Dell 9.7(0.0) - Manuals

• EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information. • EXEC Privilege mode has commands to view configurations, clear counters, man...

CLI Command Mode Prompt Access Command MONITOR SESSION Dell(conf-mon-sess- sessionID )# monitor session OPENFLOW INSTANCE Dell(conf-of-instance- of- id )# openflow of-instance PORT-CHANNEL FAILOVER-GROUP Dell(conf-po-failover-grp)# port-channel failover-group PRIORITY GROUP Dell(conf-pg)# priority-g...

TenGigabitEthernet 0/8 unassigned YES Manual up up TenGigabitEthernet 0/9 unassigned YES Manual up up Rainier(conf)# do show version Dell Real Time Operating System Software Dell Operating System Version: 2.0 Dell Application Software Version: 9-5 Copyright (c) 1999-2014 by Dell Inc. All Rights Rese...

• show run | grep ethernet does not return that search result because it only searches for instances containing a non-capitalized “ethernet.” • show run | grep Ethernet ignore-case returns instances containing both “Ethernet” and “ethernet.” The grep command displays only the lines containing specif...

508 290 29 10000 0.00% 0.02% 0.09% 0 confdMgr 655 270 27 10000 0.00% 0.00% 0.09% 0 login 557 180 18 10000 0.00% 0.00% 0.06% 0 ipm 579 5670 567 10000 0.00% 0.00% 1.85% 0 confd 19 410 41 10000 0.00% 0.00% 0.00% 0 mount_mfs 22 0 0 0 0.00% 0.00% 0.00% 0 mount_mfs 533 0 0 0 0.00% 0.00% 0.00% 0 sysmon 12 ...

3 Getting Started This chapter describes how you start configuring your Z9500 operating software.When you power up the chassis, the system performs a power-on self test (POST) and loads the Dell Networking operating software. Boot messages scroll up the terminal window during this process. No user i...

Accessing the Console Port To access the console port, follow these steps: For the console port pinout, refer to Accessing the RJ-45 Console Port with a DB-9 Adapter . 1. Install an RJ-45 copper cable into the console port. Use a rollover (crossover) cable to connect the Z9500 console port to a term...

• Characters within the string can be letters, digits, and hyphens. To create a host name, use the following command. • Create a host name. CONFIGURATION mode hostname name Example of the hostname Command Dell(conf)#hostname R1 R1(conf)# Accessing the System Remotely You can configure the system to ...

no shutdown Configure a Management Route Define a path from the Z9500 to the network from which you are accessing the system remotely. Management routes are separate from IP routes and are only used to manage the Z9500 through the management port. • Configure a management route to the network from w...

– encryption-type : specifies how you are inputting the password, is 0 by default, and is not required. * 0 is for inputting the password in clear text.* 7 is for inputting a password that is already encrypted using a DES hash. Obtain the encrypted password from the configuration file of another Del...

• To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location. • To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination synt...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration.The system...

• View a list of files on an external flash. EXEC Privilege mode dir usbflash: • View the running-configuration. EXEC Privilege mode show running-config • View the startup-configuration. EXEC Privilege mode show startup-config Example of the dir Command The output of the dir command also shows the r...

! redundancy auto-synchronize full redundancy disable-auto-reboot ! service timestamps log datetime ! logging coredump ! hostname pt-z9500-11 ! enable password 7 b125455cf679b208e79b910e85789edf ! username admin password 7 1d28e9f33f99cf5c ! linecard 0 provision Z9500LC36 --More— Enabling Software F...

For a particular target where VRF is enabled, the show output is similar to the following: Feature State ------------------------------ VRF enabled View Command History The command-history trace feature captures all commands entered by all users of the system with a time stamp and writes these messa...

4 Switch Management This chapter describes the switch management tasks supported on the Z9500. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1 . L...

Allowing Access to CONFIGURATION Mode Commands To allow access to CONFIGURATION mode, use the privilege exec level level configure command from CONFIGURATION mode. A user that enters CONFIGURATION mode remains at his privilege level and has access to only two commands, end and exit . You must indivi...

Dell(conf)#line vty 0 Dell(config-line-vty)#? exit Exit from line configuration mode Dell(config-line-vty)# Applying a Privilege Level to a Username To set the user privilege level, use the following command. • Configure a privilege level for a user. CONFIGURATION mode username username privilege le...

Audit and Security Logs This section describes how to configure, display, and clear audit and security logs.The following is the configuration task list for audit and security logs: • Enabling Audit and Security Logs • Displaying Audit and Security Logs • Clearing Audit Logs Enabling Audit and Secur...

• The network administrator and network operator user roles can view system events. NOTE: If extended logging is disabled, you can only view system events, regardless of RBAC user role. Example of Enabling Audit and Security Logs Dell(conf)#logging extended Displaying Audit and Security Logs To disp...

Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server Dell(conf)#ip ssh server enab...

3. Configure logging to a local host. locahost is “127.0.0.1” or “::1”. If you do not, the system displays an error when you attempt to enable role-based only AAA authorization. Dell(conf)# logging localhost tcp port Dell(conf)#logging 127.0.0.1 tcp 5140 Log Messages in the Internal Buffer All error...

no logging console Sending System Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmis...

Jan 21 04:11:02: %SYSTEM:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 0/0 Jan 21 03:12:54: %SYSTEM:LP %CHMGR-2-PSU_FAN_SPEED_CHANGE: PSU_Fan speed changed to 60 % of the full speed Jan 21 03:12:54: %SYSTEM:LP %CHMGR-2-FAN_SPEED_CHANGE: Fan speed changed to 40 % of the full speed Jan 21...

NOTE: When you decrease the buffer size, the operating system deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. • Specify the number of messages that the operating system saves to its logging history table. CONFIGURATION mode logging histor...

– uucp (UNIX to UNIX copy protocol) Example of the show running-config logging Command To view non-default settings, use the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetime msec service timestamps ...

• Add timestamp to syslog messages. CONFIGURATION mode service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] Specify the following optional parameters:– You can add the keyword localtime to include the localtime , msec , and show-timezone . If you do not add the key...

CONFIGURATION mode ftp-server enable Example of Viewing FTP Configuration Dell#show running ftp ! ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specif...

ip ftp source-interface interface • Configure a password. CONFIGURATION mode ip ftp password password • Enter a username to use on the FTP client. CONFIGURATION mode ip ftp username name To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the ex...

Configuring Login Authentication for Terminal Lines You can use any combination of up to six authentication methods to authenticate a user on a terminal line.A combination of authentication methods is called a method list. If the user fails the first authentication method, the system prompts the nex...

login authentication myvtymethodlist Dell(config-line-vty)# Setting Time Out of EXEC Privilege Mode EXEC time-out is a basic security feature that returns the system to EXEC mode after a period of inactivity on the terminal lines.To set time out, use the following commands. • Set the number of minut...

Connected to 10.11.80.203. Exit character is '^]'. Login: Login: admin Password: Dell>exit Dell#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'. FreeBSD/i386 (freebsd2.force10networks.com) (ttyp1) l...

the following users are currently configuring the system: User "admin" on line vty1 ( 10.1.1.1 ) . NOTE: The CONFIGURATION mode lock corresponds to a VTY session, not a user. Therefore, if you configure a lock and then exit CONFIGURATION mode, and another user enters CONFIGURATION mode, when...

4. At the BLI prompt, set the system parameter to ignore the startup configuration and reload the system: BOOT_USER# ignore startup-config BOOT_USER# reload NOTE: You must manually enter each CLI command. The system rejects a command if you copy and paste it in the command line. Recovering from a Fa...

• After the restore is complete, a switch reloads immediately. The following example shows how the restore factory-defaults command restores a switch to its factory default settings. Dell# restore factory-defaults nvram *********************************************************************** * Warnin...

Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant . The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communica...

EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 5. EAP ...

dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces.INTERFACE mode interface [ range ] 3. Enable 802.1X on the supplicant interface only.INTERFACE mode dot1x authentication Examples of Verifying that 802.1X is Enabled Globally or on an Interface Verify that 802.1X i...

Configuring Request Identity Re-Transmissions If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the frame.The amount of time that the authenticator waits before re-transmitting and the maximum number of ...

Example of Configuring and Verifying Port Authentication The following example shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame: • after 90 seconds and a maximum of 10 times for an unresponsive supplicant• re-transmits an EAP Request I...

Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#show ...

The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-0/0)#dot1x reauthentication interval 7200 Dell(conf-if-Te-0/0)#dot1x reauth-max 10 Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te...

The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: ----------------------------- Dot1x Status: Enable Port Control: FORCE_AUTHORIZED Por...

Figure 7. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X ) along with relevant RADIUS server configurations (refer to the illustration in Dynamic VLAN Assignment with Port Authentication ). 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. Cr...

If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also, some dumb-terminals, ...

! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config ! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan ...

• VRF based IMPLICIT DENY Rules NOTE: In order for the VRF ACLs to take effect, ACLs configured in the Layer 3 CAM region must have an implicit-permit option. You can use the ip access-group command to configure VRF-aware ACLs on interfaces. Using the ip access-group command, in addition to a range ...

• CAM Optimization User-Configurable CAM Allocation User-configurable content-addressable memory (CAM) allows you to specify the amount of memory space that you want to allocate for ACLs. To allocate ACL CAM, use the cam-acl command in CONFIGURATION mode. For information about how to allocate CAM fo...

• L3 Egress Access list ACLs and VLANs There are some differences when assigning ACLs to a VLAN rather than a physical port. For example, when using a single port-pipe, if you apply an ACL to a VLAN, one copy of the ACL entries is installed in the ACL CAM on the port-pipe. The entry looks for the in...

Dell(conf-policy-map-in)#exit Dell(conf)#interface tengig 1/0 Dell(conf-if-te-1/0)#service-policy input pmap IP Fragment Handling The system supports a configurable option to explicitly deny IP fragmented packets, particularly second and subsequent packets. It extends the existing ACL command syntax...

If a packet’s L3 information matches the L3 information in the ACL line, the packet's FO is checked. • If a packet's FO > 0, the packet is permitted.• If a packet's FO = 0, the next ACL entry is processed. Deny ACL line with L3 information only, and the fragments keyword is present: If a packet's...

Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters, you can let the system assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of five. 1. Configure a standard IP ACL and assign i...

Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. Because traffic passes through the filter in the order of the filter’s sequence, you can configure the extended IP...

CONFIG-EXT-NACL mode seq sequence-number {deny | permit} tcp {source mask | any | host ip- address }} [count [byte]] [order] [fragments] Example of the seq Command When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the c...

(for example, the first filter was given the lowest sequence number). The show config command in IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10. Example of Viewing Filter Sequence for a Specified Extended ACL Dell(config-ext-nacl)#deny tcp host 123.55.34.0 any Dell(c...

Using ACL VLAN Groups Use an ACL VLAN group to optimize ACL CAM usage by minimizing the number of CAM entries when you apply an egress IP ACL on the member interfaces of specified VLANs.When you apply an ACL on individual VLANs, the amount of CAM space required increases greatly because the ACL rule...

Configuring an ACL VLAN Group Configure an ACL VLAN group to optimize ACL CAM use. NOTE: After you configure an ACL VLAN group, you must allocate CAM memory for ACL VLAN services to enable CAM optimization. See Allocating ACL VLAN CAM for more information. 1. Create an ACL VLAN groupCONFIGURATION mo...

Allocating ACL VLAN CAM CAM optimization for ACL VLAN groups is not enabled by default. You must allocate blocks of ACL VLAN CAM to enable ACL CAM optimization by using the cam-acl-vlan command. By default, 0 blocks of CAM are allocated for VLAN services in the VLAN Content Aware Processor (VCAP), a...

ip access-group access-list-name {in} [implicit-permit] [vlan vlan-range ] NOTE: The number of entries allowed per ACL is hardware-dependent. For detailed specification about entries allowed per ACL, refer to your line card documentation. 4. Apply rules to the new ACL.INTERFACE mode ip access-list [...

seq 10 deny icmp any any seq 15 permit 1.1.1.2 Configure Egress ACLs Egress ACLs are supported on interfaces and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly allowing ...

CONFIGURATION mode ip control-plane [egress filter] 2. Apply Egress ACLs to IPv6 system traffic.CONFIGURATION mode ipv6 control-plane [egress filter] 3. Create a Layer 3 ACL using permit rules with the count option to describe the desired CPU traffic. CONFIG-NACL mode permit ip { source mask | any |...

• To deny routes with a mask less than /24, enter deny x.x.x.x/x le 24 . • To permit routes with a mask greater than /20, enter permit x.x.x.x/x ge 20 . The following rules apply to prefix lists: • A prefix list without any permit or deny filters allows all routes.• An “implicit deny” is assumed (th...

Example of Assigning Sequence Numbers to Filters If you want to forward all routes that do not match the prefix list criteria, configure a prefix list filter to permit all routes ( permit 0.0.0.0/0 le 32 ). The “permit all” filter must be the last filter in your prefix list. To permit the default ro...

Dell(conf-nprefixl)#show conf ! ip prefix-list awe seq 5 permit 123.23.0.0/16 seq 10 deny 133.0.0.0/8 Dell(conf-nprefixl)# To delete a filter, enter the show config command in PREFIX LIST mode and locate the sequence number of the filter you want to delete, then use the no seq sequence-number comman...

• Enter RIP mode. CONFIGURATION mode router rip • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a nonexistent prefix list, all routes are forwarded. CONFIG-ROUTER-RIP mode distribute-list prefix-list-name in [ interface ] • Apply a configur...

Dell(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1 distribute-list prefix awe in Dell(conf-router_ospf)# ACL Resequencing ACL resequencing allows you to re-number the rules and remarks in an access or prefix list. The placement of rules within the list ...

EXEC mode resequence prefix-list {ipv4 | ipv6} { prefix-list-name StartingSeqNum Step- to-Increment } Examples of Resequencing ACLs When Remarks and Rules Have the Same Number or Different Numbers The example shows the resequencing of an IPv4 access-list beginning with the number 2 and incrementing ...

remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.1 remark 6 this remark has no corresponding rule remark 8 this remark corresponds to permit ip any host 1.1.1.2 seq 8 permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.3 seq 12 permit ip ...

Creating a Route Map Route maps, ACLs, and prefix lists are similar in composition because all three contain filters, but route map filters do not contain the permit and deny actions found in ACLs and prefix lists.Route map filters match certain routes and set or specify values.To create a route map...

Set clauses: tag 35 level stub-area Dell# The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route map, use the show route-map command. Dell#show route-map dil...

route-map for any permit statement. If there is a match anywhere, the route is permitted. However, other instances of the route-map deny it. Example of the match Command to Permit and Deny Routes Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(conf)#route-map force de...

CONFIG-ROUTE-MAP mode match ipv6 next-hop { access-list-name | prefix-list prefix-list-name } • Match source routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip route-source { access-list-name | prefix-list prefix-list-name } • Match source routes specified in a prefix list (IPv...

set local-preference value • Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode set metric {+ | - | metric-value } • Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP address as the route’s...

that have a next hop of Tengigabitethernet interface 0/0 and that have a metric of 255 are redistributed into the OSPF backbone area. NOTE: When re-distributing routes using route-maps, you must create the route-map defined in the redistribute command under the routing protocol. If you do not create...

7 Bare Metal Provisioning (BMP) Starting with Dell Networking OS Release 9.2(1.0), BMP is supported on the Z9500 switch. This chapter describes the latest Bare Metal Provisioning (BMP) enhancements that apply to the Z9500. For details about supported BMP commands and configuration procedures, refer ...

8 Bidirectional Forwarding Detection (BFD) BFD is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for...

NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client. BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD con...

handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated. 4. The passive system receives the control packet and changes its state to Up. Both systems agree that a session has been established. However, because both members must send a control packet...

• Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness Configure BFD for Static Routes Configuring BFD for static routes is supported on the Z9500 switch.. BFD offers systems a link state detection mechanism for static routes. With BFD, systems are...

R1(conf)#ip route 2.2.3.0/24 2.2.2.2 R1(conf)#ip route bfd R1(conf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 2.2.2.2 Te 4/24 Up 100 100 4 R To view detaile...

Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 12. Establishing Sessions with O...

INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active ses...

To disable BFD sessions, use the following commands. • Disable BFD sessions with all OSPFv3 neighbors. ROUTER-OSPFv3 mode no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv...

Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state.If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state. Disabling BFD does n...

Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 13. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neigh...

The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2...

INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, ...

typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. 1. Enable BFD globally.CONFIGURATION mode bfd enable 2. Specify the AS number and enter ROUTER...

ROUTER BGP mode neighbor { ip-address | peer-group-name } bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor { ip-address | peer-group-name } bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members o...

The following example shows viewing BFD summary information. The bold line shows the message that displays when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval ...

Foreign host: 2.2.2.2, Foreign port: 179 R2# R2# show ip bgp neighbors 2.2.2.3 BGP neighbor is 2.2.2.3, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 ... Neighbor is using BGP neig...

Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 15. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command....

Disabling BFD for VRRP If you disable any or all VRRP sessions, the sessions are torn down. A final Admin Down control packet is sent to all neighbors and sessions on the remote system change to the Down state.To disable all VRRP sessions on an interface, sessions for a particular VRRP group, or for...

Figure 17. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are ...

Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, ...

Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speakers announce only the best route for a given prefix, route reflector rules are applied after the router makes its best path ...

• Local Preference • Multi-Exit Discriminators (MEDs) • Origin • AS Path • Next Hop Best Path Selection Criteria Paths for active routes are grouped in ascending order according to their neighboring external AS number (BGP best path selection is deterministic by default, which means the bgp non- det...

Figure 19. BGP Best Path Selection Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. a. R...

Figure 21. Multi-Exit Discriminators Origin The origin indicates the origin of the prefix, or how the prefix came into BGP. There are three origin codes: IGP, EGP, INCOMPLETE. Origin Type Description IGP Indicates the prefix originated from information learned through an interior gateway protocol. E...

AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through. The local AS number is added by the BGP speaker when advertising to a eBGP neighbor.The AS path is shown in the following example. The origin attribute is shown following the AS path informatio...

Implement BGP The following sections describe how BGP is implemented on the Z9500 switch. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By defaul...

• All AS numbers between 0 and 65535 are represented as a decimal number, when entered in the CLI and when displayed in the show commands outputs. • AS Numbers larger than 65535 is represented using ASDOT notation as <higher 2 bytes in decimal>.<lower 2 bytes in decimal>. For example: AS...

Example of the Running Configuration When AS Notation is Disabled AS NOTATION DISABLED Dell(conf-router_bgp)# no bgp asnotation Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 <output truncated> Dell(conf-router_bgp)#do sho ip bgp ...

• High CPU utilization may be observed during an SNMP walk of a large BGP Loc-RIB.• To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. Fo...

Table 7. BGP Default Values Item Default BGP Neighbor Adjacency changes All BGP neighbor changes are logged. Fast External Fallover feature Disabled Graceful Restart feature Disabled Local preference 100 MED 0 Route Flap Damping Parameters half-life = 15 minutes reuse = 750 suppress = 2000 max-suppr...

• as-number : from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format). Only one AS is supported per system. NOTE: If you enter a 4-Byte AS number, 4-Byte AS support is enabled automatically. a. Enable 4-Byte support for the BGP process. NOTE: This command is O...

neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.1 update-source Loopback 0 neighbor 192.168.10.1 no shutdown neighbor 192.168.12.2 remote-as 65123 neighbor 192.168.12.2 update-source Loopback 0 neighbor 192.168.12.2 no s...

bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30.1.250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 172.30.1.250 no shutdown 5332332 9911991 65057 18508 12182 7018 461...

A neighbor may keep its configuration after it was added to a peer group if the neighbor’s configuration is more specific than the peer group’s and if the neighbor’s configuration does not affect outgoing updates. NOTE: When you configure a new set of BGP policies for a peer group, always reset the ...

10.68.160.1 10.68.161.1 10.68.162.1 10.68.163.1 10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 ...

router bgp 65517 neighbor test peer-group neighbor test fail-over neighbor test no shutdown neighbor 100.100.100.100 remote-as 65517 neighbor 100.100.100.100 fail-over neighbor 100.100.100.100 update-source Loopback 0 neighbor 100.100.100.100 no shutdown Dell# Configuring Passive Peering When you en...

Maintaining Existing AS Numbers During an AS Migration The local-as feature smooths out the BGP network migration operation and allows you to maintain existing ASNs during a BGP network migration.When you complete your migration, be sure to reconfigure your routers with the new information and disab...

