Instruction/ maintenance manual of the product MXL 10/40GbE Dell
Go to page of 1094
Dell Networking Configuration Guide for the MXL 10/40GbE Switch I/O Module 9.8(0.0).
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
Contents 1 About this Guide................................................................................................. 33 Audience ..................................................................................................................
Viewing Files .................................................................................................................................. 57 Managing the File System ..............................................................................
Configuring Concurrent Session Limit ......................................................................................... 81 Enabling the System to Clear Existing Sessions ..........................................................................
Determine the Order in which ACLs are Used to Classify Traffic .................................................... 111 Example of the order Keyword to Determine ACL Sequence ................................................... 112 IP Fragment Handling .
Flow-Based Monitoring Support for ACLs ....................................................................................... 138 Behavior of Flow-Based Monitoring ......................................................................................
Changing VRRP Session Parameters .......................................................................................... 168 Disabling BFD for VRRP ....................................................................................................
Enabling MBGP Configurations .................................................................................................. 227 BGP Regular Expression Optimization ...................................................................................
Using PFC and ETS to Manage Converged Ethernet Traffic in a Switch Stack ........................ 272 Applying DCB Policies in a Switch Stack .......................................................................................... 273 Configure a DCBx Operation .
Configure the System to be a DHCP Server .................................................................................... 315 Configuring the Server for Automatic Address Allocation ......................................................... 315 Configuration Tasks .
Fibre Channel over Ethernet ............................................................................................................ 349 Ensure Robustness in a Converged Ethernet Network ............................................................
Sample Configuration and Topology ............................................................................................... 381 20 GARP VLAN Registration Protocol (GVRP)................................................ 383 Important Points to Remember .
Null Interfaces ...................................................................................................................................408 Port Channel Interfaces ............................................................................
Enhanced Validation of Interface Ranges ........................................................................................434 Enhanced Control of Remote Fault Indication Processing ............................................................ 434 23 Internet Protocol Security (IPSec).
Version (4 bits) ............................................................................................................................. 457 Traffic Class (8 bits) .................................................................................
Default iSCSI Optimization Values ............................................................................................. 479 Displaying iSCSI Optimization Information .............................................................................
Displaying the MAC Address Table ............................................................................................. 527 MAC Learning Limit .....................................................................................................
..................................................................................................................................................... 559 32 Multicast Source Discovery Protocol (MSDP)...........................................560 Protocol Overview .
Enable BPDU Filtering Globally ........................................................................................................ 593 Modifying the Interface Parameters ............................................................................
Assigning IPv6 Addresses on an Interface ................................................................................. 643 Assigning Area ID on an Interface ..........................................................................................
Use PIM-SSM with IGMP Version 2 Hosts ........................................................................................ 681 Configuring PIM-SSM with IGMPv2 ........................................................................................
Setting dot1p Priorities for Incoming Traffic .............................................................................. 721 Honoring dot1p Priorities on Ingress Traffic .............................................................................
45 Rapid Spanning Tree Protocol (RSTP)........................................................ 770 Protocol Overview ............................................................................................................................ 770 Configuring Rapid Spanning Tree .
Configuring the SSH Server Cipher List ..................................................................................... 804 Secure Shell Authentication ..............................................................................................
Important Points to Remember ................................................................................................. 843 Enabling and Disabling sFlow ...........................................................................................
Obtaining a Value for MIB Objects ...................................................................................................870 Manage VLANs using SNMP ..........................................................................................
Stack Member FailsUnplugged Stacking CableMaster Switch FailsStack-Link Flapping ErrorMaster Switch Recovers from FailureStack Unit in Card-Problem State Due to Incorrect Dell Networking OS VersionStack Unit in Card-Problem State Due to Configuration Mismatch .
Configuring NTP Authentication ................................................................................................ 929 Dell Networking OS Time and Date ......................................................................................
VLT and IGMP Snooping ............................................................................................................. 967 VLT Port Delayed Restoration ......................................................................................
Creating a VLT LAG or a VLT VLAN .......................................................................................... 1001 Associating the VLT LAG or VLT VLAN in a PVLAN ................................................................. 1002 Proxy ARP Capability on VLT Peer Nodes .
Verifying the DCB Configuration ..............................................................................................1063 PFC and ETS Configuration Examples .....................................................................................
1 About this Guide This guide describes the supported protocols and software features, and provides configuration instructions and examples, for the Dell Networking MXL 10/40GbE Switch IO Module. The MXL 10/40GbE Switch IO Module is installed in a Dell PowerEdge M1000e Enclosure.
Information Symbols This book uses the following information symbols. NOTE: The Note icon signals important operational information. CAUTION: The Caution icon signals information about situations that could result in equipment damage or loss of data. WARNING: The Warning icon signals information about hardware handling that could result in injury.
2 Configuration Fundamentals The Dell Networking operating system command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols.
The CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information.
ROUTER RIP SPANNING TREE Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode.
CLI Command Mode Prompt Access Command STANDARD ACCESS-LIST Dell(config-std-nacl)# ip access-list standard (IP ACCESS-LIST Modes) EXTENDED ACCESS-LIST Dell(config-ext-nacl)# ip access-list extended (I.
CLI Command Mode Prompt Access Command TRACE-LIST Dell(conf-trace-acl)# ip trace-list CLASS-MAP Dell(config-class-map)# class-map CONTROL-PLANE Dell(conf-control- cpuqos)# control-plane-cpuqos DCB POL.
CLI Command Mode Prompt Access Command u-Boot Dell(=>)# Press any key when the following line appears on the console during a system boot: Hit any key to stop autoboot: UPLINK STATE GROUP Dell(conf.
The first bold line shows the assigned IP address, the second bold line shows the no form of the IP address command, and the last bold line shows the IP address removed. Example of Viewing Disabled Commands Dell(conf)#interface gigabitethernet 4/17 Dell(conf-if-gi-4/17)#ip address 192.
Entering and Editing Commands Notes for entering commands. • The CLI is not case-sensitive. • You can enter partial CLI keywords. – Enter the minimum number of letters to uniquely identify a command. For example, you cannot enter cl as a partial keyword because both the clock and class-map commands begin with the letters “cl.
Command History The Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands.
Example of the except Keyword Example of the find Keyword Dell(conf)#do show stack-unit all stack-ports all pfc details | except 0 Admin mode is On Admin is enabled Local is enabled Link Delay 45556 p.
If either of these messages appears, Dell Networking recommends coordinating with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes.
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) during which the route processor module (RPM), switch fabric module (SFM), and line card status light emitting diodes (LEDs) blink green.
Console Access The MXL 10/40GbE Switch IO Module has two management ports available for system access: a serial console port and an out-of-bounds (OOB) port. Serial Console A universal serial bus (USB) (A-Type) connector is located at the front panel.
Serial Console 48 Getting Started.
External Serial Port with a USB Connector The following table listes the pin assignments. Table 2. Pin Assignments USB Pin Number Signal Name Pin 1 RTS Pin 2 RX Pin 3 TX Pin 4 CTS Pin 5, 6 GND RxD Cha.
Following are the points to remember, when you are trying to establish an SSH session to the device to run commands or script files: • There is an upper limit of 10 concurrent sessions in SSH. Therefore, you might expect a failure in executing SSH-related scripts.
( 464 MB -> 2192 MB , size: 1728 MB) Modifying Default Flash Address map..Done Initialized eMMC Host Controller Detected SD Card BLC is 1 (preset 10) Hit any key to stop autoboot: 0 Boot Image selection Reading the Boot Block Info...Passed !! Images are OK A:0x0 B:0x0 Boot Selector set to Bootflash Partition A image.
EQL detection and enabling iscsi profile-compellent on an interface may cause some automatic configurations to occur like jumbo frames on all ports and no storm control and spanning tree port-fast on .
Accessing the System Remotely You can configure the system to access it remotely by Telnet or SSH. The MXL 10/40GbE switch IO module has a dedicated management port and a management routing table that is separate from the IP routing table.
management route ip-address/mask gateway – ip-address : the network address in dotted-decimal format (A.B.C.D). – mask : a subnet mask in /prefix-length format (/ xx). – gateway : the next hop for network traffic originating from the management port.
* 5 is for inputting a password that is already encrypted using an MD5 hash. Obtain the encrypted password from the configuration file of another Dell Networking system. You can only use this for the enable secret password. Configuration File Management Files can be stored on and accessed from various storage media.
NOTE: If all of the following conditions are true, the Portmode Hybrid configuration is not applied, because of the configuration process for server ports as switch ports by default: • The running configuration is saved in flash. • The startup configuration is deleted.
EXEC Privilege mode copy running-config tftp: //{hostip | hostname}/ filepath/filename • Save the running-configuration to an SCP server. EXEC Privilege mode copy running-config scp: //{hostip | hostname}/ filepath/filename NOTE: When copying to a server, you can only use a host name if you have configured a DNS server.
Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file. Dell#dir Directory of flash: 1 drwx 4096 Jan 01 1980 00:00:00 +00:00 . 2 drwx 2048 May 10 2011 14:45:15 +00:00 .
To view file system information, use the following command. • View information about each file system. EXEC Privilege mode show file-systems The output of the show file-systems command in the following example shows the total capacity, amount of free memory, file structure, media type, read/write privileges for each storage device in use.
Example of the show command-history Command Dell#show command-history [5/18 21:58:32]: CMD-(TEL0):[enable]by admin from vty0 (10.11.68.5) [5/18 21:58:48]: CMD-(TEL0):[configure]by admin from vty0 (10.11.68.5) - Repeated 1 time. [5/18 21:58:57]: CMD-(TEL0):[interface port-channel 1]by admin from vty0 (10.
To validate a software image: 1. Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file is displayed next to the software image file on the iSupport page. 2. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy command.
4 Management Management is supported on the Dell Networking MXL 10/40GbE Switch IO Module. This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line.
privilege level, and has access to only two commands, end and exit. Individually specify each CONFIGURATION mode command to which you want to allow access using the privilege configure level level command.
• allows access to CONFIGURATION mode with the banner command • allows access to INTERFACE and LINE modes with the no command Dell(conf)#do show run privilege ! Dell(conf)#privilege exec level 3 c.
• Configure a privilege level for a user. CONFIGURATION mode username username privilege level Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line, use the following command. • Configure a privilege level for a terminal line.
• Enabling Audit and Security Logs • Displaying Audit and Security Logs • Clearing Audit Logs Enabling Audit and Security Logs You enable audit and security logs to monitor configuration changes or determine if these changes affect the operation of the system in the network.
Example of Enabling Audit and Security Logs Dell(conf)#logging extended Displaying Audit and Security Logs To display audit logs, use the show logging auditlog command in Exec mode. To view these logs, you must first enable the logging extended command.
Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server Dell(conf)#ip ssh server enable 2.
In the following example the syslog server IP address is 10.156.166.48 and the listening port is 5141 . The switch IP address is 10.16.131.141 and the listening port is 5140 ssh -R 5140:10.156.166.48:5141 admin@10.16.131.141 -nNf 3. Configure logging to a local host.
To view any changes made, use the show running-config logging command in EXEC privilege mode. Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message) , are log in the internal buffer.
CONFIGURATION mode logging { ip-address | ipv6–address | hostname } {{udp { port }} | {tcp { port }}} Configuring a UNIX System as a Syslog Server To configure a UNIX System as a syslog server, use the following command. • Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.
NOTE: When you decrease the buffer size, the system deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer.
To view any changes made, use the show running-config logging command in EXEC privilege mode, as shown in the example for Configuring a UNIX Logging Facility Level . Configuring a UNIX Logging Facility Level You can save system log messages with a UNIX system logging facility.
service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10.4 Dell# Synchronizing Log Messages You can configure the system to filter and consolidate the system messages for a specific line by synchronizing the message output.
Specify the following optional parameters: – datetime : You can add the keyword localtime to include the localtime , msec , and show- timezone . If you do not add the keyword localtime , the time is UTC. – uptime : To view time since last boot. If you do not specify a parameter, the system configures uptime .
Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. • Specify the directory for users using FTP to reach the system.
ip ftp username name To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enabling the FTP Server . Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles.
line vty 0 access-class myvtyacl Dell OS Behavior: Prior to Dell OS version 7.4.2.0, in order to deny access on a VTY line, apply an ACL and accounting, authentication, and authorization (AAA) to the line. Then users are denied access only after they enter a username and password.
Dell(config-line-vty)#show config line vty 0 password myvtypassword login authentication myvtymethodlist line vty 1 password myvtypassword login authentication myvtymethodlist line vty 2 password myvt.
telnet [ ip-address ] If you do not enter an IP address, the system enters a Telnet dialog that prompts you for one. Enter an IPv4 address in dotted decimal format (A.B.C.D). Example of the telnet Command for Device Access Dell# telnet 10.11.80.203 Trying 10.
Dell#config ! Locks configuration mode exclusively. Dell(conf)# If another user attempts to enter CONFIGURATION mode while a lock is in place, the following appears on their terminal (message 1): % Error: User "" on line console0 is in exclusive configuration mode .
Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this procedure: • Use the following command.
Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events. When you log in using the console or VTY line, the syste.
Display Login Statistics To view the login statistics, use the show login statistics command. Example of the show login statistics Command The show login statistics command displays the successful and failed login details of the current user in the last 30 days or the custom defined time period.
Recovering from a Forgotten Password If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter. Use the following commands if you forget your password. 1.
Recovering from a Forgotten Enable Password Use the following commands if you forget the enable password. 1. Log onto the system using the console. 2. Power-cycle the chassis by switching off all of the power modules and then switching them back on. 3.
setenv [primary_image f10boot location | secondary_image f10boot location | default_image f10boot location ] 4. Assign an IP address to the Management Ethernet interface. uBoot mode setenv ipaddre address 5. Assign an IP address as the default gateway for the system.
5 802.1X 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification.
Figure 1. EAP Frames Encapsulated in Ethernet and RADUIS 802.1X 89.
Figure 2. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant . The supplicant is not allowed to communicate on the network until the authenticator authorizes the port.
2. The supplicant responds with its identity in an EAP Response Identity frame. 3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server.
EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79.
• Configuring a Guest VLAN • Configuring an Authentication-fail VLAN Important Points to Remember • The Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • 802.1X is not supported on port-channels or port-channel members.
dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [ range ] 3. Enable 802.1X on an interface or a range of interfaces. INTERFACE mode dot1x authentication Example of Verifying that 802.1X is Enabled Globally Example of Verifying 802.
Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: 2 Host Mode: SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize Configuring Request Identity Re-Transmissions If th.
INTERFACE mode dot1x quiet-period seconds The range is from 1 to 65535. The default is 60 seconds . Example of Configuring and Verifying Port Authentication The following example shows configuration i.
• Place a port in the ForceAuthorized, ForceUnauthorized, or Auto state. INTERFACE mode dot1x port-control {force-authorized | force-unauthorized | auto} The default state is auto .
INTERFACE mode dot1x reauth-max number The range is from 1 to 10. The default is 2 . Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period.
The range is from 1 to 300. The default is 30 . Example of Viewing Configured Server Timeouts The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds.
Figure 6. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X ) along with relevant RADIUS server configurations (refer to the illustration in Dynamic VLAN Assignment with Port Authentication ). 2. Make the interface a switchport so that it can be assigned to a VLAN.
If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network.
Example of Configuring Maximum Authentication Attempts Example of Viewing Configured Authentication Dell(conf-if-gi-1/2)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-gi-1/2)#show config ! inte.
6 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This chapter describes the access control list (ACL) VLAN group and content addressable memory (CAM) enhancements.
for the ACL VLAN groups present on the system, an appropriate error message is displayed. The ACL manager application verifies the following parameters when you enter the acl-vlan-group command: • W.
• The maximum number of VLANs that you can configure as a member of ACL VLAN groups is limited to 512 on the MXL switch if two slices are allocated. If only one virtual flow processing slice is allocated, the maximum number of VLANs that you can configure as a member of an ACL VLAN group is 256 for the MXL switch.
ip access-group { group name } out implicit-permit 4. Add VLAN member(s) to an ACL VLAN group. CONFIGURATION (conf-acl-vl-grp) mode member vlan { VLAN-range } 5. Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name.
EXEC Privilege mode Dell#show cam-usage switch Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============| ============== 11.
The following sample output displays the CAM space utilization when Layer 2 and Layer 3 ACLs are configured: Dell#show cam-usage acl Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available .
You can configure only two of these features at a time. • To allocate the number of FP blocks for VLAN open flow operations, use the cam-acl-vlan vlanopenflow <0-2> command. • To allocate the number of FP blocks for VLAN iSCSI counters, use the cam-acl-vlan vlaniscsi <0-2> command.
7 Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, ACLs, prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps.
accommodate the new entries. Hot lock ACLs are enabled by default and support both standard and extended ACLs. NOTE: Hot lock ACLs are supported for Ingress ACLs only. Implementing ACL on the Dell Networking OS You can assign one IP ACL per interface with the Dell Networking OS.
ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8. Therefore (without the keyword order), packets within the range 20.1.1.0/24 match positive against cmap1 and are buffered in queue 7, though you intended for these packets to match positive against cmap2 and be buffered in queue 4.
IP Fragments ACL Examples The following examples show how you can use ACL commands with the fragment keyword to filter fragmented packets. Example of Permitting All Packets on an Interface Example of Denying Second and Subsequent Fragments The following configuration permits all packets (both fragmented and non-fragmented) with destination IP 10.
Example of Layer 4 ACL Rules Example of TCP Packets In this first example, fragments or non-fragmented TCP packets from 10.1.1.1 with TCP destination port equal to 24 are permitted. All other fragments are denied. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)# permit tcp host 10.
seq 5 deny any seq 10 deny 10.2.0.0 /16 seq 15 deny 10.3.0.0 /16 seq 20 deny 10.4.0.0 /16 seq 25 deny 10.5.0.0 /16 seq 30 deny 10.6.0.0 /16 seq 35 deny 10.
ip access-list standard kigali seq 5 permit 10.1.0.0/16 Dell(config-std-nacl)# To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode.
NOTE: When assigning sequence numbers to filters, you might need to insert a new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or another number. The following examples shows how the seq command orders the filters according to the sequence number assigned.
seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.0 Dell(config-ext-nacl)# To view all configured IP ACLs and the number of packets processed through the ACL, use the show ip accounting access-list command in EXEC Privilege mode, as shown in the first example in Configuring a Standard IP ACL Filter .
Assign an IP ACL to an Interface To pass traffic through a configured IP ACL, assign that ACL to a physical interface, a port channel interface, or a VLAN. The IP ACL is applied to all traffic entering a physical or port channel interface and the traffic is either forwarded or dropped depending on the criteria and actions specified in the ACL.
no shutdown Dell(conf-if)# To filter traffic on Telnet sessions, use only standard ACLs in the access-class command. Counting ACL Hits You can view the number of packets matching the ACL by using the count option when creating ACL entries. In the MXL switch, you can configure either count (packets) or count (bytes).
seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1.1.1.2 Configure Egress ACLs Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized traffic.
CPU-forwarded traffic. Using permit rules with the count option, you can track on a per-flow basis whether CPU-generated and CPU-forwarded packets were transmitted successfully. 1. Apply Egress ACLs to IPv4 system traffic. CONFIGURATION mode ip control-plane [egress filter] 2.
Implementation Information In the Dell Networking OS, prefix lists are used in processing routes for routing protocols (for example, router information protocol [RIP], open shortest path first [OSPF], and border gateway protocol [BGP]). NOTE: The MXL Switch platform does not support all protocols.
The following example shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 20 was configured before filter 15 and 12, but the show config command displays the filters in the correct order. Dell(conf-nprefixl)#seq 20 permit 0.
seq 10 deny 133.0.0.0/8 Dell(conf-nprefixl)# To delete a filter, enter the show config command in PREFIX LIST mode and locate the sequence number of the filter you want to delete, then use the no seq sequence-number command in PREFIX LIST mode. Viewing Prefix Lists To view all configured prefix lists, use the following commands.
To apply a filter to routes in RIP, use the following commands. • Enter RIP mode. CONFIGURATION mode router rip • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a nonexistent prefix list, all routes are forwarded.
Example of Viewing Configured Prefix Lists (ROUTER OSPF mode) To view the configuration, use the show config command in ROUTER OSPF mode, or the show running-config ospf command in EXEC mode. Dell(conf-router_ospf)#show config ! router ospf 34 network 10.
• Resequence an IPv4 or MAC ACL. EXEC mode resequence access-list {ipv4 | mac} { access-list-name StartingSeqNum Step-to- Increment } • Resequence an IPv4 prefix-list.
seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ! ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.
Configuration Task List for Route Maps Configure route maps in ROUTE-MAP mode and apply the maps in various commands in ROUTER RIP and ROUTER OSPF modes. The following list includes the configuration tasks for route maps, as described in the following sections.
through all instances of that route map until a match is found. The following is an example with two instances of a route map. Dell#show route-map route-map zakho, permit, sequence 10 Match clauses: S.
with different parameters, the system does a match ONLY if there is a match among ALL the match commands. In the following example, there is a match if a route has any of the tag values specified in the match commands.
The parameters are: – For a Loopback interface, enter the keyword loopback then a number between zero (0) and 16383. – For a 10-Gigabit Ethernet interface, enter the keyword tengigabitEthernet then the slot/port information. – For a VLAN, enter the keyword vlan then a number from 1 to 4094.
• Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode set metric {+ | - | metric-value } • Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP address as the route’s next hop.
redistribute static metric 20 metric-type 2 tag 0 route-map staticospf ! route-map staticospf permit 10 match interface GigabitEthernet 0/0 match metric 255 set level backbone Configure a Route Map for Route Tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol.
Logging of ACL Processes To assist in the administration and management of traffic that traverses the device after being validated by the configured ACLs, you can enable the generation of logs for access control list (ACL) processes.
packets in the ACL entry, and if the logging is deactivated in a specific interval because the threshold has exceeded, the count of packets that exceeded the logging threshold value during that interval is recorded when the subsequent log record (in the next interval) is generated for that ACL entry.
NOTE: This example describes the configuration of ACL logging for standard IP access lists. You can enable the logging capability for standard and extended IPv4 ACLs, IPv6 ACLs, and standard and extended MAC ACLs.
are traversing through the ingress interfaces are examined, and appropriate ACLs can be applied in the ingress direction. By default, flow-based monitoring is not enabled.
Example Output of the show Command (conf-mon-sess-11)#show config ! monitor session 11 flow-based enable source GigabitEthernet 13/0 destination GigabitEthernet 13/1 direction both The show ip | mac | ipv6 accounting commands have been enhanced to display whether monitoring is enabled for traffic that matches with the rules of the specific ACL.
Example of the flow-based enable Command To view an access-list that you applied to an interface, use the show ip accounting access-list command from EXEC Privilege mode.
8 Bidirectional Forwarding Detection (BFD) Bidirectional forwarding detection (BFD) is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms.
packet to the neighbor that indicates the state change (though it might not be received if the link or receiving interface is faulty). The BFD manager notifies the routing protocols that are registered with it (clients) that the forwarding path is down and a link state change is triggered in all protocols.
Field Description State The current local session state. Refer to BFD Sessions . Flag A bit that indicates packet function. If the poll bit is set, the receiving system must respond as soon as possible, without regard to its transmit interval. The responding system clears the poll bit and sets the final bit in its response.
• In Demand mode: Detection time is the local Detection Multiplier multiplied by the greater of the local Desired Min TX and the remote Required Min RX Interval. BFD Sessions You must enable BFD on both sides of a link in order to establish a session.
1. The active system sends a steady stream of control packets that indicates that its session state is Down, until the passive system responds. These packets are sent at the desired transmit interval of the Active system. The Your Discriminator field is set to zero.
receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 9. Session State Changes Important Points to Remember • BFD for line card ports is hitless, but is not hitless for VLANs because they are instantiated on the RPM.
Configure BFD This section contains the following procedures. • Configure BFD for Physical Ports • Configure BFD for Port-Channels • Configure BFD for Static Routes • Configure BFD for OSPF .
