
Page 671
37 PIM Sparse-Mode (PIM-SM) Protocol-independent multicast sparse-mode (PIM-SM) is supported on the MXL switch platform. PIM-SM is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM-Dense mode, which forwards multicast traffic to all subnets until a re[...]
-
Page 672
1. After receiving an IGMP Join message, the receiver gateway router (last-hop DR) creates a (*,G) entry in its multicast routing table for the requested group. The interface on which the join message was received becomes the outgoing interface associated with the (*,G) entry. 2. The last-hop DR sends a PIM Join message to the RP. All routers along[...]
-
Page 673
path tree switchover latency by copying and forwarding the first (S,G) packet received on the SPT to the PIM task immediately upon arrival. The arrival of the (S,G) packet confirms for PIM that the SPT is created, and that it can prune itself from the shared tree. Important Point to Remember If you use a Loopback interface with a /32 mask as the RP[...]
-
Page 674
Example of Viewing PIM-SM Interfaces Example of Viewing PIM Neighbors Example of Viewing the PIM Multicast Routing Table To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface VIFindex Ver/ Nbr Query DR DR Mode Count Intvl Prio 189.87.5.6 Gi 4[...]
-
Page 675
Configuring S,G Expiry Timers By default, S, G entries expire in 210 seconds. You can configure a global expiry time (for all [S,G] entries) or configure an expiry time for a particular entry. If you configure both, the ACL supersedes the global configuration for the specified entries. When you create, delete, or update an expiry time, the changes [...]
-
Page 676
! ip access-list extended SGtimer seq 5 permit ip 10.1.2.0/24 225.1.1.0/24 seq 10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf) #ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer To display the expiry time configuration, use the show running-configuration [acl | pim] command from EXEC Privi[...]
-
Page 677
To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configuring a Designated Router Multiple PIM-SM routers might be connected to a single local area network (LAN) segm[...]
-
Page 678
Enabling PIM-SM Graceful Restart To enable PIM-SM graceful restart, use the following commands. • Enable PIM-SM graceful restart (non-stop forwarding capability). CONFIGURATION mode ip pim graceful-restart nsf – (option) restart-time : the time the Dell Networking system requires to restart. The default value is 180 seconds . – (option) stale[...]
-
Page 679
38 PIM Source-Specific Mode (PIM-SSM) PIM source-specific mode (PIM-SSM) is supported on the MXL switch platform. PIM-SSM is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not ju[...]
-
Page 680
Implementation Information • The Dell Networking implementation of PIM-SSM is based on RFC 3569. • The Dell Networking operating system (OS) reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. Important Points to Remember • The default SSM range is 232/8 always. Applyi[...]
-
Page 681
Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using the ip igmp ssm-map acl command source from CONFIGURATION mode. In a standard [...]
-
Page 682
SSM Map Information Group : 239.0.0.2 Source(s) : 10.11.5.2 R1(conf)#do show ip igmp groups detail Interface Vlan 300 Group 239.0.0.2 Uptime 00:00:01 Expires Never Router mode IGMPv2-Compat Last reporter 10.11.3.2 Last reporter mode IGMPv2 Last report received Join Group source list Source address Uptime Expires 10.11.5.2 00:00:01 Never Interface V[...]
-
Page 683
39 Port Monitoring Port monitoring is supported on the MXL switch platform. Mirroring is used for monitoring Ingress or Egress or both Ingress and Egress traffic on a specific port(s). This mirrored traffic can be sent to a port where a network sniffer can connect and monitor the traffic. Dell Networking OS supports the following mirroring techniqu[...]
-
Page 684
------ ------ ----------- --- ---- --------- -------- 1 Te 0/0 Te 0/1 both Port N/A N/A 2 Te 0/0 Te 0/2 both Port N/A N/A Dell (conf-mon-sess-2)#do show running-config monitor session ! monitor session 1 source TenGigabitEthernet 0/0 destination TenGigabitEthernet 0/1 direction both ! monitor session 2 source TenGigabitEthernet 0/0 destination TenG[...]
-
Page 685
0 Po 10 Te 0/1 rx Port N/A N/A Dell(conf)#monitor session 1 Dell(conf-mon-sess-1)#source vl 40 dest ten 0/2 dir rx Dell(conf-mon-sess-1)#flow-based enable Dell(conf-mon-sess-1)#exit Dell(conf)#do show monitor session SessID Source Destination Dir Mode Source IP Dest IP ------ ------ ----------- --- ---- --------- -------- 0 Te 0/0 Te 0/1 rx Port N/[...]
-
Page 686
Enabling Flow-Based Monitoring Flow-based monitoring is supported only on the S-Series platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress tr[...]
-
Page 687
--------- ------ ----------- --------- ---- ---- 0 Gi 1/1 Gi 1/2 rx interface Flow-based Remote Port Mirroring Remote Port Mirroring is supported on the MXL Switch platform. While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port on the same switch/router, remote port mirroring a[...]
-
Page 688
Configuring Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches). Confi[...]
-
Page 689
• The L3 interface configuration should be blocked for RPM VLAN. • The member port of the reserved VLAN should have MTU and IPMTU value as MAX+4 (to hold the VLAN tag parameter). • To associate with source session, the reserved VLAN can have at max of only 4 member ports. • To associate with destination session, the reserved VLAN can have m[...]
-
Page 690
• A destination port for remote port mirroring cannot be used as a source port, including the session in which the port functions as the destination port. • A destination port cannot be used in any spanning tree instance. • The reserved VLAN used to transport mirrored traffic must be a L2 VLAN. L3 VLANs are not supported. • On a source swit[...]
-
Page 691
Step Command Purpose 1 configure terminal Enter global configuration mode. 2 monitor session <id> type rpm The <id> needs to be unique and not already defined in the box specifying type as 'rpm' defines a RPM session. 3 source Interface | Range Specify the port or list of ports that needs to be monitored 4 direction Specify rx[...]
-
Page 692
Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 0/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 0/28-29 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-ch[...]
-
Page 693
Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source remote-vlan 20 destination te 0/4 Dell(conf-mon-sess-2)#tagged destination te 0/4 Dell(conf-mon-sess-2)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 0/5 Dell(conf-mon-sess-3)#tagged destination te 0/5 Dell(conf-mon-sess-3)#end[...]
-
Page 694
Step Command Purpose 1 configure terminal Enter global configuration mode. The following example shows a sample configuration . Dell(conf)#monitor session 0 type erpm Dell(conf-mon-sess-0)#source tengigabitethernet 0/9 direction rx Dell(conf-mon-sess-0)#source port-channel 1 direction tx Dell(conf-mon-sess-0)#erpm source-ip 1.1.1.1 dest-ip 7.1.1.2 [...]
-
Page 695
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported. As seen in the above figure, the packets received/tr[...]
-
Page 696
– The Header that gets attached to the packet is 38 bytes long. In case of a packet with L3 VLAN, it would be 42 bytes long. The original payload /original mirrored data starts from the 39 th byte in a given ERPM packet. The first 38/42 bytes of the header needs to be ignored/ chopped off. – Some tools support options to edit the capture file. [...]
-
Page 697
40 Private VLANs (PVLAN) The private VLAN (PVLAN) feature is supported on the MXL switch platform. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide . Private VLANs extend the Dell Networking operating system (OS) security suite by prov[...]
-
Page 698
• Primary VLAN — the base VLAN of a PVLAN: – A switch can have one or more primary VLANs, and it can have none. – A primary VLAN has one or more secondary VLANs. – A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. – A primary VLAN has one or more promiscuous ports. – A primary VLA[...]
-
Page 699
[no] private-vlan mode {community | isolated | primary} • Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode [no] private-vlan mapping secondary-vlan vlan-list • Display type and status of PVLAN interfaces. EXEC mode or EXEC Privilege mode show interfaces private-vlan [interface interface ] • Display PVLANs and/or interface[...]
-
Page 700
3. Set the port in Layer 2 mode. INTERFACE mode switchport 4. Select the PVLAN mode. INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • host (isolated or community VLAN port) • promiscuous (intra-VLAN communication port) • trunk (inter-switch PVLAN hub port) Example of the switchport mode private-vlan Command For inter[...]
-
Page 701
private-vlan mode primary 4. Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be: • Specified in comma-delimited ( VLAN-ID,VLAN-ID ) or hyphenated-range format ( VLAN-ID- VLAN-ID ). • Specified with this command even before they have been created.[...]
-
Page 702
private-vlan mode community 4. Add one or more host ports to the VLAN. INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited ( slot/ port,port,port ) or hyphenated ( slot/ port-port ). You can only add host (isolated) ports to the VLAN. Creating an Isolated VLAN An [...]
-
Page 703
Dell(conf)# interface vlan 100 Dell(conf-vlan-100)# private-vlan mode isolated Dell(conf-vlan-100)# untagged Te 2/2 Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 99. Sample Private VLAN Topology The following configuration is based on the example diagram for the MXL switch: • TenGig 0/0 and TenGig [...]
-
Page 704
• The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. • The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports. • The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000. • All the ports in the sec[...]
-
Page 705
Example of Viewing a Private VLAN Example of the show vlan private-vlan mapping Command Example of Viewing VLAN Status Example of Viewing Private VLAN Configuration The show arp and show vlan commands are revised to display PVLAN data. Dell#show vlan private-vlan Primary Secondary Type Active Ports ------- --------- --------- ------ ---------------[...]
-
Page 706
switchport mode private-vlan host no shutdown ! interface TenGigabitEthernet 1/5 no ip address switchport switchport mode private-vlan trunk no shutdown interface Vlan 20 private-vlan mode primary private-vlan mapping secondary-vlan 30,40 no ip address tagged TenGigabitEthernet 1/1,5 shutdown ! interface Vlan 30 private-vlan mode community no ip ad[...]
-
Page 707
41 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is supported on the MXL switch platform. Protocol Overview PVST+ is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). For more information about spanning [...]
-
Page 708
Table 46. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information • The Dell Networking OS implementation of[...]
-
Page 709
protocol spanning-tree pvst 2. Enable PVST+. PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of View[...]
-
Page 710
Figure 101. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridg[...]
-
Page 711
Root Identifier has priority 32768, Address 001e.c9f1.00f3 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 32768, Address 001e.c9f1.00f3 Configured hello time 2, max age 20, forward delay 15 Bpdu filter disabled globally We are the root of VLAN 2 Current root has priority 32768, Address 001e.c9f1.00f3 Number of[...]
-
Page 712
• Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds . • Change the max-age parameter. PROTOCOL PVST mode vlan max-age The range is from 6 t[...]
-
Page 713
Port Cost Default Value Port Channel with two 40-Gigabit Ethernet interfaces 600 NOTE: The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multi-vendor network, verify that the costs are values you [...]
-
Page 714
The EdgePort status of each interface is given in the output of the show spanning-tree pvst command, as previously shown. Dell Networking OS Behavior : Regarding the bpduguard shutdown-on-violation command behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware. • When you add a physical[...]
-
Page 715
Figure 102. PVST+ with Extend System ID • Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root B[...]
-
Page 716
interface TenGigabitEthernet 1/32 no ip address switchport no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface Vlan 100 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/22,32 no shutdown ! interface Vlan 300 no ip address tagged TenGig[...]
-
Page 717
no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096[...]
-
Page 718
edge-port bpdu filter default Figure 103. BPDU Filtering Enabled Globally 718 Per-VLAN Spanning Tree Plus (PVST+)[...]
-
Page 719
42 Quality of Service (QoS) Quality of service (QoS) is supported on the MXL switch platform. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. The MXL switch traffic has four data queues per port. All queues are serviced using the Weighted Round Robin scheduling algorithm. You can [...]
-
Page 720
Feature Direction Create Policy Maps Ingress + Egress Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress QoS Rate Adjustment Strict-Priority Queueing Weighted Random Early Detection Egress Create WRED P[...]
-
Page 721
Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication . It also implements these Internet Engineering Task Force (IETF) documents: • RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers • RFC 2475, An Architecture for Differentiated S[...]
-
Page 722
dot1p Queue Number 7 3 • Change the priority of incoming traffic on the interface. dot1p-priority Example of Configuring a dot1p Priority on an Interface NOTE: The dot1p-priority command marks all incoming traffic on an interface with a specified dot1p priority and maps all incoming traffic to the corresponding queue. When you enable PFC and/or E[...]
-
Page 723
Priority-Tagged Frames on the Default VLAN Priority-tagged frames are 802.1Q tagged frames with VLAN ID 0. For VLAN classification, these packets are treated as untagged. However, the dot1p value is still honored when you configure service-class dynamic dot1p or trust dot1p . When priority-tagged frames ingress an untagged port or hybrid port, the [...]
-
Page 724
Example of rate—shape Command Dell#config Dell(conf)#interface tengigabitethernet 1/0 Dell(conf-if)#rate shape 500 50 Dell(conf-if)#end Dell# Guidelines for Configuring ECN for Classifying and Color- Marking Packets Keep the following points in mind while configuring the marking and mapping of incoming packets using ECN fields in IPv4 headers: ?[...]
-
Page 725
seq 5 permit any ecn 0 class-map match-any ecn_0_cmap match ip access-group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map “ecn_0_pmap” will mark all the packets with ‘ecn == 0’ as yellow packets on queue0 (default queue). Classifying Incoming Packets Using ECN and Color-Ma[...]
-
Page 726
The Dell Networking OS Release 9.3(0.0) supports the following QOS actions in the ingress policy based QOS: 1. Rate Policing 2. Queuing 3. Marking For the L3 Routed packets, the DSCP marking is the only marking action supported in the software. As a part of this feature, the additional marking action to set the “color” of the traffic will be pr[...]
-
Page 727
By default Dell Networking OS drops all the ‘RED’ or ‘violate’ packets. The following combination of marking actions to be specified match sequence of the class-map command: • set a new DSCP for the packet • set the packet color as ‘yellow’ • set the packet color as ‘yellow’ and set a new DSCP for the packet This marking actio[...]
-
Page 728
service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard dscp_50_ecn seq 5 permit any dscp 50 ecn 1 seq 10 permit any dscp 50 ecn 2 seq 15 permit any dscp 50 ecn 3 ! ip access-list standard dscp_40_ecn seq 5 permit any dscp 40 ecn 1 seq 10 [...]
-
Page 729
Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 105. Constructing Policy-Based QoS Configurations DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configuration. This sections consists of the following to[...]