Allowing an AS Number to Appear in its Own AS Path This command allows you to set the number of times a particular AS number can occur in the AS path. The allow-as feature permits a BGP speaker to allow the ASN to be present for a specified number of times in the update received from the peer, even ...

when they restart. This option provides support for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Gu...

This is the filter that is used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions. You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as Filters . 3. Return to CONFIGURATION mod...

Regular Expressions as Filters Regular expressions are used to filter AS paths or community lists. A regular expression is a special character used to define a pattern that is then compared with an input string. For an AS-path access list, as shown in the previous commands, if the AS path matches th...

neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#neigh 10.155.15.2 filter-list 1 in Dell(conf-router_bgp)#ex Dell(conf)#ip as-path access-list Eagle Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-...

redistribute ospf process-id [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name ] Configure the following parameters:– process-id : the range is from 1 to 65535. – match external : the range is from 1 or 2. – match internal – metric-type : external or i...

The system also supports BGP Extended Communities as described in RFC 4360 — BGP Extended Communities Attribute. To configure an IP community list, use these commands. 1. Create a community list and enter COMMUNITY-LIST mode.CONFIGURATION mode ip community-list community-list-name 2. Configure a com...

Configuring an IP Extended Community List To configure an IP extended community list, use these commands. 1. Create a extended community list and enter the EXTCOMMUNITY-LIST mode.CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2. Two types of extended communities are supported.CONFIG-...

Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1. Enter the ROUTE-MAP mode and assign a name to a route map.CONFIGU...

To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbo...

Dell>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i 3.0.0.0/8 195.171.0.16 100 0 209 ...

CONFIG-ROUTER-BGP mode bgp default local-preference value – value : the range is from 0 to 4294967295. The default is 100 . To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode. A more flexible metho...

set next-hop ip-address Changing the WEIGHT Attribute To change how the WEIGHT attribute is used, enter the first command. You can also use route maps to change this and other BGP attributes. For example, you can include the second command in a route map to specify the next hop address.• Assign a we...

ip as-path access-list as-path-name 2. Create a AS-PATH ACL filter with a deny or permit action.AS-PATH ACL mode {deny | permit} as-regular-expression 3. Return to CONFIGURATION mode.AS-PATH ACL exit 4. Enter ROUTER BGP mode.CONFIGURATION mode router bgp as-number 5. Filter routes based on the crite...

• Configure the local router as a route reflector and the neighbor or peer group identified is the route reflector client.CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } route-reflector-client When you enable a route reflector, the system automatically enables route reflection to al...

• Specifies the confederation ID. CONFIG-ROUTER-BGP mode bgp confederation identifier as-number – as-number : from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte). • Specifies which confederation sub-AS are peers. CONFIG-ROUTER-BGP mode bgp confederation peers as-number [... as-number] – as-num...

To use soft reconfiguration (or soft reset) without preconfiguration, both BGP peers must support the soft route refresh capability, which is advertised in the open message sent when the peers establish a TCP session. To determine whether a BGP router supports this capability, use the show ip bgp ne...

Match a Clause with a Continue Clause The continue feature can exist without a match clause. Without a match clause, the continue clause executes and jumps to the specified route-map entry. With a match clause and a continue clause, the match clause executes first and the continue clause next in a s...

• Enables support for the IPv4 multicast family on the BGP node. CONFIG-ROUTER-BGP mode address family ipv4 multicast • Enable IPv4 multicast support on a BGP neighbor/peer group. CONFIG-ROUTER-BGP-AF (Address Family) mode neighbor [ ip-address | peer-group-name ] activate BGP Regular Expression Opt...

• Enable soft-reconfiguration debug. EXEC Privilege mode debug ip bgp { ip-address | peer-group-name } soft-reconfiguration To enhance debugging of soft reconfig, use the bgp soft-reconfig-backup command only when route-refresh is not negotiated to avoid the peer from resending messages. In-BGP is s...

Last reset 00:00:12, due to Missing well known attribute Notification History 'UPDATE error/Missing well-known attr' Sent : 1 Recv: 0 'Connection Reset' Sent : 1 Recv: 0 Last notification (len 21) sent 00:26:02 ago ffffffff ffffffff ffffffff ffffffff 00160303 03010000 Last notification (len 21) rece...

Outgoing packet capture enabled for BGP neighbor 20.20.20.2 Available buffer size 40958758, 27 packet(s) captured using 562 bytes PDU[1] : len 41, captured 00:34:52 ago ffffffff ffffffff ffffffff ffffffff 00290104 000100b4 14141401 0c020a01 04000100 01020080 00000000 PDU[2] : len 19, captured 00:34:...

10 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table.On the Z9500, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. On a line card, there are one or two CAM (Dual-CAM) modules per por...

EXEC Privilege mode reload Test CAM Usage The test cam-usage command applies to both IPv4 and IPv6 CAM profiles, but is best used when verifying QoS optimization for IPv6 ACLs. Use this command to determine whether sufficient ACL CAM space is available to enable a service-policy. Create a Class Map ...

IpMacAcl : 0 VmanQos : 0 EcfmAcl : 0 Openflow : 0 -- linecard 0 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 EcfmAcl : 0 Openflow : 0 -- linecard 1 -- Current Settings(in block sizes) 1 block = 256...

| | IN-L3-TrcList | 1024 | 0 | 1024 | | IN-L3-McastFib | 9215 | 0 | 9215 | | IN-L3-Qos | 8192 | 0 | 8192 | | IN-L3-PBR | 1024 | 0 | 1024 | | IN-V6 ACL | 0 | 0 | 0 | | IN-V6 FIB | 0 | 0 | 0 | | IN-V6-SysFlow | 0 | 0 | 0 | | IN-V6-McastFib | 0 | 0 | 0 | | OUT-L2 ACL | 1024 | 0 | 1024 | | OUT-L3 ACL | ...

Applications for CAM Profiling The following describes link aggregation group (LAG) hashing. LAG Hashing The Dell Networking OS includes a CAM profile and microcode that treats MPLS packets as non-IP packets. Normally, switching and LAG hashing is based on source and destination MAC addresses. Alter...

11 Control Plane Policing (CoPP) Control plane policing (CoPP) protects the Z9500 routing, control, and line-card processors from undesired or malicious traffic and Denial of Service (DoS) attacks by filtering control-plane flows. CoPP uses a dedicated control-plane service policy that consists of A...

Queue-based Control Plane Policing When configuring a queue-based CoPP policy, take into account that there are twenty-four CP queues divided into groups of eight queues for the Route Processor, Control Processor, and line-card CPUs: • Queues 0 to 7 process packets destined to the Control Processor ...

19 — 1 20 Source miss, Station move, Trace flow 600 21 BFD 7000 22 HyperPull, FRRP 800 23 sFlow 5000 NOTE: In the line-card CPU, some queues have no protocol traffic mapped to them. These rows appear blank in the preceding table. CoPP Example The illustrations in this section show the benefit of usi...

Figure 25. CoPP Versus Non-CoPP Operation Configure Control Plane Policing You can create a CoPP service policy on a per-protocol and/or a per-queue basis that serves as the system-wide configuration for filtering and rate limiting control-plane traffic. Configuring CoPP for Protocols This section d...

For complete information about creating ACL rules and QoS policies, refer to Access Control Lists (ACLs) and Quality of Service (QoS) . 1. Create a Layer 2 extended ACL for specified protocol traffic.CONFIGURATION mode mac access-list extended name permit {arp | frrp | gvrp | isis | lacp | lldp | st...

Configuring CoPP for CPU Queues This section describes how to create a queue-based CoPP service policy and apply it to control plane traffic.Controlling traffic on the CPU queues of the control plane does not require ACL rules; only QoS rate- limiting policies are used.To create a queue-based CoPP s...

Example of Assigning a QoS Policy to a CPU Queue Dell(conf)#policy-map-input cpuq_rate_policy cpu-qos Dell(conf-qos-policy-in)#service-queue 5 qos-policy cpuq_1 Dell(conf-qos-policy-in)#service-queue 6 qos-policy cpuq_2 Dell(conf-qos-policy-in)#service-queue 7 qos-policy cpuq_1 Example of Applying a...

-------- ----- ------ --------------- ----------- ARP Q2/Q10/Q3/Q11 CP/RP 600 600 v6 ICMP NS Q2/Q10 CP/RP 600 600 v6 ICMP RS Q2/Q10 CP/RP 600 600 Viewing Complete Protocol-Queue Mapping To view the queues to which all protocol traffic is assigned, use the show protocol-queue-mapping command. Dell# s...

Troubleshooting CoPP Operation To troubleshoot CoPP operation, use the debug commands described in this section. Enabling CPU Traffic Statistics During high-traffic network conditions, you may want to manually enable the collection of CPU traffic statistics by entering the debug cpu-traffic-stats co...

--More-- ######################## FP Entry for VLT IGMP Sync frames ########################## --More-- ######################## FP Entry for VLT ARP Replies Tunneled ########################## --More-- ######################## FP Entry for VLT L2PM Sync frames ########################## --More-- ##...

OSPF 0 0 0 RIP 0 0 0 VRRP 0 0 0 ICMP 0 0 0 IGMP 0 0 0 PIM 0 0 0 MSDP 0 0 0 BFD ON PHYSICAL PORTS 0 0 0 BFD ON LOGICAL PORTS 0 0 0 802.1x 0 0 0 iSCSI 0 0 0 DHCP RELAY 0 0 0 DHCP 0 0 0 NTP 0 0 0 FTP 0 0 0 TELNET 0 0 0 SSH 0 0 0 VLT CTRL 0 0 0 VLT IPM PDU 0 0 0 VLT TTL1 0 0 0 HYPERPULL 0 0 0 OPENFLOW 0...

12 Data Center Bridging (DCB) NOTE: Data center bridging (DCB) is enabled in Z9500 switch. Ethernet Enhancements in Data Center Bridging The following section describes DCB. The device supports the following DCB features: • Data center bridging exchange protocol (DCBx)• Priority-based flow control (...

transport protocols (for example, TCP) for reliable data transmission with the associated cost of greater processing overhead and performance impact. Storage traffic Storage traffic based on Fibre Channel media uses the Small Computer System Interface (SCSI) protocol for data transfer. This traffic ...