The bold line shows that BFD is enabled. R1(conf)#bfd ? enable Enable BFD protocol protocol-liveness Enable BFD protocol-liveness R1(conf)#bfd enable R1(conf)#do show running-config bfd ! bfd enable R.
C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.1 2.2.2.2 Gi 4/24 Up 100 100 3 C To view specific information about BFD sessions, use the show bfd neighbors detail command.
bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] Changing Session Parameters for Physical Ports View session parameters using the show bfd neighbors detail command.
If the remote system state changes due to the local state administration being down, this message displays: R2>01:32:53: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.1 on interface Gi 2/1 (diag: 7) Configure BFD for Static Routes BFD offers systems a link state detection mechanism for static routes.
ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command. The bold line shows BFD for static routes is enabled. R1(conf)#ip route 2.2.
Configure BFD for OSPF When using BFD with OSPF, the OSPF protocol registers with the BFD manager on the RPM. BFD sessions are established with all neighboring interfaces participating in OSPF.
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state.
INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command.
Disabling BFD for OSPF If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state.
Changing OSPFv3 Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: desired tx interval , required min rx interval , detection multiplier , and system role . Configure these parameters for all OSPFv3 sessions or all OSPFv3 sessions on a particular interface.
Configure BFD for BGP In a BGP core network, bidirectional forwarding detection (BFD) provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence.
Figure 13. Establishing Sessions with BGP Neighbors The sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command).
You can configure BFD for BGP on the following types of interfaces: physical port (10GE or 40GE), port channel, and VLAN. 1. Enable BFD globally. CONFIGURATION mode bfd enable 2. Specify the AS number and enter ROUTER BGP configuration mode. CONFIGURATION mode router bgp as-number 3.
The BGP link with the neighbor returns to normal operation and uses the BFD session parameters globally configured with the bfd all-neighbors command or configured for the peer group to which the neighbor belongs. • Disable a BFD for BGP session with a specified neighbor.
• Display BFD packet counters for sessions with BGP neighbors. EXEC Privilege mode show bfd counters bgp [ interface ] • Check to see if BFD is enabled for BGP connections. EXEC Privilege mode show ip bgp summary • Displays routing information exchanged with BGP neighbors, including BFD for BGP sessions.
Neighbor Discriminator: 10 Local Addr: 1.1.1.3 Local MAC Addr: 00:01:e8:66:da:33 Remote Addr: 1.1.1.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/0 State: Up Configured parameters: TX.
Protocol BGP Messages: Registration : 5 De-registration : 4 Init : 0 Up : 6 Down : 0 Admin Down : 2 Interface TenGigabitEthernet 6/2 Protocol BGP Messages: Registration : 1 De-registration : 0 Init : 0 Up : 1 Down : 0 Admin Down : 2 The bold line shows the message displayed when you enable BFD for BGP connections.
MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Neighbor is using BGP glo.
3. On the master router, establish a VRRP BFD sessions with the backup routers. Refer to Establishing Sessions with All VRRP Neighbors . Related Configuration Tasks • Changing VRRP Session Parameters .
To establish a session with a particular VRRP neighbor, use the following command. • Establish a session with a particular VRRP neighbor. INTERFACE mode vrrp bfd neighbor ip-address Example of Viewi.
INTERFACE mode vrrp bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for a particular VRRP session.
1. Enable the BFD globally. Refer to Enabling BFD Globally . 2. Establish sessions with VLAN neighbors. Refer to Establish Sessions with VLAN Neighbors .
Changing VLAN Session Parameters BFD sessions are configured with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role.
• Establish sessions on port-channels. Refer to Establish Sessions on Port-Channels . Related Configuration Tasks • Changing Port-Channel Session Parameters .
Changing Physical Port Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role.
Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in hexadecimal format, use the following command. • Examine control packet field values. CONFIGURATION mode debug bfd detail • Examine the control packets in hexadecimal format.
9 Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking operating system. BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS).
Figure 17. Interior BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network.
Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started.
Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established.
Route Reflectors Route reflectors (RR) reorganize the iBGP core into a hierarchy and allow some route advertisement rules. Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster.
BGP Attributes Routes learned using BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection is required for the design of robust networks.
Figure 20. BGP Best Path Selection Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command.
c. Paths with no MED are treated as “worst” and assigned a MED of 4294967295. 7. Prefer external (EBGP) to internal (IBGP) paths or confederation EBGP paths. 8. Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains.
shorter (one hop instead of two), the LOCAL_PREF settings have the preferred path go through Router B and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B.
Figure 22. Multi-Exit Discriminators NOTE: With the Dell Networking OS version 8.3.1.0, configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost.
*> 7.0.0.0/29 10.114.8.33 0 0 18508 ? *> 7.0.0.0/30 10.114.8.33 0 0 18508 ? *> 9.2.0.0/16 10.114.8.33 10 0 18508 701 i AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through. The local AS number is added by the BGP speaker when advertising to a eBGP neighbor.
Multiprotocol BGP Multiprotocol extensions for BGP (MBGP) is defined in IETF RFC 2858. MBGP allows different types of address families to be distributed in parallel. MBGP allows information about the topology of the IP multicast-capable routers to be exchanged separately from the topology of normal IPv4 and IPv6 unicast routers.
internal configured, BGP advertises the metric configured in the redistribute command as MED. • If BGP peer outbound route-map has metric configured, all other metrics are overwritten by this configuration. NOTE: When redistributing static, connected, or OSPF routes, there is no metric option.
Traditional Format DOT Format 4294967295 65535.65535 When creating Confederations, all the routers in a Confederation must be either 4-Byte or 2-Byte identified routers. You cannot mix them. Configure 4-byte AS numbers with the four-octet-support command.
! router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 <output truncated> Dell(conf-router_bgp)#do show ip bgp BGP table version is 24901, local router ID is 172.
AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress. When migrating one AS to another, perhaps combining ASs, an eBGP network may lose its routing to an iBGP if the ASN changes.
When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the no prepend option, the Local-AS does not prepend to the updates received from the eBGP peer. If you do not select no prepend (the default), the Local-AS is added to the first AS segment in the AS-PATH.
• Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link-local Next-hop. • RFC 2545 and the f10BgpM2Rfc2545Group are not supported. • An SNMP query displays up to 89 AS paths. A query for a larger AS path count displays as "…" at the end of the output.
• auto-summarization (the default is no auto-summary) • synchronization (the default is no synchronization) BGP Configuration To enable the BGP process and begin exchanging information, assign an AS number and use commands in ROUTER BGP mode to configure a BGP neighbor.
Enabling BGP By default, BGP is not enabled on the system. The Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer. In BGP, routers with an established TCP connection are called neighbors or peers.
Use this command to enter BGP for IPv6 mode (CONF-ROUTER_BGPv6_AF). 2. Add a neighbor as a remote AS. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group name } remote-as as-number • peer-group name : 16 characters • as-number : from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.
1 BGP AS-PATH entrie(s) using 47 bytes of memory 5 neighbor(s) using 23520 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 10.10.21.1 65123 0 0 0 0 0 never Active 10.10.32.3 65123 0 0 0 0 0 never Active For the router’s identifier, the system uses the highest IP address of the Loopback interfaces configured.
For address family: IPv4 Unicast BGP table version 0, neighbor version 0 0 accepted prefixes consume 0 bytes Prefix advertised 0, rejected 0, withdrawn 0 Connections established 0; dropped 0 Last reset never No active TCP connection Dell# R2#show running-config bgp ! router bgp 65123 bgp router-id 192.
bgp asnotation asplain NOTE: ASPLAIN is the default method the system uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot • Enable ASDOT+ AS Number representation.
A maximum of 256 peer groups are allowed on the system. Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it. For information about configuring route policies for a peer group, refer to Filtering BGP Routes .
Example of Viewing a Newly Created Peer Group Example of Enabling a Peer Group Example of the show ip bgp peer-group Command After you create a peer group, you can use any of the commands beginning with the keyword neighbor to configure that peer group.
To disable a peer group, use the neighbor peer-group-name shutdown command in CONFIGURATION ROUTER BGP mode. The configuration of the peer group is maintained, but it is not applied to the peer group members. When you disable a peer group, all the peers within the peer group that are in the ESTABLISHED state move to the IDLE state.
CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } fail-over Example of Verifying that Fast Fail-Over is Enabled on a BGP Neighbor Example of Verifying that Fast Fail-Over is Enabled on a Peer-Group To verify fast fail-over is enabled on a particular BGP neighbor, use the show ip bgp neighbors command.
100.100.100.100* Dell# router bgp 65517 neighbor test peer-group neighbor test fail-over neighbor test no shutdown Configuring Passive Peering When you enable a peer-group, the software sends an OPEN message to initiate a TCP connection.
Maintaining Existing AS Numbers During an AS Migration The local-as feature smooths out the BGP network migration operation and allows you to maintain existing ASNs during a BGP network migration. When you complete your migration, be sure to reconfigure your routers with the new information and disable this feature.
• Allow this neighbor ID to use the AS path the specified number of times. CONFIG-ROUTER-BGP mode neighbor { IP address | peer-group-name } allowas-in number – Peer Group Name : 16 characters. – Number : 1 through 10. Format: IP Address: A.B.C.D.
• Speeds convergence by advertising a special update packet known as an end-of-RIB marker. This marker indicates the peer has been updated with all routes in the local RIB.
neighbor { ip-address | peer-group-name } graceful-restart • Set the maximum restart time for the neighbor or peer-group. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } graceful-restart [restart-time time- in-seconds ] The default is 120 seconds .
4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Use a configured AS-PATH ACL for route filtering and manipulation. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } filter-list as-path-name {in | out} If you assign an non-existent or empty AS-PATH ACL, the software allows all routes.
Regular Expression Definition ^ (caret) Matches the beginning of the input string. Alternatively, when used as the first character within brackets [^ ], this matches any number except the ones specified within the brackets. $ (dollar) Matches the end of the input string.
Dell(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.
Enabling Additional Paths The add-path feature is disabled by default. NOTE: Note: In some cases, while receiving 1K same routes from more than 64 iBGP neighbors, BGP sessions holdtime of 10 seconds may flap. The BGP add-path does not update packets for advertisement and cannot scale to higher numbers.
ip community-list community-list-name 2. Configure a community list by denying or permitting specific community numbers or types of community. CONFIG-COMMUNITYLIST mode {deny | permit} { community-num.
• soo : route origin or site-of-origin. Support for matching extended communities against regular expression is also supported. Match against a regular expression using the following keyword.
neighbor { ip-address | peer-group-name } route-map map-name {in | out} To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode.
• none : remove the COMMUNITY attribute. • additive : add the communities to already existing communities. 3. Return to CONFIGURATION mode. CONFIG-ROUTE-MAP mode exit 4. Enter the ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Apply the route map to the neighbor or peer group’s incoming or outgoing routes.
CONFIG-ROUTER-BGP mode bgp bestpath med {confed | missing-as-best} – confed : Chooses the bestpath MED comparison of paths learned from BGP confederations. – missing-as-best : Treat a path missing an MED as the most preferred one. To view the nondefault values, use the show config command in CONFIGURATION ROUTER BGP mode.
Changing the NEXT_HOP Attribute You can change how the NEXT_HOP attribute is used. To change how the NEXT_HOP attribute is used, enter the first command. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode.
maximum-paths {ebgp | ibgp} number The show ip bgp network command includes multipath information for that network. Filtering BGP Routes Filtering routes allows you to implement BGP policies.
CONFIGURATION mode router bgp as-number 5. Filter routes based on the criteria in the configured prefix list. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } distribute-list prefix-li.
CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } route-map map-name {in | out} Configure the following parameters: • ip-address or peer-group-name : enter the neighbor’s IP address or the peer group’s name. • map-name : enter the name of a configured route map.
Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information.
redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 7.0.0.0/29 10.114.8.33 0 0 18508 ? *> 7.
• Withdraw • Readvertise • Attribute change When dampening is applied to a route, its path is described by one of the following terms: • history entry — an entry that stores information on a.
EXEC Privilege clear ip bgp dampening [ ip-address mask ] • View all flap statistics or for specific routes meeting the following criteria. EXEC or EXEC Privilege mode show ip bgp flap-statistics [ ip-address [ mask ]] [filter-list as-path-name ] [regexp regular-expression ] – ip-address [ mask ] : enter the IP address and mask.
To view a count of dampened routes, history routes, and penalized routes when you enable route dampening, look at the seventh line of the show ip bgp summary command output, as shown in the following example (bold). Dell>show ip bgp summary BGP router identifier 10.
Enabling BGP Neighbor Soft-Reconfiguration BGP soft-reconfiguration allows for faster and easier route changing. Changing routing policies typically requires a reset of BGP sessions (the TCP connection) for the policies to take effect.
Example of Soft-Reconfigration of a BGP Neighbor The example enables inbound soft reconfiguration for the neighbor 10.108.1.1. All updates received from this neighbor are stored unmodified, regardless of the inbound policy. When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates.
When you configure a peer to support IPv4 multicast, the system takes the following actions: • Send a capability advertisement to the peer in the BGP Open message specifying IPv4 multicast as a supported AFI/SAFI (Subsequent Address Family Identifier).
• View information about local BGP state changes and other BGP events. EXEC Privilege mode debug ip bgp [ ip-address | peer-group peer-group-name ] events [in | out] • View information about BGP KEEPALIVE messages.
Sent 48 messages, 0 in queue 3 opens, 2 notifications, 0 updates 43 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start .
Figure 24. Sample Configurations Example of Enabling BGP (Router 1) Example of Enabling BGP (Router 2) Example of Enabling BGP (Router 3) Example of Enabling Peer Groups (Router 1) Example of Enabling Peer Groups (Router 2) Example of Enabling Peer Groups (Router 3) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.
no shutdown R1(conf-if-gi-1/21)#int gig 1/31 R1(conf-if-gi-1/31)#ip address 10.0.3.31/24 R1(conf-if-gi-1/31)#no shutdown R1(conf-if-gi-1/31)#show config ! interface GigabitEthernet 1/31 ip address 10.0.3.31/24 no shutdown R1(conf-if-gi-1/31)#router bgp 99 R1(conf-router_bgp)#network 192.
R2(conf-if-gi-2/31)#ip address 10.0.2.2/24 R2(conf-if-gi-2/31)#no shutdown R2(conf-if-gi-2/31)#show config ! interface GigabitEthernet 2/31 ip address 10.0.2.2/24 no shutdown R2(conf-if-gi-2/31)# R2(conf-if-gi-2/31)#router bgp 99 R2(conf-router_bgp)#network 192.
R3(conf-if-lo-0)#int gig 3/21 R3(conf-if-gi-3/21)#ip address 10.0.2.3/24 R3(conf-if-gi-3/21)#no shutdown R3(conf-if-gi-3/21)#show config ! interface GigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown R3(conf-if-gi-3/21)# R3(conf-if-gi-3/21)#router bgp 100 R3(conf-router_bgp)#show config ! router bgp 100 R3(conf-router_bgp)#network 192.
neighbor BBB peer-group neighbor BBB no shutdown neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 peer-group AAA neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.
Local host: 192.168.128.1, Local port: 179 Foreign host: 192.168.128.2, Foreign port: 65464 BGP neighbor is 192.168.128.3, remote AS 100, external link Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.
BGP router identifier 192.168.128.2, local AS number 99 BGP table version is 2, main routing table version 2 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB ove.
BGP state ESTABLISHED, in this state for 00:00:21 Last read 00:00:09, last write 00:00:08 Hold time is 180, keepalive interval is 60 seconds Received 93 messages, 0 in queue 5 opens, 0 notifications, .
Hold time is 180, keepalive interval is 60 seconds Received 138 messages, 0 in queue 7 opens, 2 notifications, 7 updates 122 keepalives, 0 route refresh requests Sent 140 messages, 0 in queue 7 opens,.
10 Content Addressable Memory (CAM) Content addressable memory (CAM) is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies.
The ipv6acl and vman-dual-qos allocations must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges. You must save the new CAM settings to the startup-config ( write-mem or copy run start ) then reload the system for the new settings to take effect.
View CAM-ACL Settings View the current cam-acl settings using the show cam-acl command. Example of Viewing CAM-ACL Settings Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) L2A.
11 Control Plane Policing (CoPP) Control plane policing (CoPP) is supported on the MXL switch. CoPP uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane.
Figure 26. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The MXL switch can process maximum of 4200 PPS (packets per second). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though Per Protocol CoPP is applied.
same queue. If you are not aware of the incoming protocol traffic rate, you cannot set the required queue rate limit value. You must complete queue bandwidth tuning carefully because the system cannot open up to handle any rate, including traffic coming at the line rate.
8. Assign the protocol based the service policy on the control plane. Enabling this command on a port- pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword.
Dell(conf)#policy-map-input egressFP_rate_policy cpu-qos Dell(conf-policy-map-in-cpuqos)#class-map class_ospf qos-policy rate_limit_500k Dell(conf-policy-map-in-cpuqos)#class-map class_bgp qos-policy .
Dell(conf)#policy-map-input cpuq_rate_policy cpu-qos Dell(conf-qos-policy-in)#service-queue 5 qos-policy cpuq_1 Dell(conf-qos-policy-in)#service-queue 6 qos-policy cpuq_2 Dell(conf-qos-policy-in)#serv.
To view the queue mapping for the MAC protocols, use the show mac protocol-queue-mapping command. Dell#show mac protocol-queue-mapping Protocol Destination Mac EtherType Queue EgPort Rate (kbps) -----.
12 Data Center Bridging (DCB) Data center bridging (DCB) is supported on the FC Flex IO module installed in the MXL 10/40GbE Switch. Ethernet Enhancements in Data Center Bridging The following section describes DCB.
InterProcess Communicatio n (IPC) traffic InterProcess Communication (IPC) traffic within high-performance computing clusters to share information. Server traffic is extremely sensitive to latency requirements.
Ethernet (FCoE) converged traffic and one for Internet Small Computer System Interface (iSCSI) storage traffic. Configure the same lossless queues on all ports. • PFC delay constraints place an upper limit on the transmit time of a queue after receiving a message to pause a specified priority.
Figure 28. Enhanced Transmission Selection The following table lists the traffic groupings ETS uses to select multiprotocol traffic for transmission. Table 9. ETS Traffic Groupings Traffic Groupings Description Priority group A group of 802.1p priorities used for bandwidth allocation and queue scheduling.
Data Center Bridging Exchange Protocol (DCBx) DCBx allows a switch to automatically discover DCB-enabled peers and exchange configuration information. PFC and ETS use DCBx to exchange and negotiate parameters with peer devices. DCBx capabilities include: • Discovery of DCB capabilities on peer-device connections.
Enabling Data Center Bridging Data center bridging is enabled by default on an MXL 10/40GbE Switch to support converged enhanced Ethernet (CEE) in a data center network.
Configuring DCB Maps and its Attributes This topic contains the following sections that describe how to configure a DCB map, apply the configured DCB map to a port, configure PFC without a DCB map, and configure lossless queues. DCB Map: Configuration Procedure A DCB map consists of PFC and ETS parameters.
Important Points to Remember • If you remove a dot1p priority-to-priority group mapping from a DCB map ( no priority pgid command), the PFC and ETS parameters revert to their default values on the interfaces on which the DCB map is applied. By default, PFC is not applied on specific 802.
Step Task Command Command Mode 1 Enter interface configuration mode on an Ethernet port. interface {tengigabitEthernet slot / port | fortygigabitEthernet slot / port } CONFIGURATION 2 Enable PFC on specified priorities. Range: 0-7. Default: None. Maximum number of lossless queues supported on an Ethernet port: 2.
Step Task Command Command Mode 4 Return to interface configuration mode. exit DCB MAP 5 Apply the DCB map, created to disable the PFC operation, on the interface dcb-map { name | default } INTERFACE 6 Configure the port queues that still function as no-drop queues for lossless traffic.
Interworking of DCB Map With DCB Buffer Threshold Settings The dcb-input and dcb-output configuration commands are deprecated. You must use the dcp-map command to create a DCB map to configure priority flow control (PFC) and enhanced transmission selection (ETS) on Ethernet ports that support converged Ethernet traffic.
Configuring Priority-Based Flow Control PFC provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default when you enable DCB.
To honor a PFC pause frame multiplied by the number of PFC-enabled ingress ports, the minimum link delay must be greater than the round-trip transmission time the peer requires. NOTE: You cannot enable PFC and link-level flow control at the same time on an interface.
interface type slot/port 2. Configure the port queues that still functions as no-drop queues for lossless traffic. INTERFACE mode pfc no-drop queues queue-range For the dot1p-queue assignments, refer to the dot1p Priority-Queue Assignment table. The maximum number of lossless queues globally supported on the switch is four.
The only valid port-set ID (port-pipe number) is 0. Dell Networking OS Behavior: If you configure PFC on a 40GbE port, count the 40GbE port as four PFC- enabled ports in the pfc-port number you enter in the command syntax.
used to process. For example, you can assign a higher priority for time-sensitive applications and a lower priority for other services, such as file transfers. You can configure the amount of buffer space to be allocated for each priority and the pause or resume thresholds for the buffer.
ETS Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure ETS bandwidth allocation or queue scheduling and apply a QoS ETS output policy on an interface.
PRIORITY-GROUP mode exit 5. Repeat Steps 1 to 4 to configure all remaining dot1p priorities in an ETS priority group. Dell Networking OS Behavior: A priority group consists of 802.1p priority values that are grouped for similar bandwidth allocation and scheduling, and that share latency and loss requirements.
If you configure only the priority group in an ETS output policy or only the dot1p priority for strict- priority scheduling, the flow is handled with group strict priority.
7. Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling.
dcb-policy output stack-unit {all | stack-unit-id } stack-ports all dcb- output-policy-name Entering this command removes all DCB input policies applied to stacked ports. Dell Networking Behavior: A dcb-policy output stack-unit all command overwrites any previous dcb-policy output stack-unit stack-unit-id configurations.
Figure 30. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification : The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table.
dot1p Value in Incoming Frame Queue Assignment 4 2 5 3 6 3 7 3 The following describes the dot1p-priority class group assignment dot1p Value in the Incoming Frame Priority Group Assignment 0 LAN 1 LAN 2 LAN 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment.
Example of Applying DCB PFC Input Policy and ETS Output Policy in a Switch Stack dcb-map stack-unit all stack-ports all <dcb-map-name> Applying DCB Policies in a Switch Stack You can apply a DCB policy with PFC configuration to all stacked ports in a switch stack or on a stacked switch.
DCBx Port Roles To enable the auto-configuration of DCBx-enabled ports and propagate DCB configurations learned from peer DCBx devices internally to other switch ports, use the following DCBx port roles. Auto-upstream The port advertises its own configuration to DCBx peers and receives its configuration from DCBX peers (ToR or FCF device).
The internally propagated configuration is not stored in the switch’s running configuration. On a DCBX port in an auto-downstream role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. Configuration source The port is configured to serve as a source of configuration information on the switch.
DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced transmission selection (ETS) and priority-based flow control (PFC) DCB features.
• If the configuration received from the peer is not compatible with the internally propagated configuration used by the configuration source, the port is disabled as a client for DCBx operation and synchronization and a syslog error message is generated.
On the MXL switch, PFC and ETS use DCBx to exchange link-level configuration with DCBx peer devices. Figure 31. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and.
Configuring DCBx To configure DCBx, follow these steps. For DCBx, to advertise DCBx TLVs to peers, enable LLDP. For more information, refer to Link Layer Discovery Protocol (LLDP) . Configure DCBx operation at the interface level on a switch or globally on the switch.
[no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [ets-conf | ets-reco | pfc] • ets-conf : enables the advertisement of ETS Configuration TLVs. • ets-reco : enables the advertisement of ETS Recommend TLVs. • pfc enables : the advertisement of PFC TLVs.