-
Page 730
Creating a DSCP Color Map You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, yellow, red) for the input traffic. The system uses this information to classify input traffic on an interface based on the DSCP value of each packet and assigns it an initial drop prece[...]
-
Page 731
Assign the color map, bat-enclave-map to interface . Displaying DSCP Color Maps To display DSCP color maps, use the show qos dscp-color-map command in EXEC mode. Examples for Creating a DSCP Color Map Display all DSCP color maps. Dell# show qos dscp-color-map Dscp-color-map mapONE yellow 4,7 red 20,30 Dscp-color-map mapTWO yellow 16,55 Display a sp[...]
-
Page 732
Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value or IP precedence, and characteristics defined in an IP ACL. You can also use VLAN IDs and VRF IDs to classify the traffic using layer 3 class-maps. You may specify more than one DSCP and IP precedence value, but only one value must match to trigg[...]
-
Page 733
The following example matches IPv6 traffic with a DSCP value of 40. Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40 The following example matches IPv4 and IPv6 traffic with a precedence value of 3. Dell(conf)# class-map match-any test1 Dell(conf-class-map)#match ip-any precedence 3 Creating a Layer 2 Class Map All clas[...]
-
Page 734
In cases such as these, where class-maps with overlapping ACL rules are applied to different queues, use the keyword order . The Dell Networking OS writes to the CAM ACL rules with lower order numbers (order numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended. • Specify the order in which you wa[...]
-
Page 735
Examples of Traffic Classifications The following example shows incorrect traffic classifications. Dell#show running-config policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn-2 Dell#show running-config class-map ! class-map match-any C[...]
-
Page 736
20418 1 0 IP 0x0 0 0 23.64.0.3/32 0.0.0.0/0 12 1 20419 1 10 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 14 1 24511 1 0 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 - 0 Create a QoS Policy There are two types of QoS policies — input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing a[...]
-
Page 737
Setting a DSCP Value for Egress Packets You can set the DSCP value for egress packets based on ingress QOS classification. The 6 bits that are used for DSCP are also used to identify the queue in which traffic is buffered. Example of Setting a DSCP Value for Egress Packets Dell#config Dell(conf)#qos-policy-input my-input-qos-policy Dell(conf-qos-po[...]
-
Page 738
Allocating Bandwidth to Queue The Dell Networking recommends pre-calculating your bandwidth requirements before creating them. Make sure you apply the QoS policy to all the four queues and that the sum of the bandwidths allocated through them is exactly 100. When you apply the QoS policies through output policy map and if the sum of the bandwidth p[...]
-
Page 739
Dell# Specifying WRED Drop Precedence • Specify a WRED profile to yellow and/or green traffic. QOS-POLICY-OUT mode wred For more information, refer to Applying a WRED Profile to Traffic . Create Policy Maps There are two types of policy maps: input and output. Creating Input Policy Maps There are two types of input policy-maps: Layer 3 and Layer [...]
-
Page 740
Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following command. • Apply an input QoS policy to an input policy map. POLICY-MAP-IN mode policy-aggregate Honoring DSCP Values on Ingress Packets The Dell Networking OS provides the ability to honor DSCP values on ingress packets usin[...]
-
Page 741
Table 51. Default dot1p to Queue Mapping dot1p Queue ID 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 The dot1p value is also honored for frames on the default VLAN. For more information, refer to Priority- Tagged Frames on the Default VLAN . • Enable the trust dot1p feature. POLICY-MAP-IN mode trust dot1p Enabling Fall Back to Trust Diffserve or dot1p When us[...]
-
Page 742
match ip dscp 0 match ip access-group qos-BE1-ACL The packet classification logic for the configuration shown is as follows: 1. Match packets against match-any qos-AF4 . If a match exists, queue the packet as AF4 in Queue 4, and if no match exists, go to the next class map. 2. Match packets against match-any qos-AF3 . If a match exists, queue the p[...]
-
Page 743
Applying an Input Policy Map to an Interface To apply an input policy map to an interface, use the following command. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. • You cannot apply an input Layer 2 QoS policy on an interface you also configure with the vlan- stack access command. ?[...]
-
Page 744
Applying an Output Policy Map to an Interface To apply an output policy map to an interface, use the following command. • Apply an input policy map to an interface. INTERFACE mode service-policy output You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. Enabling QoS Rate Adjustment By defa[...]
-
Page 745
Enabling Strict-Priority Queueing Strict-priority means that the Dell Networking OS de-queues all packets from the assigned queue before servicing any other queues. • The strict-priority supersedes bandwidth-percentage and bandwidth-weight percentage configurations. • A queue with strict priority can starve other queues in the same port-pipe. ?[...]
-
Page 746
Figure 106. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 52. Pre-Defined WRED Profiles Default Profile Name Minimum Threshold Maximum Threshold Maximum Drop Rate wred_drop 0 0 100 wred_teng_y 467 4671 100 wred_teng_g 467 4671 50 wred_fortyg_y 467 4671 50 wred_fortyg_g 467 4671 25 [...]
-
Page 747
Applying a WRED Profile to Traffic After you create a WRED profile, you must specify to which traffic the system should apply the profile. The Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it. DSCP is a 6–bit field. Dell Networking uses the first[...]
-
Page 748
Interface Te 0/20 Drop-statistic Dropped Pkts Green 11234 Yellow 12484 Out of Profile 0 Dell# Displaying egress-queue Statistics To display egress-queue statistics of both transmitted and dropped packets and bytes, use the following command. • Display the number of packets and number of bytes on the egress-queue profile. EXEC Privilege mode show [...]
-
Page 749
To apply a Layer 2 policy on Layer 3 interfaces, perform the following: 1. Configure an interface with an IP address or a VLAN subinterface CONFIGURATION mode Dell(conf)# int fo 0/0 INTERFACE mode Dell(conf-if-fo-0/0)# ip address 90.1.1.1/16 2. Configure the Layer 2 policy with Layer 2 (Dot1p or source MAC-based) classification rules. CONFIGURATION[...]
-
Page 750
CLASS-MAP mode Dell (conf-class-map)#match ip dscp 5 3. Configure a match criterion for a class map based on the VLAN ID. CLASS-MAP mode Dell (conf-class-map)#match ip vlan 5 4. Create a QoS input policy on the device. CONFIGURATION mode Dell(conf)#qos-policy-input pp_qospolicy 5. Specify the DSCP value to be set on the matched traffic. QOS-POLICY-[...]
-
Page 751
43 Routing Information Protocol (RIP) The routing information protocol (RIP) is based on a distance-vector algorithm and tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter. Protocol Overview RIP is the oldest interior gateway protocol. There a[...]
-
Page 752
RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet masks, and next hop addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9. Implementation Informati[...]
-
Page 753
• Controlling RIP Routing Updates (optional) • Setting the Send and Receive Version (optional) • Generating a Default Route (optional) • Controlling Route Metrics (optional) • Summarize Routes (optional) • Controlling Route Metrics • Debugging RIP For a complete listing of all commands related to RIP, refer to the Dell Networking OS C[...]
-
Page 754
2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 0/0 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 0/0 8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 0/0 12.0.0.0/8 auto-summary 20.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 0/0 20.0.0.0/8 auto-summary 29.10.10.0/24 directly [...]
-
Page 755
ROUTER RIP mode passive-interface interface Adding RIP Routes from Other Instances In addition to filtering routes, you can add routes from other routing instances or protocols to the RIP process. With the redistribute command, you can include open shortest path first (OSPF), static, or directly connected routes in the RIP process. To add routes fr[...]
-
Page 756
To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Setting the Send and Receive Version To change the RIP version globally or on an interface in the system, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an [...]
-
Page 757
Gateway Distance Last Update Distance: (default is 120) Dell# To configure an interface to receive or send both versions of RIP, include 1 and 2 in the command syntax. The command syntax for sending both RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example. Dell(conf-if)#ip rip send version 1 2 Dell(conf-if)#ip rip receive ver[...]
-
Page 758
– value The range is from 1 to 16. – route-map-name : The name of a configured route map. To confirm that the default route configuration is completed, use the show config command in ROUTER RIP mode. Summarize Routes Routes in the RIPv2 routing table are summarized by default, thus reducing the size of the routing table and improving routing ef[...]
-
Page 759
Configure the following parameters: – prefix-list-name : the name of an established Prefix list to determine which incoming routes are modified – offset : the range is from 0 to 16. – interface : the type, slot, and number of an interface. To view the configuration changes, use the show config command in ROUTER RIP mode. Debugging RIP The deb[...]
-
Page 760
Figure 107. RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-gi-2/31)# Core2(conf-if-gi-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core[...]
-
Page 761
[120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/31 192.168.1.0/24 auto-summary 192.168.2.0/24 [120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/31 192.168.2.0/24 auto-summary Core2# Core2#show ip route Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF in[...]
-
Page 762
RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf-if-gi-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-route[...]
-
Page 763
L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- R 10.11.10.0/24 via 10.11.20.2, TenGig 3/21 120/1 00:01:14 C 10.11.20.0/24 Direct, TenGig 3/21 0/0 00:01:53 C 10.11.30.[...]
-
Page 764
! interface TenGigabitEthernet 2/42 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 ! interface TenGigabitEthernet 3/11 ip address 10.11.30.1/24 no shutdown ! interface TenGigabitEthernet 3/21 ip address 10.11.20.1/24 no shutdown ! interface TenGigabitEthernet 3/43 ip address 192.168.1.1/24 n[...]
-
Page 765
44 Remote Monitoring (RMON) RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and mon[...]
-
Page 766
Fault Recovery RMON provides the following fault recovery functions. Interface Down — When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes. NOTE: A network management syste[...]
-
Page 767
– event-number : event number to trigger when the falling threshold exceeds its limit. This value is identical to the alarmFallingEventIndex in the alarmTable of the RMON MIB. If there is no corresponding falling-threshold event, the value should be zero. – owner string : (Optional) specifies an owner for the alarm, this setting is the alarmOwn[...]
-
Page 768
Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode. • Enable RMON MIB statistics collection. CONFIGURATION INTERFACE (config-if) mode [no] rmon collection statistics {controlEntry integer } [owner owner-string ] – controlEntr[...]
-
Page 769
– seconds : (Optional) the number of seconds in each polling cycle. The value is ranged from 5 to 3,600 (Seconds). The default is 1,800 (as defined in RFC-2819). Example of the rmon collection history Command To remove a specified RMON history group of statistics collection, use the no form of this command. The following command example enables a[...]
-
Page 770
45 Rapid Spanning Tree Protocol (RSTP) Rapid spanning tree protocol (RSTP) is supported on the MXL switch platform. Protocol Overview RSTP is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and mult[...]
-
Page 771
• Flush MAC Addresses after a Topology Change Important Points to Remember • RSTP is disabled by default. • The Dell Networking OS supports only one Rapid Spanning Tree (RST) instance. • All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology. • Adding a [...]
-
Page 772
• Only one path from any bridge to any other bridge is enabled. • Bridges block a redundant path by disabling one of the link ports. To enable RSTP globally for all Layer 2 interfaces, use the following commands. 1. Enter PROTOCOL SPANNING TREE RSTP mode. CONFIGURATION mode protocol spanning-tree rstp 2. Enable RSTP. PROTOCOL SPANNING TREE RSTP[...]
-
Page 773
Figure 108. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.[...]
-
Page 774
BPDU : sent 121, received 2 The port is not in the Edge port mode, bpdu filter is disabled Port 379 (TenGigabitethernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port[...]
-
Page 775
For bridge protocol data units (BPDU) filtering behavior, refer to Removing an Interface from the Spanning Tree Group . Modifying Global Parameters You can modify RSTP parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in the Rapid Spanning Tree group. [...]
-
Page 776
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds . • Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds . To view the current va[...]
-
Page 777
edge-port bpdu filter default Figure 109. BPDU Filtering Enabled Globally Modifying Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port priority values. • Port cost — a value that is based on the interface type. The previous table lists the default values. The greater the port cost, the less likely the port is[...]
-
Page 778
To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by default until it receives a BPDU that indicates that it shoul[...]
-
Page 779
shutdown Dell(conf-if-te-2/0)# Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge. To change the bridge priority, use the following command. • Assign a number as the bridge priority or designate it as the primary or secon[...]
-
Page 780
The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e811.2233 We are the root Config[...]
-
Page 781
46 Security Security features are supported on the MXL switch platform. This chapter describes several ways to provide access security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide . AAA Accounting Accounting, authenticatio[...]
-
Page 782
aaa accounting {commands | exec | suppress | system} { default | name } {start- stop | wait-start | stop-only} {tacacs+} The variables are: – command level : sends accounting of commands executed at the specified privilege level. – exec : sends accounting information when a user has logged in to EXEC mode. – suppress : do not generate account[...]
-
Page 783
Configuring AAA Accounting for Terminal Lines To enable AAA accounting with a named method list for a specific terminal line (where com15 and execAcct are the method list names), use the following commands. • Configure AAA accounting for terminal lines. CONFIG-LINE-VTY mode accounting commands 15 com15 accounting exec execAcct Example of Enabling[...]
-
Page 784
and different users. In the Dell Networking OS, AAA uses a list of authentication methods, called method lists, to define the types of authentication and the sequence in which they are applied. You can define a method list or use the default method list. User-defined method lists take precedence over the default method list. NOTE: If a console user[...]
-
Page 785
• none : no authentication. • radius : use the RADIUS servers configured with the radius-server host command. • tacacs+ : use the TACACS+ servers configured with the tacacs-server host command. 2. Enter LINE mode. CONFIGURATION mode line {aux 0 | console 0 | vty number [ ... end-number ]} 3. Assign a method-list-name or the default list to th[...]
-
Page 786
CONFIGURATION mode tacacs-server host x.x.x.x key some-password Example of Enabling Authentication from the RADIUS Server Example of Enabling Local Authentication for the Console and Remote Authentication for VTY Lines To get enable authentication from the RADIUS server and use TACACS as a backup, issue the following commands. Dell(config)# aaa aut[...]
-
Page 787
• Privilege level 1 — is the default level for EXEC mode. At this level, you can interact with the router, for example, view some show commands and Telnet and ping to test connectivity, but you cannot configure the router. This level is often called the “user” level. One of the commands available in Privilege level 1 is the enable command, [...]
-
Page 788
– access-class access-list-name : Restrict access by access-class. – nopassword : Require password for the user to login. – encryption-type : Enter 0 for plain text or 7 for encrypted text. – password : Enter a string. Specify the password for the user. – privilege level : The range is from 0 to 15. – secret : Specify the secret for the[...]