The system supports loading two DCB_Config files: • FCoE converged traffic with priority 3.• iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reac...

low-latency storage or server cluster traffic in a traffic class to receive more bandwidth and restrict best-effort LAN traffic assigned to a different traffic class.The following figure shows how ETS allows you to allocate bandwidth when different traffic types are classed according to 802.1p prior...

• Discovery of DCB capabilities on peer-device connections.• Determination of possible mismatch in DCB configuration on a peer link.• Configuration of a peer device over a DCB link. DCBx requires the link layer discovery protocol (LLDP) to provide the path to exchange DCB parameters with peer device...

For DCB to operate effectively, you can classify ingress traffic according to its dot1p priority so that it maps to different data queues. The dot1p-queue assignments used are shown in the following table. To enable DCB, enable either the iSCSI optimization configuration or the FCoE configuration. N...

Networking OS 9.3(0.). Max Use Count mode provides the maximum value of the counters accumulated over a period of time. Priority Flow Control (PFC) provides a link level flow control mechanism, which is controlled independently for each frame priority. The goal of this mechanism is to ensure zero lo...

percentages in all groups in the DCB map must be 100%. Strict-priority traffic is serviced first. Afterwards, you can configure either the peak rates or the committed rates. The bandwidth allocated to other priority groups is made available and allocated according to the specified percentages. If a ...

Step Task Command Command Mode Dell# interface tengigabitEthernet 1/1 Dell(config-if-te-1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port. You cannot apply a DCB map on an interface that has been already configured for PFC using the pfc priority command or wh...

When configuring lossless queues on a port interface, consider the following points: • By default, no lossless queues are configured on a port.• A limit of two lossless queues are supported on a port. If the number of lossless queues configured exceeds the maximum supported limit per port (two), an ...

The default dot1p priority-queue assignments are applied as follows: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 1 2 3 4 5 6 7 Queue : 2 0 1 3 4 5 6 7 Dell(conf)# NOTE: In Egress queue assignment (8 queues in S6000 and Z9500, 4 against in S5000 and S4810. PFC is not applied on spec...

• Traffic may be interrupted when you reconfigure PFC no-drop priorities in a DCB map or re-apply the DCB map to an interface. • For PFC to be applied, the configured priority traffic must be supported by a PFC peer (as detected by DCBx). • If you apply a DCB map with PFC disabled ( pfc off ), you c...

• Traffic in priority groups is assigned to strict-queue or weighted round-robin (WRR) scheduling in an ETS configuration and is managed using the ETS bandwidth-assignment algorithm. Dell Networking OS de-queues all frames of strict-priority traffic before servicing any other queues. A queue with st...

When you configure priority groups in a DCB map: • A priority group consists of 802.1p priority values that are grouped together for similar bandwidth allocation and scheduling, and that share the same latency and loss requirements. All 802.1p priorities mapped to the same queue must be in the same ...

context. For example, one of the Te/Fo interfaces can have pfc-dot1p priorities as 2 and 3. Whereas, the other Te/Fo interface(s) can have its pfc-dot1p priorities as 4 and 5. It is the user responsibility to have symmetric PFC configurations on the interfaces involved in a particular PFC-enabled tr...

Committed and peak bandwidth is in megabits per second. The range is from 0 to 40000. Committed and peak burst size is in kilobytes. Default is 50. The range is from 0 to 10000. 3. Configure the 802.1p priorities for the traffic on which you want to apply an ETS output policy.PRIORITY-GROUP mode pri...

• The DCBx port-role configurations determine the ETS operational parameters (refer to Configure a DCBx Operation ). • ETS configurations received from TLVs from a peer are validated.• If there is a hardware limitation or TLV error: – DCBx operation on an ETS port goes down.– New ETS configurations ...

QoS OUTPUT POLICY mode exit 5. Enter INTERFACE Configuration mode.CONFIGURATION mode interface type slot/port 6. Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface.INTERFACE mode service-policy output output-policy-name Applying the DCB Pol...

is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end). For more information about how these features are implemented and used, refer to: • Configure Enhanced Transmission Selecti...

A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports. Ports receiving auto-configuration information from the configuration source ignore their current settings and use the configuration source information. Propagation of DC...

3. Dot1p->Queue Mapping Configuration is retained at the default value. Default dot1p-queue mapping is, Dell#show qos dot1p-queue-mapping Dot1p Priority : 0 1 2 3 4 5 6 7 Queue :2 0 1 3 4 5 6 7 4. Interface Configurations on server connected ports. a. Enable DCB globally. Dell(conf)#dcb enable b....

PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [ets-conf | ets-reco | pfc] • ets-conf : enables the advertisement of ETS Configuration TLVs. • ets-reco : enables the advertisement of ETS Recommend TLVs. • pfc enables : the advertisement of PFC TLVs...

Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 11. Displaying DCB Configurations Command Output show dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [linecard {all | unit-number }] [sfm {all | unit-number }] Disp...

Local is enabled Oper status is recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quanta Application Priority TLV Parameters : -------------------------------------- FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled ...

% Rate(Mbps) Burst(KB) Rate(Mpbs) Burst(KB) -------------------------------------------------------------------------------- -- 0 0,1,2,4,5,6,7 50 400 100 4000 400 ETS 1 3 50 - - - - ETS 2 - - - - - - 3 - - - - - - 4 - - - - - - 5 - - - - - - 6 - - - - - - 7 - - - - - - Remote Parameters : ---------...

Table 14. show interface DCBx detail Command Description Field Description Interface Interface type with chassis slot and port number. Port-Role Configured DCBx port role: auto-upstream, auto-downstream, config-source, or manual. DCBx Operational Status Operational status (enabled or disabled) used ...

Field Description Total DCBx Frames received Number of DCBx frames received from remote peer port. Total DCBx Frame errors Number of DCBx frames with errors received. Total DCBx Frames unrecognized Number of unrecognizable DCBx frames received. Generation of PFC for a Priority for Untagged Packets I...

packet Dot1p and Dot1p based queue classification. This document will discuss the configurations required to support PFC for untagged packets based on incoming packet DSCP. For the tagged packets, Queue is selected based on the incoming Packet Dot1p. When PFC frames for a specific priority is receiv...

dot1p Value in the Incoming Frame Priority Group Assignment 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 50% LAN 45% PFC and ETS Configuration Command Examples The following examples show PFC and ETS con...

Priority group 1 Assigns traffic to one priority queue with 20% of the link bandwidth and strict-priority scheduling. Priority group 2 Assigns traffic to one priority queue with 30% of the link bandwidth. Priority group 3 Assigns traffic to two priority queues with 50% of the link bandwidth and stri...

When a device sends a pause frame to another device, the time for which the sending of packets from the other device must be stopped is contained in the pause frame. The device that sent the pause frame empties the buffer to be less than the threshold value and restarts the acceptance of data packet...

13 Debugging and Diagnostics This chapter describes the debugging and diagnostics tasks you can perform on the switch. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostic tests are grouped into three levels: • Level 0 — Level 0...

Examples of Running Offline Diagnostics Example of Taking a Switch Offline Dell# offline system Warning - offline of system will bring down all the protocols and the system will be operationally down, except for running Diagnostics. The "reload" command is required for normal operation after...

ERROR: Unit 2 (Portcard 2): XE 11 is DOWN + XE Link Status Test for unit 2 (Portcard 2): FAILED portcardXELinkStatusTest .................................... FAIL qsfpOpticsTest .............................................. PASS qsfpPhyTest ................................................. PASS qsf...

Starting test: temperatureTest ...... Thermal Monitor Diodes: Diode[0] temperature 33.9 C Diode[1] temperature 35.0 C Diode[2] temperature 35.0 C Diode[4] temperature 34.5 C Port card[0]: Average temperature 38.3 C, maximum 41.1 C Port card[1]: Average temperature 40.5 C, maximum 43.3 C Port card[2]...

Auto Save on Reload, Crash, or Rollover Exception information for the switch is stored in the flash:/TRACE_LOG_DIR directory. This directory contains files that save trace information when there has been a task crash or timeout and trace information from the Route Processor and Control Processor CPU...

Troubleshoot a flap or fault condition on a HiGig backplane link by displaying the internal ports that are mapped to backplane links for control or data traffic and the status of backplane links. In the show hardware bp-link-state command output, 1 indicates that a backplane link is up; 0 indicates ...

-- Major Alarms -- Alarm Type Duration --------------------------------------------------------------------------- PEM 0 in unit 0 down 25 sec PEM 2 in unit 0 down 6 sec • Use the show environment pem command to display complete information on power supply operation. Dell#show environment pem -- Pow...

To verify the transceiver plugged into a Z9500 port, use the show inventory media command. Dell#show inventory media Slot Port Type Media Serial Number F10Qualified -------------------------------------------------------------------------------- ----------- 2 0 QSFP 40GBASE-CR4-1M APF12380010GM4 Yes...

QSFP 168 BR max = 0 QSFP 168 BR min = 0 QSFP 168 Vendor SN = Z12I00005 QSFP 168 Datecode = 130117 QSFP 168 CheckCodeExt = 0xe8 QSFP 168 Diagnostic Information =================================== QSFP 168 Rx Power measurement type = Average =================================== QSFP 168 Temp High Alarm...

Minor Minor Off Major Major Off Shutdown S0 50 45 50 45 N/A S1 N/A N/A N/A N/A N/A S2 50 45 50 45 N/A S3 50 45 50 45 N/A S4 40 35 40 35 N/A S5 50 45 50 45 N/A S6 67 62 67 62 N/A S7 68 63 68 63 N/A S8 66 61 66 61 N/A S9 66 61 66 61 N/A -- Switching Core -- -- Temperature Limits (deg C) -- -----------...

If the system is not able to cool down within one minute from the time the shutdown alarm is generated, a second alarm is triggered and the system shuts down immediately to avoid damaging any component due to overheating: 00:16:08: %SYSTEM:LP %CHMGR-0-TEMP_SHUTDOWN_WARN: Unit 0 a temperature sensor ...

0 0 0 Internal 58 0 0 0 0 0 Internal 59 0 0 0 0 0 Internal 60 0 0 0 0 0 Internal 61 0 0 0 0 0 Displaying Dataplane Statistics The show hardware linecard {0–2} cpu data-plane statistics command provides information about the packet types entering a line-card CPU. As shown in the following example, th...