• auto : configures all ports to operate using the DCBx version received from a peer. • cee : configures a port to use CEE (Intel 1.01). cin configures a port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5 : configures a port to use IEEE 802.1Qaz (Draft 2.
[no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x10 . DCBx Error Messages The following syslog messages appear when an error in DCBx operation occurs. LLDP_MULTIPLE_PEER_DETECTED: DCBx is operationally disabled after detecting more than one DCBx peer on the port interface.
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 10. Displaying DCB Configurations Command Output show dot1p-queue mapping Displays the current 802.
Example of the show dot1p-queue mapping Command Example of the show dcb Command Example of the show interfaces pfc summary Command Example of the show interface pfc statistics Command Example of the s.
PFC Link Delay 45556 pause quanta Application Priority TLV Parameters : -------------------------------------- FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is .
Fields Description • Symmetric: for an IEEE version TLV Tx Status Status of PFC TLV advertisements: enabled or disabled. PFC Link Delay Link delay (in quanta) used to pause specified priority traffic. Application Priority TLV: FCOE TLV Tx Status Status of FCoE advertisements in application priority TLVs from local DCBx port: enabled or disabled.
Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------ Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0.
Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------ Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2.
Table 12. show interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured.
Field Description ETS TLV Statistic: Error Conf TLV pkts Number of ETS Error Configuration TLVs received. Dell(conf)# show stack-unit all stack-ports all pfc details stack unit 0 stack-port all Admin .
Dell(conf)# show interface tengigabitethernet 0/49 dcbx detail Dell#show interface te 0/49 dcbx detail E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled.
Field Description Configuration Source Specifies whether the port serves as the DCBx configuration source on the switch: true (yes) or false (no). Local DCBx Compatibility mode DCBx version accepted in a DCB configuration as compatible. In auto-upstream mode, a port can only received a DCBx version supported on the remote peer.
QoS dot1p Traffic Classification and Queue Assignment The following section describes QoS dot1P traffic classification and assignments. DCB supports PFC, ETS, and DCBx to handle converged Ethernet tra.
Configuring the Dynamic Buffer Method To configure the dynamic buffer capability, perform the following steps: 1. Enable the DCB application. By default, DCB is enabled and link-level flow control is disabled on all interfaces. CONFIGURATION mode S6000-109-Dell(conf)#dcb enable 2.
8. Create a QoS policy buffer and enter the QoS Policy Buffer Configuration mode to configure the no- drop queues, ingress buffer size, buffer limit for pausing, and buffer offset limit for resuming.
13 Debugging and Diagnostics This chapter describes debugging and diagnostics for the MXL switch. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware.
You cannot enter this command on a MASTER or Standby stack unit. NOTE: The system reboots when the offline diagnostics complete. This is an automatic process. The following warning message appears when you implement the offline stack- unit <id> command: Warning - Diagnostic execution will cause stack-unit to reboot after completion of diags.
Example of the diag command (Standalone unit) Dell#diag stack-unit 0 level0 Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports .
PRESENT Test 9 - SD Flash Access Test ....................................... PASS Test 10.000 - Qsfp Plus Power Mode Test ............................. PASS Test 10.001 - Qsfp Plus Power Mode Test ............................. PASS Test 10 - Qsfp Plus Power Mode Test .
Example of the dir flash: Command Dell#dir flash://TRACE_LOG_DIR Directory of flash:/TRACE_LOG_DIR 1 drwx 4096 Jan 17 2011 15:02:16 +00:00 . 2 drwx 4096 Jan 01 1980 00:00:00 +00:00 .
show hardware stack-unit { 0-5 } cpu party-bus statistics • View the ingress and egress internal packet-drop counters, MAC counters drop, and FP packet drops for the stack unit on per port basis.
Example of the show interfaces transceiver Command Dell#show int ten 0/49 transceiver SFP is present SFP 49 Serial Base ID fields SFP 49 Id = 0x03 SFP 49 Ext Id = 0x04 SFP 49 Connector = 0x07 SFP 49 T.
Recognize an Over-Temperature Condition An overtemperature condition occurs, for one of two reasons: the card genuinely is too hot or a sensor has malfunctioned. Inspect cards adjacent to the one reporting the condition to discover the cause. • If directly adjacent cards are not normal temperature, suspect a genuine overheating condition.
* Management Unit -- Thermal Sensor Readings (deg C) -- Unit Sensor0 Sensor1 Sensor2 Sensor3 Sensor4 Sensor5 Sensor6 Sensor7 Sensor8 Sensor9 -----------------------------------------------------------.
OID String OID Name Description .1.3.6.1.4.1.6027.3.16.1.1.5 fpStatsPerPortTable View the forwarding plane statistics containing the packet buffer usage per port per stack unit. .1.3.6.1.4.1.6027.3.16.1.1.6 fpStatsPerCOSTable View the forwarding plane statistics containing the packet buffer statistics per COS per port.
Total IngMac Drops :0 Total Mmu Drops :0 Total EgMac Drops :0 Total Egress Drops :0 Dell#show hardware stack-unit 0 drops unit 0 Port# :Ingress Drops :IngMac Drops :Total Mmu Drops :EgMac Drops :Egres.
txPkt(COS1) :0 txPkt(COS2) :0 txPkt(COS3) :0 txPkt(COS4) :0 txPkt(COS5) :0 txPkt(COS6) :0 txPkt(COS7) :0 txPkt(UNIT0) :0 The show hardware stack-unit cpu party-bus statistics command displays input an.
RDBGC0.ge0 : 34 +24 RDBGC1.ge0 : 366 +235 RDBGC5.ge0 : 16 +12 RDBGC7.ge0 : 18 +12 GR64.ge0 : 5,176 +24 GR127.ge0 : 1,566 +1,433 GR255.ge0 : 4 +4 GRPKT.ge0 : 1,602 +1,461 GRBYT.ge0 : 117,600 +106,202 GRMCA.ge0 : 366 +235 GRBCA.ge0 : 12 +9 GT64.ge0 : 4 +3 GT127.
The panic string contains key information regarding the crash. Several panic string types exist, and they are displayed in regular English text to allow easier understanding of the crash cause. Example of Application Mini Core Dump Listings Example of a Mini Core Text File Dell#dir Directory of flash: 1 drw- 16384 Jan 01 1980 00:00:00 +00:00 .
The tcpdump command has a finite run process. When you enable the tcpdump command, it runs until the capture-duration timer and/or the packet-count counter threshold is met. If you do not set a threshold, the system uses a default of a 5 minute capture-duration and/or a single 1k file as the stopping point for the dump.
14 Dynamic Host Configuration Protocol (DHCP) The dynamic host configuration protocol (DHCP) is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators.
Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Server Option 6 Specifies the domain name servers (DNSs) that are available to the client.
Option Number and Description Identifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Snooping Option 82 Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database.
Figure 33. Client and Server Messaging Implementation Information The following describes DHCP implementation. • Dell Networking implements DHCP based on RFC 2131 and RFC 3046.
Configure the System to be a DHCP Server Configuring the system to be a DHCP server is supported on the MXL switch. A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient.
DHCP mode pool name 3. Specify the range of IP addresses from which the DHCP server may assign addresses. DHCP <POOL> mode network network/prefix-length • network : the subnet address. • prefix-length : specifies the number of bits used for the network portion of the address you specify.
Specifying an Address Lease Time To specify an address lease time, use the following command. • Specify an address lease time for the addresses in a pool.
Figure 34. Enabling the DHCP Server Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Using DNS for Address Resolution A domain is a group of networks.
Creating Manual Binding Entries An address binding is a mapping between the IP address and the media access control (MAC) address of a client. The DHCP server assigns the client an available IP address automatically, and then creates an entry in the binding table.
clear ip dhcp binding ip address • Clear a DHCP address conflict. EXEC Privilege mode. clear ip dhcp conflict • Clear DHCP server counters. EXEC Privilege mode. clear ip dhcp server statistics Configure the System to be a Relay Agent DHCP clients and servers request and offer configuration information via broadcast DHCP messages.
Figure 35. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command Dell#show ip int tengig 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10.
ICMP redirects are not sent ICMP unreachables are not sent Configure the System to be a DHCP Client A DHCP client is a network device that requests an IP address and configuration parameters from a DHCP server. Implement the DHCP client functionality as follows: • The switch can obtain a dynamically assigned IP address from a DHCP server.
command when the lease timer for the dynamic IP address is expired. The interface acquires a new dynamic IP address from the DHCP server. If you later enter the no shutdown command and the lease timer for the dynamic IP address has expired, the IP address is released.
EXEC Privilege mode release dhcp interface type slot/port 4. Acquire a new IP address with renewed lease time from a DHCP server. EXEC Privilege mode renew dhcp interface type slot/port Example of the.
Interface Te 0/1 : DHCP ENABLE CMD Received in state START May 27 15:52:48: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_EVT: Interface Te 0/1: Transitioned to state SELECTING May 27 15:52:48.
Interface Te 0/1 May 27 15:55:31: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_PKT: Received DHCPOFFER packet in Interface Te 0/1 with Lease-Ip:10.
• Management routes added by the DHCP client are not added to the running configuration. NOTE: Management routes added by the DHCP client include the specific routes to reach a DHCP server in a different subnet and the management route.
To use the router as the VRRP owner, if you enable a DHCP client on an interface that is added to a VRRP group, assign a priority less than 255 but higher than any other priority assigned in the group. Configure Secure DHCP DHCP as defined by RFC 2131 provides no authentication or security mechanisms.
DHCP Snooping DHCP snooping protects networks from spoofing. In the context of DHCP snooping, ports are either trusted or not trusted. By default, all ports are not trusted. Trusted ports are ports through which attackers cannot connect. Manually configure ports connected to legitimate servers and relay agents as trusted.
ip dhcp snooping trust 3. Enable DHCP snooping on a VLAN. CONFIGURATION mode ip dhcp snooping vlan Enabling IPv6 DHCP Snooping To enable IPv6 DHCP snooping, use the following commands. 1. Enable IPv6 DHCP snooping globally. CONFIGURATION mode ipv6 dhcp snooping 2.
Clearing the DHCP IPv6 Binding Table To clear the DHCP IPv6 binding table, use the following command. • Delete all of the entries in the binding table.
Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic.
Dynamic ARP Inspection Dynamic address resolution protocol (ARP) inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding table. ARP is a stateless protocol that provides no authentication mechanism.
NOTE: Dynamic ARP inspection (DAI) uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system. However, the ExaScale default CAM profile allocates only nine entries to the L2SysFlow region for DAI.
--------------------------------------- Valid ARP Requests : 0 Valid ARP Replies : 1000 Invalid ARP Requests : 1000 Invalid ARP Replies : 0 Dell# Bypassing the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environments.
packet. Likewise, if the IP address is fake, the address is not on the list of permissible addresses for the port and the packet is dropped. To enable IP source address validation, use the following command.
15 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) is supported on the MXL switch. ECMP for Flow-Based Affinity ECMP for flow-based affinity is available on the MXL switch. NOTE: IPv6 /128 routes having multiple paths do not form ECMPs. The /128 route is treated as a host entry and finds its place in the host table.
Link Bundle Monitoring Monitoring linked ECMP bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time. A threshold of 60% is defined as an acceptable amount of traffic on a member link. Links are monitored in 15-second intervals for three consecutive instances.
Example of the ip ecmp-group maximum-paths Command Dell(conf)#ip ecmp-group maximum-paths 3 User configuration has been changed. Save the configuration and reload to take effect Dell(conf)# Equal Cost.
16 FC FLEXIO FPORT FC FlexIO FPort is now supported on the MXL switch platform. FC FLEXIO FPORT The MXL blade switch is a Trident+ based switch which is plugged into the Dell M1000 Blade server chassis. The blade module contains two slots for pluggable flexible module.
INTERFACE mode fcoe-map <fcoe-map-name> {tengigabitEthernet slot/port | fortygigabitEthernet slot/port} The FCoE map contains FCoE and FC parameter settings (refer to FCoE Maps ).
FCoE Maps To identify the SAN fabric to which FCoE storage traffic is sent, use an FCoE map. Using an FCoE map, an NPG operates as an FCoE-FC bridge between an FC SAN and FCoE network by providing FCoE-enabled servers and switches with the necessary parameters to log in to a SAN fabric.
The values for the FCoE VLAN, fabric ID, and FC-MAP must be unique. Apply an FCoE map on downstream server-facing Ethernet ports and upstream fabric-facing Fibre Channel ports. 1. Create an FCoE map which contains parameters used in the communication between servers and a SAN fabric.
7. Configure the time interval (in seconds) used to transmit FIP keepalive advertisements. FCoE MAP mode fka-adv-period seconds The range is from 8 to 90 seconds. The default is 8 seconds . Zoning The zoning configurations are supported for Fabric FCF Port mode operation on the MXL.
Creating Zone Alias and Adding Members To create a zone alias and add devices to the alias, follow these steps. 1. Create a zone alias name. CONFIGURATION mode fc alias ZoneAliasName 2. Add devices to an alias. ALIAS CONFIGURATION mode member word The member can be WWPN (00:00:00:00:00:00:00:00), port ID (000000), or alias name (word).
Activating a Zoneset Activating a zoneset makes the zones within it effective. On a switch, only one zoneset can be active. Any changes in an activated zoneset do not take effect until it is re-activated. By default, the fcoe-map fabric map-name does not have any active zonesets.
Example of the show config Command Dell(conf-fcoe-SAN_FABRIC)#show config ! fcoe-map SAN_FABRIC description SAN_FABRIC fc-map 0efc00 fabric-id 1002 vlan 1002 ! fc-fabric default-zone-allow all Dell(co.
Intf# Domain FC-ID Enode-WWPN Enode-WWNN Fc 0/3 1 01:35:00 10:00:8c:7c:ff:17:f8:01 20:00:8c:7c:ff:17:f8:01 Dell# Example of the show fc zoneset Command Dell#show fc zoneset ZoneSetName ZoneName ZoneMe.
17 FCoE Transit The Fibre Channel over Ethernet (FCoE) Transit feature is supported on the MXL 10/40GbE switch. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FCoE transit is not supported on Fibre Channel interfaces.
FIP enables FCoE devices to discover one another, initialize and maintain virtual links over an Ethernet network, and access storage devices in a storage area network (SAN).
Figure 36. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF.
Port-based ACLs These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs. FCoE- generated ACLs These take precedence over user-configured ACLs.
Figure 37. FIP Snooping on an MXL 10/40GbE Switch The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis.
FIP Snooping in a Switch Stack FIP snooping supports switch stacking as follows: • A switch stack configuration is synchronized with the standby stack unit. • Dynamic population of the FCoE database (ENode, Session, and FCF tables) is synchronized with the standby stack unit.
Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configuring FIP Snooping procedure.
FCoE traffic is allowed on the port only after the switch learns the FC-MAP value associated with the specified FCF MAC address and verifies that it matches the configured FC-MAP value for the FCoE VLAN. Configure a Port for a Bridge-to-FCF Link If a port is directly connected to an FCF, configure the port mode as FCF.
Bridging (DCB) chapter). Dell Networking recommends also enabling enhanced transmission selection (ETS); however, ETS is recommended but not required. If you enable DCBx and PFC mode is on (PFC is operationally up) in a port configuration, FIP snooping is operational on the port.
The default is 0x0EFC00. The valid values are from 0EFC00 to 0EFCFF. 4. Enter interface configuration mode to configure the port for FIP snooping links. CONFIGURATION mode interface port-type slot/port By default, a port is configured for bridge-to-ENode links.
Command Output show fip-snooping statistics [interface vlan vlan-id | interface port-type port/ slot | interface port-channel port- channel-number ] Displays statistics on the FIP packets snooped on all interfaces, including VLANs, physical ports, and port channels.
Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/ port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FCoE MAC MAC address of the FCoE session assigned by the FCF. FC-ID Fibre Channel ID assigned by the FCF.
Table 22. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FC-MAP FC-Map value advertised by the FCF.
Number of FLOGO Accepts :0 Number of FLOGO Rejects :0 Number of CVL :0 Number of FCF Discovery Timeouts :0 Number of VN Port Session Timeouts :0 Number of Session failures due to Hardware Config :0 De.
Field Description Number of VN Port Keep Alives Number of FIP-snooped VN port keep-alive frames received on the interface. Number of Multicast Discovery Advertisements Number of FIP-snooped multicast discovery advertisements received on the interface.
FCoE Transit Configuration Example The following illustration shows an MXL switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. In this example, DCBx and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch.
The following example shows how to configure FIP snooping on FCoE VLAN 10, on an FCF-facing port (0/50), on an ENode server-facing port (0/1), and to configure the FIP snooping ports as tagged members of the FCoE VLAN enabled for FIP snooping.
18 FIPS Cryptography Federal information processing standard (FIPS) cryptography is supported on the MXL switch platform. This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms.
• FIPS mode is enabled. – If you enable the SSH server when you enter the fips mode enable command, it is re-enabled for version 2 only . – If you re-enable the SSH server, a new RSA host key-pair is generated automatically. You can also manually create this key-pair using the crypto key generate command.
Example of the show fips status Command Example of the show system Command Dell#show fips status FIPS Mode : Enabled for the system using the show system command.
all configured host keys. Proceed (y/n) ? FIPS Cryptography 369.
19 Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses.
Figure 39. Normal Operating FRRP Topology A virtual LAN (VLAN) is configured on all node ports in the ring. All ring ports must be members of the Member VLAN and the Control VLAN. The Member VLAN is the VLAN used to transmit data as described earlier.
Ring Failure If a Transit node detects a link down on any of its ports on the FRRP ring, it immediately sends a link- down control frame on the Control VLAN to the Master node. When the Master node receives this control frame, the Master node moves from the Normal state to the Ring-Fault state and unblocks its Secondary port.
Figure 40. Multiple Rings Connected by a Single Switch Example Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks. The Master node originates a high-speed frame that circulates around the ring.
• Transit node ring port states — blocking, pre-forwarding, forwarding, and disabled. • STP disabled on ring interfaces. • Master node secondary port is in blocking state during Normal operation. • Ring health frames (RHF) – Hello RHF: sent at 500ms (hello interval); Only the Master node transmits and processes these.
Concept Explanation VLAN, and Master and Transit node information must be configured for the ring to be up. • Ring-Up — Ring is up and operational. • Ring-Down — Ring is broken or not set up. Ring Health-Check Frame (RHF) The Master node generates two types of RHFs.
– Configure Primary and Secondary ports • Setting the FRRP Timers Other FRRP related commands are: • Clearing the FRRP Counters • Viewing the FRRP Configuration • Viewing the FRRP Information Creating the FRRP Group Create the FRRP group on each switch in the ring.
• For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.
• Tag control VLAN ports. Member VLAN ports, except the Primary/Secondary interface, can be tagged or untagged. • The control VLAN must be the same for all nodes on the ring. To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring.
CONFIG-FRRP mode. member-vlan vlan-id { range } VLAN-ID, Range : VLAN IDs for the ring’s Member VLANs. 6. Enable this FRRP group on this switch. CONFIG-FRRP mode. no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval.
Viewing the FRRP Information To view general FRRP information, use one of the following commands. • Show the information for the identified FRRP group. EXEC or EXEC PRIVELEGED mode. show frrp ring-id Ring ID: the range is from 1 to 255. • Show the state of all FRRP groups.
Sample Configuration and Topology The following example shows a basic FRRP topology. Figure 41. Basic Topology and CLI Commands Example of R1 MASTER Example of R2 TRANSIT Example of R3 TRANSIT interfa.
interface primary GigabitEthernet 1/24 secondary GigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master no disable interface GigabitEthernet 2/14 no ip address switchport no shutdown ! inte.
20 GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP) is supported on the MXL switch platform. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN.
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged.
Related Configuration Tasks • Configure GVRP Registration • Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the following command.
Configure GVRP Registration Configure GVRP registration. There are three GVRP registration modes: • Normal Registration — Allows dynamic creation, registration, and de-registration of VLANs (if you enabled dynamic VLAN creation). By default, the registration mode is set to Normal when you enable GVRP on a port.
• LeaveAll — After startup, a GARP device globally starts a LeaveAll timer. After expiration of this interval, it sends out a LeaveAll message so that other GARP devices can re-register all relevant attribute information. The device then restarts the LeaveAll timer to begin a new cycle.
21 Internet Group Management Protocol (IGMP) Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. IGMP is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
Figure 43. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. • Responding to an IGMP Query – One router on a subnet is elected as the querier.
group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2.
Figure 45. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.
Figure 46. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.
Figure 47. Membership Queries: Leaving and Staying IGMP Snooping IGMP snooping enables switches to use information in IGMP packets to generate a forwarding table that associates ports with multicast groups so that when they receive multicast frames, they can forward them only to interested receivers.
• IGMP snooping is supported on all MXL 10/40GbE stack members. • IGMP snooping reacts to spanning tree protocol (STP) and multiple spanning tree protocol (MSTP) topology changes by sending a general query on the interface that transitions to the forwarding state.
Example of the show config Command Dell(conf-if-vl-100)#show config ! interface Vlan 100 no ip address ip igmp snooping fast-leave shutdown Dell(conf-if-vl-100)# Disabling Multicast Flooding If the sw.
Adjusting the Last Member Query Interval To adjust the last member query interval, use the following command. When the querier receives a Leave message from a receiver, it sends a group-specific query out of the ports specified in the forwarding table.
22 Interfaces This chapter describes 100/1000/10000 Mbps Ethernet, 10 Gigabit Ethernet, and 40 Gigabit Ethernet interface types, both physical and logical, and how to configure them with the Dell Networking operating software (OS).
Interface Types The following table describes different interface types. Interface Type Modes Possible Default Mode Requires Creation Default State Physical L2, L3 Unset No Shutdown (disabled) Managem.
Example of the show interfaces Command Example of the show ip interfaces brief Command Example of the show running-config Command to View Physical Interfaces The following example shows the configuration and status information for one interface.
GigabitEthernet 1/2 unassigned YES Manual up up GigabitEthernet 1/3 unassigned YES Manual up up GigabitEthernet 1/4 unassigned YES Manual up up GigabitEthernet 1/5 10.
To confirm that the interface is enabled, use the show config command in INTERFACE mode. To leave INTERFACE mode, use the exit command or end command. You cannot delete a physical interface. Physical Interfaces The switch interfaces support Layer 2 and Layer 3 traffic over the 100/1000/10000, 10-Gigabit, and 40- Gigabit Ethernet interfaces.
Type of Interface Possible Modes Requires Creation Default State Port Channel Layer 2 Layer 3 Yes Shutdown (disabled) VLAN Layer 2 Layer 3 Yes, except for the default VLAN.
Configuring Layer 3 (Network) Mode When you assign an IP address to a physical interface, you place it in Layer 3 mode. To enable Layer 3 mode on an individual interface, use the following commands. In all interface types except VLANs, the shutdown command prevents all traffic from passing through the interface.
INTERFACE mode ip address ip-address mask [secondary] The ip-address must be in dotted-decimal format (A.B.C.D) and the mask must be in slash format (/ xx). Add the keyword secondary if the IP address is the interface’s backup IP address. Example of the show ip interface Command You can only configure one primary IP address per interface.
The MXL switch system supports the management Ethernet interface as well as the standard interface on any front-end port. You can use either method to connect to the system. Configuring Management Interfaces on the MXL Switch On the MXL Switch IO Module, the dedicated management interface provides management access to the system.
Server Port AdminState is Down Pluggable media not present Interface index is 38080769 Internet address is not set Mode of IP Address Assignment : NONE DHCP Client-ID :tenG145001ec9bb02c2 MTU 1554 byt.
INTERFACE mode ip address ip-address mask [secondary] – ip-address mask : enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). – secondary : the IP address is the interface’s backup IP address. You can configure up to eight secondary IP addresses.
Null Interfaces The Null interface is another virtual interface. There is only one Null interface. It is always up, but no traffic is transmitted through this interface. To enter INTERFACE mode of the Null interface, use the following command. • Enter INTERFACE mode of the Null interface.