-
Page 789
username name [access-class access-list-name ] [privilege level ] [nopassword | password [ encryption-type ] password ] [secret] Configure the optional and required parameters: • name : enter a text string (up to 63 characters). • access-class access-list-name : enter the name of a configured IP ACL. • privilege level : the range is from 0 to[...]
-
Page 790
Line 3: The configure command is assigned to privilege level 8 because it needs to reach CONFIGURATION mode where the snmp-server commands are located. Line 4: The snmp-server commands, in CONFIGURATION mode, are assigned to privilege level 8. Dell(conf)# username john privilege 8 password john Dell(conf)# enable password level 8 notjohn Dell(conf)[...]
-
Page 791
privilege level level – level level : The range is from 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • Specify either a plain text or encrypted password. LINE mode password [ encryption-type ] password Configure the following optional and required parameters: – encryption-type : Enter[...]
-
Page 792
For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service . RADIUS Authentication and Authorization The Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aaa authentication login command. When configuring A[...]
-
Page 793
Auto-Command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line. The auto-command command is executed when the user is authenticated and before the prompt appears to the user. • Automatically execute a command. auto-command Setting Access to Privilege Levels through RADIUS[...]
-
Page 794
• Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the RADIUS authentication method. CONFIGURATION mode aaa authentication login method-list-name radius • Create a method list with RADIUS and TACACS+ as authorization methods. CONFIGURATION mode aaa authorization exec { method-list-name | default[...]
-
Page 795
– timeout seconds : the range is from 0 to 1000. Default is 5 seconds . – key [ encryption-type ] key : enter 0 for plain text or 7 for encrypted text, and a string for the key. The key can be up to 42 characters long. This key must match the key configured on the RADIUS server host. If you do not configure these optional parameters, the global[...]
-
Page 796
radius-server timeout seconds – seconds : the range is from 0 to 1000. Default is 5 seconds . To view the configuration of RADIUS communication parameters, use the show running-config command in EXEC Privilege mode. Monitoring RADIUS To view information on RADIUS transactions, use the following command. • View RADIUS transactions to troubleshoo[...]
-
Page 797
Use this command multiple times to configure multiple TACACS+ server hosts. 2. Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method. CONFIGURATION mode aaa authentication login { method-list-name | default} tacacs+ [ ...method3 ] The TACACS+ method must not be the last m[...]
-
Page 798
on vty0 (10.11.9.209) %RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0 ( 10.11.9.209 ) Monitoring TACACS+ To view information on TACACS+ transactions, use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ TACACS+ Remote Authentication and A[...]
-
Page 799
Specifying a TACACS+ Server Host To specify a TACACS+ server host and configure its communication parameters, use the following command. • Enter the host name or IP address of the TACACS+ server host. CONFIGURATION mode tacacs-server host { hostname | ip-address } [port port-number ] [timeout seconds ] [key key ] Configure the optional communicat[...]
-
Page 800
If rejected by the AAA server, the command is not added to the running config, and a message displays: 04:07:48: %RPM0-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure Command authorization failed for user (denyall) on vty0 ( 10.11.9.209 ) Protection from TCP Tiny and Overlapping Fragment Attacks Tiny and overlapping fragment attack is a c[...]
-
Page 801
show ip ssh Specifying an SSH Version The following example shows using the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 Dell(conf)#do show ip ssh SSH server : disabled. SSH server version : v2. Password Authentication : enabled. Hostbased Authenticati[...]
-
Page 802
• ip ssh password-authentication enable : enable password authentication for the SSH server. • ip ssh pub-key-file : specify the file the host-based authentication uses. • ip ssh rhostsfile : specify the rhost file the host-based authorization uses. • ip ssh rsa-authentication enable : enable RSA authentication for the SSHv2 server. • ip [...]
-
Page 803
The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes. Dell(conf)#ip ssh rekey volume 4096 Configuring the SSH Server Key Exchange Algorithm To configure the key exchange [...]
-
Page 804
• hmac-sha1-96 • hmac-sha2-256 • hmac-sha2-256-96 The default HMAC algorithms are the following: • hmac-md5 • hmac-md5-96 • hmac-sha1 • hmac-sha1-96 • hmac-sha2-256 • hmac-sha2-256-96 When FIPS is enabled, the default HMAC algorithm is hmac-sha1-96. Example of Configuring a HMAC Algorithm The following example shows you how to con[...]
-
Page 805
Secure Shell Authentication Secure Shell (SSH) is disabled by default. Enable SSH using the ip ssh server enable command. SSH supports three methods of authentication: • Enabling SSH Authentication by Password • Using RSA Authentication of SSH • Configuring Host-Based SSH Authentication Important Points to Remember • If you enable more than[...]
-
Page 806
CONFIGURATION mode no ip ssh password-authentication enable 4. Bind the public keys to RSA authentication. EXEC Privilege mode ip ssh rsa-authentication enable 5. Bind the public keys to RSA authentication. EXEC Privilege mode ip ssh rsa-authentication my-authorized-keys flash: //public_key Example of Generating RSA Keys admin@Unix_client#ssh-keyge[...]
-
Page 807
Example of Creating shosts Example of Creating rhosts admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_key ssh_host_rsa_key admin@Unix_client# cat ssh_host_rsa_key.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8K7jLZRVfjgHJzUOmXxuIbZx/ A[...]
-
Page 808
In this case, verify that host-based authentication is set to “Yes” in the file ssh_config (root permission is required to edit this file): permission denied (host based). If the IP address in the RSA key does not match the IP address from which you attempt to log in, the following message appears. In this case, verify that the name and IP addr[...]
-
Page 809
1. Create a username. 2. Enter a password. 3. Assign an access class. 4. Enter a privilege level. You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as authorization. Configure local authentication globally and configure access classes on a per-user basis. The Dell Networking OS can [...]
-
Page 810
Dell(conf)# Dell(conf)#aaa authentication login tacacsmethod tacacs+ Dell(conf)#tacacs-server host 256.1.1.2 key Force10 Dell(conf)# Dell(conf)#line vty 0 9 Dell(config-line-vty)#login authentication tacacsmethod Dell(config-line-vty)# Dell(config-line-vty)#access-class deny10 Dell(config-line-vty)#end (same applies for radius and line authenticati[...]
-
Page 811
• Configuring AAA Authorization for Roles • Configuring an Accounting for Roles • Applying an Accounting Method to a Role • Displaying Active Accounting Sessions for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC • Displaying User Roles • Displaying Accounting for User Roles • Displaying Information About Roles Logge[...]
-
Page 812
Configuring Role-based Only AAA Authorization You can configure authorization so that access to commands is determined only by the user’s role. If the user has no user role, access to the system is denied as the user will not be able to login successfully. When you enable role-based only AAA authorization using the aaa authorization role-only com[...]
-
Page 813
exec-timeout 0 0 line vty 0 login authentication test authorization exec test line vty 1 login authentication test authorization exec test To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 [...]
-
Page 814
User Roles This section describes how to create a new user role and configure command permissions and contains the following topics. • Creating a New User Role • Modifying Command Permissions for Roles • Adding and Deleting Users from a Role Creating a New User Role Instead of using the system defined user roles, you can create a new user rol[...]
-
Page 815
Create a new user role, myrole and inherit security administrator permissions. Dell(conf)#userrole myrole inherit secadmin Verify that the user role, myrole , has inherited the security administrator permissions. The output highlighted in bold indicates that the user role has successfully inherited the security administrator permissions. Dell(conf)[...]
-
Page 816
netadmin role is not listed in the Role access: secadmin,sysadmin , which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin show users Dell#show role mode exec show users Role access: secadmin,sysadmin Example: Allow Security Administrator to Configure Spanning Tree The following example allows the se[...]
-
Page 817
Dell(conf)#do show role mode ? configure Global configuration mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell(conf)#do show role mode configure line Role access:sysadmin Example: Grant and Remove Security Administrator Access to Conf[...]
-
Page 818
This section contains the following AAA Authentication and Authorization for Roles configuration tasks: • Configuring AAA Authentication for Roles • Configuring AAA Authorization for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password com[...]
-
Page 819
You can further restrict users’ permissions, using the aaa authorization command command in CONFIGURATION mode. aaa authorization command { method-list-name | default} method [… method4 ] Examples of Applying a Method List The following configuration example applies a method list: TACACS+, RADIUS and local: ! radius-server host 10.16.150.203 ke[...]
-
Page 820
authorization exec ucraaa accounting commands role netadmin ucraaa line vty 9 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa ! Configuring TACACS+ and RADIUS VSA Attributes for RBAC For RBAC and privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific opt[...]
-
Page 821
• Configuring AAA Accounting for Roles • Applying an Accounting Method to a Role • Displaying Active Accounting Sessions for Roles Configuring AAA Accounting for Roles To configure AAA accounting for roles, use the aaa accounting command in CONFIGURATION mode. aaa accounting {system | exec | commands { level | role role-name }} { name | defau[...]
-
Page 822
Display Information About User Roles This section describes how to display information about user roles. This sections consists of the following topics: • Displaying User Roles • Displaying Information About Roles Logged into the Switch • Displaying Active Accounting Sessions for Roles Displaying User Roles To display user roles using the sho[...]
-
Page 823
the output and both the privilege and roles for all users is also displayed. If the role is not defined, the system displays "unassigned" . Example of Displaying Information About Users Logged into the Switch Dell#show users Authorization Mode: role or privilege Line User Role Privilege Host(s) Location 0 console 0 admin sysadmin 15 idle [...]
-
Page 824
47 Service Provider Bridging Service provider bridging is supported on the MXL switch platform. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges , which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks . VLAN stacking enables service providers to use 802.1Q architecture to offer [...]
-
Page 825
Figure 110. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLAN- Stack-enabled VLAN. • Dell Networking cautions against using [...]
-
Page 826
Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1. Creating Access and Trunk Ports 2. Assign access and trunk ports to a VLAN ( Creating Access and Trunk Ports ). 3. Enable VLAN-Stacking for a VLAN . Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Options for Trun[...]
-
Page 827
Dell#show run interface gi 7/12 ! interface GigabitEthernet 7/12 no ip address switchport vlan-stack trunk no shutdown Enable VLAN-Stacking for a VLAN To enable VLAN-Stacking for a VLAN, use the following command. • Enable VLAN-Stacking for the VLAN. INTERFACE VLAN mode vlan-stack compatible Example of Viewing VLAN Stack Member Status To display [...]
-
Page 828
Configuring Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic. You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port. To configure trunk ports, use the following commands. 1. Configure a t[...]
-
Page 829
Debugging VLAN Stacking To debug VLAN stacking, use the following command. • Debug the internal state and membership of a VLAN and its ports. debug member Example of Debugging a VLAN and its Ports The port notations are as follows: • MT — stacked trunk • MU — stacked access port • T — 802.1Q trunk port • U — 802.1Q access port •[...]
-
Page 830
You can configure the first 8 bits of the TPID using the vlan-stack protocol-type command. The TPID is global. Ingress frames that do not match the system TPID are treated as untagged. This rule applies for both the outer tag TPID of a double-tagged frame and the TPID of a single-tagged frame. For example, if you configure TPID 0x9100, the system t[...]
-
Page 831
Figure 112. Single and Double-Tag First-byte TPID Match Service Provider Bridging 831[...]
-
Page 832
Figure 113. Single and Double-Tag TPID Mismatch Table 57. Behaviors for Mismatched TPID Network Position Incoming Packet TPID System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.0+ Ingress Access Point untagged 0xUVWX — switch to default VLAN switch to default VLAN single-tag (0x8100) 0xUVWX single-tag mismatch switch to default VLAN switch [...]
-
Page 833
Network Position Incoming Packet TPID System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.0+ 0x81XY single-tag first- byte match switch to VLAN switch to default VLAN Core untagged 0xUVWX — switch to default VLAN switch to default VLAN double-tag 0xUVWX 0xUVWX double-tag match switch to VLAN switch to VLAN 0xUVYZ double-tag first-byte match [...]
-
Page 834
• Make packets eligible for dropping based on their DEI value. CONFIGURATION mode dei enable By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to a Dell Networking OS drop precedence. Precedence can have one of three colors. Pr[...]
-
Page 835
Example of Viewing DEI-Marking Configuration To display the DEI-marking configuration, use the show interface dei-mark [ interface slot/ port | linecard number port-set number ] in EXEC Privilege mode. Dell#show interface dei-mark Default CFI/DEI Marking: 0 Interface Drop precedence CFI/DEI -------------------------------- Gi 0/1 Green 0 Gi 0/1 Yel[...]
-
Page 836
Dell Networking OS Behavior : For Option A shown in the previous illustration, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration. For example, the [...]
-
Page 837
CONFIGURATION mode cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number {vman-qos | vman-qos-dual- fp} number • vman-qos : mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. This method requires half as many CAM entries as vman-qos-dual-fp . • vman[...]
-
Page 838
Figure 115. VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region. Layer 2 protocol tunneling enables BPDUs to traverse the intermediate network by identifying frames with the Bridge Group Address, rewriting the destination MAC to a user-configured non-reserved addr[...]
-
Page 839
network because only the Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In the Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the [...]
-
Page 840
Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1. Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode show cam-profile 2. Enable protocol tunneling globally on the system. CONFIGURATION mode protocol-tunnel enable 3. Tunnel BPDUs the VLAN[...]
-
Page 841
3. Reload the system. EXEC Privilege mode reload 4. Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging[...]
-
Page 842
48 sFlow Configuring sFlow is supported on the MXL switch platform. Overview The Dell Networking operating system (OS) supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high-speed networks with many s[...]
-
Page 843
To avoid the back-off, either increase the global sampling rate or configure all the line card ports with the desired sampling rate even if some ports have no sFlow configured. Important Points to Remember • The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration using the snmpset command. • The Dell Networking OS ex[...]
-
Page 844
Enabling sFlow Max-Header Size Extended To configure the maximum header size of a packet to 256 bytes, use the following commands: • Set the maximum header size of a packet. CONFIGURATION mode INTERFACE mode sflow max-header-size extended By default, the maximum header size of a packet is 128 bytes. If the traffic ingresses on an sFlow enabled in[...]
-
Page 845
If you enable sFlow on an interface, the show output displays the following (shown in bold). Dell(conf-if-te-1/10)#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 86400 Global default extended maximum header size: 256 bytes Glo[...]