Oversize frames recvd = 0 Fragments = 0 Jabber = 0 Dropped Frames = 0 Under/oversized frames = 0 FLR frames = 0 RCDE frames = 0 RCSE frames = 0 Dell#show hardware party-bus port 0 statistics Party Bus Transmit Counters for port 0: Tx Octets = 350320163 Tx Drop Packets = 0 tx_q0_pkts = 597876 tx_q1_p...

transmit statistics for a port-pipe unit on a specified line card, according to the command option you enter. Dell#show hardware linecard 0 unit 1 counters RUC.cpu0 : 528,687 +528,687 ING_NIV_RX_FRAMES.cpu0 : 528,687 +528,687 TDBGC6.cpu0 : 528,687 +528,687 PERQ_PKT(0).cpu0 : 1,172 +1,172 PERQ_PKT(41...

NOTE: On the Z9500, when you enable core dumps of application crashes to be uploaded to an FTP server, only core dumps from the Control Processor are uploaded to the server. Application core-dump files from the Route Processor and line-card CPUs are moved to flash memory on the Control Processor CPU...

command in global configuration mode. The kernel core dump is copied to flash://CORE_DUMP_DIR/f10_ cpu _ timestamp .kcore.gz Where cpu specifies a Z9500 CPU and is one of the following values: cp (Control Processor), cp (Route Processor), lp0 (line-card processor 0), lp1 (line-card processor 1), or ...

14 Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators.DHCP relieves network administrators of ma...

Option Number and DescriptionIdentifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Snooping Option 82Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database. End Opti...

Configure the System to be a DHCP Server A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient. The following table lists the key r...

DHCP <POOL> mode network network/prefix-length • network : the subnet address. • prefix-length : specifies the number of bits used for the network portion of the address you specify. The prefix-length range is from 17 to 31. 4. Display the current pool configuration.DHCP <POOL> mode show...

lease {days [hours] [minutes] | infinite} The default is 24 hours . Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client.To specify a default gateway, follow this step. • Specify default gateway(s) for the clients on the subnet, in order of pre...

Creating Manual Binding Entries An address binding is a mapping between the IP address and the media access control (MAC) address of a client.The DHCP server assigns the client an available IP address automatically, and then creates an entry in the binding table. However, the administrator can manua...

Configure the System to be a Relay Agent DHCP clients and servers request and offer configuration information via broadcast DHCP messages. Routers do not forward broadcasts, so if there are no DHCP servers on the subnet, the client does not receive a response to its request and therefore cannot acce...

Figure 33. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int gig 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10....

ICMP redirects are not sent ICMP unreachables are not sent Configure the System to be a DHCP Client A DHCP client is a network device that requests an IP address and configuration parameters from a DHCP server. Implement the DHCP client functionality as follows: • The switch can obtain a dynamically...

DHCP Client Operation with Other Features A DHCP client also operates with the following software features. Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel ...

packet arrived on the correct port. Packets that do not pass this check are forwarded to the server for validation. This checkpoint prevents an attacker from spoofing a client and declining or releasing the real client’s address. Server-originated packets (DHCPOFFER, DHCPACK, and DHCPNACK) that arri...

ipv6 dhcp snooping trust 3. Enable IPv6 DHCP snooping on a VLAN or range of VLANs.CONFIGURATION mode ipv6 dhcp snooping vlan vlan-id Adding a Static Entry in the Binding Table To add a static entry in the binding table, use the following command. • Add a static entry in the binding table. EXEC Privi...

Dell#show ip dhcp snooping IP DHCP Snooping : Enabled. IP DHCP Snooping Mac Verification : Disabled. IP DHCP Relay Information-option : Disabled. IP DHCP Relay Trust Downstream : Disabled. Database write-delay (In minutes) : 0 DHCP packets information Relay Information-option packets : 0 Relay Trust...

IPv6 DHCP Snooping MAC-Address Verification Configure to enable verify source mac-address in the DHCP packet against the mac address stored in the snooping binding table. • Enable IPV6 DHCP snooping . CONFIGURATION mode ipv6 dhcp snooping verify mac-address Drop DHCP Packets on Snooped VLANs Only Bi...

packets addressed to the client to it. As a result, the attacker is able to sniff all packets to and from the client. Other attacks using ARP spoofing include: Broadcast An attacker can broadcast an ARP reply that specifies FF:FF:FF:FF:FF:FF as the gateway’s MAC address, resulting in all clients bro...

--------------------------------------------------------------------- Internet 10.1.1.251 - 00:00:4d:57:f2:50 Te 0/2 Vl 10 CP Internet 10.1.1.252 - 00:00:4d:57:e6:f6 Te 0/1 Vl 10 CP Internet 10.1.1.253 - 00:00:4d:57:f8:e8 Te 0/3 Vl 10 CP Internet 10.1.1.254 - 00:00:4d:69:e8:f2 Te 0/50 Vl 10 CP Dell#...

Enabling IP Source Address Validation IP source address validation (SAV) prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP binding table.A spoofed IP packet is one in which the IP source address is strategically chosen to disguise the attacker. For example,...

3. Reload the system.EXEC Privilege reload 4. Enable IP+MAC SAV.INTERFACE mode ip dhcp source-address-validation ipmac The system creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface.To display the IP+MAC ACL for an interface for the entire system, u...

15 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) supports multiple paths in next-hop packet forwarding to a destination device. ECMP for Flow-Based Affinity ECMP for flow-based affinity includes link bundle monitoring. Enabling Deterministic ECMP Next Hop Deterministic ECMP next hop arra...

NOTE: While the seed is stored separately on each port-pipe, the same seed is used across all CAMs. NOTE: You cannot separate LAG and ECMP, but you can use different algorithms across the chassis with the same seed. If LAG member ports span multiple port-pipes and line cards, set the seed to the sam...

NOTE: Save the new ECMP settings to the startup-config ( write-mem ) then reload the system for the new settings to take effect. • Configure the maximum number of paths per ECMP group. CONFIGURATION mode. ip ecmp-group maximum-paths { 2-64 } • Enable ECMP group path management. CONFIGURATION mode. i...

The default is 60% . • Display details for an ECMP group bundle. EXEC mode show link-bundle-distribution ecmp-group ecmp-group-id The range is from 1 to 64. Viewing an ECMP Group NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when you configure multipath routes to th...

16 FCoE Transit The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a Z9500 switch. Fibre Channel ...

Figure 34. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be...

• Allocate CAM resources for FCoE.• Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis.• To assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in, set the FCoE MAC address prefix (FC-MAP) value...

Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configure FIP Snooping . As soon as you enable the FCoE transit feature on a switch-bridge, existing VLAN-specific and ...

Configure a Port for a Bridge-to-FCF Link If a port is directly connected to an FCF, configure the port mode as FCF. Initially, all FCoE traffic is blocked; only FIP frames are allowed to pass. FCoE traffic is allowed on the port only after a successful fabric login (FLOGI) request/response and conf...

FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 36. Configuration Example: FIP Snooping on a Switch In this ...

Example of Enabling an FC-MAP Value on a VLAN Dell(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01 NOTE: Configuring an FC-MAP value is only required if you do not use the default FC-MAP value (0x0EFC00). Example of Configuring the ENode Server-Facing Port Dell(conf)# interface tengigabitethernet 1/1 D...

Table 22. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode . ENode Interface Slot/port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLA...

The following example shows the show fip-snooping fcf command. Dell# show fip-snooping fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No. of Enodes ------- ------------- ---- ------ -------------- ------------- 54:7f:ee:37:34:40 Po 22 100 0e:fc:00 4000 2 The following table describes the show ...

Number of FLOGI :1 Number of FDISC :16 Number of FLOGO :0 Number of Enode Keep Alive :4416 Number of VN Port Keep Alive :3136 Number of Multicast Discovery Advertisement :0 Number of Unicast Discovery Advertisement :0 Number of FLOGI Accepts :0 Number of FLOGI Rejects :0 Number of FDISC Accepts :0 N...

Enabling FIPS Mode To enable or disable FIPS mode, use the console port.Secure the host attached to the console port against unauthorized access. Any attempts to enable or disable FIPS mode from a virtual terminal session are denied. When you enable FIPS mode, the following actions are taken: • If e...

Monitoring FIPS Mode Status To view the status of the current FIPS mode (enabled/disabled), use the following commands. • Use either command to view the status of the current FIPS mode. show fips status show system Example of the show fips status Command Example of the show system Command Dell#show ...

18 Flex Hash This chapter describes the Flex Hash enhancements. Flex Hash Capability Overview This functionality is supported on the platform. The flex hash functionality enables you to configure a packet search key and matches packets based on the search key. When a packet matches the search key, t...

When load balancing RRoCE packets using flex hash is enabled, the show ip flow command is disabled. Similarly, when the show ip flow command is in use (ingress port-based load balancing is disabled), the hashing of RRoCE packets is disabled. Flex hash APIs do not mask out unwanted byte values after ...

RRoCE packets are received and transmitted on specific interfaces called lite-subinterfaces. These interfaces are similar to the normal Layer 3 physical interfaces except for the extra provisioning that they offer to enable the VLAN ID for encapsulation. You can configure a physical interface or a L...

19 Force10 Resilient Ring Protocol (FRRP) Force10 resilient ring protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protoc...

A virtual LAN (VLAN) is configured on all node ports in the ring. All ring ports must be members of the Member VLAN and the Control VLAN. The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can al...

Multiple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system. More than the recommended number of rings may cause interface instability. You can configure multiple rings with a single switch connection; a single ring can have multiple FRRP groups; multiple r...

Concept Explanation There is no periodic transmission of TCRHFs. The TCRHFs are sent on triggered events of ring failure or ring restoration only. Implementing FRRP • FRRP is media and speed independent.• FRRP is a Dell proprietary protocol that does not interoperate with any other vendor.• You must...

Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands.For more information about configuring VLANS in Layer 2 mode, refer to Layer 2 . Be sure to follow these guidelines: • All VLANS must ...

4. Configure the Master node.CONFIG-FRRP mode. mode master 5. Identify the Member VLANs for this FRRP group.CONFIG-FRRP mode. member-vlan vlan-id { range } VLAN-ID, Range : VLAN IDs for the ring’s member VLANS. 6. Enable FRRP.CONFIG-FRRP mode. no disable Configuring and Adding the Member VLANs Contr...