With this feature, you can create larger-capacity interfaces by utilizing a group of lower-speed links. For example, you can build a 40-Gigabit interface by aggregating four 10-Gigabit Ethernet interfaces together. If one of the five interfaces fails, traffic is redistributed across the three remaining interfaces.
In this example, you can change the common speed of the port channel by changing its configuration so the first enabled interface referenced in the configuration is a 1000 Mb/s speed interface. You can also change the common speed of the port channel here by setting the speed of the TenGig 0/0 interface to 1000 Mb/s.
• description • shutdown/no shutdown • mtu • ip mtu (if the interface is on a Jumbo-enabled by default) NOTE: The MXL switch supports jumbo frames by default (the default maximum transmission unit [MTU] is 1554 bytes) You can configure the MTU using the mtu command from INTERFACE mode.
Last clearing of "show interface" counters 00:05:44 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkt.
INTERFACE PORT-CHANNEL mode interface port-channel id number 3. Add the interface to the second port channel. INTERFACE PORT-CHANNEL mode channel-member interface Example of Moving an Interface to a New Port Channel The following example shows moving the TenGigabitEthernet 1/8 interface from port channel 4 to port channel 3.
• Add the port channel to the VLAN as a tagged interface. INTERFACE VLAN mode tagged port-channel id number An interface with tagging enabled can belong to multiple VLANs.
When you disable a port channel, all interfaces within the port channel are operationally down also. Load Balancing through Port Channels Dell Networking OS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG).
– ipv6-selection — Set the IPV6 key fields to use in hash computation. – tunnel — Set the tunnel key fields to use in hash computation. Hash Algorithm The load-balance command selects the hash criteria applied to port channels.
Default Configuration without Start-up Config This feature is enabled by default and can be enabled on reload by deleting the start-up config file. On reload, all the server ports (1-32) come up as switch ports in No Shut mode. Uplinks remain in Shut mode ensuring that there are no network loops.
The interface range prompt offers the interface (with slot and port information) for valid interfaces. The maximum size of an interface range prompt is 32. If the prompt size exceeds this maximum, it displays (...) at the end of the output. NOTE: Non-existing interfaces are excluded from the interface range prompt.
Dell(conf)#interface range tengigabitethernet 2/0 - 23 , tengigabitethernet 2/0 - 23 , tengigab 2/0 - 23 Dell(conf-if-range-te-2/0-23)# Exclude a Smaller Port Range The following is an example show how the smaller of two port ranges is omitted in the interface-range prompt.
To define an interface-range macro, use the following command. • Defines the interface-range macro and saves it in the running configuration file. CONFIGURATION mode define interface-range macro_nam.
– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Example of the monitor interface Command The information displays in a continuous run, refreshing every 2 seconds by default.
the signal that returns. By examining the reflection, TDR is able to indicate whether there is a cable fault (when the cable is broken, becomes unterminated, or if a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link; that is, when the link is flapping or not coming up.
– portmode quad : Identifies the uplink port as a split 10GbE SFP+ port. To display the stack-unit number, enter the show system brief command. • Save the configuration and reload the switch. CONFIGURATION mode write memory reload Merging SFP+ Ports to QSFP 40G Ports To remove FANOUT mode in 40G QSFP Ports, use the following commands.
Because different networking vendors define MTU differently, check their documentation when planning MTU sizes across a network. The following table lists the various Layer 2 overheads found in the Dell Networking OS and the number of bytes. Table 24.
Important Points to Remember • Before using the QSA to convert a 40 Gigabit Ethernet port to a 10 Gigabit SFP or SFP+ port, enable 40 G to 4*10 fan-out mode on the device. • When you insert a QSA into a 40 Gigabit port, you can use only the first 10 Gigabit port in the fan-out mode to plug-in SFP or SFP+ cables.
The globally assigned 48-bit Multicast address 01-80-C2-00-00-01 is used to send and receive pause frames. To allow full duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with a destination address equal to this multicast address.
Configure MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be enough to include the Layer 2 header.
Port-Pipes A high-speed data bus connection used to switch traffic between front-end ports is known as the port pipe. A port pipe is a Dell Networking-specific term for the hardware path that packets follow through a system. The MXL switch supports single port pipe only.
5. Set the local port speed. INTERFACE mode speed {100 | 1000 | 10000 | auto} 6. Optionally, set full- or half-duplex. INTERFACE mode duplex {half | full} 7. Disable auto-negotiation on the port. INTERFACE mode no negotiation auto If the speed was set to 1000, do not disable auto-negotiation.
speed 100 duplex full no shutdown Set Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave after you enable auto-negotiation. CAUTION: Ensure that only one end of the node is configured as forced-master and the other is configured as forced-slave.
Dell#show interfaces configured Dell#show interfaces tengigabitEthernet 0 configured Dell#show ip interface configured Dell#show ip interface tengigabitEthernet 1 configured Dell#show interfaces forty.
The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100. Dell#show interfaces TenGigabitEthernet 10/0 is down, line protocol is dow.
NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by the Dell Ne.
Enhanced Validation of Interface Ranges You can avoid specifying spaces between the range of interfaces, separated by commas, that you configure by using the interface range command. For example, if you enter a list of interface ranges, such as interface range fo 2/0-1,te 10/0,gi 3/0,fa 0/0 , this configuration is considered valid.
23 Internet Protocol Security (IPSec) IPSec is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways.
Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. 1. Define the transform set. CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp- encryption des 2. Define the crypto policy.
24 IPv4 Routing The Dell Networking OS supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking operating system (OS).
Configuration Tasks for IP Addresses The following describes the tasks associated with IP address configuration. Configuration tasks for IP addresses includes: • Assigning IP Addresses to an Interfa.
Example the show config Command Example of the show ip interface Command To view the configuration, use the show config command in INTERFACE mode or use the show ip interface command in EXEC privilege mode, as shown in the second example.
----------- ------- ----------- ----------- S 2.1.2.0/24 Direct, Nu 0 0/0 00:02:30 S 6.1.2.0/24 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.2/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.3/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.4/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.
172.31.1.0/24 ManagementEthernet 1/0 Connected Dell# IPv4 Path MTU Discovery Overview The size of the packet that can be sent across each hop in the network path without being fragmented is called the path maximum transmission unit (PMTU).
Configuring the ICMP Source Interface You can enable the ICMP error and unreachable messages to contain the configured IP address of the source device instead of the previous hop's IP address.
Enabling Directed Broadcast By default, the system drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable the system to receive directed broadcasts, use the following command.
Name servers are not set Host Flags TTL Type Address -------- ----- ---- ---- ------- ks (perm, OK) - IP 2.2.2.2 patch1 (perm, OK) - IP 192.68.69.2 tomm-3 (perm, OK) - IP 192.68.99.2 gxr (perm, OK) - IP 192.71.18.2 f00-3 (perm, OK) - IP 192.71.23.1 Dell> To view the current configuration, use the show running-config resolve command.
a probe count (default is 3 ), minimum TTL (default is 1 ), maximum TTL (default is 30 ), and port number (default is 33434 ). CONFIGURATION mode traceroute [ host | ip-address ] To keep the default setting for these parameters, press the ENTER key.
Configuration Tasks for ARP For a complete listing of all ARP-related commands, refer to the Dell Networking OS Command Line Reference Guide . Configuration tasks for ARP include: • Configuring Stat.
• Re-enable Proxy ARP. INTERFACE mode ip proxy-arp To view if Proxy ARP is enabled on the interface, use the show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only non-default information is displayed in the show config command output.
ARP Learning via ARP Request In the Dell Networking OS versions prior to 8.3.1.0, the system learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address.
Configuring ARP Retries In the Dell Networking OS versions prior to 8.3.1.0, the number of ARP retries is set to five and is not configurable. After five retries, the system backs off for 20 seconds before it sends a new request. Beginning with the Dell Networking OS version 8.
For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide . Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled. When enabled, ICMP unreachable messages are created and sent out all interfaces.
Example of Enabling UDP Helper Example of the show ip udp-helper Command Dell(conf-if-te-1/1)#ip udp-helper udp-port 1000 Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 ip address 2.
3. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured. Figure 50.
UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101.
5/1 TenGig 5/ 2 Vlan 3 01:44:54: Pkt rcvd on TenGig 7/0 is handed over for DHCP processing. When using the IP helper and UDP helper on the same interface, use the debug ip dhcp command. Example Output from the debug ip dhcp Command Packet 0.0.0.0:68 -> 255.
25 IPv6 Addressing Internet protocol version 6 (IPv6) is supported on the MXL switch platform. NOTE: The IPv6 basic commands are supported on all platforms.
• Duplicate Address Detection (DAD) — Before configuring its IPv6 address, an IPv6 host node device checks whether that address is used anywhere on the network using this mechanism. • Prefix Renumbering — Useful in transparent renumbering of hosts in the network when an organization changes its service provider.
IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 53. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling.
Payload Length (16 bits) The Payload Length field specifies the packet payload. This is the length of the data following the IPv6 header. IPv6 Payload Length only includes the data following the header, not the header itself. The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB.
Source Address (128 bits) The Source Address field contains the IPv6 address for the packet originator. Destination Address (128 bits) The Destination Address field contains the intended recipient’s IPv6 address. This can be either the ultimate destination or the address of the next hop router.
This field can contain one or more options. The first byte if the field identifies the Option type, and directs the router how to handle the option. 00 Skip and continue processing. 01 Discard the packet. 10 Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet’s Source IP Address identifying the unknown option type.
Link-local Addresses Link-local addresses, starting with fe80:, are assigned only in the local link area. The addresses are generated usually automatically by the operating system's IP layer for each network interface.
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location MXL IPv6 stateless autoconfiguration 9.2(0.0) Stateless Autoconfiguration in this chapter IPv6 MTU path discovery 9.2(0.0) Path MTU Discovery in this chapter IPv6 ICMPv6 9.
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location MXL IPv6 Services and Management 9.2(0.0) Telnet client over IPv6 (outbound Telnet) 9.2(0.0) Configuring Telnet with IPv6 in this chapter Control and Monitoring in the Dell Networking OS Command Line Reference Guide .
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location MXL Multicast IPv6 in the Dell Networking OS Command Line Reference Guide . IPv6 QoS trust DSCP values N/A IPv6 Multicast in this chapter ICMPv6 ICMPv6 is supported on the MXL switch platform.
Figure 54. Path MTU Discovery Process IPv6 Neighbor Discovery IPv6 neighbor discovery protocol (NDP) is supported on the MXL swtich platform. NDP is a top-level protocol for neighbor discovery on an IPv6 network.
Figure 55. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets With the Dell Networking OS version 8.3.1.0, you can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers.
• invalid host addresses If you specify this information in the IPv6 RDNSS configuration, a DNS error is displayed. Example for Configuring an IPv6 Recursive DNS Server The following example configures a RDNNS server with an IPv6 address of 1000::1 and a lifetime of 1 second.
rendezvous point (RP) of the share tree distribution tree to distribute multicast traffic to a multicast group. Messages to join the multicast group (Join messages) are sent towards the RP and data is sent from senders to the RP so receivers can discover who are the senders and begin receiving traffic destined to the multicast group.
• L3 QoS (ipv4qos): 1 • L2 QoS (l2qos): 1 To have the changes take effect, save the new CAM settings to the startup-config ( write-mem or copy run start ) then reload the system for the new settings. • Allocate space for IPV6 ACLs. Enter the CAM profile name then the allocated amount.
NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits. Separate each group by a colon (:). Omitting zeros is accepted as described in Addressing . Assigning a Static IPv6 Route IPv6 static routes are supported on the MXL switch platform.
– mask : prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing . SNMP over IPv6 The simple network management protocol (SNMP) is supported on the MXL switch platform.
• Show the currently running configuration for the specified interface. EXEC mode show ipv6 interface type { slot/port } Enter the keyword interface then the type of interface and slot/port information: – For all brief summary of IPv6 status and configuration, enter the keyword brief .
Example of the show ipv6 route summary Command Example of the show ipv6 route Command Example of the show ipv6 route static Command Dell#show ipv6 route summary Route Source Active Routes Non-active R.
– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information.
26 iSCSI Optimization The MXL switch enables internet small computer system interface (iSCSI) optimization with default iSCSI parameter settings and is auto-provisioned to support the following features.
• iSCSI monitoring sessions — the switch monitors and tracks active iSCSI sessions in connections on the switch, including port information and iSCSI session information. • iSCSI QoS — A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic.
Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets.
• At the first detection of an EqualLogic array, an MTU of 12000 is enabled on all ports and port- channels (if it has not already been enabled). • Spanning-tree portfast is enabled on the interface LLDP identifies. • Unicast storm control is disabled on the interface LLDP identifies.
Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 26. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Enabled iSCSI CoS mode (802.
iSCSI COS : dot1p is 4 no-remark Session aging time: 10 Maximum number of connections is 256 ------------------------------------------------ iSCSI Targets and TCP Ports: -----------------------------.
27 Intermediate System to Intermediate System Intermediate system to intermediate system (Is-IS) is supported on the MXL switch platform. • The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS.
IS area address, system ID, and N-selector. The last byte is the N-selector. All routers within an area have the same area portion. Level 1 routers route based on the system address portion of the address, while the Level 2 routers route based on the area address.
• MT ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi- topology.
by an active RPM have been downloaded into the forwarding information base (FIB) on the line cards (the data plane) and are still resident. For packets that have existing FIB/content addressable memor.
To support IPv6, the Dell Networking implementation of IS-IS performs the following tasks: • Advertises IPv6 information in the PDUs. • Processes IPv6 information received in the PDUs. • Computes routes to IPv6 destinations. • Downloads IPv6 routes to the RTM for installing in the FIB.
• Configuring the IS-IS Metric Style • Configuring the IS-IS Cost • Changing the IS-Type • Controlling Routing Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debugging IS-IS Enabling IS-IS By default, IS-IS is not enabled.
• For a VLAN, enter the keyword vlan then a number from 1 to 4094. 4. Enter an IPv4 Address. INTERFACE mode ip address ip-address mask Assign an IP address and mask to the interface. The IP address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address.
Redistributing: Distance: 115 Generate narrow metrics: level-1-2 Accept narrow metrics: level-1-2 Generate wide metrics: none Accept wide metrics: none Dell# To view IS-IS protocol statistics, use the show isis traffic command in EXEC Privilege mode.
ROUTER ISIS AF IPV6 mode set-overload-bit 3. Set the minimum interval between SPF calculations. ROUTER ISIS AF IPV6 mode spf-interval [level-l | level-2 | interval] [initial_wait_interval [second_wait_interval]] Use this command for IPv6 route computation only when you enable multi-topology.
– interval : wait time (the range is from 5 to 120. The default is 5 .) – retry-times : number of times an unacknowledged restart request is sent before the restarting router gives up the graceful restart engagement with the neighbor. (The range is from 1 to 10 attempts.
Suppress Adj rcv count : 0 (level-1), 0 (level-2) Restart CSNP rcv count : 0 (level-1), 0 (level-2) Database Sync count : 0 (level-1), 0 (level-2) Circuit GigabitEthernet 2/10: Mode: Normal L1-State:N.
lsp-mtu size – size : the range is from 128 to 9195. The default is 1497 . • Set the LSP refresh interval. ROUTER ISIS mode lsp-refresh-interval seconds – seconds : the range is from 1 to 65535. The default is 900 seconds . • Set the maximum time LSPs lifetime.
Table 28. Metric Styles Metric Style Characteristics Cost Range Supported on IS-IS Interfaces narrow Sends and accepts narrow or old TLVs (Type, Length, Value). 0 to 63 wide Sends and accepts wide or new TLVs. 0 to 16777215 transition Sends both wide (new) and narrow (old) TLVs.
Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with IS-IS enabled, you can assign a cost or metric that is used in the link state calculation. To change the metric or cost of the interface, use the following commands.
Changing the IS-Type To change the IS-type, use the following commands. You can configure the system to act as a Level 1 router, a Level 1-2 router, or a Level 2 router. To change the IS-type for the router, use the following commands. • Configure IS-IS operating level for a router.
– For the Loopback interface on the RPM, enter the keyword loopback then a number from 0 to 16383. – For a port channel, enter the keywords port-channel then a number from 1 to 255. – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/ port information.
– static : for user-configured routes. – bgp : for BGP routes only. • Deny RTM download for pre-existing redistributed IPv4 routes. ROUTER ISIS mode distribute-list redistributed-override in Applying IPv6 Routes To apply prefix lists to incoming or outgoing IPv6 routes, use the following commands.
Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process. With the redistribute command syntax, you can include BGP, OSPF, RIP, static, or directly connected routes in the IS-IS process.
redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value ] [metric-type {external | internal}] [route-map map-name ] Configure the following parameters: – level-1 , level-1-2 , or level-2 : assign all redistributed routes to a level.
The Dell Networking OS supports both DES and HMAC-MD5 authentication methods. This password is inserted in Level 2 LSPs, Complete SNPs, and Partial SNPs. To view the passwords, use the show config command in ROUTER ISIS mode or the show running- config isis command in EXEC Privilege mode.
• View all IS-IS information. EXEC Privilege mode debug isis • View information on all adjacency-related activity (for example, hello packets that are sent and received).
To disable all debugging, use the undebug all command. IS-IS Metric Styles The following sections provide additional information about the IS-IS metric styles.
Table 29. Metric Value When the Metric Style Changes Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide narrow default value (10) if the original value is greater than 63. A message is sent to the console. wide transition truncated value (the truncated value appears in the LSP only).
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide transition narrow transition default value (10) if the original value is greater than 63. A message is sent to the console. wide transition transition truncated value (the truncated value appears in the LSP only).
Level-1 Metric Style Level-2 Metric Style Resulting Metric Value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narrow t.
Figure 58. IPv6 IS-IS Sample Topography IS-IS Sample Configuration — Router 1 IS-IS Sample Configuration — Router 2 IS-IS Sample Configuration — Router 3 The following is a sample configuration for enabling IPv6 IS-IS. R1(conf)#interface Loopback 0 R1(conf-if-lo-0)#ip address 192.
R1#show ip route Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - .
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is 172.
L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- C 10.0.13.0/24 Direct, Gi 3/14 0/0 00:00:10 C 10.
28 Link Aggregation Control Protocol (LACP) Link aggregation control protocol (LACP) is supported on the MXL switch platform. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel , can provide both load-sharing and port redundancy across line cards.
– If a physical interface is a part of a dynamic LAG, it cannot be added as a member of a static LAG. The channel-member gigabitethernet x/y command is rejected in the static LAG interface for that physical interface. • A dynamic LAG can be created with any type of configuration.
[no] port-channel-protocol lacp The default is LACP disabled . This command creates context. • Configure LACP mode. LACP mode [no] port-channel number mode [active | passive | off] – number : cannot statically contain any links. The default is LACP active .
Example of Configuring a LAG Interface Example of the tagged Command Dell(conf)#interface port-channel 32 Dell(conf-if-po-32)#no shutdown Dell(conf-if-po-32)#switchport The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG.
default timeout value to be 30 seconds . Invoking the longer timeout might prevent the LAG from flapping if the remote system is up but temporarily unable to transmit PDUs due to a system interruption. NOTE: The 30-second timeout is available for dynamic LAG interfaces only.
As shown in the following illustration, the line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2. Traffic is equally distributed between LAGs 1 and 2. If LAG 1 fails, all traffic from R1 to R4 flows across LAG 2 only. This condition over-subscribes the link and packets are dropped.
Dell#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure.
Important Points about Shared LAG State Tracking The following is more information about shared LAG state tracking. • This feature is available for static and dynamic LAGs. • Only a LAG can be a member of a failover group. • You can configure shared LAG state tracking on one side of a link or on both sides.
switchport no shutdown ! Alpha(conf-if-po-10)# The following example inspects a LAG port configuration on ALPHA. Alpha#sh int gig 2/31 GigabitEthernet 2/31 is up, line protocol is up Port is part of P.
Figure 62. Inspecting the LAG Configuration Link Aggregation Control Protocol (LACP) 519.
Figure 63. Inspecting Configuration of LAG 10 on ALPHA 520 Link Aggregation Control Protocol (LACP).
Figure 64. Verifying LAG 10 Status on ALPHA Using the show lacp Command Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/3.
interface GigabitEthernet 2/31 no ip address Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#sho.
Figure 65. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP) 523.
Figure 66. Inspecting LAG 10 Using the show interfaces port-channel Command 524 Link Aggregation Control Protocol (LACP).
Figure 67. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode.
29 Layer 2 Layer 2 features are supported on the MXL switch platform. Manage the MAC Address Table The Dell Networking OS provides the following management activities for the MAC address table.
CONFIGURATION mode mac-address-table aging-time seconds The range is from 10 to 1000000. Dell Networking OS Behavior : The time elapsed before the configured MAC aging time expires is not precisely as configured.
interface/VLAN. After the limit is reached, the system drops all traffic from a device with an unlearned MAC address. This section describes the following: • mac learning-limit Dynamic • mac learn.
mac learning-limit station-move The station-move option, allows a MAC address already in the table to be learned off of another interface. For example, if you disconnect a network device from one interface and reconnect it to another interface, the MAC address is learned on the new interface.
• Display a list of all of the interfaces configured with MAC learning limit or station move violation. CONFIGURATION mode show mac learning-limit violate-action NOTE: When the MAC learning limit (MLL) is configured as no-station-move , the MLL will be processed as static entries internally.
Figure 68. Redundant NICs with NIC Teaming When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (shown in the following) and Port 0/5 is the failover port.
Figure 69. Configuring the mac-address-table station-move refresh-arp Command MAC Move Optimization MAC move optimization is supported only on the E-Series platform. Station-move detection takes 5000ms because this is the interval at which the detection algorithm runs.
30 Link Layer Discovery Protocol (LLDP) The link layer discovery protocol (LLDP) is supported on the MXL switch platform. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.
Table 32. Type, Length, Value (TLV) Types Type TLV Description 0 End of LLDPDU Marks the end of an LLDPDU. 1 Chassis ID An administratively assigned name that identifies the LLDP agent. 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received.
Management TLVs A management TLV is an optional TLVs sub-type. This kind of TLV contains essential management information about the sender. Organizationally Specific TLVs A professional organization or a vendor can define organizationally specific TLVs.
Type TLV Description Dell Networking OS does not currently support this TLV. IEEE 802.1 Organizationally Specific TLVs 127 Port-VLAN ID On Dell Networking systems, indicates the untagged VLAN to which a port belongs.
Type TLV Description does not currently support this TLV. 127 Maximum Frame Size Indicates the maximum frame size capability of the MAC and PHY. TIA-1057 (LLDP-MED) Overview Link layer discovery proto.
Type SubType TLV Description • LLDP device class 127 2 Network Policy Indicates the application type, VLAN ID, Layer 2 Priority, and DSCP value. 127 3 Location Identification Indicates that the phys.
Type SubType TLV Description 127 11 Inventory — Asset ID Indicates a user specified device number to manage inventory. 127 12–255 Reserved — LLDP-MED Capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support.
Value Device Type 4 Network Connectivity 5–255 Reserved LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations.
Type Application Description 6 Video Conferencing Specify this application type for dedicated video conferencing and other similar appliances supporting real-time interactive video. 7 Streaming Video Specify this application type for dedicated video conferencing and other similar appliances supporting real-time interactive video.
Figure 75. Extended Power via MDI TLV Configure LLDP Configuring LLDP is a two-step process. 1. Enable LLDP globally. 2. Advertise TLVs out of an interface.
Example of the protocol lldp Command (CONFIGURATION Level) R1(conf)#protocol lldp R1(conf-lldp)#? advertise Advertise TLVs dcbx Configure Dcbx Parameters disable Disable LLDP protocol globally end Exi.
To undo an LLDP configuration, precede the relevant command with the keyword no . Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • If you configure the system globally, all interfaces send LLDPDUs with the specified TLVs.