-
Page 846
Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.116, UDP port: 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub-sampling Dell# Displaying Show sFlow on an Interface To vi[...]
-
Page 847
• Identify sFlow collectors to which sFlow datagrams are forwarded. CONFIGURATION mode sflow collector ip-address agent-addr ip-address [ number [max-datagram-size number ] ] | [max-datagram-size number ] The default UDP port is 6343 . The default max-datagram-size is 1400 . Changing the Polling Intervals The sflow polling-interval command config[...]
-
Page 848
Sub-Sampling The sFlow sample rate is not the frequency of sampling, but the number of packets that are skipped before the next sample is taken. Therefore, the sFlow agent uses sub-sampling to create multiple sampling rates per port-pipe. To achieve different sampling rates for different ports in a port-pipe, the sFlow agent takes the lowest numeri[...]
-
Page 849
sFlow on LAG ports When a physical port becomes a member of a LAG, it inherits the sFlow configuration from the LAG port. Enabling Extended sFlow The MXL switch support extended-switch information processing only. Extended sFlow packs additional information in the sFlow datagram depending on the type of sampled packet. You can enable the following [...]
-
Page 850
0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected 0 sFlow samples dropped due to sub-sampling 850 sFlow[...]
-
Page 851
49 Simple Network Management Protocol (SNMP) Simple network management protocol (SNMP) is supported on the MXL switch platform. Network management stations use SNMP to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a managed object can be static or variable. Networ[...]
-
Page 852
Configuring SNMP version 3 requires configuring SNMP users in one of three methods. Refer to Setting Up User-Based Security (SNMPv3) . Related Configuration Tasks • Set up SNMP • Setting Up User-Based Security (SNMPv3) • Reading Managed Object Values • Writing Managed Object Values • Configuring Contact and Location Information using SNMP[...]
-
Page 853
FIPS Mode Privacy Options Authentication Options Disabled des56 (DES56-CBC) aes128 (AES128-CFB) md5 (HMAC-MD5-96) sha (HMAC-SHA1-96) Enabled aes128 (AES128-CFB) sha (HMAC-SHA1-96) To enable security for SNMP packets transferred between the server and the client, you can use the snmp-server user username group groupname 3 auth authentication-type au[...]
-
Page 854
SNMP version 3 (SNMPv3) is a user-based security model that provides password authentication for user security and encryption for data security and privacy. Three sets of configurations are available for SNMP read/write operations: no password or privacy, password privileges, password and privacy privileges. You can configure a maximum of 16 users [...]
-
Page 855
To set up user-based security (SNMPv3), use the following commands. • Configure the user with view privileges only (no password or privacy privileges). CONFIGURATION mode snmp-server user name group-name 3 noauth • Configure an SNMP group with view privileges only (no password or privacy privileges). CONFIGURATION mode snmp-server group group-n[...]
-
Page 856
Reading Managed Object Values You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable objec[...]
-
Page 857
In the following example, the value 4 displays in the OID before the IP address for IPv4. >snmpwalk -v 2c -c public 10.11.195.63 1.3.6.1.2.1.4.34 IP-MIB::ip.34.1.3.1. 4 .1.1.1.1 = INTEGER: 1107787778 IP-MIB::ip.34.1.3.1. 4 .2.1.1.1 = INTEGER: 1107787779 IP-MIB::ip.34.1.3.2.16.254.128.0.0.0.0.0.0.2.1.232.255.254.139.5.8 = INTEGER: 1107787778 IP-M[...]
-
Page 858
• (From a management station) Identify the system manager along with this person’s contact information (for example, an email address or phone number). CONFIGURATION mode snmpset -v version -c community agent-ip sysContact.0 s “contact-info” You may use up to 55 characters. The default is None . • (From a management station) Identify the [...]
-
Page 859
snmp-server enable traps Enable all Dell Networking enterprise-specific and RFC-defined traps using the snmp-server enable traps command from CONFIGURATION mode. Enable all of the RFC-defined traps using the snmp-server enable traps snmp command from CONFIGURATION mode. 3. Specify the interfaces out of which the Dell Networking OS sends SNMP traps.[...]
-
Page 860
entity Enable entity change traps Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1487406) 4:07:54.06, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 4 Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1488564) 4:08:05.64, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::[...]
-
Page 861
SNMPv2-SMI::enterprises.6027.3.15.4.0.3, SNMPv2-SMI::enterprises.6027.3.15.4.1.1.0 = INTEGER: 45420801, SNMPv2-SMI::enterprises.6027.3.15.4.1.2.0 = INTEGER: 2, SNMPv2-SMI::enterprises.6027.3.15.4.0 = STRING: "ETS_TRAP_TYPE_PEER_STATE_CHANGE: ETS Peer state changed to disabled for port Te 0/44", SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = I[...]
-
Page 862
Table 59. List of Syslog Server MIBS that have read access MIB Object OID Object Values Description dF10SysLogTraps 1.3.6.1.4.1.6027.3.30.1.1 1 = reachable2 = unreachable Specifies whether the syslog server is reachable or unreachable. Following example shows the SNMP trap that is sent when connectivity to the syslog server is lost: DISMAN-EVENT-MI[...]
-
Page 863
MIB Object OID Object Values Description 3 = startup-config startup-config, the default copySrcFileLocation is flash. • If copySrcFileType is a binary file, you must also specify copySrcFileLocation and copySrcFileName. copySrcFileLocation . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.3 1 = flash 2 = n/a 3 = tftp 4 = ftp 5 = scp 6 = usbflash Specifies the loca[...]
-
Page 864
MIB Object OID Object Values Description 5 = scp copyUserName, and copyUserPassword. copyDestFileName . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.7 Path (if the file is not in the default directory) and filename. Specifies the name of destination file. copyServerAddress . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.8 IP Address of the server. The IP address of the server. ?[...]
-
Page 865
• To complete the command, use as many MIB Objects in the command as required by the MIB Object descriptions. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 NOTE: You can use the entire OID rather than the object name. Use the form: OID.index i object-value[...]
-
Page 866
Copying the Startup-Config Files to the Running-Config To copy the startup-config to the running-config from a UNIX machine, use the following command. • Copy the startup-config to the running-config from a UNIX machine. snmpset -c private -v 2c force10system-ip-address copySrcFileType. index i 3 copyDestFileType. index i 2 Example of Copying Con[...]
-
Page 867
Copying the Startup-Config Files to the Server via TFTP To copy the startup-config to the server via TFTP from the UNIX machine, use the following command. NOTE: Verify that the file exists and its permissions are set to 777. Specify the relative path to the TFTP root directory. • Copy the startup-config to the server via TFTP from the UNIX machi[...]
-
Page 868
Additional MIB Objects to View Copy Statistics Dell Networking provides more MIB objects to view copy statistics, as shown in the following table. Table 61. Additional MIB Objects for Copying Configuration Files via SNMP MIB Object OID Values Description copyState . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.11 1= running 2 = successful 3 = failed Specifies the[...]
-
Page 869
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory. Table 62. MIB Objects for Displaying the Available Memory Size on Flash via SNMP MIB Object OID De[...]
-
Page 870
MIB Object OID Description chSysCoresTimeCreated 1.3.6.1.4.1.6027.3.19.1.2.9.1.3 Contains the time at which core files are created. chSysCoresStackUnitNumber 1.3.6.1.4.1.6027.3.19.1.2.9.1.4 Contains information that includes which stack unit or processor the core file was originated from. chSysCoresProcess 1.3.6.1.4.1.6027.3.19.1.2.9.1.5 Contains i[...]
-
Page 871
NOTE: You can use the entire OID rather than the object name. Use the form: OID.index . Example of Getting a MIB Object Value (Using Object Name) Example of Getting a MIB Object Value (Using OID) The following examples show the snmpget command to obtain a MIB object value. These examples assume that: • the server OS is UNIX • you are using SNMP[...]
-
Page 872
> snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.1107787786 = STRING: " My VLAN " [Dell Networking system output] Dell#show int vlan 10 Vlan 10 is down, line protocol is down Vlan alias name is: My VLAN Address is 00:01:e8:cc:cc:ce, Current addres[...]
-
Page 873
The first hex pair, 00 in the previous example, represents ports 1 to 7 in Stack Unit 0. The next pair to the right represents ports 8 to 15. To resolve the hex pair into a representation of the individual ports, convert the hex pair to binary. Consider the first hex pair 00, which resolves to 0000 0000 in binary: • Each position in the 8-charact[...]
-
Page 874
Example of Adding an Untagged Port to a VLAN using SNMP Example of Adding a Tagged Port to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [...]
-
Page 875
snmp-server community 2. From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. EXEC Privilege mode show interface Or, from the management system, use the snmpwwalk command to identify the interface index. 3. Enter the snmpset command to change the admin status using either the objec[...]
-
Page 876
Each object is comprised of an OID concatenated with an instance number. In the case of these objects, the instance number is the decimal equivalent of the MAC address; derive the instance number by converting each hex pair to its decimal equivalent. For example, the decimal equivalent of E8 is 232, and so the instance number for MAC address 00:01:[...]
-
Page 877
SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.3.1000.0.1.232.6.149.172.1 = INTEGER: 1 SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.4.1000.0.1.232.6.149.172.1 = INTEGER: 1 Deriving Interface Indices The Dell Networking OS assigns an interface number to each (configured or unconfigured) physical and logical interface. The interface index is a binary number wi[...]
-
Page 878
The system image can also be retrieved by performing an SNMP walk on the following OID: MIB Object is chSysSwModuleTable and the OID is 1.3.6.1.4.1.6027.3.10.1.2.8. Dell#show interface tengig 1/21 TenGigabitEthernet 1/21 is up, line protocol is up Hardware is Dell Force10Eth, address is 00:01:e8:0d:b7:4e Current address is 00:01:e8:0d:b7:4e Interfa[...]
-
Page 879
Status active, 2 – status inactive Layer 3 LAG does not include this support. SNMP trap works for the Layer 2 / Layer 3 / default mode LAG. SNMPv2-MIB::sysUpTime.0 = Timeticks: (8500842) 23:36:48.42 SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkDown IF-MIB::ifIndex.33865785 = INTEGER: 33865785 SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: &qu[...]
-
Page 880
Entity MIBS The Entity MIB provides a mechanism for presenting hierarchies of physical entities using SNMP tables. The Entity MIB contains the following groups, which describe the physical elements and logical elements of a managed system The following tables are implemented for the MXL switch. Physical Entity A physical entity or physical componen[...]
-
Page 881
SNMPv2-SMI::mib-2.47.1.1.1.1.2.8 = STRING: "Unit: 0 Port 5 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.9 = STRING: "Unit: 0 Port 6 10G Level" ---output truncated Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior. •[...]
-
Page 882
50 Stacking Stacking is supported on the MXL switch platform. Stacking is supported on a MXL 10/40GbE switch on the 40GbE ports (for the base module) or a 2-Port 40GbE QSFP+ module. You can connect up to six MXL 10/40GbE switches in a single stack. Stacking provides a single point of management and network interface controller (NIC) teaming for hig[...]
-
Page 883
Figure 117. Four-Stacked MXL 10/40GbE Switches Stack Management Roles The stack elects the management units for the stack management. • Stack master — primary management unit, also called the master unit. • Standby — secondary management unit. The master holds the control plane and the other units maintain a local copy of the forwarding dat[...]
-
Page 884
• Switch removal If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority or MAC address becomes standby. NOTE: For the MXL switch, the entire stack has only one management IP address. Stack Master Election The stack elects a master and standby unit at bootup time based on two cri[...]
-
Page 885
4 Member online MXL-10/40GbE MXL-10/40GbE 9-1-0-853 56 5 Member online MXL-10/40GbE MXL-10/40GbE 9-1-0-853 56 Dell# Failover Roles If the stack master fails (for example, is powered off), it is removed from the stack topology. The standby unit detects the loss of peering communication and takes ownership of the stack management, switching from the [...]
-
Page 886
Figure 118. Dual-Ring Stacking Topology for MXL 10/40GbE Switches Example 2: Dual Daisy-Chain Stack Across Multiple Chassis Using two separate, daisy-chained stacks in a stacking topology provides redundancy and increased high availability in case of stack failure. Also, stacking upgrades are simplified when you have to take one stack offline, as s[...]
-
Page 887
Figure 119. Dual Daisy-Chain Stacking Topology for MXL 10/40GbE Switches Stack Group/Port Numbers By default, each unit in Standalone mode is numbered stack-unit 0. Stack-unit numbers are assigned to member switches when the stack comes up. The following example shows the stack-group numbers of 40GbE ports on an MXL 10/40GbE switch. Stacking 887[...]
-
Page 888
Figure 120. Stack-Group on an MXL 10/40GbE Switch Configuring a Switch Stack Configuring a switch stack is a four step process. To configure and bring up a switch stack, follow these steps: 1. Connect the switches to be stacked with 40G direct attach or QSFP fibre cables. 2. Configure the stacking ports on each switch. 3. All switches must be boote[...]
-
Page 889
• Stacking is supported only with other MXL 10/40GbE switches. A maximum of six MXL 10/40GbE switches is supported in a single stack. You cannot stack the MXL 10/40GbE switch with the M IO Aggregator or another type of switch. • A maximum of four stack groups (40GbE ports) is supported on a stacked MXL 10/40GbE switch. • Interconnect the stac[...]
-
Page 890
Ports Fo 0/33 have been configured as stacking ports. Please save and reload for config to take effect Stack-groups are easier to think of simply as stack ports. For example, using the stack-group 0 command simply turns the lower port (port 9) into a stacking port. Similarly, stack-group 1 , stack-group 2 and stack-group 3 commands correspond to po[...]
-
Page 891
Accessing the CLI To configure a stack, you must access the stack master in one of the following ways. • For remote out-of-band management (OOB), enter the OOB management interface IP address into a Telnet or secure shell (SSH) client and log in to the switch using the user ID and password to access the CLI. • For local management, use the atta[...]
-
Page 892
NOTE: If the stacked switches all reboot at approximately the same time, the switch with the highest MAC address is automatically elected as the master switch. The switch with the next highest MAC address is elected as standby. As each switch joins the stack, it is assigned the lowest available stack-unit number from 0 to 5. The default configurati[...]
-
Page 893
• If you renumber a switch to a number already assigned to another stack unit, the following error message displays: Dell#stack-unit 5 renumber 0 % ERROR: stack unit 0 already exists. Assign a stack-number to a unit. EXEC Privilege mode stack-unit unit-number renumber new-number Provisioning a Stack Unit You can logically provision a stack-unit n[...]