Interface : • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Slot/Port, Range : Slot and Port ID for the interface. Range is entered Slot/Port...

Viewing the FRRP Configuration To view the configuration for the FRRP group, use the following command. • Show the configuration for this FRRP group. CONFIG-FRRP mode. show configuration Viewing the FRRP Information To view general FRRP information, use one of the following commands. • Show the info...

Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, GVRP ...

Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config ! protocol gvrp no disable Dell(config-gvr...

not be unconfigured when it receives a Leave PDU. Therefore, the registration mode on that interface is FIXED. • Forbidden Mode — Disables the port to dynamically register VLANs and to propagate VLAN information except information about VLAN 1. A port with forbidden registration type thus allows onl...

21 Internet Group Management Protocol (IGMP) Internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a ...

Figure 38. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a m...

response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability to filter by multic...

Figure 40. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it wa...

Figure 41. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that...

Figure 42. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command. 2. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP Vers...

• Fast Convergence after MSTP Topology Changes • Designating a Multicast Router Interface Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP.To view IGMP-enabled interfaces, use the following command. • View IGMP-enabled interfaces. EXEC Privi...

IGMP version is 3 Dell(conf-if-te-1/13)# Viewing IGMP Groups To view both learned and statically configured IGMP groups, use the following command. • View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell(conf-...

INTERFACE mode ip igmp query-interval • Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Adjusting the IGMP Querier Timeout Value If there is more than one multicast router on a sub...

Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). Then, after no response, it removes the group from the outgoing interface for the subnet.IGMP immediate leave reduces leave latency by ...

• View the configuration. CONFIGURATION mode show running-config • Disable snooping on a VLAN. INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks • Removing a Group-Port Association • Disabling Multicast Flooding • Specifying a Port as Connected to a Multicast Router • Configuring t...

• Configure the switch to only forward unregistered packets to ports on a VLAN that are connected to mrouter ports.CONFIGURATION mode no ip igmp snooping flood Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN, use the following commands. • Staticall...

22 Interfaces This chapter describes interface types, both physical and logical, and how to configure them on the Z9500 switch. • 10-Gigabit Ethernet and 40-Gigabit Ethernet interfaces are supported on the Z9500. Basic Interface Configuration • Interface Types • View Basic Interface Information • En...

to top in multiples of four, starting with zero; for example, 0, 4, 8, 12, and so on. When a breakout cable is installed, the resulting four 10GbE ports are numbered with the remaining numbers. For example, 40GbE port 0 contains 10GbE ports 0, 1, 2, and 3; 40GbE port 4 contains 10GbE ports 4, 5, 6, ...

• Lists all configurable interfaces on the chassis. EXEC mode show interfaces This command has options to display the interface status, IP and MAC addresses, and multiple counters for the amount and type of traffic passing through the interface. If you configured a port channel interface, this comma...

To view which interfaces are enabled for Layer 3 data transmission, use the show ip interfaces brief command in EXEC Privilege mode. In the following example, TengigabitEthernet interface 1/5 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally...

• For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. 2. Enable the interface.INTERFACE mode no shutdown To confirm that the interface is enabled, use the show config command in INTERFACE mode. To leave INTERFACE mode, use the exit command or end command....

interconnect links run across 40-Gigabit Ethernet internal ports. A 40-Gigabit Ethernet internal port is also referred to as a HiGig port. On the Z9500, each NPU that constitutes a port pipe processes traffic from a set of front-end I/O ports. In the command-line interface, a Z9500 NPU is entered as...

Egress Interface Selection (EIS) EIS allows you to isolate the management and front-end port domains by preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports. The following protocols support EI...

Management Interfaces The Z9500 supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system. Configuring a Dedicated Management Interface The dedicated Management interface provides management access to the system. You ...

Global IPv6 address: 1::1/ Global IPv6 address: 2::1/64 Virtual-IP is not set Virtual-IP IPv6 address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode full duplex ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:06:14 Queueing strategy:...

Example of the show interface and show ip route Commands To display the configuration for a given port, use the show interface command in EXEC Privilege mode, as shown in the following example. To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int fortyGig...

• Configure an IP address and mask on the interface. INTERFACE mode ip address ip-address mask [secondary] – ip-address mask : enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). – secondary : the IP address is the interface’s backup IP address. You can confi...

• Enter INTERFACE mode of the Null interface. CONFIGURATION mode interface null 0 The only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad.This ...

Member ports of a LAG are added and programmed into the hardware in a predictable order based on the port ID, instead of in the order in which the ports come up. With this implementation, load balancing yields predictable results across line card resets and chassis reloads. A physical interface can ...

• Adding a Physical Interface to a Port Channel (mandatory) • Reassigning an Interface to a New Port Channel (optional) • Configuring the Minimum Oper Up Links in a Port Channel (optional) • Adding or Removing a Port Channel from a VLAN (optional) • Assigning an IP Address to a Port Channel (optiona...

To add a physical interface to a port, use the following commands. 1. Add the interface to a port channel.INTERFACE PORT-CHANNEL mode channel-member interface The interface variable is the physical interface type and slot/port information. 2. Double check that the interface was added to the port cha...

When more than one interface is added to a Layer 2-port channel, the system selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief command indica...

Dell(conf-if-portch)#int port 5 Dell(conf-if-portch)#channel te 1/8 Dell(conf-if-portch)#show conf ! interface Port-channel 5 no ip address channel-member TengigabitEthernet 1/8 shutdown Dell(conf-if-portch)# Configuring the Minimum Oper Up Links in a Port Channel You can configure the minimum links...

no untagged port-channel id number • Identify which port channels are members of VLANs. EXEC Privilege mode show vlan Assigning an IP Address to a Port Channel You can assign an IP address to a port channel and use port channels in Layer 3 routing protocols.To assign an IP address, use the following...

Load-Balancing Methods By default, LAG hashing uses the source IP, destination IP, source transmission control protocol (TCP)/user datagram protocol (UDP) port, and destination TCP/UDP port for hash computation. For packets without a Layer 3 header, the system automatically uses load-balance mac sou...

Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor1 lag crc16 Dell(conf)# The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crc- lower . This command takes the lower 32 bits of the hash key to compute the egress port. Other options for...

• Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single range. Example of the interface range Command (Single Range) Dell(config)# interface range tengigabitethernet 0/1 - 23 Dell(config-if-range-te-0/1-23)# no shutdown Dell(config-if-range-te-0/1-23...

Commas The following is an example of how to use commas to add different interface types to the range, enabling all Ten Gigabit Ethernet interfaces in the range 5/1 to 5/23 and both Ten Gigabit Ethernet interfaces 1/1 and 1/2. Example of Adding Interface Ranges Dell(config-if)# interface range tengi...

Define the Interface Range The following example shows how to define an interface-range macro named “test” to select 10–GigabitEthernet interfaces 5/1 through 5/4. Example of the define interface-range Command for Macros Dell(config)# define interface-range test tengigabitethernet 5/1 - 4 Choosing a...

• a — Page down • q — Quit Dell#monitor interface te 3/1 FTOS uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.: 2s Interface: Te 3/1, Disabled, Link is Down, Linespeed is 1000 Mbit Traffic statistics: Current Rate Delta Input bytes: 0 0 Bps 0 Output bytes: 0 0 Bps 0 ...

You can enable the capability to detect uneven traffic distribution in the member links of a HiGig link bundle on a line-card or SFM NPU. You can also enable a notification to be sent using alarms and SNMP traps. The algorithm used to determine uneven distribution of traffic is predefined. Monitorin...

• You can enable SNMP traps and syslog messages to be generated when an uneven traffic distribution is detected in a HiGig link bundle. • Traffic distribution in a HiGig link bundle is calculated as the bandwidth-weighted mean use of all links in the bundle. This calculation is performed only on lin...

Splitting QSFP Ports to SFP+ Ports The Z9500 supports splitting a single 40G QSFP port into four 10G SFP+ ports without reload using a supported breakout cable. (For the link to a list of supported cables, refer to the Z9500 Installation Guide or the Z9500 Release Notes ). To split a single 40G port...

NOTE: Trident2 chip sets do not work at 1G speeds with auto-negotiation enabled. As a result, when you peer any device using SFP, the link does not come up if auto-negotiation is enabled. Therefore, you must disable auto-negotiation on platforms that currently use Trident2 chip sets (S6000 and Z9000...

Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP type is 1GBASE …………………… LineSpeed 1000 Mbit Dell#show interfaces tengigabitethernet 0/7 gigabitethernet 0/0 is up, line protocol is down Hardware is DellEth, address is 90:b1:1c:f4:9a:...

the interface becomes stable and the penalty decays below a certain threshold, the interface comes up again and the routing protocols re-converge. Link dampening: • reduces processing on the CPUs by reducing excessive interface flapping.• improves network stability by penalizing misbehaving interfac...

Clearing Dampening Counters To clear dampening counters and accumulated penalties, use the following command. • Clear dampening counters. clear dampening Example of the clear dampening Command Dell# clear dampening interface Te 0/1 Dell# show interfaces dampening TengigabitEthernet0/0 InterfaceState...

The globally assigned 48-bit Multicast address 01-80-C2-00-00-01 is used to send and receive pause frames. To allow full-duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to this multicast address. The PAUSE f...

– tx on : enter the keywords tx on to send control frames from this port to the connected device when a higher rate of traffic is received. – tx off : enter the keywords tx off so that flow control frames are not sent from this port to the connected device when a higher rate of traffic is received. ...

• The VLAN link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the VLAN members. For example, the VLAN contains tagged members with Link MTU of 1522 and IP MTU of 1500 and untagged members with Link MTU of 1518 and IP MTU of 1500. The VLAN’s Link MTU cannot...

View Advanced Interface Information The following options have been implemented for the show [ip | running-config] interfaces commands for (only) linecard interfaces. When you use the configured keyword, only interfaces that have non-default configurations are displayed. Dummy linecard interfaces (c...

Rate info (interval 100 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h42m Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining a...

– (OPTIONAL) To clear statistics for all VRRP groups configured, enter the keyword vrrp . Enter a number from 1 to 255 as the vrid . – (OPTIONAL) To clear unknown source address (SA) drop counters when you configure the MAC learning limit on the interface, enter the keywords learning-limit . Example...

Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. 1. Define the transform set.CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption des 2. Define the crypto policy.CONFIGURATION mode crypto ipsec policy my...

24 IPv4 Routing IPv4 routing and various IP addressing features are supported. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature Default DNS Disabled Directed Broadc...

• Configuring Static Routes (optional) • Configure Static Routes for the Management Interface (optional) For a complete listing of all commands related to IP addressing, refer to the Dell Networking OS Command Line Reference Guide . Assigning IP Addresses to an Interface Assign primary and secondary...

! Dell(conf-if)# Dell(conf-if)#show conf ! interface TengigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown ! Dell(conf-if)# Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF)...

S 6.1.2.14/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.15/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.16/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.17/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 11.1.1.0/24 Direct, Nu 0 0/0 00:02:30 Direct, Lo 0 --More-- The system installs a next hop that is on the ...

To view the configuration, use the show config command in INTERFACE mode. Resolution of Host Names Domain name service (DNS) maps host names to IP addresses. This feature simplifies such commands as Telnet and FTP by allowing you to enter a name instead of an IP address. Dynamic resolution of host n...

Specifying the Local System Domain and a List of Domains If you enter a partial domain, the system can search different domains to finish or fully qualify that partial domain.A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. The system searches the host table fir...

Dell#traceroute www.force10networks.com Translating "www.force10networks.com"...domain server (10.11.0.1) [OK] Type Ctrl-C to abort. ---------------------------------------------------------------------- Tracing the route to www.force10networks.com (10.11.84.18), 30 hops max, 40 byte packets...

Configuring Static ARP Entries ARP dynamically maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static ARP) for the ARP cache.To configure a static ARP entry, use the following command. • Configure an IP address and MAC addr...

– ip ip-address (OPTIONAL): enter the keyword ip then the IP address of the ARP entry you wish to clear. – no-refresh (OPTIONAL): enter the keywords no-refresh to delete the ARP entry from CAM. Or to specify which dynamic ARP entries you want to delete, use this option with interface or ip ip-addres...

Figure 44. ARP Learning via ARP Request When you enable ARP learning via gratuitous ARP, the system installs a new ARP entry, or updates an existing entry for all received ARP requests. Figure 45. ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable...

CONFIGURATION mode arp backoff-time The default is 30 . The range is from 1 to 3600. • Display all ARP entries learned via gratuitous ARP. EXEC Privilege mode show arp retries ICMP For diagnostics, the internet control message protocol (ICMP) provides routing information to end stations by choosing ...

UDP Helper User datagram protocol (UDP) helper allows you to direct the forwarding IP/UDP broadcast traffic by creating special broadcast addresses and rewriting the destination IP address of packets to match those addresses. Configure UDP Helper Configuring the system to direct UDP broadcast is a t...

-------------------------------------------------- Te 1/1 1000 Configuring a Broadcast Address To configure a broadcast address, use the following command. • Configure a broadcast address on an interface. ip udp-broadcast-address Examples of Configuring and Viewing a Broadcast Address The following ...

1. Packet 1 is dropped at ingress if you did not configure UDP helper address. 2. If you enable UDP helper (using the ip udp-helper udp-port command), and the UDP destination port of the packet matches the UDP port configured, the system changes the destination address to the configured broadcast 1....

Figure 47. UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a desti...

• If the Incoming packet has a destination IP address that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces. Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example o...

25 IPv6 Routing Internet protocol version 6 (IPv6) routing is the successor to IPv4. Due to the rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion.This chapter provides a brief description o...

NOTE: The system provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS). By default, RA response messages are sent when an RS message is received. The manipulation of IPv6 stateless autoconfiguration supports the router side only. N...

IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 49. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any d...

The following lists the Next Header field values. Value Description 0 Hop-by-Hop option header 4 IPv4 6 TCP 8 Exterior Gateway Protocol (EGP) 41 IPv6 43 Routing header 44 Fragmentation header 50 Encrypted Security 51 Authentication header 59 No Next Header 60 Destinations option header NOTE: This ta...

However, if the Destination Address is a Hop-by-Hop options header, the Extension header is examined by every forwarding router along the packet’s route. The Hop-by-Hop options header must immediately follow the IPv6 header, and is noted by the value 0 (zero) in the Next Header field. Extension head...

of double colons is supported in a single address. Any number of consecutive 0000 groups may be reduced to two colons, as long as there is only one double colon used in an address. Leading and/or trailing zeros in a group can also be omitted (as in ::1 for localhost, 1:: for network addresses and ::...

IPv6 Implementation on the Dell Networking OS The Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform. The sections following the table ...

Configuring the LPM Table for IPv6 Extended Prefixes The LPM CAM table consists of two partitions: Partition I for IPv6 /65-/128 route-prefix entries and Partition II for IPv6 0/0-/64 and IPv4 0/0-0/32 route-prefix entries. You must reconfigure LPM CAM to allow IPv6 /65-/128 route prefixes to be sto...

Figure 50. Path MTU Discovery Process IPv6 Neighbor Discovery The IPv6 neighbor discovery protocol (NDP) is a top-level protocol for neighbor discovery on an IPv6 network. In place of address resolution protocol (ARP), NDP uses “Neighbor Solicitation” and “Neighbor Advertisement” ICMPv6 messages for...

Figure 51. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate...

Example for Configuring an IPv6 Recursive DNS Server The following example configures a RDNNS server with an IPv6 address of 1000::1 and a lifetime of 1 second. Dell(conf-if-te-0/1)#ipv6 nd dns-server ? X:X:X:X::X Recursive DNS Server's (RDNSS) IPv6 address Dell(conf-if-te-0/1)#ipv6 nd dns-server 10...

ff02::1 ff02::2 ff02::1:ff00:12 ff02::1:ff8b:7570 ND MTU is 0 ICMP redirects are not sent DAD is enabled, number of DAD attempts: 3 ND reachable time is 20120 milliseconds ND base reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is...

Adjusting Your CAM Profile Although adjusting your CAM profile is not a mandatory step, if you plan to implement IPv6 ACLs, Dell Networking recommends that you adjust your CAM settings.The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. There are 16 FP blocks, ...

You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host, per RFC 4861. Data ports support more than two IPv6 addresses. When you configure IPv6 addresses on multiple interfaces (the ipv6 address comma...

Configuring Telnet with IPv6 The Telnet client and server on a switch supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router. • Enter the IPv6 Address for the device. EXEC mode or...

prefix-list List IPv6 prefix lists route IPv6 routing information rpf RPF table Dell# Displaying an IPv6 Configuration To view the IPv6 configuration for a specific interface, use the following command. • Display the currently running configuration for a specified interface. EXEC mode show ipv6 inte...

S 8888:9999:5555:6666:1111:2222::/96 [1/0] via 2222:2222:3333:3333::1, Te 9/1, 00:03:16 S 9999:9999:9999:9999::/64 [1/0] via 8888:9999:5555:6666:1111:2222:3333:4444, 00:03:16 Displaying the Running Configuration for an Interface To view the configuration for any interface, use the following command....

26 iSCSI Optimization This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic. The topics covered in this chapter include: • iSCSI Optimization • Default iSCSI Optimization Values • iSCS...

Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 27. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting iSCSI CoS mode (802.1p priority queue mapping) iSCSI CoS Packet classification When you e...

[no] iscsi profile-compellent . The default is: Compellent disk arrays are not detected. Displaying iSCSI Optimization Information To display information on iSCSI optimization, use the following show commands. • Display the currently configured iSCSI settings. show iscsi • Display information on act...

Dell# show iscsi session detailed Session 0: ------------------------------------------------------------ Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:8069786961...

If more than 256 simultaneous sessions are logged continuously, the following message displays indicating the queue rate limit has been reached: %Z9500LC48:1 %ACL_AGENT-3-ISCSI_OPT_MAX_SESS_LIMIT_REACHED: Monitored iSCSI sessionsreached maximum limit NOTE: If you are using EqualLogic or Compellent s...

• Configure a port connected to a Dell Compellent storage array. INTERFACE Configuration mode iscsi profile-compellent The command configures a port for the best iSCSI traffic conditions. The following message displays the first time you use the iscsi profile-compellent command to configure a port c...

27 Intermediate System to Intermediate System The intermediate system to intermediate system (IS-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS.The IS-IS protocol standards are listed in the Standards Compliance chapter. IS-IS Pr...

• area address — within your routing domain or area, each area must have a unique area value. The first byte is called the authority and format indicator (AFI). • system address — the router’s MAC address. • N-selector — this is always 0. The following illustration is an example of the ISO-style add...

area or domain are operating in multi-topology IPv6 mode, the topological restrictions of single-topology mode are no longer in effect. Interface Support MT IS-IS is supported on physical Ethernet interfaces, physical synchronous optical network technologies (SONET) interfaces, port-channel interfac...

IS-IS Parameter Default Value Designated Router priority 64 Circuit Type Level 1 and Level 2 IS Type Level 1 and Level 2 Equal Cost Multi Paths 16 Configuration Information To use IS-IS, you must configure and enable IS-IS in two or three modes: CONFIGURATION ROUTER ISIS, CONFIGURATION INTERFACE, an...

The IPv6 address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 6. Enable IS-IS on the IPv4 interface.ROUTER ISIS mode ip router isis [ tag ] If you configure a tag variable, it must be the same as the tag variable assigned in step...

Configuring IS-IS Graceful Restart To enable IS-IS graceful restart globally, use the following commands. Additionally, you can implement optional commands to enable the graceful restart settings. • Enable graceful restart on ISIS processes. ROUTER-ISIS mode graceful-restart ietf • Configure the tim...

– adjacency : the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. – manual : allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds . E...

Level-1 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.01 Hello Interval: 10, Hello Multiplier: 3, CSNP Interval: 10 Number of active level-1 adjacencies: 1 Level-2 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.01 Hello Interval: 10, Hello Multiplier: 3, CSNP Interval: 10 Number of acti...

Dell#show running-config isis ! router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00 Dell# Configuring the IS-IS Metric Style All IS-IS links or interfaces are associated with a cost that is used in the shortest path first (SPF) calculations. The...

The default is Level 1 and Level 2 ( level-1–2 ) To view which metric types are generated and received, use the show isis protocol command in EXEC Privilege mode. The IS-IS matrixes settings are in bold. Example of Viewing IS-IS Metric Types Dell#show isis protocol IS-IS Router: <Null Tag> Sys...