Figure 76. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration.
Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • Display brief information about adjacent devices. show lldp neighbors • Display all of the information that neighbors are advertising.
Total In Error Frames: 0 Total Unrecognized TLVs: 0 Total TLVs Discarded: 0 Next packet will be sent after 4 seconds The neighbors are given below: ----------------------------------------------------.
Configuring Transmit and Receive Mode After you enable LLDP, Dell Networking systems transmit and receive LLDPDUs by default. To configure the system to transmit or receive only and return to the default, use the following commands. • Transmit only.
Configuring a Time to Live The information received from a neighbor expires after a specific amount of time (measured in seconds) called a time to live (TTL). The TTL is the product of the LLDPDU transmit interval (hello) and an integer called a multiplier.
• View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. debug lldp detail Figure 77. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networkings OS supports all IEEE 802.1AB MIB objects.
Table 38. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplie r Multiplier value.
MIB Object Category LLDP Variable LLDP MIB Object Description statsTLVsUnrecognizedTota l lldpStatsRxPortTLVsUnreco gnizedTotal Total number of all TLVs the local agent does not recognize.
TLV Type TLV Name TLV Variable System LLDP MIB Object Remote lldpRemManAddrSu btype management address Local lldpLocManAddr Remote lldpRemManAddr interface numbering subtype Local lldpLocManAddrIfSu b.
TLV Type TLV Name TLV Variable System LLDP MIB Object Remote lldpXdot1RemVlanN ame VLAN name Local lldpXdot1LocVlanNa me Remote lldpXdot1RemVlanN ame Table 41.
TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object L2 Priority Local lldpXMedLocMediaP olicyPriority Remote lldpXMedRemMedia PolicyPriority DSCP Value Local lldpXMedLocMediaP olicyDscp Remo.
TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Power Value Local lldpXMedLocXPoEPS EPortPowerAv lldpXMedLocXPoEP DPowerReq Remote lldpXMedRemXPoEP SEPowerAv lldpXMedRemXPoEP DPowerReq 5.
31 Microsoft Network Load Balancing Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems.
With NLB, the data frame is forwarded to all the servers for them to perform load-balancing. NLB Multicast Mode Scenario Consider a sample topology in which four servers, namely S1 through S4, are configured as a cluster or a farm. This set of servers is connected to a Layer 3 switch, which in turn is connected to the end-clients.
Enable and Disable VLAN Flooding • The older ARP entries are overwritten whenever newer NLB entries are learned. • All ARP entries, learned after the feature is enabled, are deleted when the feature is disabled, and RP2 triggers an ARP resolution.
32 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on the MXL switch platform. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains.
Figure 78. Multicast Source Discovery Protocol (MSDP) RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected.
Figure 79. MSDP SA Message Format Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other.
Configure the Multicast Source Discovery Protocol Configuring MSDP is a four-step process. 1. Enable an exterior gateway protocol (EGP) with at least two routing domains. Refer to the following figures. The MSDP Sample Configurations show the OSPF-BGP configuration used in this chapter for MSDP.
Figure 80. Configuring Interfaces for MSDP 564 Multicast Source Discovery Protocol (MSDP).
Figure 81. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP) 565.
Figure 82. Configuring PIM in Multiple Routing Domains 566 Multicast Source Discovery Protocol (MSDP).
Figure 83. Configuring MSDP Enabling MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2.
ip msdp peer connect-source Example of Configuring MSDP Example of Viewing Peer Information R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr Local Addr State Source SA Up/Down Description 192.
Example of the show ip msdp sa-cache Command R3_E600#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.
• In Scenario 1, all MSPD peers are up. • In Scenario 2, the peership between RP1 and RP2 is down, but the link (and routing protocols) between them is still up. In this case, RP1 learns all active sources from RP3, but the sources from RP2 and RP4 are rejected because the reverse path to these routers is through Interface A.
Figure 85. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP) 571.
Figure 86. MSDP Default Peer, Scenario 3 572 Multicast Source Discovery Protocol (MSDP).
Figure 87. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check.
Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.
CONFIGURATION mode ip msdp redistribute list Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache.
! ip access-list extended myremotefilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 R3_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.0.0.1 10.11.4.2 192.168.0.1 192.
To display the configured SA filters for a peer, use the show ip msdp peer command from EXEC Privilege mode. Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a Peership MSDP uses TCP as its transport protocol.
Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics. CONFIGURATION mode clear ip msdp peer peer-address Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3_E600(conf)#do show ip msdp peer Peer Addr: 192.
03:17:10 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:17:27 : MSDP-0: Peer 192.168.0.3, sent Source Active msg Input (S,G) filter: none Output (S,G) filter: none MSDP with Anycast RP Anycast RP uses MSDP with PIM-SM to allow more than one active group to use RP mapping.
Figure 88. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address.
3. In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address. CONFIGURATION mode interface loopback 4. Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect-source.
! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.
redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.
MSDP Sample Configurations The following examples show the running-configurations described in this chapter. For more information, refer to the illustrations in the Related Configuration Tasks section.
ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.2/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.
ip msdp peer 192.168.0.1 connect-source Loopback 0 ! ip route 192.168.0.2/32 10.11.0.23 ip multicast-routing ! interface GigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface GigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown ! interface GigabitEthernet 4/31 ip pim sparse-mode ip address 10.
33 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+).
Spanning Tree Variations The Dell Networking operating system (OS) supports four variations of spanning tree, as shown in the following table. Table 42. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .
• Configuring an EdgePort • Flush MAC Addresses after a Topology Change • Debugging and Verifying MSTP Configurations • Prevent Network Disruptions with BPDU Guard • SNMP Traps for Root Elections and Topology Changes Enable Multiple Spanning Tree Globally MSTP is not enabled by default.
Example of the msti Command Example of Viewing MSTP Port States Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)# msti 1 vlan 100 Dell(conf-mstp)#msti 2 vlan 200-300 Dell(conf-mstp)#show config .
A lower number increases the probability that the bridge becomes the root bridge. The range is from 0 to 61440, in increments of 4096. The default is 32768 . Example of Assigning and Verifying the Root Bridge Priority By default, the simple configuration shown previously yields the same forwarding path for both MSTIs.
The range is from 0 to 65535. The default is 0 . Example of the name Command To view the current region name and revision, use the show spanning-tree mst configuration command from EXEC Privilege mode.
The default is 2 seconds . 3. Change the max-age parameter. PROTOCOL MSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds . 4. Change the max-hops parameter. PROTOCOL MSTP mode max-hops number The range is from 1 to 40. The default is 20 .
edge-port bpdu filter default Figure 90. BPDU Filtering Enabled Globally Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port. • Port cost is a value that is based on the interface type.
To change the port cost or priority of an interface, use the following commands. 1. Change the port cost of an interface. INTERFACE mode spanning-tree msti number cost cost The range is from 0 to 200000. For the default, refer to the default values shown in the table.
* Use the shutdown command on the interface. * Disable the shutdown-on-violation command on the interface (using the no spanning- tree mstp edge-port [bpduguard | [shutdown-on-violation]]) command). * Disable spanning tree on the interface (using the no spanning-tree command in INTERFACE mode).
Figure 91. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology.
no shutdown ! interface Vlan 300 no ip address tagged GigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs.
name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface GigabitEthernet 3/11 no ip address switchport no shutdown ! interface GigabitEthernet 3/21 no ip address switchport no.
(Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands.
– Is the Region name blank? That may mean that a name was configured on one router and but was not configured or was configured differently on another router (spelling and capitalization counts). • MSTP Instances. – To verify the VLAN to MSTP instance mapping, use the show commands.
INST 2: Flags: 0x70, Reg Root: 32768:0001.e8d5.cbbd, Int Root Cost Brg/Port Prio: 32768/128, Rem Hops: 20 602 Multiple Spanning Tree Protocol (MSTP).
34 Multicast Features Multicast features are supported on the MXL switch platform. The Dell Networking operating system (OS) supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) .
Protocol Ethernet Address RIP 01:00:5e:00:00:09 NTP 01:00:5e:00:01:01 VRRP 01:00:5e:00:00:12 PIM-SM 01:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner- traceroute-ipm . • Multicast is not supported on secondary IP addresses.
• Preventing a PIM Router from Processing a Join Limiting the Number of Multicast Routes When the total number of multicast routes on a system limit is reached, the Dell Networking OS does not proce.
ip igmp access-group access-list-name Dell Networking OS Behavior : Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, the s.
Figure 92. Preventing a Host from Joining a Group Table 44. Preventing a Host from Joining a Group — Description Location Description 1/21 • Interface GigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.
Location Description • no shutdown 2/1 • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface GigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.
Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied.
Figure 93. Preventing a Source from Transmitting to a Group Table 45. Preventing a Source from Transmitting to a Group — Description Location Description 1/21 • Interface GigabitEthernet 1/21 • ip pim sparse-mode • ip address 10.11.12.1/24 • no shutdown 1/31 • Interface GigabitEthernet 1/31 • ip pim sparse-mode • ip address 10.
Location Description • no shutdown 2/1 • Interface GigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface GigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface GigabitEthernet 2/31 • ip pim sparse-mode • ip address 10.
Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router.
35 Open Shortest Path First (OSPFv2 and OSPFv3) Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on the MXL switch platform. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking operating system (OS).
You can divide an AS into a number of areas, which are groups of contiguous networks and attached hosts. Routers with multiple interfaces can participate in multiple areas. These routers, called area border routers (ABRs), maintain separate databases for each area.
An OSPF backbone is responsible for distributing routing information between areas. It consists of all area border routers, networks not wholly contained in any area, and their attached routers. The backbone is the only area with a default area number.
Figure 95. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example.
Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database.
• Type 4: AS Border Router Summary LSA (OSPFv2), Inter-Area-Router LSA (OSPFv3) — In some cases, Type 5 External LSAs are flooded to areas where the detailed next-hop information may not be available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement originated.
Router Priority and Cost Router priority and cost is the method the system uses to “rate” the routers. For example, if not assigned, the system selects the router with the highest priority as the DR. The second highest priority is the BDR. • Priority is a numbered rating 0 to 255.
On OSPFv3, the system supports only one process at a time for all platforms. Prior to the Dell Networking OS version 7.8.1.0, the system supported one OSPFv2 and one OSPFv3 process ID per system. OSPFv2 and OSPFv3 can coexist but you must configure them individually.
• Restarting role in which an enabled router performs its own graceful restart. • Helper role in which the router's graceful restart function is to help a restarting neighbor router in its graceful restarts. • Helper-reject role in which OSPF does not participate in the graceful restart of a neighbor.
example, if you create five OSPFv2 processes on a system, there must be at least five interfaces assigned in Layer 3 mode. Each OSPFv2 process is independent.
00:10:41 : OSPF(1000:00): Rcv. v:2 t:4(LSUpd) l:100 rid:6.1.0.0 aid:0 chk:0xccbd aut:0 auk: keyid:0 from:Gi 10/21 Number of LSA:2 LSType:Type-5 AS External(5) Age:1 Seq:0x8000000c id:170.1.1.0 Adv:6.1.0.0 Netmask:255.255.255.0 fwd:0.0.0.0 E2, tos:0 metric:0 LSType:Type-5 AS External(5) Age:1 Seq:0x8000000c id:170.
Dell(conf-if-te-2/2)# In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell (conf-if-te-2/2)#ip ospf dead-interval 20 Dell (conf-if-te-2/2)#do show ip os int tengig 1/3 TenGigabitEthernet 2/2 is up, line protocol is up Internet Address 20.
• Troubleshooting OSPFv2 1. Configure a physical interface. Assign an IP address, physical or Loopback, to the interface to enable Layer 3 routing. 2. Enable OSPF globally. Assign network area and neighbors. 3. Add interfaces or configure other attributes.
• vrf name : enter the keyword VRF and the instance name to tie the OSPF instance to the VRF. All network commands under this OSPF instance are later tied to the VRF instance. The range is from 0 to 65535. The OSPF process ID is the identifying number assigned to the OSPF process.
Enabling Multi-Process OSPF (OSPFv2, IPv4 Only) Multi-process OSPF allows multiple OSPFv2 processes on a single router. The MXL switch supports up to 16 OSPFv2 processes. When configuring a single OSPF process, follow the same steps previously described.
You can assign the area in the following step by a number or with an IP interface address. • Enable OSPFv2 on an interface and assign a network address range to a specific OSPF area. CONFIG-ROUTER-OSPF-id mode network ip-address mask area area-id The IP Address Format is A.
To view currently active interfaces and the areas assigned to them, use the show ip ospf interface command. Dell>show ip ospf 1 interface TenGigabitEthernet 12/17 is up, line protocol is up Internet Address 10.2.2.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.
To configure a stub area, use the following commands. 1. Review all areas after they were configured to determine which areas are NOT receiving type 5 LSAs. EXEC Privilege mode show ip ospf process-id database database-summary 2. Enter CONFIGURATION mode.
• start-interval : set the minimum interval between the initial sending and resending the same LSA. The range is from 0 to 600,000 milliseconds. • hold-interval : set the next interval to send the same LSA. This interval is the time between sending the same LSA after the start-interval has been attempted.
Dell#show ip ospf 34 int TenGigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.
In the examples below, Convergence Level shows the fast-converge parameter setting and Min LSA origination shows the LSA parameters (shown in bold). Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.
– seconds : the range is from 1 to 65535 (the default is 10 seconds ). The hello interval must be the same on all routers in the OSPF network. • Use the MD5 algorithm to produce a message digest or key, which is sent instead of the key. CONFIG-INTERFACE mode ip ospf message-digest-key keyid md5 key – keyid : the range is from 1 to 255.
interface TenGigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface GigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.
• role — the role or roles the configured router can perform. NOTE: By default, OSPFv2 graceful restart is disabled. To enable and configure OSPFv2 graceful restart, use the following commands. 1. Enable OSPFv2 graceful-restart globally and set the grace period.
Dell#show run ospf ! router ospf 1 graceful-restart grace-period 300 graceful-restart role helper-only graceful-restart mode unplanned-only graceful-restart helper-reject 10.1.1.1 graceful-restart helper-reject 20.1.1.1 network 10.0.2.0/24 area 0 Dell# Creating Filter Routes To filter routes, use prefix lists.
Redistributing Routes You can add routes from other routing instances or protocols to the OSPF process. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. NOTE: Do not route iBGP routes to OSPF unless there are route-maps associated with the OSPF redistribution.
• Have the OSPF routes been included in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • show interfaces • show protocols • debug IP OSPF events and/or packets • show neighbors • show routes To help troubleshoot OSPFv2, use the following commands.
router ospf 3 ! router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 ! router ospf 5 ! router ospf 6 ! router ospf 7 mib-binding ! router ospf 8 ! router ospf 90 area 2 virtual-link 4.4.4.4 area 2 virtual-link 90.90.90.90 retransmit-interval 300 ! ipv6 router ospf 999 default-information originate always router-id 10.
OSPF Area 0 — Gl 1/1 and 1/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface GigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.
Configuration Task List for OSPFv3 (OSPF for IPv6) The configuration options of OSPFv3 are the same as those options for OSPFv2, but you may configure OSPFv3 with differently labeled commands. Specify process IDs and areas and include interfaces and addresses in the process.
Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following command. • Enable IPv6 unicast routing globally. CONFIGURATION mode ipv6 unicast routing Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands.
Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf { process ID } The range is from 0 to 65535.
passive-interface {type slot/port} Interface : identifies the specific interface that is passive. – For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information (for example, passive-interface gi 2/1 ).
default-information originate [always [metric metric-value ] [metric-type type-value ]] [route-map map-name ] Configure the following required and optional parameters: – always : indicate that default route information is always advertised. – metric metric-value : The range is from 0 to 4294967295.
before the system switches over to the secondary RPM. OSPFv3 is notified that a planned restart is happening. – Unplanned-only : the OSPFv3 router supports graceful-restart only for unplanned restarts. During an unplanned restart, OSPFv3 sends out a Grace LSA once the secondary RPM comes online.
Process 1 database summary Type Count/Status Oper Status 1 Admin Status 1 Area Bdr Rtr Status 0 AS Bdr Rtr Status 1 AS Scope LSA Count 0 AS Scope LSA Cksum sum 0 Originate New LSAS 73 Rx New LSAS 1140.
With IPsec-based authentication, Crypto images are used to include the IPsec secure socket application programming interface (API) required for use with OSPFv3.
– AH is used to authenticate OSPFv3 headers and certain fields in IPv6 headers and extension headers. – MD5 and SHA1 authentication types are supported; encrypted and unencrypted keys are supported. • In an OSPFv3 encryption policy: – Both encryption and authentication are used.
– key : specifies the text string used in authentication. All neighboring OSPFv3 routers must share key to exchange information. For MD5 authentication, the key must be 32 hex digits (non- encrypted) or 64 hex digits (encrypted). For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted).
– key-authentication-type : (optional) specifies if the authentication key is encrypted. The valid values are 0 or 7 . • Remove an IPsec encryption policy from an interface. no ipv6 ospf encryption ipsec spi number • Remove null encryption on an interface to allow the interface to inherit the encryption policy configured for the OSPFv3 area.
Configuring IPsec Encryption for an OSPFv3 Area To configure, remove, or display IPsec encryption in an OSPFv3 area, use the following commands. Prerequisite : Before you enable IPsec encryption in an OSPFv3 area, first enable OSPFv3 globally on the router (refer to Configuration Task List for OSPFv3 (OSPF for IPv6) ).
Displaying OSPFv3 IPsec Security Policies To display the configuration of IPsec authentication and encryption policies, use the following commands. • Display the AH and ESP parameters configured in IPsec security policies, including the SPI number, key, and algorithms used.
bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Transform set : ah-md5-hmac Crypto IPSec client security policy data Policy name : OSPFv3-0-501 Policy refcount : 1 Inbound ESP SPI : 5.
replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 The Dell Networking OS has several tools to make troubleshooting easier. Consider the following information as these are typical issues that interrupt the OSPFv3 process.
– packet : View OSPF packets. – For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information (for example, passive-interface gi 2/1 ). – For a port channel, enter the keywords port-channel then a number from 1 to 255.
36 Policy-based Routing (PBR) Policy-based Routing is supported on the MXL platform. This chapter covers the following topics: • Overview • Implementing Policy-based Routing with Dell Networking O.
To enable a PBR, you create a Redirect List. Redirect lists are defined by rules, or routing policies. The following parameters can be defined in the routing policies or rules: • IP address of the f.
a tunnel interface user needs to provide tunnel id mandatory. Instead if user provides the tunnel destination IP as next hop, that would be treated as IPv4 next hop and not tunnel next hop.
Create a Redirect List Use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose ip redirect-list redirect-list- name CONFIGURATION Create a redirect list by entering the list name. Format: 16 characters Delete the redirect list with the no ip redirect-list command.
Delete a rule with the no redirect command. The redirect rule supports Non-contiguous bitmasks for PBR in the Destination router IP address The below step shows a step-by-step example of how to create.
seq 20 redirect 10.1.1.3 ip 20.1.1.0/24 any Dell(conf-redirect-list)# NOTE: Starting in release 9.4(0.0), Dell Networking OS supports the use of multiple recursive routes with the same source-address and destination-address combination in a redirect policy on an router.
Command Syntax Command Mode Purpose ip redirect-group redirect- list-name INTERFACE Apply a redirect list (policy-based routing) to an interface. redirect-list-name is the name of a redirect list to apply to this interface. FORMAT: up to 16 characters Delete the redirect list from this interface with the [no] ip redirect-group command.
Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 2 udp 155.55.
Sample Configuration The following configuration is an example for setting up a PBR. These are not comprehensive directions. They are intended to give you a some guidance with typical configurations. You can copy and paste from these examples to your CLI.
EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ! ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD.
Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the Status of the Track Objects (Up/Down): Dell#show track brief ResId Resource Parameter State LastChange 1 Interface ip routing Tunnel 1 Up 00:02:16 2 Interface ipv6 routing Tunnel 2 Up 00:03:31 3 IP Host reachability 42.
Dell(conf-if-tu-2)#tunnel keepalive 601:10::2 Dell(conf-if-tu-2)#ipv6 address 601:10::1/64 Dell(conf-if-tu-2)#no shutdown Dell(conf-if-tu-2)#end Dell# Create Track Objects to track the Tunnel Interfac.
Te 2/28 Dell# 670 Policy-based Routing (PBR).
37 PIM Sparse-Mode (PIM-SM) Protocol-independent multicast sparse-mode (PIM-SM) is supported on the MXL switch platform. PIM-SM is a multicast protocol that forwards multicast traffic to a subnet only.
1. After receiving an IGMP Join message, the receiver gateway router (last-hop DR) creates a (*,G) entry in its multicast routing table for the requested group. The interface on which the join message was received becomes the outgoing interface associated with the (*,G) entry.
path tree switchover latency by copying and forwarding the first (S,G) packet received on the SPT to the PIM task immediately upon arrival. The arrival of the (S,G) packet confirms for PIM that the SPT is created, and that it can prune itself from the shared tree.
Example of Viewing PIM-SM Interfaces Example of Viewing PIM Neighbors Example of Viewing the PIM Multicast Routing Table To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface VIFindex Ver/ Nbr Query DR DR Mode Count Intvl Prio 189.
Configuring S,G Expiry Timers By default, S, G entries expire in 210 seconds. You can configure a global expiry time (for all [S,G] entries) or configure an expiry time for a particular entry. If you configure both, the ACL supersedes the global configuration for the specified entries.
! ip access-list extended SGtimer seq 5 permit ip 10.1.2.0/24 225.1.1.0/24 seq 10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf) #ip pim sparse-mode.
To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.
Enabling PIM-SM Graceful Restart To enable PIM-SM graceful restart, use the following commands. • Enable PIM-SM graceful restart (non-stop forwarding capability). CONFIGURATION mode ip pim graceful-restart nsf – (option) restart-time : the time the Dell Networking system requires to restart.
38 PIM Source-Specific Mode (PIM-SSM) PIM source-specific mode (PIM-SSM) is supported on the MXL switch platform. PIM-SSM is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only.
Implementation Information • The Dell Networking implementation of PIM-SSM is based on RFC 3569. • The Dell Networking operating system (OS) reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message.
Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using the ip igmp ssm-map acl command source from CONFIGURATION mode.
SSM Map Information Group : 239.0.0.2 Source(s) : 10.11.5.2 R1(conf)#do show ip igmp groups detail Interface Vlan 300 Group 239.0.0.2 Uptime 00:00:01 Expires Never Router mode IGMPv2-Compat Last reporter 10.11.3.2 Last reporter mode IGMPv2 Last report received Join Group source list Source address Uptime Expires 10.
39 Port Monitoring Port monitoring is supported on the MXL switch platform. Mirroring is used for monitoring Ingress or Egress or both Ingress and Egress traffic on a specific port(s). This mirrored traffic can be sent to a port where a network sniffer can connect and monitor the traffic.
------ ------ ----------- --- ---- --------- -------- 1 Te 0/0 Te 0/1 both Port N/A N/A 2 Te 0/0 Te 0/2 both Port N/A N/A Dell (conf-mon-sess-2)#do show running-config monitor session ! monitor sessio.
0 Po 10 Te 0/1 rx Port N/A N/A Dell(conf)#monitor session 1 Dell(conf-mon-sess-1)#source vl 40 dest ten 0/2 dir rx Dell(conf-mon-sess-1)#flow-based enable Dell(conf-mon-sess-1)#exit Dell(conf)#do show.
Enabling Flow-Based Monitoring Flow-based monitoring is supported only on the S-Series platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is particularly useful when looking for malicious traffic.
--------- ------ ----------- --------- ---- ---- 0 Gi 1/1 Gi 1/2 rx interface Flow-based Remote Port Mirroring Remote Port Mirroring is supported on the MXL Switch platform.
Configuring Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches).