-
Page 894
Converting 4x10GbE Ports to 40GbE for Stacking Stacking is supported only on 40GbE links by connecting 40GbE ports on the base module or a 2-Port QSFP+ module. However, on a 2-Port 40GbE QSFP+ module, the ports operate by default in 4x10GbE (quad) mode with breakout cables as eight 10GbE ports. Change a port from 4x10GbE to 40GbE mode of operation [...]
-
Page 895
Adding a Stack Unit You can add a new unit to an existing stack both when the unit has no stacking ports (stack groups) configured and when the unit already has stacking ports configured. If the units to be added to the stack have been previously used, they are assigned the smallest available unit ID in the stack. If a standalone switch has no stac[...]
-
Page 896
• If the new unit has been configured with a stack number that is already assigned to a stack member, the stack avoids a numbering conflict by assigning the new switch the first available stack number. • If the stack has been provisioned for the stack number that is assigned to the new unit, the pre- configured provisioning must match the switc[...]
-
Page 897
redundancy force-failover stack-unit A new standby is elected. When the former stack master comes back online, it becomes a member unit. • Prevent the stack master from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot stack-unit This command does not affect a forced failover, manual reset, or a stack-link disconnect. [...]
-
Page 898
Using Show Commands To display information on the stack configuration, use the show commands on the master switch. • Displays stacking roles (master, standby, and member units) and the stack MAC address. show system [brief] • Displays the FlexIO modules currently installed in expansion slots 0 and 1 on a switch and the expected module logically[...]
-
Page 899
-- Unit 1 -- Unit Type : Management Unit Status : online Next Boot : online Required Type : MXL-10/40GbE - 34-port GE/TE/FG (XL) Current Type : MXL-10/40GbE - 34-port GE/TE/FG (XL) Master priority : 14 Hardware Rev : 2.0 Num Ports : 56 Up Time : 19 hr, 30 min Dell Networking OS Version : 9-1-0-1010 Jumbo Capable : yes POE Capable : no Burned In MAC[...]
-
Page 900
--------------------------------------- 0 1 4 5 Dell#show system stack-unit 1 stack-group Stack group Ports ------------------------------ 0 0/33 1 0/37 2 0/41 3 0/45 4 0/49 5 0/53 Dell# Dell# show system stack-ports Topology: Ring Interface Connection Link Speed Admin Link Trunk (Gb/s) Status Status Group 0/33 1/37 40 up up 0/37 2/33 40 up up 0/41[...]
-
Page 901
show redundancy 3. Displays input and output flow statistics on a stacked port. show hardware stack-unit unit-number stack-port port-number 4. Clears statistics on the specified stack unit. The valid stack-unit numbers are from 0 to 5. clear hardware stack-unit unit-number counters Example of the show system stack-ports Command Example of the show [...]
-
Page 902
Running Config: succeeded Mar 24 2012 20:07:39 ACL Mgr: succeeded Mar 24 2012 20:07:39 LACP: no block sync done STP: no block sync done Dell# show hardware stack-unit 1 stack-port 53 Input Statistics: 7934 packets, 1049269 bytes 0 64-byte pkts, 7793 over 64-byte pkts, 100 over 127-byte pkts 0 over 255-byte pkts, 7 over 511-byte pkts, 34 over 1023-b[...]
-
Page 903
Master Switch Fails • Problem : The master switch fails due to a hardware fault, software crash, or power loss. • Resolution : A failover procedure begins: 1. Keep-alive messages from the MXL 10/40GbE master switch time out after 60 seconds and the switch is removed from the stack. 2. The standby switch takes the master role. Data traffic on th[...]
-
Page 904
Stack Unit in Card-Problem State Due to Incorrect Dell Networking OS Version • Problem : A stack unit enters a Card-Problem state because the switch has a different the Dell Networking OS version than the master unit. The switch does not come online as a stack unit. • Resolution : To restore a stack unit with an incorrect the Dell Networking OS[...]
-
Page 905
Upgrading a Switch Stack To upgrade all switches in a stack with the same Dell Networking OS version, follow these steps. 1. Copy the new Dell Networking OS image to a network server. 2. Download the Dell Networking OS image by accessing an interactive CLI that requests the server IP address and image filename, and prompts you to upgrade all member[...]
-
Page 906
Upgrade system image for all stack-units [yes/no]: yes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!! ! Image upgraded to all Dell# configure Dell(conf)# boot system stack-unit all primary system: A: Dell(conf)# end Dell# write memory Jan 3 14:01:48: %STKUNIT0-M:CP %FILEMGR-5-FILESAVED: Copie[...]
-
Page 907
Dell# configure Dell(conf)# boot system stack-unit 2 primary system: A: Dell(conf)# end Dell#Jan 3 14:27:00: %STKUNIT0-M:CP %SYS-5-CONFIG_I: Configured from console Dell# write memory Jan 3 14:27:10: %STKUNIT0-M:CP %FILEMGR-5-FILESAVED: Copied running-config to startup-config in flash by default Synchronizing data to peer Stack-unit !!!! .... Dell#[...]
-
Page 908
51 Storm Control Storm control is supported on the MXL switch platform. The storm control feature allows you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking OS Behavior : The Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffi[...]
-
Page 909
52 Spanning Tree Protocol (STP) The spanning tree protocol (STP) is supported on the MXL switch platform. Protocol Overview STP is a Layer 2 protocol — specified by IEEE 802.1d — that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the protocol improves scalability in a large netw[...]
-
Page 910
• SNMP Traps for Root Elections and Topology Changes Important Points to Remember • STP is disabled by default. • The Dell Networking operating system (OS) supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flav[...]
-
Page 911
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 121. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. 1. If the interface has been assigned an IP address, remove it. IN[...]
-
Page 912
3. Enable the interface. INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree Prot[...]
-
Page 913
Figure 122. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1. Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2. Enable STP. PROTOCOL SPANNING TREE mode no disable Example of Verifying Spanning Tree is Enabled Example of Viewing Spanning Tree Configuration Example of Verifying a Por[...]
-
Page 914
To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. R2#show spanning-tree 0 Executing IEEE compatible Spanning Tree Protocol Bridge Identifier [...]
-
Page 915
Adding an Interface to the Spanning Tree Group To add a Layer 2 interface to the spanning tree topology, use the following command. • Enable spanning tree on a Layer 2 interface. INTERFACE mode spanning-tree 0 Removing an Interface from the Spanning Tree Group To remove a Layer 2 interface from the spanning tree topology, use the following comman[...]
-
Page 916
PROTOCOL SPANNING TREE mode forward-delay seconds The range is from 4 to 30. The default is 15 seconds . • Change the hello-time parameter (the BPDU transmission interval). PROTOCOL SPANNING TREE mode hello-time seconds NOTE: With large configurations (especially those with more ports) Dell Networking recommends increasing the hello-time. The ran[...]
-
Page 917
spanning-tree 0 priority priority-value The range is from 0 to 15. The default is 8 . To view the current values for interface parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally . Enabling PortFast The PortFast feature enables interfaces to begin forward[...]
-
Page 918
Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an edgeport does receive a BPDU, it likely means that it [...]
-
Page 919
Figure 123. Enabling BPDU Guard Dell Networking OS Behavior : BPDU guard and BPDU filtering (refer to Removing an Interface from the Spanning Tree Group ) both block BPDUs, but are two separate features. BPDU guard is used on edgeports and blocks all traffic on edgeport if it receives a BPDU. Example of Blocked BPDUs Dell#show spanning-tree 0 brief[...]
-
Page 920
Global BPDU Filtering When BPDU Filtering is enabled globally, it stops transmitting BPDUs on the operational port fast enabled ports by default. When it receives BPDUs, it automatically participates in the spanning tree. By default global bpdu filtering is disabled. Figure 124. BPDU Filtering Enabled Globally Interface BPDU Filtering When BPDU Fil[...]
-
Page 921
Figure 125. BPDU Filtering Enabled Globally Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. You can also specify that a bridge is the root or the secondary root. To change the bridge priority or specify that a bridge is the root or seco[...]
-
Page 922
Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the bridge- priority command) is selected as the root bridge. If two switches have the same priority, th[...]
-
Page 923
Figure 126. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior : The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port[...]
-
Page 924
spanning-tree {0 | mstp | rstp | pvst} rootguard – 0 : enables root guard on an STP-enabled port assigned to instance 0. – mstp : enables root guard on an MSTP-enabled port. – rstp : enables root guard on an RSTP-enabled port. – pvst : enables root guard on a PVST-enabled port. To disable STP root guard on a port or port-channel interface, [...]
-
Page 925
53 System Time and Date System time and date settings and the network time protocol (NTP) are supported on the MXL switch platform. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking operating system (OS) command line interfaces (CLIs) and hardware settings. Network Time Protocol The net[...]
-
Page 926
certain fields in the message, recalculates the checksum and returns the message immediately. Information included in the NTP message allows the client to determine the server time regarding local time and adjust the local clock accordingly. In addition, the message includes information to calculate the expected timekeeping accuracy and reliability[...]
-
Page 927
Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a Source IP Address for NTP Packets Enabling NTP NTP is disabled by def[...]
-
Page 928
Configuring NTP Broadcasts With the Dell Networking OS, you can receive broadcasts of time information. You can set interfaces within the system to receive NTP information through broadcast. To configure an interface to receive NTP broadcasts, use the following commands. • Set the interface to receive NTP packets. INTERFACE mode ntp broadcast cli[...]
-
Page 929
– For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. To view the configuration, use the show running-config ntp command in EXEC privilege mode (refer to the example in Configuring NTP Authentication ). Configuring NTP Authentication NTP authentication and the corresponding trusted key provide a reliab[...]
-
Page 930
– key keyid : Configure a text string as the key exchanged between the NTP server and the client. – prefer : Enter the keyword prefer to set this NTP server as the preferred server. – version number : Enter a number as the NTP version. The range is from 1 to 4. 5. Configure the switch as NTP master . CONFIGURATION mode ntp master <stratum&[...]
-
Page 931
NOTE: • Leap Indicator ( sys.leap , peer.leap , pkt.leap ) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover interval) in the day of insertion to be increa[...]
-
Page 932
• Setting Daylight Saving Time Once • Setting Recurring Daylight Saving Time Setting the Time and Date for the Switch Software Clock You can change the order of the month and day parameters to enter the time and date as time day month year . You cannot delete the software clock. The software clock runs only when the software is up. The clock re[...]
-
Page 933
Set Daylight Saving Time The Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. To set the clock for daylight savings time once, use the following comma[...]
-
Page 934
clock summer-time time-zone recurring start-week start-day start-month start- time end-week end-day end-month end-time [ offset ] – time-zone : Enter the three-letter name for the time zone. This name displays in the show clock output. – start-week : (OPTIONAL) Enter one of the following as the week that daylight saving begins and then enter va[...]
-
Page 935
Dell(conf)#clock summer-time pacific recurring Dell(conf)# System Time and Date 935[...]
-
Page 936
54 Tunneling Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP mode. • If the tunnel mode is IPIP or IPv6I[...]
-
Page 937
ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu-3)#tunnel source 5::5 Dell(conf-if-tu-3)#tunnel destination 8::9 Dell(conf-if-tu-3[...]
-
Page 938
tunnel mode ipip no shutdown Configuring the ip and ipv6 unnumbered Configuring the tunnel interface is supported on the MXL platform. You can configure the tunnel in ip unnumbered and ipv6 unnumbered command. To configure the tunnel interface to operate without a unique explicit ip/ ipv6 address, select the interface from which the tunnel will bor[...]
-
Page 939
ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel source 40.1.1.1 tunnel allow-remote 40.1.1.2 tunnel mode ipip decapsulate-any no shutdown Configuring the Tunnel Source Anylocal You can use the anylocal argument in place of the ip address or interface, but only with multipoint receive-only mode tunnels. The tunnel source anylocal command allows[...]
-
Page 940
55 Uplink Failure Detection (UFD) Uplink failure detection (UFD) is supported on the MXL switch platform. Feature Description UFD provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. A switch provides upstream connectivity for devices, such as se[...]
-
Page 941
Figure 128. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group . An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interface[...]
-
Page 942
result, downstream devices can execute the protection or recovery procedures they have in place to establish alternate connectivity paths, as shown in the following illustration. Figure 129. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated w[...]
-
Page 943
Important Points to Remember When you configure UFD, the following conditions apply. • You can configure up to 16 uplink-state groups. By default, no uplink-state groups are created. – An uplink-state group is considered to be operationally up if it has at least one upstream interface in the Link-Up state. – An uplink-state group is considere[...]
-
Page 944
• group-id : values are from 1 to 16. To delete an uplink-state group, use the no uplink-state-group group-id command. 2. Assign a port or port-channel to the uplink-state group as an upstream or downstream interface. UPLINK-STATE-GROUP mode {upstream | downstream} interface For interface, enter one of the following interface types: • 10 Gigabi[...]
-
Page 945
no enable The default is upstream-link tracking is automatically enabled in an uplink-state group. To re-enable upstream-link tracking, use the enable command. Clearing a UFD-Disabled Interface You can manually bring up a downstream interface in an uplink-state group that UFD disabled and is in a UFD-Disabled Error state. To re-enable one or more d[...]
-
Page 946
to down: Group 3 00:10:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Te 0/4 00:10:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Te 0/5 00:10:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Te 0/6 00:10:13: %STKUNIT0-M:CP %IFMGR-5[...]
-
Page 947
– Port channel: enter port-channel {1-512} . If a downstream interface in an uplink-state group is disabled (Oper Down state) by uplink-state tracking because an upstream port is down, the message error-disabled[UFD] displays in the output. • Display the current configuration of all uplink-state groups or a specified group. EXEC mode or UPLINK-[...]
-
Page 948
Hardware is Force10Eth, address is 00:01:e8:32:7a:47 Current address is 00:01:e8:32:7a:47 Interface index is 280544512 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:25:46 Queueing stra[...]
-
Page 949
• Verify the configuration with various show commands. Example of Configuring UFD (S50) Dell(conf)#uplink-state-group 3 Dell(conf-uplink-state-group-3)# 00:23:52: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed uplink state group Admin state to up: Group 3 Dell(conf-uplink-state-group-3)#downstream tengigabitethernet 0/1-2,5,9,11-12 Dell(conf-uplink-s[...]