• The L3 interface configuration should be blocked for RPM VLAN. • The member port of the reserved VLAN should have MTU and IPMTU value as MAX+4 (to hold the VLAN tag parameter). • To associate with source session, the reserved VLAN can have at max of only 4 member ports.
• A destination port for remote port mirroring cannot be used as a source port, including the session in which the port functions as the destination port. • A destination port cannot be used in any spanning tree instance. • The reserved VLAN used to transport mirrored traffic must be a L2 VLAN.
Step Command Purpose 1 configure terminal Enter global configuration mode. 2 monitor session <id> type rpm The <id> needs to be unique and not already defined in the box specifying type as 'rpm' defines a RPM session.
Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 0/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel.
Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source remote-vlan 20 destination te 0/4 Dell(conf-mon-sess-2)#tagged destination te 0/4 Dell(conf-mon-sess-2)#exit Dell(conf)#monitor sessi.
Step Command Purpose 1 configure terminal Enter global configuration mode. The following example shows a sample configuration . Dell(conf)#monitor session 0 type erpm Dell(conf-mon-sess-0)#source tengigabitethernet 0/9 direction rx Dell(conf-mon-sess-0)#source port-channel 1 direction tx Dell(conf-mon-sess-0)#erpm source-ip 1.
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported.
– The Header that gets attached to the packet is 38 bytes long. In case of a packet with L3 VLAN, it would be 42 bytes long. The original payload /original mirrored data starts from the 39 th byte in a given ERPM packet. The first 38/42 bytes of the header needs to be ignored/ chopped off.
40 Private VLANs (PVLAN) The private VLAN (PVLAN) feature is supported on the MXL switch platform. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide .
• Primary VLAN — the base VLAN of a PVLAN: – A switch can have one or more primary VLANs, and it can have none. – A primary VLAN has one or more secondary VLANs. – A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch.
[no] private-vlan mode {community | isolated | primary} • Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode [no] private-vlan mapping secondary-vlan vlan-list • Display type and status of PVLAN interfaces.
3. Set the port in Layer 2 mode. INTERFACE mode switchport 4. Select the PVLAN mode. INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • host (isolated or community VLAN port).
private-vlan mode primary 4. Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be: • Specified in comma-delimited ( VLAN-ID,VLAN-ID ) or hyphenated-range format ( VLAN-ID- VLAN-ID ).
private-vlan mode community 4. Add one or more host ports to the VLAN. INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited ( slot/ port,port,port ) or hyphenated ( slot/ port-port ).
Dell(conf)# interface vlan 100 Dell(conf-vlan-100)# private-vlan mode isolated Dell(conf-vlan-100)# untagged Te 2/2 Private VLAN Configuration Example The following example shows a private VLAN topology.
• The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. • The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports. • The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000.
Example of Viewing a Private VLAN Example of the show vlan private-vlan mapping Command Example of Viewing VLAN Status Example of Viewing Private VLAN Configuration The show arp and show vlan commands are revised to display PVLAN data.
switchport mode private-vlan host no shutdown ! interface TenGigabitEthernet 1/5 no ip address switchport switchport mode private-vlan trunk no shutdown interface Vlan 20 private-vlan mode primary pri.
41 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is supported on the MXL switch platform. Protocol Overview PVST+ is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN).
Table 46. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .
protocol spanning-tree pvst 2. Enable PVST+. PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration.
Figure 101. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker.
Root Identifier has priority 32768, Address 001e.c9f1.00f3 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 32768, Address 001e.c9f1.00f3 Configured hello time 2, max age 20, forward delay 15 Bpdu filter disabled globally We are the root of VLAN 2 Current root has priority 32768, Address 001e.
• Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds .
Port Cost Default Value Port Channel with two 40-Gigabit Ethernet interfaces 600 NOTE: The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs.
The EdgePort status of each interface is given in the output of the show spanning-tree pvst command, as previously shown. Dell Networking OS Behavior : Regarding the bpduguard shutdown-on-violation command behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Figure 102. PVST+ with Extend System ID • Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.
interface TenGigabitEthernet 1/32 no ip address switchport no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface Vlan 100 no ip address tagged TenGigabitEthernet.
no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown !.
edge-port bpdu filter default Figure 103. BPDU Filtering Enabled Globally 718 Per-VLAN Spanning Tree Plus (PVST+).
42 Quality of Service (QoS) Quality of service (QoS) is supported on the MXL switch platform. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. The MXL switch traffic has four data queues per port.
Feature Direction Create Policy Maps Ingress + Egress Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Polic.
Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication . It also implements these Internet Engineering Task Force (IETF) docu.
dot1p Queue Number 7 3 • Change the priority of incoming traffic on the interface. dot1p-priority Example of Configuring a dot1p Priority on an Interface NOTE: The dot1p-priority command marks all incoming traffic on an interface with a specified dot1p priority and maps all incoming traffic to the corresponding queue.
Priority-Tagged Frames on the Default VLAN Priority-tagged frames are 802.1Q tagged frames with VLAN ID 0. For VLAN classification, these packets are treated as untagged. However, the dot1p value is still honored when you configure service-class dynamic dot1p or trust dot1p .
Example of rate—shape Command Dell#config Dell(conf)#interface tengigabitethernet 1/0 Dell(conf-if)#rate shape 500 50 Dell(conf-if)#end Dell# Guidelines for Configuring ECN for Classifying and Color.
seq 5 permit any ecn 0 class-map match-any ecn_0_cmap match ip access-group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map “ecn_0_pmap” will mark all the packets with ‘ecn == 0’ as yellow packets on queue0 (default queue).
The Dell Networking OS Release 9.3(0.0) supports the following QOS actions in the ingress policy based QOS: 1. Rate Policing 2. Queuing 3. Marking For the L3 Routed packets, the DSCP marking is the only marking action supported in the software.
By default Dell Networking OS drops all the ‘RED’ or ‘violate’ packets. The following combination of marking actions to be specified match sequence of the class-map command: • set a new DSCP.
service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard dscp_50_ecn seq 5 permit any dscp.
Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 105. Constructing Policy-Based QoS Configurations DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configuration.
Creating a DSCP Color Map You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, yellow, red) for the input traffic.
Assign the color map, bat-enclave-map to interface . Displaying DSCP Color Maps To display DSCP color maps, use the show qos dscp-color-map command in EXEC mode.
Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value or IP precedence, and characteristics defined in an IP ACL. You can also use VLAN IDs and VRF IDs to classify the traffic using layer 3 class-maps.
The following example matches IPv6 traffic with a DSCP value of 40. Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40 The following example matches IPv4 and IPv6 traffic with a precedence value of 3.
In cases such as these, where class-maps with overlapping ACL rules are applied to different queues, use the keyword order . The Dell Networking OS writes to the CAM ACL rules with lower order numbers (order numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended.
Examples of Traffic Classifications The following example shows incorrect traffic classifications. Dell#show running-config policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map Cl.
20418 1 0 IP 0x0 0 0 23.64.0.3/32 0.0.0.0/0 12 1 20419 1 10 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 14 1 24511 1 0 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 - 0 Create a QoS Policy There are two types of QoS policies — input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic.
Setting a DSCP Value for Egress Packets You can set the DSCP value for egress packets based on ingress QOS classification. The 6 bits that are used for DSCP are also used to identify the queue in which traffic is buffered.
Allocating Bandwidth to Queue The Dell Networking recommends pre-calculating your bandwidth requirements before creating them. Make sure you apply the QoS policy to all the four queues and that the sum of the bandwidths allocated through them is exactly 100.
Dell# Specifying WRED Drop Precedence • Specify a WRED profile to yellow and/or green traffic. QOS-POLICY-OUT mode wred For more information, refer to Applying a WRED Profile to Traffic . Create Policy Maps There are two types of policy maps: input and output.
Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following command. • Apply an input QoS policy to an input policy map.
Table 51. Default dot1p to Queue Mapping dot1p Queue ID 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 The dot1p value is also honored for frames on the default VLAN. For more information, refer to Priority- Tagged Frames on the Default VLAN . • Enable the trust dot1p feature.
match ip dscp 0 match ip access-group qos-BE1-ACL The packet classification logic for the configuration shown is as follows: 1. Match packets against match-any qos-AF4 . If a match exists, queue the packet as AF4 in Queue 4, and if no match exists, go to the next class map.
Applying an Input Policy Map to an Interface To apply an input policy map to an interface, use the following command. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. • You cannot apply an input Layer 2 QoS policy on an interface you also configure with the vlan- stack access command.
Applying an Output Policy Map to an Interface To apply an output policy map to an interface, use the following command. • Apply an input policy map to an interface. INTERFACE mode service-policy output You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it.
Enabling Strict-Priority Queueing Strict-priority means that the Dell Networking OS de-queues all packets from the assigned queue before servicing any other queues. • The strict-priority supersedes bandwidth-percentage and bandwidth-weight percentage configurations.
Figure 106. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 52. Pre-Defined WRED Profiles Default Profile Name Minimum Threshold Maxim.
Applying a WRED Profile to Traffic After you create a WRED profile, you must specify to which traffic the system should apply the profile. The Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it.
Interface Te 0/20 Drop-statistic Dropped Pkts Green 11234 Yellow 12484 Out of Profile 0 Dell# Displaying egress-queue Statistics To display egress-queue statistics of both transmitted and dropped packets and bytes, use the following command. • Display the number of packets and number of bytes on the egress-queue profile.
To apply a Layer 2 policy on Layer 3 interfaces, perform the following: 1. Configure an interface with an IP address or a VLAN subinterface CONFIGURATION mode Dell(conf)# int fo 0/0 INTERFACE mode Dell(conf-if-fo-0/0)# ip address 90.1.1.1/16 2. Configure the Layer 2 policy with Layer 2 (Dot1p or source MAC-based) classification rules.
CLASS-MAP mode Dell (conf-class-map)#match ip dscp 5 3. Configure a match criterion for a class map based on the VLAN ID. CLASS-MAP mode Dell (conf-class-map)#match ip vlan 5 4. Create a QoS input policy on the device. CONFIGURATION mode Dell(conf)#qos-policy-input pp_qospolicy 5.
43 Routing Information Protocol (RIP) The routing information protocol (RIP) is based on a distance-vector algorithm and tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter.
RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet masks, and next hop addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.
• Controlling RIP Routing Updates (optional) • Setting the Send and Receive Version (optional) • Generating a Default Route (optional) • Controlling Route Metrics (optional) • Summarize Rout.
2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 0/0 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 0/0 8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 0/0 12.0.0.0/8 auto-summary 20.
ROUTER RIP mode passive-interface interface Adding RIP Routes from Other Instances In addition to filtering routes, you can add routes from other routing instances or protocols to the RIP process. With the redistribute command, you can include open shortest path first (OSPF), static, or directly connected routes in the RIP process.
To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Setting the Send and Receive Version To change the RIP version globally or on an interface in the system, use the following command.
Gateway Distance Last Update Distance: (default is 120) Dell# To configure an interface to receive or send both versions of RIP, include 1 and 2 in the command syntax. The command syntax for sending both RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example.
– value The range is from 1 to 16. – route-map-name : The name of a configured route map. To confirm that the default route configuration is completed, use the show config command in ROUTER RIP mode.
Configure the following parameters: – prefix-list-name : the name of an established Prefix list to determine which incoming routes are modified – offset : the range is from 0 to 16. – interface : the type, slot, and number of an interface. To view the configuration changes, use the show config command in ROUTER RIP mode.
Figure 107. RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-gi-2/31)# Core2(conf-if-gi-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.
[120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/31 192.168.1.0/24 auto-summary 192.168.2.0/24 [120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/31 192.
RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf-if-gi-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.
L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- R 10.11.10.0/24 via 10.
! interface TenGigabitEthernet 2/42 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 ! interface TenGigabitEthernet 3/11 ip address 10.11.30.1/24 no shutdown ! interface TenGigabitEthernet 3/21 ip address 10.
44 Remote Monitoring (RMON) RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces.
Fault Recovery RMON provides the following fault recovery functions. Interface Down — When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes.
– event-number : event number to trigger when the falling threshold exceeds its limit. This value is identical to the alarmFallingEventIndex in the alarmTable of the RMON MIB. If there is no corresponding falling-threshold event, the value should be zero.
Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode.
– seconds : (Optional) the number of seconds in each polling cycle. The value is ranged from 5 to 3,600 (Seconds). The default is 1,800 (as defined in RFC-2819). Example of the rmon collection history Command To remove a specified RMON history group of statistics collection, use the no form of this command.
45 Rapid Spanning Tree Protocol (RSTP) Rapid spanning tree protocol (RSTP) is supported on the MXL switch platform. Protocol Overview RSTP is a Layer 2 protocol — specified by IEEE 802.
• Flush MAC Addresses after a Topology Change Important Points to Remember • RSTP is disabled by default. • The Dell Networking OS supports only one Rapid Spanning Tree (RST) instance. • All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology.
• Only one path from any bridge to any other bridge is enabled. • Bridges block a redundant path by disabling one of the link ports. To enable RSTP globally for all Layer 2 interfaces, use the following commands. 1. Enter PROTOCOL SPANNING TREE RSTP mode.
Figure 108. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output.
BPDU : sent 121, received 2 The port is not in the Edge port mode, bpdu filter is disabled Port 379 (TenGigabitethernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.
For bridge protocol data units (BPDU) filtering behavior, refer to Removing an Interface from the Spanning Tree Group . Modifying Global Parameters You can modify RSTP parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in the Rapid Spanning Tree group.
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds . • Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40.
edge-port bpdu filter default Figure 109. BPDU Filtering Enabled Globally Modifying Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port priority values. • Port cost — a value that is based on the interface type. The previous table lists the default values.
To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
shutdown Dell(conf-if-te-2/0)# Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge. To change the bridge priority, use the following command.
The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.
46 Security Security features are supported on the MXL switch platform. This chapter describes several ways to provide access security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide .
aaa accounting {commands | exec | suppress | system} { default | name } {start- stop | wait-start | stop-only} {tacacs+} The variables are: – command level : sends accounting of commands executed at the specified privilege level. – exec : sends accounting information when a user has logged in to EXEC mode.
Configuring AAA Accounting for Terminal Lines To enable AAA accounting with a named method list for a specific terminal line (where com15 and execAcct are the method list names), use the following commands. • Configure AAA accounting for terminal lines.
and different users. In the Dell Networking OS, AAA uses a list of authentication methods, called method lists, to define the types of authentication and the sequence in which they are applied. You can define a method list or use the default method list.
• none : no authentication. • radius : use the RADIUS servers configured with the radius-server host command. • tacacs+ : use the TACACS+ servers configured with the tacacs-server host command. 2. Enter LINE mode. CONFIGURATION mode line {aux 0 | console 0 | vty number [ .
CONFIGURATION mode tacacs-server host x.x.x.x key some-password Example of Enabling Authentication from the RADIUS Server Example of Enabling Local Authentication for the Console and Remote Authentication for VTY Lines To get enable authentication from the RADIUS server and use TACACS as a backup, issue the following commands.
• Privilege level 1 — is the default level for EXEC mode. At this level, you can interact with the router, for example, view some show commands and Telnet and ping to test connectivity, but you cannot configure the router. This level is often called the “user” level.
– access-class access-list-name : Restrict access by access-class. – nopassword : Require password for the user to login. – encryption-type : Enter 0 for plain text or 7 for encrypted text. – password : Enter a string. Specify the password for the user.
username name [access-class access-list-name ] [privilege level ] [nopassword | password [ encryption-type ] password ] [secret] Configure the optional and required parameters: • name : enter a text string (up to 63 characters). • access-class access-list-name : enter the name of a configured IP ACL.
Line 3: The configure command is assigned to privilege level 8 because it needs to reach CONFIGURATION mode where the snmp-server commands are located.
privilege level level – level level : The range is from 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration.
For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service . RADIUS Authentication and Authorization The Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aaa authentication login command.
Auto-Command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line. The auto-command command is executed when the user is authenticated and before the prompt appears to the user. • Automatically execute a command.
• Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the RADIUS authentication method. CONFIGURATION mode aaa authentication login method-list-name radius • Create a method list with RADIUS and TACACS+ as authorization methods.
– timeout seconds : the range is from 0 to 1000. Default is 5 seconds . – key [ encryption-type ] key : enter 0 for plain text or 7 for encrypted text, and a string for the key. The key can be up to 42 characters long. This key must match the key configured on the RADIUS server host.
radius-server timeout seconds – seconds : the range is from 0 to 1000. Default is 5 seconds . To view the configuration of RADIUS communication parameters, use the show running-config command in EXEC Privilege mode. Monitoring RADIUS To view information on RADIUS transactions, use the following command.
Use this command multiple times to configure multiple TACACS+ server hosts. 2. Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method. CONFIGURATION mode aaa authentication login { method-list-name | default} tacacs+ [ .
on vty0 (10.11.9.209) %RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0 ( 10.11.9.209 ) Monitoring TACACS+ To view information on TACACS+ transactions, use the following command. • View TACACS+ transactions to troubleshoot problems.
Specifying a TACACS+ Server Host To specify a TACACS+ server host and configure its communication parameters, use the following command. • Enter the host name or IP address of the TACACS+ server host.
If rejected by the AAA server, the command is not added to the running config, and a message displays: 04:07:48: %RPM0-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure Command authorization failed for user (denyall) on vty0 ( 10.
show ip ssh Specifying an SSH Version The following example shows using the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 Dell(conf)#do show ip ssh SSH server : disabled.
• ip ssh password-authentication enable : enable password authentication for the SSH server. • ip ssh pub-key-file : specify the file the host-based authentication uses. • ip ssh rhostsfile : specify the rhost file the host-based authorization uses.
The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes.
• hmac-sha1-96 • hmac-sha2-256 • hmac-sha2-256-96 The default HMAC algorithms are the following: • hmac-md5 • hmac-md5-96 • hmac-sha1 • hmac-sha1-96 • hmac-sha2-256 • hmac-sha2-256-96 When FIPS is enabled, the default HMAC algorithm is hmac-sha1-96.
Secure Shell Authentication Secure Shell (SSH) is disabled by default. Enable SSH using the ip ssh server enable command. SSH supports three methods of authentication: • Enabling SSH Authentication .
CONFIGURATION mode no ip ssh password-authentication enable 4. Bind the public keys to RSA authentication. EXEC Privilege mode ip ssh rsa-authentication enable 5.
Example of Creating shosts Example of Creating rhosts admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_key ssh_host_rsa_key admin@Unix_client# cat ssh_host_rsa_key.
In this case, verify that host-based authentication is set to “Yes” in the file ssh_config (root permission is required to edit this file): permission denied (host based). If the IP address in the RSA key does not match the IP address from which you attempt to log in, the following message appears.
1. Create a username. 2. Enter a password. 3. Assign an access class. 4. Enter a privilege level. You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as authorization. Configure local authentication globally and configure access classes on a per-user basis.
Dell(conf)# Dell(conf)#aaa authentication login tacacsmethod tacacs+ Dell(conf)#tacacs-server host 256.1.1.2 key Force10 Dell(conf)# Dell(conf)#line vty 0 9 Dell(config-line-vty)#login authentication .
• Configuring AAA Authorization for Roles • Configuring an Accounting for Roles • Applying an Accounting Method to a Role • Displaying Active Accounting Sessions for Roles • Configuring TACA.
Configuring Role-based Only AAA Authorization You can configure authorization so that access to commands is determined only by the user’s role. If the user has no user role, access to the system is denied as the user will not be able to login successfully.
exec-timeout 0 0 line vty 0 login authentication test authorization exec test line vty 1 login authentication test authorization exec test To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles.
User Roles This section describes how to create a new user role and configure command permissions and contains the following topics. • Creating a New User Role • Modifying Command Permissions for .
Create a new user role, myrole and inherit security administrator permissions. Dell(conf)#userrole myrole inherit secadmin Verify that the user role, myrole , has inherited the security administrator permissions. The output highlighted in bold indicates that the user role has successfully inherited the security administrator permissions.
netadmin role is not listed in the Role access: secadmin,sysadmin , which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin show users Dell#show role mo.
Dell(conf)#do show role mode ? configure Global configuration mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route-map Route map configuration mode router Rout.
This section contains the following AAA Authentication and Authorization for Roles configuration tasks: • Configuring AAA Authentication for Roles • Configuring AAA Authorization for Roles • Con.
You can further restrict users’ permissions, using the aaa authorization command command in CONFIGURATION mode. aaa authorization command { method-list-name | default} method [… method4 ] Examples of Applying a Method List The following configuration example applies a method list: TACACS+, RADIUS and local: ! radius-server host 10.
authorization exec ucraaa accounting commands role netadmin ucraaa line vty 9 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa ! Configuring TACACS+ and R.
• Configuring AAA Accounting for Roles • Applying an Accounting Method to a Role • Displaying Active Accounting Sessions for Roles Configuring AAA Accounting for Roles To configure AAA accounting for roles, use the aaa accounting command in CONFIGURATION mode.
Display Information About User Roles This section describes how to display information about user roles. This sections consists of the following topics: • Displaying User Roles • Displaying Inform.
the output and both the privilege and roles for all users is also displayed. If the role is not defined, the system displays "unassigned" . Example of Displaying Information About Users Logg.
47 Service Provider Bridging Service provider bridging is supported on the MXL switch platform. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges , which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks .
Figure 110. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLAN- Stack-enabled VLAN.
Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1. Creating Access and Trunk Ports 2. Assign access and trunk ports to a VLAN ( Creating Access and Trunk Ports ).
Dell#show run interface gi 7/12 ! interface GigabitEthernet 7/12 no ip address switchport vlan-stack trunk no shutdown Enable VLAN-Stacking for a VLAN To enable VLAN-Stacking for a VLAN, use the following command. • Enable VLAN-Stacking for the VLAN.
Configuring Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic. You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port.
Debugging VLAN Stacking To debug VLAN stacking, use the following command. • Debug the internal state and membership of a VLAN and its ports. debug member Example of Debugging a VLAN and its Ports The port notations are as follows: • MT — stacked trunk • MU — stacked access port • T — 802.
You can configure the first 8 bits of the TPID using the vlan-stack protocol-type command. The TPID is global. Ingress frames that do not match the system TPID are treated as untagged. This rule applies for both the outer tag TPID of a double-tagged frame and the TPID of a single-tagged frame.
Figure 112. Single and Double-Tag First-byte TPID Match Service Provider Bridging 831.
Figure 113. Single and Double-Tag TPID Mismatch Table 57. Behaviors for Mismatched TPID Network Position Incoming Packet TPID System TPID Match Type Pre-Version 8.
Network Position Incoming Packet TPID System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.0+ 0x81XY single-tag first- byte match switch to VLAN switch to default VLAN Core untagged 0xUVWX — swi.
• Make packets eligible for dropping based on their DEI value. CONFIGURATION mode dei enable By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to a Dell Networking OS drop precedence.
Example of Viewing DEI-Marking Configuration To display the DEI-marking configuration, use the show interface dei-mark [ interface slot/ port | linecard number port-set number ] in EXEC Privilege mode.
Dell Networking OS Behavior : For Option A shown in the previous illustration, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence.
CONFIGURATION mode cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number {vman-qos | vman-qos-dual- fp} number • vman-qos : mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p.
Figure 115. VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region. Layer 2 protocol tunneling enables BPDUs to trave.
network because only the Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address.
Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1. Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode show cam-profile 2. Enable protocol tunneling globally on the system.
3. Reload the system. EXEC Privilege mode reload 4. Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command.
48 sFlow Configuring sFlow is supported on the MXL switch platform. Overview The Dell Networking operating system (OS) supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic.
To avoid the back-off, either increase the global sampling rate or configure all the line card ports with the desired sampling rate even if some ports have no sFlow configured. Important Points to Remember • The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration using the snmpset command.
Enabling sFlow Max-Header Size Extended To configure the maximum header size of a packet to 256 bytes, use the following commands: • Set the maximum header size of a packet. CONFIGURATION mode INTERFACE mode sflow max-header-size extended By default, the maximum header size of a packet is 128 bytes.