-
Page 950
56 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes . Get Help with Upgrades Direct any questions or con[...]
-
Page 951
57 Virtual LANs (VLANs) Virtual LANs (VLANs) are supported on the MXL switch platform. VLANs are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple[...]
-
Page 952
command places the interface in Layer 2 mode and the show vlan command in EXEC privilege mode indicates that the interface is now part of the Default VLAN (VLAN 1). By default, VLAN 1 is the Default VLAN. To change that designation, use the default vlan-id command in CONFIGURATION mode. You cannot delete the Default VLAN. NOTE: You cannot assign an[...]
-
Page 953
VLANs and Port Tagging To add an interface to a VLAN, the interface must be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. The Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the fram[...]
-
Page 954
NOTE: In a VLAN, the shutdown command stops Layer 3 (routed) traffic only. Layer 2 traffic continues to pass through the VLAN. If the VLAN is not a routed VLAN (that is, configured with an IP address), the shutdown command has no affect on VLAN traffic. When you delete a VLAN (using the no interface vlan vlan-id command), any interfaces assigned to[...]
-
Page 955
CONFIGURATION mode interface vlan vlan-id 2. Enable an interface to include the IEEE 802.1Q tag header. INTERFACE mode tagged interface Add an Interface to Another VLAN To view just the interfaces that are in Layer 2 mode, use the show interfaces switchport command in EXEC Privilege mode or EXEC mode. The following example shows the steps to add a [...]
-
Page 956
Moving Untagged Interfaces To move untagged interfaces from the Default VLAN to another VLAN, use the following commands. 1. Access INTERFACE VLAN mode of the VLAN to which you want to assign the interface. CONFIGURATION mode interface vlan vlan-id 2. Configure an interface as untagged. INTERFACE mode untagged interface This command is available on[...]
-
Page 957
The only way to remove an interface from the Default VLAN is to place the interface in Default mode by using the no switchport command in INTERFACE mode. Assigning an IP Address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an IP address to the VLANs to route traffic between th[...]
-
Page 958
INTERFACE mode 2. Configure the interface for Hybrid mode. INTERFACE mode portmode hybrid 3. Configure the interface for Switchport mode. INTERFACE mode switchport 4. Add the interface to a tagged or untagged VLAN. VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, ser[...]
-
Page 959
58 Virtual Link Trunking (VLT) Virtual link trunking (VLT) is supported on the MXL switch platform. Overview VLT allows physical links between two chassis to appear as a single virtual link to the network core. VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution o[...]
-
Page 960
Figure 131. Virtual Link Trunking Multi-domain VLT A multi-domain VLT (mVLT) configuration creates a port channel between two VLT domains by allowing two different VLT domains, using different VLT Domain ID numbers, connected by a standard LACP LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum [...]
-
Page 961
Figure 132. Multi-Domain VLT Example VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages be[...]
-
Page 962
Important Points to Remember • VLT port channel interfaces must be switch ports. • If you include RSTP on the system, configure it before VLT. Refer to RSTP Configuration . • Ensure that the spanning tree root bridge is at the Aggregation layer. If you enable RSTP on the VLT device, refer to RSTP and VLT for guidelines to avoid traffic loss. [...]
-
Page 963
– A VLT domain consists of the two core chassis, the interconnect trunk, backup link, and the LAG members connected to attached devices. – Each VLT domain has a unique MAC address that you create or VLT creates automatically. – ARP tables are synchronized between the VLT peer nodes. – VLT peer switches operate as separate chassis with indep[...]
-
Page 964
* the VLT system MAC address matches. * the VLT unit-id is not identical. NOTE: If you configure the VLT system MAC address or VLT unit-id on only one of the VLT peer switches, the link between the VLT peer switches is not established. Each VLT peer switch must be correctly configured to establish the link between the peers. – If the link between[...]
-
Page 965
Connecting a VLT Domain to an Attached Access Device (Switch or Server) ). To configure a port in Hybrid mode so that it can carry untagged, single-tagged, and double-tagged traffic, use the portmode hybrid command in Interface Configuration mode as described in Configuring Native VLANs . * For example, if the DHCP server is on the ToR and VLTi (IC[...]
-
Page 966
• Failure scenarios – On a link failover, when a VLT port channel fails, the traffic destined for that VLT port channel is redirected to the VLTi to avoid flooding. – When a VLT switch determines that a VLT port channel has failed (and that no other local port channels are available), the peer with the failed port channel notifies the remote [...]
-
Page 967
VLT Bandwidth Monitoring When bandwidth usage of the VLTi (ICL) exceeds 80%, a syslog error message (shown in the following message) and an SNMP trap are generated. %STKUNIT0-M:CP %VLTMGR-6-VLT-LAG-ICL: Overall Bandwidth utilization of VLT-ICL- LAG (port-channel 25) crosses threshold. Bandwidth usage (80 ) When the bandwidth usage drops below the 8[...]
-
Page 968
PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources. Figure 133. PIM-Sparse [...]
-
Page 969
(DR) if they are incorrectly hashed. In addition to being first-hop or last -hop routers, the peer node can also act as an intermediate router. The VLT peer nodes can also act as normal PIM routers on Layer 3 ports and on VLANS that do not have any VLT port members. In addition to being first-hop or last-hop routers, the peer node can also act as a[...]
-
Page 970
• For optimal performance, configure the VLT VLAN routing metrics to prefer VLT VLAN interfaces over non-VLT VLAN interfaces. • When using factory default settings on a new switch deployed as a VLT node, packet loss may occur due to the requirement that all ports must be open. • You can enable ECMP on VLT nodes using VLT unicast; however, ECM[...]
-
Page 971
node. Configuration mismatches are logged in the syslog and displayed in the output of the show vlt inconsistency command. When you enable VLT unicast, VLAN wildcarding is enabled to support up to 4094 VLANs. If you enable VLT unicast, the following actions occur: • L3 routing is enabled on any new IP address / IPV6 address configured for a VLAN [...]
-
Page 972
RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the VLT startup phase. You may also use RSTP for loop prevention in the network outside of the VLT port channel. For information about how to configure RSTP, Rapid Spanni[...]
-
Page 973
primary VLT switch determines the RSTP roles and states on VLT ports and ensures that the VLT interconnect link is never blocked. In the case of a primary VLT switch failure, the secondary switch starts sending BPDUs with its own bridge ID and inherits all the port states from the last synchronization with the primary switch. An access device never[...]
-
Page 974
Enter the same port-channel number configured with the peer-link port-channel command as described in Configuring VLT and Connecting a VLT Domain . NOTE: To be included in the VLTi, the port channel must be in Default mode ( no switchport or VLAN assigned). 2. Remove an IP address from the interface. INTERFACE PORT-CHANNEL mode no ip address 3. Add[...]
-
Page 975
Configuring a VLT Port Delay Period To configure a VLT port delay period, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs from 1 to 1000. 2. Enter an amount of time, in seconds, to delay the restoration of the VLT ports after the system is[...]
-
Page 976
Also, reconfigure the same MAC address on the VLT peer switch. Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. 4. (Optional) When you create a VLT domain on a switch, the system automatically assigns a unique unit ID (0 or [...]
-
Page 977
6. Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device. INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number The valid port-channel ID numbers are from 1 to 128. 7. Repeat Steps 1 to 6 on the VLT peer switch to configure the same port channel as part of the VLT domain.[...]
-
Page 978
interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command. 2. Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface specifies one of the following interface types: • 10-Gigabit Ethernet: Enter tengigabitethernet slot/port . ?[...]
-
Page 979
Use the unit-id command to explicitly configure the default values on each peer switch. You must configure a different unit ID (0 or 1) on each peer switch. Use this command to minimize the time required for the VLT system to determine the unit ID assigned to each peer switch when one peer switch reboots. 8. Configure multi-domain VLT. Configure th[...]
-
Page 980
Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode show vlt backup-link • Display general status information about VLT domains currently configured on the sw[...]
-
Page 981
Example of the show vlt backup-link Command Example of the show vlt brief Command Example of the show vlt detail Command Example of the show vlt role Command Example of the show running-config vlt Command Example of the show vlt statistics Command Example of the show spanning-tree rstp Command Dell_VLTpeer1# show vlt backup-link VLT Backup Link ---[...]
-
Page 982
127 2 UP UP 20, 30 Dell_VLTpeer2# show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active VLANs ------------ ----------- ------------ ----------- ------------- 2 127 UP UP 20, 30 100 100 UP UP 10, 20, 30 Dell_VLTpeer1# show vlt role VLT Role ---------- VLT Role: Primary System MAC address: 00:01:e8:8a:df:bc System Role Priority: 32[...]
-
Page 983
The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is used in the VLT interconnect trunk (VLTi) to connect to VLT peer2. Port channels 110, 111, and 120 are used to connect to access switches or servers (vlt). Dell_VLTpeer1# show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Roo[...]
-
Page 984
NOTE: To benefit from the protocol negotiations, Dell Networking recommends configuring VLTs used as facing hosts/switches with LACP. Both peers must use the same port channel ID. 3. Configure the peer-link port-channel in the VLT domains of each peer unit. INTERFACE PORTCHANNEL mode channel-member 4. Configure the backup link between the VLT peer [...]
-
Page 985
Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2 Configure the VLTi between VLT peer 1 and VLT peer 2 Configure the backup link between the VLT peer units. Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit. In the ToR unit, configure LACP on the physical ports Verify VLT is up. Verify that the V[...]
-
Page 986
1. Configure the static LAG/LACP between ports connected from VLT peer 1 and VLT peer 2 to the top of rack unit. 2. Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. 3. In the top of rack unit, configure LACP in the physical ports (shown for VLT peer 1 only. Repeat steps for VLT peer 2. The highlighted vlt-peer-lag port-chan[...]
-
Page 987
! interface TenGigabitEthernet 0/50 no ip address ! port-channel-protocol LACP port-channel 100 mode active no shutdown mxl-1# mxl-1#show running-config interface port-channel 100 ! interface Port-channel 100 no ip address switchport no shutdown mxl-1# mxl-1#show interfaces port-channel 100 brief Codes: L - LACP Port-channel LAG Mode Status Uptime [...]
-
Page 988
PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during the VLT startup phase. You may also use PVST+ for loop prevention in the network outside of the VLT port channel. For information on PVST+, refer to Per-VLAN Spanning[...]
-
Page 989
Po 1 128.2 128 188 FWD(vltI) 0 0 90b1.1cf4.9b79 128.2 Po 2 128.3 128 2000 FWD(vlt) 0 0 90b1.1cf4.9b79 128.3 Te 0/100 128.230 128 2000 FWD 0 0 90b1.1cf4.9b79 128.230 Te 0/103 128.233 128 2000 FWD 0 0 90b1.1cf4.9b79 128.233 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ---------- ------ -------- ---- ------- ----------- ------- -------[...]
-
Page 990
In Domain 1, configure the VLT domain and VLTi on Peer 1 Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)#channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer1#no shutdown Domain_1_Peer1(conf)#vlt domain 1000 Domain_1_Peer1(conf-vlt-domain)#peer-link port-channel 1 Domain_1_Peer1(conf-vlt-domain)#[...]
-
Page 991
Domain_1_Peer3#no shutdown Domain_2_Peer3(conf)#vlt domain 200 Domain_2_Peer3(conf-vlt-domain)#peer-link port-channel 1 Domain_2_Peer3(conf-vlt-domain)#back-up destination 10.18.130.11 Domain_2_Peer3(conf-vlt-domain)#system-mac mac-address 00:0b:00:0b:00:0b Domain_2_Peer3(conf-vlt-domain)#unit-id 0 Configure mVLT on Peer 3 Domain_2_Peer3(conf)#inte[...]
-
Page 992
Enable PIM Multicast Routing on the VLT node globally. VLT_Peer1(conf)#ip multicast-routing Enable PIM on the VLT port VLANs. VLT_Peer1(conf)#interface vlan 4001 VLT_Peer1(conf-if-vl-4001)#ip address 140.0.0.1/24 VLT_Peer1(conf-if-vl-4001)#ip pim sparse-mode VLT_Peer1(conf-if-vl-4001)#tagged port-channel 101 VLT_Peer1(conf-if-vl-4001)#tagged port-c[...]
-
Page 993
Configure the backup link. Dell_VLTpeer1(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer1(conf-if-ma-0/0)# ip address 10.11.206.23/ Dell_VLTpeer1(conf-if-ma-0/0)#no shutdown Dell_VLTpeer1(conf-if-ma-0/0)#exit Configure the VLT interconnect (VLTi). Dell_VLTpeer1(conf)#interface port-channel 100 Dell_VLTpeer1(conf-if-po-100)#no ip address Dell_VL[...]
-
Page 994
Configure the VLT interconnect (VLTi). Dell_VLTpeer2(conf)#interface port-channel 100 Dell_VLTpeer2(conf-if-po-100)#no ip address Dell_VLTpeer2(conf-if-po-100)# channel-member fortyGigE 0/46,50 Dell_VLTpeer2(conf-if-po-100)#no shutdown Dell_VLTpeer2(conf-if-po-100)#exit Configure the port channel to an attached device. Dell_VLTpeer2(conf)# interfac[...]
-
Page 995
Table 69. Troubleshooting VLT Description Behavior at Peer Up Behavior During Run Time Action to Take Bandwidth monitoring A syslog error message and an SNMP trap is generated when the VLTi bandwidth usage goes above the 80% threshold and when it drops below 80%. A syslog error message and an SNMP trap is generated when the VLTi bandwidth usage goe[...]
-
Page 996
Description Behavior at Peer Up Behavior During Run Time Action to Take A syslog error message is generated. A syslog error message is generated. if Peer 1 is unit ID “0”, Peer 2 unit ID must be “1’. Version ID mismatch A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated. Verify the D[...]
-
Page 997
the peer-link port-channel id-number peer-down-vlan vlan interface number command and the switchport command. After you specify the VLTi link and VLT LAGs, you can associate the same port channel or LAG bundle that is a part of a VLT to a PVLAN by using the interface interface and switchport mode private-vlan commands. When a VLTi port in trunk mod[...]
-
Page 998
MAC Synchronization for VLT Nodes in a PVLAN For the MAC addresses that are learned on non-VLT ports, MAC address synchronization is performed with the other peer if the VLTi (ICL) link is part of the same VLAN as the non-VLT port. For MAC addresses that are learned on VLT ports, the VLT LAG mode of operation and the primary to secondary associatio[...]
-
Page 999
• Layer 3 communication between secondary VLANs in a private VLAN is enabled by using the ip local-proxy-arp command in INTERFACE VLAN configuration mode. • The ARP request is not received on the ICL Under such conditions, the IP stack performs the following operations: • The ARP reply is sent with the MAC address of the primary VLAN. • The[...]
-
Page 1000
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 - Secondary (Community) - Secondary (Community) Yes Yes - Secondary (Isolated) - Secondary (Isolated) Yes Yes Promiscuo us Trunk Primary Normal No No Promiscuo us Trunk Primary Primary Yes No Access Access Secondary (Community) Secondary (Community) [...]
-
Page 1001
Creating a VLT LAG or a VLT VLAN 1. Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port-channel id-number . Enter the same port-channel number configured with the peer-link port-channel command. NOTE: To be included in the VLTi, the port channel must be in Defa[...]
-
Page 1002
The range is from 1 to 4094. Associating the VLT LAG or VLT VLAN in a PVLAN 1. Access INTERFACE mode for the port that you want to assign to a PVLAN. CONFIGURATION mode interface interface 2. Enable the port. INTERFACE mode no shutdown 3. Set the port in Layer 2 mode. INTERFACE mode switchport 4. Select the PVLAN mode. INTERFACE mode switchport mod[...]
-
Page 1003
Proxy ARP Capability on VLT Peer Nodes A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the traffic to the proxy ARP-enabled device, which in turn transmits the packets to the destination. By default, proxy ARP is enabled. To disable proxy ARP, use the no proxy-arp command in [...]
-
Page 1004
secondary VLANs. When the ICL link or peer is down, and the ARP request for a private VLAN IP address reaches the wrong peer, then the wrong peer responds to the ARP request with the peer MAC address. The IP address of the VLT node VLAN interface is synchronized with the VLT peer over ICL when the VLT peers are up. Whenever an IP address is added o[...]
-
Page 1005
Sample configuration of VLAN-stack over VLT (Peer 1) Configure VLT domain Dell(conf)#vlt domain 1 Dell(conf-vlt-domain)#peer-link port-channel 1 Dell(conf-vlt-domain)#back-up destination 10.16.151.116 Dell(conf-vlt-domain)#primary-priority 100 Dell(conf-vlt-domain)#system-mac mac-address 00:00:00:11:11:11 Dell(conf-vlt-domain)#unit-id 0 Dell(conf-v[...]
-
Page 1006
Dell(conf-if-vl-50-stack)#member port-channel 10 Dell(conf-if-vl-50-stack)#member port-channel 20 Dell#show running-config interface vlan 50 ! interface Vlan 50 vlan-stack compatible member Port-channel 10,20 shutdown Dell# Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN-Stack VLAN Sample Configuration of VLAN-Stack Ov[...]
-
Page 1007
vlt-peer-lag port-channel 20 no shutdown Dell# Configure the VLAN as VLAN-Stack VLAN and add the VLT LAG as members to the VLAN Dell(conf)#interface vlan 50 Dell(conf-if-vl-50)#vlan-stack compatible Dell(conf-if-vl-50-stack)#member port-channel 10 Dell(conf-if-vl-50-stack)#member port-channel 20 Dell(conf-if-vl-50-stack)# Dell#show running-config i[...]
-
Page 1008
59 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is supported on the MXL switch platform. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).[...]
-
Page 1009
Figure 135. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation T[...]
-
Page 1010
switch. To avoid throttling VRRP advertisement packets, Dell Networking recommends increasing the VRRP advertisement interval to a value higher than the default value of 1 second. CAUTION: Increasing the advertisement interval increases the VRRP Master dead interval, resulting in an increased failover time for Master/Backup election. Take caution w[...]
-
Page 1011
• Create a virtual router for that interface with a VRID. INTERFACE mode vrrp-group vrid The VRID range is from 1 to 255. NOTE: The interface must already have a primary IP address defined and be enabled, as shown in the second example. • Delete a VRRP group. INTERFACE mode no vrrp-group vrid Example of Configuring VRRP Example of Verifying the[...]
-
Page 1012
2. Set the switch with the highest priority to version to 3. 3. Set all the switches from both to version 3. NOTE: Do not run VRRP version 2 and version 3 in the same group for an extended period of time Example: Migrating an IPv4 VRRP Group from VRRPv2 to VRRPv3 NOTE: Carefully following this procedure, otherwise you might introduce dual master sw[...]
-
Page 1013
The VRID range is from 1 to 255. 2. Configure virtual IP addresses for this VRID. INTERFACE -VRID mode virtual-address ip-address1 [ ...ip-address12 ] The range is up to 12 addresses. Example of the virtual-address Command Example of Verifying the Virtual IP Address Configuration Example of Verifying the VRRP Group Priority Dell(conf-if-te-1/1-vrid[...]
-
Page 1014
Authentication: (none) Dell# When the VRRP process completes its initialization, the State field contains either Master or Backup. Setting VRRP Group (Virtual Router) Priority Setting a virtual router priority to 255 ensures that router is the “owner” virtual router for the VRRP group. VRRP elects the MASTER router by choosing the router with t[...]
-
Page 1015
Configuring VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, the Dell Networking OS includes the password in its VRRP transmission. The receiving router uses that password to verify the transmission. NOTE: You must configure all virtual router[...]
-
Page 1016
Example of Disabling Preempt Example of Verifying Preempt is Disabled Re-enable preempt by entering the preempt command. When you enable preempt, it does not display in the show commands, because it is a default setting. Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)#no preempt Dell(conf-if-te-1/1-vrid-111)#show conf Dell(conf-if[...]
-
Page 1017
Example of the advertise-interval Command Example of Verifying the Configured Advertisement Interval The following example shows how to change the advertise interval using the advertise-interval command. Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)#advertise-interval 10 Dell(conf-if-te-1/1-vrid-111)# The following example shows[...]
-
Page 1018
NOTE: You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACE-VRID mode) before you actually create the tracked object (using a track object-id command in CONFIGURATION mode). However, no changes in the VRRP group’s priority occur until the tracked object is defined and determined to be down. Tracking a[...]
-
Page 1019
virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 Dell(conf-if-te-1/1-vrid-111)# Dell#show track Track 2 IPv6 route 2040::/64 metric threshold Metric threshold is Up (STATIC/0/0) 5 changes, last change 00:02:16 Metric threshold down 255 up 254 First-hop interface is GigabitEthernet 13/2 Tracked by: VRRP GigabitEthern[...]
-
Page 1020
• Set the delay time for VRRP initialization on an individual interface. INTERFACE mode vrrp delay minimum seconds This time is the gap between an interface coming up and being operational, and VRRP enabling. The seconds range is from 0 to 900. The default is 0 . • Set the delay time for VRRP initialization on all the interfaces in the system c[...]
-
Page 1021
Figure 136. VRRP for IPv4 Topology Example of Configuring VRRP for IPv4 R2(conf)#int tengig 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf ! interface Tengigabitet[...]
-
Page 1022
R2(conf-if-te-2/31)#end R2#show vrrp ------------------ Tengigabitethernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.3 Authen[...]
-
Page 1023
60 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website[...]
-
Page 1024
SFF-8431 SFP+ Direct Attach Cable (10GSFP+Cu) MTU 12,000 bytes RFC and I-D Compliance The Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table[...]
-
Page 1025
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 73. General IPv4 Protocols RFC# Full Name 791 Internet Protocol 792 Internet Control Message Protocol 826 An Ethernet Address Resolution Protocol 1027 Using ARP to Implement Transparent Subnet Gateways 1035 DOMAIN NAMES - I[...]
-
Page 1026
Border Gateway Protocol (BGP) The following table lists the Dell Networking OS support per platform for BGP protocols. Table 74. Border Gateway Protocol (BGP) RFC# Full Name 1997 BGP ComAmtturnibituitees 2385 Protection of BGP Sessions via the TCP MD5 Signature Option 2439 BGP Route Flap Damping 2796 BGP Route Reflection: An Alternative to Full Mes[...]
-
Page 1027
Routing Information Protocol (RIP) The following table lists the Dell Networking OS support per platform for RIP protocol. Table 76. Routing Information Protocol (RIP) RFC# Full Name 1058 Routing Information Protocol 2453 RIP Version 2 Network Management The following table lists the Dell Networking OS support per platform for network management pr[...]
-
Page 1028
RFC# Full Name 2570 Introduction and Applicability Statements for Internet Standard Management Framework 2571 An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks 2572 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) 2574 User-based Security Model (USM) for version 3 of t[...]
-
Page 1029
RFC# Full Name Statistics High-Capacity Table, Ethernet History High- Capacity Table 3416 Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) 3418 Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) 3434 Remote Monitoring MIB Extensions for High Capacity Alarms, High-Capacity Alarm [...]
-
Page 1030
RFC# Full Name FORCE10-IF-EXTENSION-MIB Force10 Enterprise IF Extension MIB (extends the Interfaces portion of the MIB-2 (RFC 1213) by providing proprietary SNMP OIDs for other counters displayed in the "show interfaces" output) FORCE10-LINKAGG-MIB Force10 Enterprise Link Aggregation MIB FORCE10-COPY-CONFIG-MIB Force10 File Copy MIB (supp[...]
-
Page 1031
61 FC Flex IO Modules This part provides a generic, broad-level description of the operations, capabilities, and configuration commands of the Fiber Channel (FC) Flex IO module. FC Flex IO Modules This part provides a generic, broad-level description of the operations, capabilities, and configuration commands of the Fiber Channel (FC) Flex IO modul[...]
-
Page 1032
switch to operate as NPIV proxy gateways. The MXL 10/40GbE Switch or the I/O Aggregator can function in NPIV proxy gateway mode when an FC Flex IO module is present or in the FIP snooping bridge (FSB) mode when all the ports are Ethernet ports. The FC Flex IO module uses the same baseboard hardware of the MXL 10/40GbE Switch or the Aggregator and t[...]
-
Page 1033
• Two 40GbE, four 10GBASE-T, and four 8GB FC ports FC Flex IO Module Capabilities and Operations The FC Flex IO module has the following characteristics: • You can install one or two FC Flex IO modules on the MXL 10/40GbE Switch or I/O Aggregator. Each module supports four FC ports. • Each port can operate in 2Gbps, 4Gbps, or 8Gbps of Fibre C[...]
-
Page 1034
• The FC Flex IO does not have persistent storage for any runtime configuration. All the persistent storage for runtime configuration is on the MXL and IOA baseboard. • With both FC Flex IO modules present in the MXL or I/O Aggregator switches, the power supply requirement and maximum thermal output are the same as these parameters needed for t[...]
-
Page 1035
• priority-group 2 bandwidth 40 pfc on • priority-pgid 0 0 0 2 1 0 0 0 • On I/O Aggregators, uplink failure detection (UFD) is disabled if FC Flex IO module is present to allow server ports to communicate with the FC fabric even when the Ethernet upstream ports are not operationally up. • Ensure that the NPIV functionality is enabled on the[...]
-
Page 1036
Processing of Data Traffic The Dell Networking OS determines the module type that is plugged into the slot. Based on the module type, the software performs the appropriate tasks. The FC Flex IO module encapsulates and decapsulates the FCoE frames. The module directly switches any non-FCoE or non-FIP traffic, and only FCoE frames are processed and t[...]
-
Page 1037
Installing and Configuring the Switch After you unpack the MXL 10/40GbE Switch, refer to the flow chart in the following figure for an overview of the steps you must follow to install the blade and perform the initial configuration. FC Flex IO Modules 1037[...]
-
Page 1038
Installing and Configuring Flowchart for FC Flex IO Modules 1038 FC Flex IO Modules[...]
-
Page 1039
To see if a switch is running the latest Dell Networking OS version, use the show version command. To download a Dell Networking OS version, go to http://support.dell.com . Installation Site Preparation Before installing the switch or switches, make sure that the chosen installation location meets the following site requirements: • Clearance — [...]
-
Page 1040
Interconnectivity of FC Flex IO Modules with Cisco MDS Switches In a network topology that contains Cisco MDS switches, FC Flex IO modules that are plugged into the MXL and I/O Aggregator switches enable interoperation for a robust, effective deployment of the NPIV proxy gateway and FCoE-FC bridging behavior. In an environment that contains FC Flex[...]
-
Page 1041
Figure 137. Case 1: Deployment Scenario of Configuring FC Flex IO Modules Figure 138. Case 2: Deployment Scenario of Configuring FC Flex IO Modules Data Center Bridging (DCB) Data center bridging (DCB) is supported on the FC Flex IO module installed in the MXL 10/40GbE Switch. FC Flex IO Modules 1041[...]
-
Page 1042
Ethernet Enhancements in Data Center Bridging The following section describes DCB. • The device supports the following DCB features: – Data center bridging exchange protocol (DCBx) – Priority-based flow control (PFC) – Enhanced transmission selection (ETS) DCB refers to a set of IEEE Ethernet enhancements that provide data centers with a si[...]
-
Page 1043
• Data Center Bridging Exchange (DCBx) protocol NOTE: In the Dell Networking OS version 8.3.12.0, only the PFC, ETS, and DCBx features are supported in data center bridging. Priority-Based Flow Control In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not af[...]
-
Page 1044
priorities configured). If you do not enable PFC on an interface, you can enable the 802.3x link- level pause function. By default, the link-level pause is disabled. • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation. • PFC uses the DCB MIB IEEE802.1azd2.5 and th[...]
-
Page 1045
Traffic Groupings Description traffic in a group must have the same traffic handling requirements for latency and frame loss. Group ID A 4-bit identifier assigned to each priority group. The range is from 0 to 7. Group bandwidth Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of que[...]
-
Page 1046
Step Task Command Command Mode priority groups is made available and allocated according to the specified percentages. If a priority group does not use its allocated bandwidth, the unused bandwidth is made available to other priority groups. Example: priority-group 0 bandwidth 60 pfc off priority-group 1 bandwidth 20 pfc on priority-group 2 bandwid[...]
-
Page 1047
Step Task Command Command Mode port | fortygigabitEthernet slot / port } 2 Apply the DCB map on the Ethernet port to configure it with the PFC and ETS settings in the map; for example: Dell# interface tengigabitEthernet 0/0 Dell(config-if-te-0/0)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port. You cannot apply[...]