If you enable sFlow on an interface, the show output displays the following (shown in bold). Dell(conf-if-te-1/10)#show sflow sFlow services are enabled Egress Management Interface sFlow services are .
Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.
• Identify sFlow collectors to which sFlow datagrams are forwarded. CONFIGURATION mode sflow collector ip-address agent-addr ip-address [ number [max-datagram-size number ] ] | [max-datagram-size number ] The default UDP port is 6343 . The default max-datagram-size is 1400 .
Sub-Sampling The sFlow sample rate is not the frequency of sampling, but the number of packets that are skipped before the next sample is taken. Therefore, the sFlow agent uses sub-sampling to create multiple sampling rates per port-pipe.
sFlow on LAG ports When a physical port becomes a member of a LAG, it inherits the sFlow configuration from the LAG port. Enabling Extended sFlow The MXL switch support extended-switch information processing only. Extended sFlow packs additional information in the sFlow datagram depending on the type of sampled packet.
0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected 0 sFlow samples dropped due to sub-sampling 850 sFlow.
49 Simple Network Management Protocol (SNMP) Simple network management protocol (SNMP) is supported on the MXL switch platform. Network management stations use SNMP to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a managed object can be static or variable.
Configuring SNMP version 3 requires configuring SNMP users in one of three methods. Refer to Setting Up User-Based Security (SNMPv3) . Related Configuration Tasks • Set up SNMP • Setting Up User-B.
FIPS Mode Privacy Options Authentication Options Disabled des56 (DES56-CBC) aes128 (AES128-CFB) md5 (HMAC-MD5-96) sha (HMAC-SHA1-96) Enabled aes128 (AES128-CFB) sha (HMAC-SHA1-96) To enable security f.
SNMP version 3 (SNMPv3) is a user-based security model that provides password authentication for user security and encryption for data security and privacy. Three sets of configurations are available for SNMP read/write operations: no password or privacy, password privileges, password and privacy privileges.
To set up user-based security (SNMPv3), use the following commands. • Configure the user with view privileges only (no password or privacy privileges). CONFIGURATION mode snmp-server user name group-name 3 noauth • Configure an SNMP group with view privileges only (no password or privacy privileges).
Reading Managed Object Values You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address.
In the following example, the value 4 displays in the OID before the IP address for IPv4. >snmpwalk -v 2c -c public 10.11.195.63 1.3.6.1.2.1.4.34 IP-MIB::ip.34.1.3.1. 4 .1.1.1.1 = INTEGER: 1107787778 IP-MIB::ip.34.1.3.1. 4 .2.1.1.1 = INTEGER: 1107787779 IP-MIB::ip.
• (From a management station) Identify the system manager along with this person’s contact information (for example, an email address or phone number). CONFIGURATION mode snmpset -v version -c community agent-ip sysContact.0 s “contact-info” You may use up to 55 characters.
snmp-server enable traps Enable all Dell Networking enterprise-specific and RFC-defined traps using the snmp-server enable traps command from CONFIGURATION mode. Enable all of the RFC-defined traps using the snmp-server enable traps snmp command from CONFIGURATION mode.
entity Enable entity change traps Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1487406) 4:07:54.06, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 4 Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1488564) 4:08:05.
SNMPv2-SMI::enterprises.6027.3.15.4.0.3, SNMPv2-SMI::enterprises.6027.3.15.4.1.1.0 = INTEGER: 45420801, SNMPv2-SMI::enterprises.6027.3.15.4.1.2.0 = INTEGER: 2, SNMPv2-SMI::enterprises.6027.3.15.4.0 = STRING: "ETS_TRAP_TYPE_PEER_STATE_CHANGE: ETS Peer state changed to disabled for port Te 0/44", SNMPv2-SMI::enterprises.
Table 59. List of Syslog Server MIBS that have read access MIB Object OID Object Values Description dF10SysLogTraps 1.3.6.1.4.1.6027.3.30.1.1 1 = reachable2 = unreachable Specifies whether the syslog server is reachable or unreachable.
MIB Object OID Object Values Description 3 = startup-config startup-config, the default copySrcFileLocation is flash. • If copySrcFileType is a binary file, you must also specify copySrcFileLocation and copySrcFileName. copySrcFileLocation . 1.3.6.1.
MIB Object OID Object Values Description 5 = scp copyUserName, and copyUserPassword. copyDestFileName . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.7 Path (if the file is not in the default directory) and filename. Specifies the name of destination file. copyServerAddress .
• To complete the command, use as many MIB Objects in the command as required by the MIB Object descriptions. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 NOTE: You can use the entire OID rather than the object name.
Copying the Startup-Config Files to the Running-Config To copy the startup-config to the running-config from a UNIX machine, use the following command. • Copy the startup-config to the running-config from a UNIX machine. snmpset -c private -v 2c force10system-ip-address copySrcFileType.
Copying the Startup-Config Files to the Server via TFTP To copy the startup-config to the server via TFTP from the UNIX machine, use the following command. NOTE: Verify that the file exists and its permissions are set to 777. Specify the relative path to the TFTP root directory.
Additional MIB Objects to View Copy Statistics Dell Networking provides more MIB objects to view copy statistics, as shown in the following table. Table 61. Additional MIB Objects for Copying Configuration Files via SNMP MIB Object OID Values Description copyState .
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory.
MIB Object OID Description chSysCoresTimeCreated 1.3.6.1.4.1.6027.3.19.1.2.9.1.3 Contains the time at which core files are created. chSysCoresStackUnitNumber 1.3.6.1.4.1.6027.3.19.1.2.9.1.4 Contains information that includes which stack unit or processor the core file was originated from.
NOTE: You can use the entire OID rather than the object name. Use the form: OID.index . Example of Getting a MIB Object Value (Using Object Name) Example of Getting a MIB Object Value (Using OID) The following examples show the snmpget command to obtain a MIB object value.
> snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.1107787786 = STRING: " My VLAN " [Dell Networkin.
The first hex pair, 00 in the previous example, represents ports 1 to 7 in Stack Unit 0. The next pair to the right represents ports 8 to 15. To resolve the hex pair into a representation of the individual ports, convert the hex pair to binary.
Example of Adding an Untagged Port to a VLAN using SNMP Example of Adding a Tagged Port to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.
snmp-server community 2. From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. EXEC Privilege mode show interface Or, from the management system, use the snmpwwalk command to identify the interface index.
Each object is comprised of an OID concatenated with an instance number. In the case of these objects, the instance number is the decimal equivalent of the MAC address; derive the instance number by converting each hex pair to its decimal equivalent.
SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.3.1000.0.1.232.6.149.172.1 = INTEGER: 1 SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.4.1000.0.1.232.6.149.172.1 = INTEGER: 1 Deriving Interface Indices The Dell Networking OS assigns an interface number to each (configured or unconfigured) physical and logical interface.
The system image can also be retrieved by performing an SNMP walk on the following OID: MIB Object is chSysSwModuleTable and the OID is 1.3.6.1.4.1.6027.
Status active, 2 – status inactive Layer 3 LAG does not include this support. SNMP trap works for the Layer 2 / Layer 3 / default mode LAG. SNMPv2-MIB::sysUpTime.0 = Timeticks: (8500842) 23:36:48.42 SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkDown IF-MIB::ifIndex.
Entity MIBS The Entity MIB provides a mechanism for presenting hierarchies of physical entities using SNMP tables. The Entity MIB contains the following groups, which describe the physical elements and logical elements of a managed system The following tables are implemented for the MXL switch.
SNMPv2-SMI::mib-2.47.1.1.1.1.2.8 = STRING: "Unit: 0 Port 5 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.9 = STRING: "Unit: 0 Port 6 10G Level" ---output truncated Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior.
50 Stacking Stacking is supported on the MXL switch platform. Stacking is supported on a MXL 10/40GbE switch on the 40GbE ports (for the base module) or a 2-Port 40GbE QSFP+ module.
Figure 117. Four-Stacked MXL 10/40GbE Switches Stack Management Roles The stack elects the management units for the stack management. • Stack master — primary management unit, also called the master unit. • Standby — secondary management unit.
• Switch removal If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority or MAC address becomes standby. NOTE: For the MXL switch, the entire stack has only one management IP address.
4 Member online MXL-10/40GbE MXL-10/40GbE 9-1-0-853 56 5 Member online MXL-10/40GbE MXL-10/40GbE 9-1-0-853 56 Dell# Failover Roles If the stack master fails (for example, is powered off), it is removed from the stack topology.
Figure 118. Dual-Ring Stacking Topology for MXL 10/40GbE Switches Example 2: Dual Daisy-Chain Stack Across Multiple Chassis Using two separate, daisy-chained stacks in a stacking topology provides redundancy and increased high availability in case of stack failure.
Figure 119. Dual Daisy-Chain Stacking Topology for MXL 10/40GbE Switches Stack Group/Port Numbers By default, each unit in Standalone mode is numbered stack-unit 0. Stack-unit numbers are assigned to member switches when the stack comes up. The following example shows the stack-group numbers of 40GbE ports on an MXL 10/40GbE switch.
Figure 120. Stack-Group on an MXL 10/40GbE Switch Configuring a Switch Stack Configuring a switch stack is a four step process. To configure and bring up a switch stack, follow these steps: 1. Connect the switches to be stacked with 40G direct attach or QSFP fibre cables.
• Stacking is supported only with other MXL 10/40GbE switches. A maximum of six MXL 10/40GbE switches is supported in a single stack. You cannot stack the MXL 10/40GbE switch with the M IO Aggregator or another type of switch. • A maximum of four stack groups (40GbE ports) is supported on a stacked MXL 10/40GbE switch.
Ports Fo 0/33 have been configured as stacking ports. Please save and reload for config to take effect Stack-groups are easier to think of simply as stack ports. For example, using the stack-group 0 command simply turns the lower port (port 9) into a stacking port.
Accessing the CLI To configure a stack, you must access the stack master in one of the following ways. • For remote out-of-band management (OOB), enter the OOB management interface IP address into a Telnet or secure shell (SSH) client and log in to the switch using the user ID and password to access the CLI.
NOTE: If the stacked switches all reboot at approximately the same time, the switch with the highest MAC address is automatically elected as the master switch. The switch with the next highest MAC address is elected as standby. As each switch joins the stack, it is assigned the lowest available stack-unit number from 0 to 5.
• If you renumber a switch to a number already assigned to another stack unit, the following error message displays: Dell#stack-unit 5 renumber 0 % ERROR: stack unit 0 already exists.
Converting 4x10GbE Ports to 40GbE for Stacking Stacking is supported only on 40GbE links by connecting 40GbE ports on the base module or a 2-Port QSFP+ module. However, on a 2-Port 40GbE QSFP+ module, the ports operate by default in 4x10GbE (quad) mode with breakout cables as eight 10GbE ports.
Adding a Stack Unit You can add a new unit to an existing stack both when the unit has no stacking ports (stack groups) configured and when the unit already has stacking ports configured. If the units to be added to the stack have been previously used, they are assigned the smallest available unit ID in the stack.
• If the new unit has been configured with a stack number that is already assigned to a stack member, the stack avoids a numbering conflict by assigning the new switch the first available stack number.
redundancy force-failover stack-unit A new standby is elected. When the former stack master comes back online, it becomes a member unit. • Prevent the stack master from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot stack-unit This command does not affect a forced failover, manual reset, or a stack-link disconnect.
Using Show Commands To display information on the stack configuration, use the show commands on the master switch. • Displays stacking roles (master, standby, and member units) and the stack MAC address.
-- Unit 1 -- Unit Type : Management Unit Status : online Next Boot : online Required Type : MXL-10/40GbE - 34-port GE/TE/FG (XL) Current Type : MXL-10/40GbE - 34-port GE/TE/FG (XL) Master priority : 14 Hardware Rev : 2.
--------------------------------------- 0 1 4 5 Dell#show system stack-unit 1 stack-group Stack group Ports ------------------------------ 0 0/33 1 0/37 2 0/41 3 0/45 4 0/49 5 0/53 Dell# Dell# show sy.
show redundancy 3. Displays input and output flow statistics on a stacked port. show hardware stack-unit unit-number stack-port port-number 4. Clears statistics on the specified stack unit.
Running Config: succeeded Mar 24 2012 20:07:39 ACL Mgr: succeeded Mar 24 2012 20:07:39 LACP: no block sync done STP: no block sync done Dell# show hardware stack-unit 1 stack-port 53 Input Statistics:.
Master Switch Fails • Problem : The master switch fails due to a hardware fault, software crash, or power loss. • Resolution : A failover procedure begins: 1. Keep-alive messages from the MXL 10/40GbE master switch time out after 60 seconds and the switch is removed from the stack.
Stack Unit in Card-Problem State Due to Incorrect Dell Networking OS Version • Problem : A stack unit enters a Card-Problem state because the switch has a different the Dell Networking OS version than the master unit. The switch does not come online as a stack unit.
Upgrading a Switch Stack To upgrade all switches in a stack with the same Dell Networking OS version, follow these steps. 1. Copy the new Dell Networking OS image to a network server.
Upgrade system image for all stack-units [yes/no]: yes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!! ! Image upgraded to all Dell# configure D.
Dell# configure Dell(conf)# boot system stack-unit 2 primary system: A: Dell(conf)# end Dell#Jan 3 14:27:00: %STKUNIT0-M:CP %SYS-5-CONFIG_I: Configured from console Dell# write memory Jan 3 14:27:10: %STKUNIT0-M:CP %FILEMGR-5-FILESAVED: Copied running-config to startup-config in flash by default Synchronizing data to peer Stack-unit !!!! .
51 Storm Control Storm control is supported on the MXL switch platform. The storm control feature allows you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces.
52 Spanning Tree Protocol (STP) The spanning tree protocol (STP) is supported on the MXL switch platform. Protocol Overview STP is a Layer 2 protocol — specified by IEEE 802.1d — that eliminates loops in a bridged topology by enabling only a single path through the network.
• SNMP Traps for Root Elections and Topology Changes Important Points to Remember • STP is disabled by default. • The Dell Networking operating system (OS) supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+).
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 121. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command.
3. Enable the interface. INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode.
Figure 122. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1. Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2.
To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output.
Adding an Interface to the Spanning Tree Group To add a Layer 2 interface to the spanning tree topology, use the following command. • Enable spanning tree on a Layer 2 interface.
PROTOCOL SPANNING TREE mode forward-delay seconds The range is from 4 to 30. The default is 15 seconds . • Change the hello-time parameter (the BPDU transmission interval). PROTOCOL SPANNING TREE mode hello-time seconds NOTE: With large configurations (especially those with more ports) Dell Networking recommends increasing the hello-time.
spanning-tree 0 priority priority-value The range is from 0 to 15. The default is 8 . To view the current values for interface parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally .
Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs.
Figure 123. Enabling BPDU Guard Dell Networking OS Behavior : BPDU guard and BPDU filtering (refer to Removing an Interface from the Spanning Tree Group ) both block BPDUs, but are two separate features. BPDU guard is used on edgeports and blocks all traffic on edgeport if it receives a BPDU.
Global BPDU Filtering When BPDU Filtering is enabled globally, it stops transmitting BPDUs on the operational port fast enabled ports by default. When it receives BPDUs, it automatically participates in the spanning tree. By default global bpdu filtering is disabled.
Figure 125. BPDU Filtering Enabled Globally Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. You can also specify that a bridge is the root or the secondary root.
Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the bridge- priority command) is selected as the root bridge.
Figure 126. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior : The following conditions apply to.
spanning-tree {0 | mstp | rstp | pvst} rootguard – 0 : enables root guard on an STP-enabled port assigned to instance 0. – mstp : enables root guard on an MSTP-enabled port. – rstp : enables root guard on an RSTP-enabled port. – pvst : enables root guard on a PVST-enabled port.
53 System Time and Date System time and date settings and the network time protocol (NTP) are supported on the MXL switch platform. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking operating system (OS) command line interfaces (CLIs) and hardware settings.
certain fields in the message, recalculates the checksum and returns the message immediately. Information included in the NTP message allows the client to determine the server time regarding local time and adjust the local clock accordingly.
Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process.
Configuring NTP Broadcasts With the Dell Networking OS, you can receive broadcasts of time information. You can set interfaces within the system to receive NTP information through broadcast. To configure an interface to receive NTP broadcasts, use the following commands.
– For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. To view the configuration, use the show running-config ntp command in EXEC privilege mode (refer to the example in Configuring NTP Authentication ).
– key keyid : Configure a text string as the key exchanged between the NTP server and the client. – prefer : Enter the keyword prefer to set this NTP server as the preferred server. – version number : Enter a number as the NTP version. The range is from 1 to 4.
NOTE: • Leap Indicator ( sys.leap , peer.leap , pkt.leap ) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day.
• Setting Daylight Saving Time Once • Setting Recurring Daylight Saving Time Setting the Time and Date for the Switch Software Clock You can change the order of the month and day parameters to enter the time and date as time day month year . You cannot delete the software clock.
Set Daylight Saving Time The Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis.
clock summer-time time-zone recurring start-week start-day start-month start- time end-week end-day end-month end-time [ offset ] – time-zone : Enter the three-letter name for the time zone.
Dell(conf)#clock summer-time pacific recurring Dell(conf)# System Time and Date 935.
54 Tunneling Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP mode.
ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IP.
tunnel mode ipip no shutdown Configuring the ip and ipv6 unnumbered Configuring the tunnel interface is supported on the MXL platform. You can configure the tunnel in ip unnumbered and ipv6 unnumbered command.
ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel source 40.1.1.1 tunnel allow-remote 40.1.1.2 tunnel mode ipip decapsulate-any no shutdown Configuring the Tunnel Source Anylocal You can use the anylocal argument in place of the ip address or interface, but only with multipoint receive-only mode tunnels.
55 Uplink Failure Detection (UFD) Uplink failure detection (UFD) is supported on the MXL switch platform. Feature Description UFD provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link.
Figure 128. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group .
result, downstream devices can execute the protection or recovery procedures they have in place to establish alternate connectivity paths, as shown in the following illustration.
Important Points to Remember When you configure UFD, the following conditions apply. • You can configure up to 16 uplink-state groups. By default, no uplink-state groups are created. – An uplink-state group is considered to be operationally up if it has at least one upstream interface in the Link-Up state.
• group-id : values are from 1 to 16. To delete an uplink-state group, use the no uplink-state-group group-id command. 2. Assign a port or port-channel to the uplink-state group as an upstream or downstream interface.
no enable The default is upstream-link tracking is automatically enabled in an uplink-state group. To re-enable upstream-link tracking, use the enable command. Clearing a UFD-Disabled Interface You can manually bring up a downstream interface in an uplink-state group that UFD disabled and is in a UFD-Disabled Error state.
to down: Group 3 00:10:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Te 0/4 00:10:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-.
– Port channel: enter port-channel {1-512} . If a downstream interface in an uplink-state group is disabled (Oper Down state) by uplink-state tracking because an upstream port is down, the message error-disabled[UFD] displays in the output. • Display the current configuration of all uplink-state groups or a specified group.
Hardware is Force10Eth, address is 00:01:e8:32:7a:47 Current address is 00:01:e8:32:7a:47 Interface index is 280544512 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit.
• Verify the configuration with various show commands. Example of Configuring UFD (S50) Dell(conf)#uplink-state-group 3 Dell(conf-uplink-state-group-3)# 00:23:52: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: .
56 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes .
57 Virtual LANs (VLANs) Virtual LANs (VLANs) are supported on the MXL switch platform. VLANs are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group.
command places the interface in Layer 2 mode and the show vlan command in EXEC privilege mode indicates that the interface is now part of the Default VLAN (VLAN 1). By default, VLAN 1 is the Default VLAN. To change that designation, use the default vlan-id command in CONFIGURATION mode.
VLANs and Port Tagging To add an interface to a VLAN, the interface must be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. The Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic.
NOTE: In a VLAN, the shutdown command stops Layer 3 (routed) traffic only. Layer 2 traffic continues to pass through the VLAN. If the VLAN is not a routed VLAN (that is, configured with an IP address), the shutdown command has no affect on VLAN traffic.
CONFIGURATION mode interface vlan vlan-id 2. Enable an interface to include the IEEE 802.1Q tag header. INTERFACE mode tagged interface Add an Interface to Another VLAN To view just the interfaces that are in Layer 2 mode, use the show interfaces switchport command in EXEC Privilege mode or EXEC mode.
Moving Untagged Interfaces To move untagged interfaces from the Default VLAN to another VLAN, use the following commands. 1. Access INTERFACE VLAN mode of the VLAN to which you want to assign the interface. CONFIGURATION mode interface vlan vlan-id 2.
The only way to remove an interface from the Default VLAN is to place the interface in Default mode by using the no switchport command in INTERFACE mode.
INTERFACE mode 2. Configure the interface for Hybrid mode. INTERFACE mode portmode hybrid 3. Configure the interface for Switchport mode. INTERFACE mode switchport 4.
58 Virtual Link Trunking (VLT) Virtual link trunking (VLT) is supported on the MXL switch platform. Overview VLT allows physical links between two chassis to appear as a single virtual link to the network core.
Figure 131. Virtual Link Trunking Multi-domain VLT A multi-domain VLT (mVLT) configuration creates a port channel between two VLT domains by allowing two different VLT domains, using different VLT Domain ID numbers, connected by a standard LACP LAG to form a loop-free Layer 2 topology in the aggregation layer.
Figure 132. Multi-Domain VLT Example VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches.
Important Points to Remember • VLT port channel interfaces must be switch ports. • If you include RSTP on the system, configure it before VLT. Refer to RSTP Configuration . • Ensure that the spanning tree root bridge is at the Aggregation layer.
– A VLT domain consists of the two core chassis, the interconnect trunk, backup link, and the LAG members connected to attached devices. – Each VLT domain has a unique MAC address that you create or VLT creates automatically. – ARP tables are synchronized between the VLT peer nodes.
* the VLT system MAC address matches. * the VLT unit-id is not identical. NOTE: If you configure the VLT system MAC address or VLT unit-id on only one of the VLT peer switches, the link between the VLT peer switches is not established. Each VLT peer switch must be correctly configured to establish the link between the peers.
Connecting a VLT Domain to an Attached Access Device (Switch or Server) ). To configure a port in Hybrid mode so that it can carry untagged, single-tagged, and double-tagged traffic, use the portmode hybrid command in Interface Configuration mode as described in Configuring Native VLANs .
• Failure scenarios – On a link failover, when a VLT port channel fails, the traffic destined for that VLT port channel is redirected to the VLTi to avoid flooding.
VLT Bandwidth Monitoring When bandwidth usage of the VLTi (ICL) exceeds 80%, a syslog error message (shown in the following message) and an SNMP trap are generated. %STKUNIT0-M:CP %VLTMGR-6-VLT-LAG-ICL: Overall Bandwidth utilization of VLT-ICL- LAG (port-channel 25) crosses threshold.
PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources.
(DR) if they are incorrectly hashed. In addition to being first-hop or last -hop routers, the peer node can also act as an intermediate router. The VLT peer nodes can also act as normal PIM routers on Layer 3 ports and on VLANS that do not have any VLT port members.
• For optimal performance, configure the VLT VLAN routing metrics to prefer VLT VLAN interfaces over non-VLT VLAN interfaces. • When using factory default settings on a new switch deployed as a VLT node, packet loss may occur due to the requirement that all ports must be open.
node. Configuration mismatches are logged in the syslog and displayed in the output of the show vlt inconsistency command. When you enable VLT unicast, VLAN wildcarding is enabled to support up to 4094 VLANs.
RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the VLT startup phase. You may also use RSTP for loop prevention in the network outside of the VLT port channel.
primary VLT switch determines the RSTP roles and states on VLT ports and ensures that the VLT interconnect link is never blocked. In the case of a primary VLT switch failure, the secondary switch starts sending BPDUs with its own bridge ID and inherits all the port states from the last synchronization with the primary switch.