-
Page 1048
Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface after you disable PFC mode in a DCB map and apply the map on the interface. The configuration of no-drop queues provides flexibility for ports on which PFC is not needed, but lossless traffic should egress from the interface. Lossless traffic e[...]
-
Page 1049
Data Center Bridging Exchange Protocol (DCBx) DCBx allows a switch to automatically discover DCB-enabled peers and exchange configuration information. PFC and ETS use DCBx to exchange and negotiate parameters with peer devices. DCBx capabilities include: • Discovery of DCB capabilities on peer-device connections. • Determination of possible mis[...]
-
Page 1050
• Priority-based flow control • Enhanced transmission selection • Data center bridging exchange protocol • FCoE initialization protocol (FIP) snooping DCB processes virtual local area network (VLAN)-tagged packets and dot1p priority values. Untagged packets are treated with a dot1p priority of 0. For DCB to operate effectively, you can clas[...]
-
Page 1051
NOTE: Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS. However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces. If you use L2 class maps to map dot1p priority traffic to egress queues[...]
-
Page 1052
3. Configure a DCB output policy in which you associate a priority group with a QoS ETS output policy. 4. Apply the DCB output policy to an interface. ETS Operation with DCBx The following section describes DCBx negotiation with peer ETS devices. In DCBx negotiation with peer ETS devices, ETS configuration is handled as follows: • ETS TLVs are su[...]
-
Page 1053
The maximum 32 alphanumeric characters. 2. Configure the percentage of bandwidth to allocate to the dot1p priority/queue traffic in the associated L2 class map. QoS OUTPUT POLICY mode Dell(conf-qos-policy-out)#bandwidth-percentage 100 The default is none . 3. Repeat Step 2 to configure bandwidth percentages for other priority queues on the port. Qo[...]
-
Page 1054
• Configuring Priority-Based Flow Control • Configure Enhanced Transmission Selection • Configuring FIP Snooping DCBx supports the following versions: CIN, CEE, and IEEE2.5. Prerequisite: For DCBx, enable LLDP on all DCB devices. DCBx Operation DCBx performs the following operations: • Discovers DCB configuration (such as PFC and ETS) in a [...]
-
Page 1055
On a DCBX port in an auto-upstream role, the PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Auto- downstream The port advertises its own configuration to DCBx peers but is not willing to receive remote peer configuration. The port always accepts internally propagated configurat[...]
-
Page 1056
NOTE: On a DCBx port, application priority TLV advertisements are handled as follows: • The application priority TLV is transmitted only if the priorities in the advertisement match the configured PFC priorities on the port. • On auto-upstream and auto-downstream ports: – If a configuration source is elected, the ports send an application pri[...]
-
Page 1057
A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports. Ports receiving auto-configuration information from the configuration source ignore their current settings and use the configuration source information. Propagation of DCB Information When an auto-upstream or auto-downst[...]
-
Page 1058
DCBx Example The following figure shows how DCBX is used on an MXL Switch installed in a PowerEdge M1000e chassis in which servers are also installed. The external 40GbE ports on the base module (ports 33 and 37) of two switches are used for uplinks configured as DCBx auto-upstream ports. The MXL switch is connected to third-party, top-of-rack (ToR[...]
-
Page 1059
DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, enable LLDP in both Send (TX) and Receive (RX) mode (the protocol lldp mode command; refer to the example in CONFIGURATION versus INTERFACE Configurations in the Link Layer Discovery [...]
-
Page 1060
• auto-upstream : configures the port to receive a peer configuration. The configuration source is elected from auto-upstream ports. • auto-downstream : configures the port to accept the internally propagated DCB configuration from a configuration source. • config-source : configures the port to serve as the configuration source on the switch[...]
-
Page 1061
configure 2. Enter LLDP Configuration mode to enable DCBx operation. CONFIGURATION mode [no] protocol lldp 3. Configure the DCBx version used on all interfaces not already configured to exchange DCB information. PROTOCL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.5} • auto : configures all ports to operate using the DCBx version recei[...]
-
Page 1062
For information about how to use FCoE and iSCSI, refer to Fibre Channel over Ethernet and iSCSI Optimization . 6. Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8 . 7. Configure the iSCSI[...]
-
Page 1063
– auto-detect-timer : enables traces for DCBx auto-detect timers. – config-exchng : enables traces for DCBx configuration exchanges. – fail : enables traces for DCBx failures. – mgmt : enables traces for DCBx management frames. – resource : enables traces for DCBx system resource frames. – sem : enables traces for the DCBx state machine[...]
-
Page 1064
Example of the show dot1p-queue mapping Command Example of the show dcb Command Example of the show interfaces pfc summary Command Example of the show interface pfc statistics Command Example of the show interface ets summary Command Example of the show interface ets detail Command Example of the show stack-unit all stack-ports all pfc details Comm[...]
-
Page 1065
PFC Link Delay 45556 pause quanta Application Priority TLV Parameters : -------------------------------------- FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Local ISCSI PriorityMap is 0x10 Remote FCOE PriorityMap is 0x8 Remote ISCSI PriorityMap is 0x8 0 Input TLV pkts, 1 Output TLV pkts, 0 Error pkts, [...]
-
Page 1066
Fields Description • Symmetric: for an IEEE version TLV Tx Status Status of PFC TLV advertisements: enabled or disabled. PFC Link Delay Link delay (in quanta) used to pause specified priority traffic. Application Priority TLV: FCOE TLV Tx Status Status of FCoE advertisements in application priority TLVs from local DCBx port: enabled or disabled. [...]
-
Page 1067
Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------ Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Priority# Bandwidth TSA 0 13% ETS 1 13% ETS 2 13% ETS 3 13% ETS 4 12% ETS 5 12% ETS 6 12% ETS 7 12% ETS Remote Parameters: ---[...]
-
Page 1068
Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------ Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Priority# Bandwidth TSA 0 13% ETS 1 13% ETS 2 13% ETS 3 13% ETS 4 12% ETS 5 12% ETS 6 12% ETS 7 1[...]
-
Page 1069
Table 81. show interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on or off. When on, the scheduling and bandwidth allo[...]
-
Page 1070
Field Description ETS TLV Statistic: Error Conf TLV pkts Number of ETS Error Configuration TLVs received. Dell(conf)# show stack-unit all stack-ports all pfc details stack unit 0 stack-port all Admin mode is On Admin is enabled, Priority list is 4-5 Local is enabled, Priority list is 4-5 Link Delay 45556 pause quantum 0 Pause Tx pkts, 0 Pause Rx pk[...]
-
Page 1071
Dell(conf)# show interface tengigabitethernet 0/49 dcbx detail Dell#show interface te 0/49 dcbx detail E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE enabled f-Applicat[...]
-
Page 1072
Field Description Configuration Source Specifies whether the port serves as the DCBx configuration source on the switch: true (yes) or false (no). Local DCBx Compatibility mode DCBx version accepted in a DCB configuration as compatible. In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. Local DCBx Configure[...]
-
Page 1073
PFC and ETS Configuration Examples This section contains examples of how to configure and apply DCB input and output policies on an interface. Using PFC and ETS to Manage Data Center Traffic The following shows examples of using PFC and ETS to manage your data center traffic. In the following example: • Incoming SAN traffic is configured for prio[...]
-
Page 1074
Figure 143. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification : The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment . dot1p Val[...]
-
Page 1075
dot1p Value in Incoming Frame Queue Assignment 4 2 5 3 6 3 7 3 The following describes the dot1p-priority class group assignment dot1p Value in the Incoming Frame Priority Group Assignment 0 LAN 1 LAN 2 LAN 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 5[...]
-
Page 1076
Example of Applying DCB PFC Input Policy and ETS Output Policy in a Switch Stack dcb-map stack-unit all stack-ports all <dcb-map-name> Interworking of DCB Map With DCB Buffer Threshold Settings The dcb-input and dcb-output configuration commands are deprecated. You must use the dcp-map command to create a DCB map to configure priority flow co[...]
-
Page 1077
Fibre Channel over Ethernet for FC Flex IO Modules FCoE provides a converged Ethernet network that allows the combination of storage-area network (SAN) and LAN traffic on a Layer 2 link by encapsulating Fibre Channel data into Ethernet frames. The Fibre Channel (FC) Flex IO module is supported on Dell Networking Operating System (OS) MXL 10/40GbE S[...]
-
Page 1078
NPIV Proxy Gateway Operations and Capabilities Benefits of an NPIV Proxy Gateway The MXL 10/40GbE Switch and M I/O Aggregator with the FC Flex IO module functions as a top-of-rack edge switch that supports Converged Enhanced Ethernet (CEE) traffic — FCoE for storage, Interprocess Communication (IPC) for servers, and Ethernet LAN (IP cloud) for da[...]
-
Page 1079
servers over the NPIV proxy gateway to FC switches in the fabric. An FCoE map virtualizes the upstream SAN fabric as an FCF to downstream CNA ports on FCoE-enabled servers as follows: • As soon as an FC N port comes online ( no shutdown command), the NPG starts sending FIP multicast advertisements, which contain the fabric name derived from the 6[...]
-
Page 1080
Term Description or 8-Gigabit mode. On an NPIV proxy gateway, an FC port can be used as a downlink for a server connection and an uplink for a fabric connection. F port Port mode of an FC port connected to an end node (N) port on an MXL 10/40GbE Switch and M I/O Aggregator with the FC Flex IO module NPIV proxy gateway. N port Port mode of an MXL 10[...]
-
Page 1081
Term Description principal switch The switch in a fabric with the lowest domain number. The principal switch accesses the master name database and the zone/zone set database. DCB Maps A Data Center Bridging (DCB) map is used to configure DCB functionality, such as PFC and ETS, on MXL 10/40GbE Switch and M I/O Aggregator with the FC Flex IO module E[...]
-
Page 1082
Configuring an NPIV Proxy Gateway Prerequisite : Before you configure an NPIV proxy gateway (NPG) with the FC Flex IO module on an MXL 10/40GbE Switch or an M I/O Aggregator, ensure that the following features are enabled. • DCB is enabled by default with the FC Flex IO module on the MXL 10/40GbE Switch or M I/O Aggregator. • Autonegotiated DCB[...]
-
Page 1083
Step Task Command Command Mode 1 Create a DCB map to specify PFC and ETS settings for groups of dot1p priorities. dcb-map name CONFIGURATION 2 Configure the PFC setting (on or off) and the ETS bandwidth percentage allocated to traffic in each priority group. Configure whether the priority group traffic should be handled with strict-priority schedul[...]
-
Page 1084
If you delete the dot1p priority-to-priority group mapping ( no priority pgid command) before you apply the new DCB map, the default PFC and ETS parameters are applied on the interfaces. This change may create a DCB mismatch with peer DCB devices and interrupt the network operation. Applying a DCB Map on Server-facing Ethernet Ports You can apply a[...]
-
Page 1085
Creating an FCoE Map An FCoE map consists of: • An association between the dedicated VLAN, used to carry FCoE traffic, and the SAN fabric where the storage arrays are installed. Use a separate FCoE VLAN for each fabric to which the FCoE traffic is forwarded. Any non-FCoE traffic sent on a dedicated FCoE VLAN is dropped. • The FC-MAP value, used[...]
-
Page 1086
FCoE devices are reachable. Default: FIP keep- alive monitoring is enabled. 7 Configure the time interval (in seconds) used to transmit FIP keepalive advertisements. Range: 8-90 seconds. Default: 8 seconds. fka-adv-period seconds FCoE MAP Applying an FCoE Map on Server-facing Ethernet Ports You can apply multiple FCoE maps on an Ethernet port or po[...]
-
Page 1087
When you apply an FCoE map on a fabric-facing FC port, the FC port becomes part of the FCoE fabric, whose settings in the FCoE map are configured on the port and exported to downstream server CNA ports. Each MXL 10/40GbE Switch and M I/O Aggregator, with the FC Flex IO module FC port, is associated with an Ethernet MAC address (FCF MAC address). Wh[...]
-
Page 1088
Dell(config)# interface tengigabitethernet 1/0 Dell(config-if-te-0/0)#dcb-map SAN_DCB_MAP 3. Create the dedicated VLAN to be used for FCoE traffic: Dell(conf)#interface vlan 1002 4. Configure an FCoE map to be applied on downstream (server-facing) Ethernet and upstream (core- facing) FC ports: Dell(config)# fcoe-map SAN_FABRIC_A Dell(config-fcoe-na[...]
-
Page 1089
Command Description NOTE: Although the show interface status command displays the Fiber Channel (FC) interfaces with the abbreviated label of 'Fc' in the output, if you attempt to specify a FC interface by using the interface fc command in the CLI interface, an error message is displayed. You must configure FC interfaces by using the inte[...]
-
Page 1090
Table 85. show interfaces status Field Descriptions Field Description Port Server-facing 10GbE Ethernet (Te), 40GbE Ethernet (Fo), or fabric- facing Fibre Channel (Fc) port with slot / port information. Description Text description of port. Status Operational status of port: Ethernet ports - up (transmitting FCoE and LAN storage traffic) or down (n[...]
-
Page 1091
Table 86. show fcoe-map Field Descriptions Field Description Fabric-Name Name of a SAN fabric. Fabric ID The ID number of the SAN fabric to which FC traffic is forwarded. VLAN ID The dedicated VLAN used to transport FCoE storage traffic between servers and a fabric over the NPG. The configured VLAN ID must be the same as the fabric ID. VLAN priorit[...]
-
Page 1092
Table 87. show qos dcb-map Field Descriptions Field Description State Complete: All mandatory DCB parameters are correctly configured. In progress: The DCB map configuration is not complete. Some mandatory parameters are not configured. PFC Mode PFC configuration in the DCB map: On (enabled) or Off. PG Priority group configured in the DCB map. TSA [...]
-
Page 1093
Field Description Fabric-Map Name of the FCoE map containing the FCoE/FC configuration parameters for the server CNA-fabric connection. Login Method Method used by the server CNA to log in to the fabric; for example: FLOGI - ENode logged in using a fabric login (FLOGI). FDISC - ENode logged in using a fabric discovery (FDISC). Status Operational st[...]
-
Page 1094
Field Description FCF MAC Fibre Channel forwarder MAC: MAC address of MXL 10/40GbE Switch or M I/O Aggregator with the FC Flex IO module FCF interface. Fabric Intf Fabric-facing MXL 10/40GbE Switch or M I/O Aggregator with the FC Flex IO module Fibre Channel port ( slot / port ) on which FCoE traffic is transmitted to the specified fabric. FCoE VLA[...]