Enter the same port-channel number configured with the peer-link port-channel command as described in Configuring VLT and Connecting a VLT Domain . NOTE: To be included in the VLTi, the port channel must be in Default mode ( no switchport or VLAN assigned).
Configuring a VLT Port Delay Period To configure a VLT port delay period, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs from 1 to 1000. 2.
Also, reconfigure the same MAC address on the VLT peer switch. Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots.
6. Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device. INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number The valid port-channel ID numbers are from 1 to 128. 7. Repeat Steps 1 to 6 on the VLT peer switch to configure the same port channel as part of the VLT domain.
interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command. 2. Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface specifies one of the following interface types: • 10-Gigabit Ethernet: Enter tengigabitethernet slot/port .
Use the unit-id command to explicitly configure the default values on each peer switch. You must configure a different unit ID (0 or 1) on each peer switch. Use this command to minimize the time required for the VLT system to determine the unit ID assigned to each peer switch when one peer switch reboots.
Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches.
Example of the show vlt backup-link Command Example of the show vlt brief Command Example of the show vlt detail Command Example of the show vlt role Command Example of the show running-config vlt Com.
127 2 UP UP 20, 30 Dell_VLTpeer2# show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active VLANs ------------ ----------- ------------ ----------- ------------- 2 127 UP UP 20, 30 100 .
The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is used in the VLT interconnect trunk (VLTi) to connect to VLT peer2. Port channels 110, 111, and 120 are used to connect to access switches or servers (vlt).
NOTE: To benefit from the protocol negotiations, Dell Networking recommends configuring VLTs used as facing hosts/switches with LACP. Both peers must use the same port channel ID. 3. Configure the peer-link port-channel in the VLT domains of each peer unit.
Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2 Configure the VLTi between VLT peer 1 and VLT peer 2 Configure the backup link between the VLT peer units. Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit.
1. Configure the static LAG/LACP between ports connected from VLT peer 1 and VLT peer 2 to the top of rack unit. 2. Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. 3. In the top of rack unit, configure LACP in the physical ports (shown for VLT peer 1 only.
! interface TenGigabitEthernet 0/50 no ip address ! port-channel-protocol LACP port-channel 100 mode active no shutdown mxl-1# mxl-1#show running-config interface port-channel 100 ! interface Port-cha.
PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during the VLT startup phase. You may also use PVST+ for loop prevention in the network outside of the VLT port channel.
Po 1 128.2 128 188 FWD(vltI) 0 0 90b1.1cf4.9b79 128.2 Po 2 128.3 128 2000 FWD(vlt) 0 0 90b1.1cf4.9b79 128.3 Te 0/100 128.230 128 2000 FWD 0 0 90b1.1cf4.
In Domain 1, configure the VLT domain and VLTi on Peer 1 Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)#channel-member TenGigabitEthernet 0/8-9 Dom.
Domain_1_Peer3#no shutdown Domain_2_Peer3(conf)#vlt domain 200 Domain_2_Peer3(conf-vlt-domain)#peer-link port-channel 1 Domain_2_Peer3(conf-vlt-domain)#back-up destination 10.
Enable PIM Multicast Routing on the VLT node globally. VLT_Peer1(conf)#ip multicast-routing Enable PIM on the VLT port VLANs. VLT_Peer1(conf)#interface vlan 4001 VLT_Peer1(conf-if-vl-4001)#ip address 140.
Configure the backup link. Dell_VLTpeer1(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer1(conf-if-ma-0/0)# ip address 10.11.206.23/ Dell_VLTpeer1(conf-if-ma-0/0)#no shutdown Dell_VLTpeer1(conf-if-ma-0/0)#exit Configure the VLT interconnect (VLTi).
Configure the VLT interconnect (VLTi). Dell_VLTpeer2(conf)#interface port-channel 100 Dell_VLTpeer2(conf-if-po-100)#no ip address Dell_VLTpeer2(conf-if-po-100)# channel-member fortyGigE 0/46,50 Dell_VLTpeer2(conf-if-po-100)#no shutdown Dell_VLTpeer2(conf-if-po-100)#exit Configure the port channel to an attached device.
Table 69. Troubleshooting VLT Description Behavior at Peer Up Behavior During Run Time Action to Take Bandwidth monitoring A syslog error message and an SNMP trap is generated when the VLTi bandwidth usage goes above the 80% threshold and when it drops below 80%.
Description Behavior at Peer Up Behavior During Run Time Action to Take A syslog error message is generated. A syslog error message is generated. if Peer 1 is unit ID “0”, Peer 2 unit ID must be “1’. Version ID mismatch A syslog error message and an SNMP trap are generated.
the peer-link port-channel id-number peer-down-vlan vlan interface number command and the switchport command. After you specify the VLTi link and VLT LAGs, you can associate the same port channel or LAG bundle that is a part of a VLT to a PVLAN by using the interface interface and switchport mode private-vlan commands.
MAC Synchronization for VLT Nodes in a PVLAN For the MAC addresses that are learned on non-VLT ports, MAC address synchronization is performed with the other peer if the VLTi (ICL) link is part of the same VLAN as the non-VLT port.
• Layer 3 communication between secondary VLANs in a private VLAN is enabled by using the ip local-proxy-arp command in INTERFACE VLAN configuration mode. • The ARP request is not received on the ICL Under such conditions, the IP stack performs the following operations: • The ARP reply is sent with the MAC address of the primary VLAN.
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 - Secondary (Community) - Secondary (Community) Yes Yes - Secondary (Isolated) - Secondary (Isolated.
Creating a VLT LAG or a VLT VLAN 1. Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port-channel id-number . Enter the same port-channel number configured with the peer-link port-channel command.
The range is from 1 to 4094. Associating the VLT LAG or VLT VLAN in a PVLAN 1. Access INTERFACE mode for the port that you want to assign to a PVLAN. CONFIGURATION mode interface interface 2. Enable the port. INTERFACE mode no shutdown 3. Set the port in Layer 2 mode.
Proxy ARP Capability on VLT Peer Nodes A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the traffic to the proxy ARP-enabled device, which in turn transmits the packets to the destination.
secondary VLANs. When the ICL link or peer is down, and the ARP request for a private VLAN IP address reaches the wrong peer, then the wrong peer responds to the ARP request with the peer MAC address. The IP address of the VLT node VLAN interface is synchronized with the VLT peer over ICL when the VLT peers are up.
Sample configuration of VLAN-stack over VLT (Peer 1) Configure VLT domain Dell(conf)#vlt domain 1 Dell(conf-vlt-domain)#peer-link port-channel 1 Dell(conf-vlt-domain)#back-up destination 10.
Dell(conf-if-vl-50-stack)#member port-channel 10 Dell(conf-if-vl-50-stack)#member port-channel 20 Dell#show running-config interface vlan 50 ! interface Vlan 50 vlan-stack compatible member Port-chann.
vlt-peer-lag port-channel 20 no shutdown Dell# Configure the VLAN as VLAN-Stack VLAN and add the VLT LAG as members to the VLAN Dell(conf)#interface vlan 50 Dell(conf-if-vl-50)#vlan-stack compatible D.
59 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is supported on the MXL switch platform. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).
Figure 135. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables.
switch. To avoid throttling VRRP advertisement packets, Dell Networking recommends increasing the VRRP advertisement interval to a value higher than the default value of 1 second. CAUTION: Increasing the advertisement interval increases the VRRP Master dead interval, resulting in an increased failover time for Master/Backup election.
• Create a virtual router for that interface with a VRID. INTERFACE mode vrrp-group vrid The VRID range is from 1 to 255. NOTE: The interface must already have a primary IP address defined and be enabled, as shown in the second example. • Delete a VRRP group.
2. Set the switch with the highest priority to version to 3. 3. Set all the switches from both to version 3. NOTE: Do not run VRRP version 2 and version 3 in the same group for an extended period of t.
The VRID range is from 1 to 255. 2. Configure virtual IP addresses for this VRID. INTERFACE -VRID mode virtual-address ip-address1 [ ...ip-address12 ] The range is up to 12 addresses.
Authentication: (none) Dell# When the VRRP process completes its initialization, the State field contains either Master or Backup. Setting VRRP Group (Virtual Router) Priority Setting a virtual router priority to 255 ensures that router is the “owner” virtual router for the VRRP group.
Configuring VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, the Dell Networking OS includes the password in its VRRP transmission. The receiving router uses that password to verify the transmission.
Example of Disabling Preempt Example of Verifying Preempt is Disabled Re-enable preempt by entering the preempt command. When you enable preempt, it does not display in the show commands, because it is a default setting.
Example of the advertise-interval Command Example of Verifying the Configured Advertisement Interval The following example shows how to change the advertise interval using the advertise-interval command.
NOTE: You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACE-VRID mode) before you actually create the tracked object (using a track object-id command in CONFIGURATION mode). However, no changes in the VRRP group’s priority occur until the tracked object is defined and determined to be down.
virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 Dell(conf-if-te-1/1-vrid-111)# Dell#show track Track 2 IPv6 route 2040::/64 metric threshold Metric threshold is Up (S.
• Set the delay time for VRRP initialization on an individual interface. INTERFACE mode vrrp delay minimum seconds This time is the gap between an interface coming up and being operational, and VRRP enabling. The seconds range is from 0 to 900. The default is 0 .
Figure 136. VRRP for IPv4 Topology Example of Configuring VRRP for IPv4 R2(conf)#int tengig 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.
R2(conf-if-te-2/31)#end R2#show vrrp ------------------ Tengigabitethernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.
60 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), the system also supports predecessor standards.
SFF-8431 SFP+ Direct Attach Cable (10GSFP+Cu) MTU 12,000 bytes RFC and I-D Compliance The Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard.
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 73. General IPv4 Protocols RFC# Full Name 791 Internet Protocol 792 Inter.
Border Gateway Protocol (BGP) The following table lists the Dell Networking OS support per platform for BGP protocols. Table 74. Border Gateway Protocol (BGP) RFC# Full Name 1997 BGP ComAmtturnibituit.
Routing Information Protocol (RIP) The following table lists the Dell Networking OS support per platform for RIP protocol. Table 76. Routing Information Protocol (RIP) RFC# Full Name 1058 Routing Info.
RFC# Full Name 2570 Introduction and Applicability Statements for Internet Standard Management Framework 2571 An Architecture for Describing Simple Network Management Protocol (SNMP) Management Framew.
RFC# Full Name Statistics High-Capacity Table, Ethernet History High- Capacity Table 3416 Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) 3418 Management Informa.
RFC# Full Name FORCE10-IF-EXTENSION-MIB Force10 Enterprise IF Extension MIB (extends the Interfaces portion of the MIB-2 (RFC 1213) by providing proprietary SNMP OIDs for other counters displayed in t.
61 FC Flex IO Modules This part provides a generic, broad-level description of the operations, capabilities, and configuration commands of the Fiber Channel (FC) Flex IO module.
switch to operate as NPIV proxy gateways. The MXL 10/40GbE Switch or the I/O Aggregator can function in NPIV proxy gateway mode when an FC Flex IO module is present or in the FIP snooping bridge (FSB) mode when all the ports are Ethernet ports.
• Two 40GbE, four 10GBASE-T, and four 8GB FC ports FC Flex IO Module Capabilities and Operations The FC Flex IO module has the following characteristics: • You can install one or two FC Flex IO modules on the MXL 10/40GbE Switch or I/O Aggregator.
• The FC Flex IO does not have persistent storage for any runtime configuration. All the persistent storage for runtime configuration is on the MXL and IOA baseboard.
• priority-group 2 bandwidth 40 pfc on • priority-pgid 0 0 0 2 1 0 0 0 • On I/O Aggregators, uplink failure detection (UFD) is disabled if FC Flex IO module is present to allow server ports to communicate with the FC fabric even when the Ethernet upstream ports are not operationally up.
Processing of Data Traffic The Dell Networking OS determines the module type that is plugged into the slot. Based on the module type, the software performs the appropriate tasks.
Installing and Configuring the Switch After you unpack the MXL 10/40GbE Switch, refer to the flow chart in the following figure for an overview of the steps you must follow to install the blade and perform the initial configuration.
Installing and Configuring Flowchart for FC Flex IO Modules 1038 FC Flex IO Modules.
To see if a switch is running the latest Dell Networking OS version, use the show version command. To download a Dell Networking OS version, go to http://support.
Interconnectivity of FC Flex IO Modules with Cisco MDS Switches In a network topology that contains Cisco MDS switches, FC Flex IO modules that are plugged into the MXL and I/O Aggregator switches enable interoperation for a robust, effective deployment of the NPIV proxy gateway and FCoE-FC bridging behavior.
Figure 137. Case 1: Deployment Scenario of Configuring FC Flex IO Modules Figure 138. Case 2: Deployment Scenario of Configuring FC Flex IO Modules Data Center Bridging (DCB) Data center bridging (DCB) is supported on the FC Flex IO module installed in the MXL 10/40GbE Switch.
Ethernet Enhancements in Data Center Bridging The following section describes DCB. • The device supports the following DCB features: – Data center bridging exchange protocol (DCBx) – Priority-ba.
• Data Center Bridging Exchange (DCBx) protocol NOTE: In the Dell Networking OS version 8.3.12.0, only the PFC, ETS, and DCBx features are supported in data center bridging.
priorities configured). If you do not enable PFC on an interface, you can enable the 802.3x link- level pause function. By default, the link-level pause is disabled. • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation.
Traffic Groupings Description traffic in a group must have the same traffic handling requirements for latency and frame loss. Group ID A 4-bit identifier assigned to each priority group. The range is from 0 to 7. Group bandwidth Percentage of available bandwidth allocated to a priority group.
Step Task Command Command Mode priority groups is made available and allocated according to the specified percentages. If a priority group does not use its allocated bandwidth, the unused bandwidth is made available to other priority groups.
Step Task Command Command Mode port | fortygigabitEthernet slot / port } 2 Apply the DCB map on the Ethernet port to configure it with the PFC and ETS settings in the map; for example: Dell# interface tengigabitEthernet 0/0 Dell(config-if-te-0/0)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port.
Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface after you disable PFC mode in a DCB map and apply the map on the interface. The configuration of no-drop queues provides flexibility for ports on which PFC is not needed, but lossless traffic should egress from the interface.
Data Center Bridging Exchange Protocol (DCBx) DCBx allows a switch to automatically discover DCB-enabled peers and exchange configuration information. PFC and ETS use DCBx to exchange and negotiate parameters with peer devices. DCBx capabilities include: • Discovery of DCB capabilities on peer-device connections.
• Priority-based flow control • Enhanced transmission selection • Data center bridging exchange protocol • FCoE initialization protocol (FIP) snooping DCB processes virtual local area network (VLAN)-tagged packets and dot1p priority values. Untagged packets are treated with a dot1p priority of 0.
NOTE: Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS. However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces.
3. Configure a DCB output policy in which you associate a priority group with a QoS ETS output policy. 4. Apply the DCB output policy to an interface. ETS Operation with DCBx The following section describes DCBx negotiation with peer ETS devices.
The maximum 32 alphanumeric characters. 2. Configure the percentage of bandwidth to allocate to the dot1p priority/queue traffic in the associated L2 class map. QoS OUTPUT POLICY mode Dell(conf-qos-policy-out)#bandwidth-percentage 100 The default is none .
• Configuring Priority-Based Flow Control • Configure Enhanced Transmission Selection • Configuring FIP Snooping DCBx supports the following versions: CIN, CEE, and IEEE2.
On a DCBX port in an auto-upstream role, the PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Auto- downstream The port advertises its own configuration to DCBx peers but is not willing to receive remote peer configuration.
NOTE: On a DCBx port, application priority TLV advertisements are handled as follows: • The application priority TLV is transmitted only if the priorities in the advertisement match the configured PFC priorities on the port.
A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports. Ports receiving auto-configuration information from the configuration source ignore their current settings and use the configuration source information.
DCBx Example The following figure shows how DCBX is used on an MXL Switch installed in a PowerEdge M1000e chassis in which servers are also installed. The external 40GbE ports on the base module (ports 33 and 37) of two switches are used for uplinks configured as DCBx auto-upstream ports.
DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, enable LLDP in both Send (TX) and.
• auto-upstream : configures the port to receive a peer configuration. The configuration source is elected from auto-upstream ports. • auto-downstream : configures the port to accept the internally propagated DCB configuration from a configuration source.
configure 2. Enter LLDP Configuration mode to enable DCBx operation. CONFIGURATION mode [no] protocol lldp 3. Configure the DCBx version used on all interfaces not already configured to exchange DCB information. PROTOCL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.
For information about how to use FCoE and iSCSI, refer to Fibre Channel over Ethernet and iSCSI Optimization . 6. Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF.
– auto-detect-timer : enables traces for DCBx auto-detect timers. – config-exchng : enables traces for DCBx configuration exchanges. – fail : enables traces for DCBx failures. – mgmt : enables traces for DCBx management frames. – resource : enables traces for DCBx system resource frames.
Example of the show dot1p-queue mapping Command Example of the show dcb Command Example of the show interfaces pfc summary Command Example of the show interface pfc statistics Command Example of the s.
PFC Link Delay 45556 pause quanta Application Priority TLV Parameters : -------------------------------------- FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is .
Fields Description • Symmetric: for an IEEE version TLV Tx Status Status of PFC TLV advertisements: enabled or disabled. PFC Link Delay Link delay (in quanta) used to pause specified priority traffic. Application Priority TLV: FCOE TLV Tx Status Status of FCoE advertisements in application priority TLVs from local DCBx port: enabled or disabled.
Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------ Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0.
Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------ Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2.
Table 81. show interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured.
Field Description ETS TLV Statistic: Error Conf TLV pkts Number of ETS Error Configuration TLVs received. Dell(conf)# show stack-unit all stack-ports all pfc details stack unit 0 stack-port all Admin .
Dell(conf)# show interface tengigabitethernet 0/49 dcbx detail Dell#show interface te 0/49 dcbx detail E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled.
Field Description Configuration Source Specifies whether the port serves as the DCBx configuration source on the switch: true (yes) or false (no). Local DCBx Compatibility mode DCBx version accepted in a DCB configuration as compatible. In auto-upstream mode, a port can only received a DCBx version supported on the remote peer.
PFC and ETS Configuration Examples This section contains examples of how to configure and apply DCB input and output policies on an interface. Using PFC and ETS to Manage Data Center Traffic The following shows examples of using PFC and ETS to manage your data center traffic.
Figure 143. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification : The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table.
dot1p Value in Incoming Frame Queue Assignment 4 2 5 3 6 3 7 3 The following describes the dot1p-priority class group assignment dot1p Value in the Incoming Frame Priority Group Assignment 0 LAN 1 LAN 2 LAN 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment.
Example of Applying DCB PFC Input Policy and ETS Output Policy in a Switch Stack dcb-map stack-unit all stack-ports all <dcb-map-name> Interworking of DCB Map With DCB Buffer Threshold Settings The dcb-input and dcb-output configuration commands are deprecated.
Fibre Channel over Ethernet for FC Flex IO Modules FCoE provides a converged Ethernet network that allows the combination of storage-area network (SAN) and LAN traffic on a Layer 2 link by encapsulating Fibre Channel data into Ethernet frames.
NPIV Proxy Gateway Operations and Capabilities Benefits of an NPIV Proxy Gateway The MXL 10/40GbE Switch and M I/O Aggregator with the FC Flex IO module functions as a top-of-rack edge switch that sup.
servers over the NPIV proxy gateway to FC switches in the fabric. An FCoE map virtualizes the upstream SAN fabric as an FCF to downstream CNA ports on FCoE-enabled servers as follows: • As soon as a.
Term Description or 8-Gigabit mode. On an NPIV proxy gateway, an FC port can be used as a downlink for a server connection and an uplink for a fabric connection. F port Port mode of an FC port connected to an end node (N) port on an MXL 10/40GbE Switch and M I/O Aggregator with the FC Flex IO module NPIV proxy gateway.
Term Description principal switch The switch in a fabric with the lowest domain number. The principal switch accesses the master name database and the zone/zone set database.
Configuring an NPIV Proxy Gateway Prerequisite : Before you configure an NPIV proxy gateway (NPG) with the FC Flex IO module on an MXL 10/40GbE Switch or an M I/O Aggregator, ensure that the following features are enabled. • DCB is enabled by default with the FC Flex IO module on the MXL 10/40GbE Switch or M I/O Aggregator.
Step Task Command Command Mode 1 Create a DCB map to specify PFC and ETS settings for groups of dot1p priorities. dcb-map name CONFIGURATION 2 Configure the PFC setting (on or off) and the ETS bandwidth percentage allocated to traffic in each priority group.
If you delete the dot1p priority-to-priority group mapping ( no priority pgid command) before you apply the new DCB map, the default PFC and ETS parameters are applied on the interfaces. This change may create a DCB mismatch with peer DCB devices and interrupt the network operation.
Creating an FCoE Map An FCoE map consists of: • An association between the dedicated VLAN, used to carry FCoE traffic, and the SAN fabric where the storage arrays are installed. Use a separate FCoE VLAN for each fabric to which the FCoE traffic is forwarded.
FCoE devices are reachable. Default: FIP keep- alive monitoring is enabled. 7 Configure the time interval (in seconds) used to transmit FIP keepalive advertisements.
When you apply an FCoE map on a fabric-facing FC port, the FC port becomes part of the FCoE fabric, whose settings in the FCoE map are configured on the port and exported to downstream server CNA ports. Each MXL 10/40GbE Switch and M I/O Aggregator, with the FC Flex IO module FC port, is associated with an Ethernet MAC address (FCF MAC address).
Dell(config)# interface tengigabitethernet 1/0 Dell(config-if-te-0/0)#dcb-map SAN_DCB_MAP 3. Create the dedicated VLAN to be used for FCoE traffic: Dell(conf)#interface vlan 1002 4.
Command Description NOTE: Although the show interface status command displays the Fiber Channel (FC) interfaces with the abbreviated label of 'Fc' in the output, if you attempt to specify a FC interface by using the interface fc command in the CLI interface, an error message is displayed.
Table 85. show interfaces status Field Descriptions Field Description Port Server-facing 10GbE Ethernet (Te), 40GbE Ethernet (Fo), or fabric- facing Fibre Channel (Fc) port with slot / port information.
Table 86. show fcoe-map Field Descriptions Field Description Fabric-Name Name of a SAN fabric. Fabric ID The ID number of the SAN fabric to which FC traffic is forwarded. VLAN ID The dedicated VLAN used to transport FCoE storage traffic between servers and a fabric over the NPG.
Table 87. show qos dcb-map Field Descriptions Field Description State Complete: All mandatory DCB parameters are correctly configured. In progress: The DCB map configuration is not complete. Some mandatory parameters are not configured. PFC Mode PFC configuration in the DCB map: On (enabled) or Off.
Field Description Fabric-Map Name of the FCoE map containing the FCoE/FC configuration parameters for the server CNA-fabric connection. Login Method Method used by the server CNA to log in to the fabric; for example: FLOGI - ENode logged in using a fabric login (FLOGI).
Field Description FCF MAC Fibre Channel forwarder MAC: MAC address of MXL 10/40GbE Switch or M I/O Aggregator with the FC Flex IO module FCF interface. Fabric Intf Fabric-facing MXL 10/40GbE Switch or M I/O Aggregator with the FC Flex IO module Fibre Channel port ( slot / port ) on which FCoE traffic is transmitted to the specified fabric.
An important point after buying a device Dell MXL 10/40GbE (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Dell MXL 10/40GbE yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Dell MXL 10/40GbE - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Dell MXL 10/40GbE you will learn all the available features of the product, as well as information on its operation. The information that you get Dell MXL 10/40GbE will certainly help you make a decision on the purchase.
If you already are a holder of Dell MXL 10/40GbE, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Dell MXL 10/40GbE.
However, one of the most important roles played by the user manual is to help in solving problems with Dell MXL 10/40GbE. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Dell MXL 10/40GbE along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center