Metric Sytle Correct Value Range wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 To view the interface’s current metric, use the show config command in INTERFACE mode or the show isis interface command in EXEC Privilege mode. Configuring t...

– For the Loopback interface on the RPM, enter the keyword loopback then a number from 0 to 16383. – For a port channel, enter the keywords port-channel then a number. – For a SONET interface, enter the keyword sonet then the slot/port information. – For a 10-Gigabit Ethernet interface, enter the ke...

distribute-list prefix-list-name out [bgp as-number | connected | ospf process-id | rip | static] You can configure one of the optional parameters:– connected : for directly connected routes. – ospf process-id : for OSPF routes only. – rip : for RIP routes only. – static : for user-configured routes...

– metric value the range is from 0 to 16777215. The default is 0 . – match external the range is from 1 or 2. – match internal – metric-type : external or internal. – map-name : enter the name of a configured route map. Redistributing IPv6 Routes To add routes from other routing instances or protoco...

Configuring Authentication Passwords You can assign an authentication password for routers in Level 1 and for routers in Level 2. Because Level 1 and Level 2 routers do not communicate with each other, you can assign different passwords for Level 1 routers and for Level 2 routers. However, if you wa...

Example of Viewing the Overload Bit Setting When the bit is set, a 1 is placed in the OL column in the show isis database command output. The overload bit is set in both the Level-1 and Level-2 database because the IS type for the router is Level-1-2. Dell#show isis database IS-IS Level-1 Link State...

– interface : Enter the type of interface and slot/port information to view IS-IS information on that interface only. • View the events that triggered IS-IS shortest path first (SPF) events for debugging purposes. EXEC Privilege mode debug isis spf-triggers • View sent and received LSPs. EXEC Privil...

Leaks from One Level to Another In the following scenarios, each IS-IS level is configured with a different metric style. Table 32. Metric Value with Different Levels Configured with Different Metric Styles Level-1 Metric Style Level-2 Metric Style Resulting Metric Value narrow wide original value n...

28 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP The Dell Networkin...

– The shutdown command on LAG “xyz” disables the LAG and retains the user commands. However, the system does not allow the channel number “xyz” to be statically created. – The no interface port-channel channel-number command deletes the specified LAG, including a dynamically created LAG. This comman...

[no] port-channel number mode [active | passive | off] – number : cannot statically contain any links. The default is LACP active . • Configure port priority. LACP mode [no] lacp port-priority priority-value The range is from 1 to 65535 (the higher the number, the lower the priority). The default is...

Configuring the LAG Interfaces as Dynamic After creating a LAG, configure the dynamic LAG interfaces. To configure the dynamic LAG interfaces, use the following command. • Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Co...

Dell(conf-if-po-32)#switchport Dell(conf-if-po-32)#lacp long-timeout Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.45a5 Actor Admin Key 1, Oper Key 1...

Figure 55. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). the system has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking. To achieve this ...

As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 56. Configuring Shared LAG State Tracking The...

• You can configure shared LAG state tracking on one side of a link or on both sides.• If a LAG that is part of a failover group is deleted, the failover group is deleted.• If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Exampl...

29 Layer 2 This chapter describes the Layer 2 features supported on the Z9500. Manage the MAC Address Table You can perform the following management tasks inr the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries • Configuring a Static MAC Address • Dis...

The range is from 10 to 1000000. Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-a...

interface ) before the system verifies that sufficient CAM space exists. If the CAM check fails, a message is displayed: %E90MH:5 %ACL_AGENT-2-ACL_AGENT_LIST_ERROR: Unable to apply access-list Mac-Limit on TengigabitEthernet 5/84 In this case, the configuration is still present in the running-config...

NOTE: Alternatively, you can reset the interface by shutting it down using the shutdown command and then re-enabling it using the no shutdown command. • Reset interfaces in the ERR_Disabled state caused by a learning limit violation or station move violation.EXEC Privilege mode mac learning-limit re...

address-table station-move refresh-arp command on the switch at the time that NIC teaming is being configured on the server. NOTE: If you do not configure the mac-address-table station-move refresh-arp command, traffic continues to be forwarded to the failed NIC until the ARP entry on the switch tim...

To ensure that existing network applications see no difference when a primary interface in a redundant pair transitions to the backup interface, be sure to apply identical configurations of other traffic parameters to each interface. If you remove an interface in a redundant link (remove the line ca...

3/42 00:24:55: %SYSTEM-P:CP %IFMGR-5-ACTIVE: Changed Vlan interface state to active: Vl 1 00:24:55: %SYSTEM-P:CP %IFMGR-5-STATE_STBY_ACT: Changed interface state from standby to active: Te 3/42 Dell(conf-if-te-3/41)#do show ip int brief | find 3/41 TengigabitEthernet 3/41 unassigned NO Manual admini...

Figure 67. Configuring Far-End Failure Detection The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not availabl...

4. If the FEFD enabled system is configured to use FEFD in Normal mode and neighboring echoes are not received after three intervals, (you can set each interval can be set between 3 and 300 seconds) the state changes to unknown. 5. If the FEFD system has been set to Aggressive mode and neighboring e...

To report interval frequency and mode adjustments, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3.INTERFACE mode ip address ip address , switchport 2. Activate the necessary ports administratively.INTEFACE mode no shutdown 3. Enable fefd globally.CONFIGU...

To set up and activate two or more connected interfaces, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3.INTERFACE mode ip address ip address , switchport 2. Activate the necessary ports administratively.INTERFACE mode no shutdown 3. INTERFACE mode fefd {...

30 Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP) on the Z9500 switch. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration a...

Table 34. Type, Length, Value (TLV) Types Type TLV Description 0 End of LLDPDU Marks the end of an LLDPDU. 1 Chassis ID An administratively assigned name that identifies the LLDP agent. 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received. 3 Tim...

Figure 70. Organizationally Specific TLV IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs. Table 35. O...

Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: • manage inventory• manage Power over Ethernet (PoE)• identify physical location• identify network policy LLDP-MED is designed for, but not limited to, VoIP endpoints. TIA Organizationally Speci...

Type SubType TLV Description None or all TLVs must be supported. The Dell Networking OS does not currently support these TLVs. 127 5 Inventory — Hardware Revision Indicates the hardware revision of the LLDP-MED device. 127 6 Inventory — Firmware Revision Indicates the firmware revision of the LLDP-M...

Figure 71. LLDP-MED Capabilities TLV Table 37. LLDP-MED Capabilities Bit Position TLV Supported? 0 LLDP-MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6–15 reserved No Table 38. LLDP-MED Device Ty...

Extended Power via MDI TLV The extended power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices. Advertise the extended power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • Power Type — there are two po...

Important Points to Remember • LLDP is enabled by default.• Dell Networking systems support up to eight neighbors per interface.• Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not con...

Enabling LLDP LLDP is disabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs.To enable LLDP, use the following command. 1. Enter Protocol LLDP mode.CONFIGURATION or INTERFACE mode protocol lldp 2. Enable LLDP.PROTO...

Figure 74. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Examples of Viewing LLDP Configurations The following example shows viewing an LLDP global configuration...

Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • Display brief information about adjacent devices. show lldp neighbors • Display all of the information ...

Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds . To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval. CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals R1(conf)#proto...

• Return to the default setting. CONFIGURATION mode or INTERFACE mode no mode Example of Configuring a Single Mode R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-...

advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#multiplier ? <2-10> Multiplier (default=4) R1(conf-lldp)# multiplier 5 R1(conf-lldp)#show config ! protocol lldp adve...

Figure 75. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects The system supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs• the LLDP configuration on the local agent• IEEE 802.1AB Organizati...

31 Microsoft Network Load Balancing Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. Microsoft NLB clustering allows multiple servers running Microsoft Windows to be represented by one MAC an...

With NLB, the data frame is forwarded to all servers in the cluster for the servers to perform load-balancing. NLB Multicast Mode Example Consider a sample topology in which four servers, namely S1 through S4, are configured as a cluster or a farm. This set of servers is connected to a Layer 3 switc...

NLB VLAN Flooding To preserve Microsoft server failover and load-balancing, configure a switch to forward the traffic destined for a server cluster on all member ports of the VLAN connected to the cluster ( ip vlan- flooding command). Configure the switch for NLB VLAN flooding when you configure the...

32 Multicast Source Discovery Protocol (MSDP) This chapter describes how to configure and use the multicast source discovery protocol (MSDP) on the Z9500 switch. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in t...

Figure 81. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP.CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains.CONFIGURATION mode ip msdp peer connect-source 576 Multicast Source Discovery Protocol (...

Example of Configuring MSDP Example of Viewing Peer Information R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3(conf)#do show ip msdp summary Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer com...

Limiting the Source-Active Cache Set the upper limit of the number of active sources that the system caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the reverse path...

Figure 85. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command.• Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check.CONFIGURATION mode ip msdp default-peer ip-address li...

Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 73 00:13:49 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 73 00:13:4...

Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache. To apply the redistribute filter to ...

R3(conf)#do show ip msdp sa-cache R3(conf)# R3(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.0(639) Connect Source: Lo 0 State: Listening Up/Down Time: 00:01:19 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA F...

Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP addres...

Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.3(639) Connect Source: Lo 0 State: Established Up/Down Time: 00:04:26 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out...

Configuring Anycast RP To configure anycast RP: 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address.CONFIGURATION mode interface loopback 2. Make this address the RP for the group.CONFIGURATION mode ip pim...

neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.22 update-source Loopback 0 neighbor 192.168.0.22 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.22 ! ip route 192.168.0...

Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 44. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tr...

• Enabling SNMP Traps for Root Elections and Topology Changes Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands. When you enable MSTP, all physical, VLAN, and port-channel interfaces that are enabled and in Layer 2 mode are aut...

Examples of Creating and Viewing MSTP Instances The following example shows using the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)# msti 1 vlan 100 Dell(conf-mstp)# msti 2 vlan 200-300 Dell(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2...

Influencing MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it becomes the root bridge.To change the bridge priority, use the following command. • Assign a number as the bridge priority. PROTOCOL MSTP mode msti inst...

NOTE: Some non-Dell equipment may implement a non-null default region name, such as the Bridge ID or a MAC address. Changing the Region Name or Revision To change the region name or revision, use the following commands. • Change the region name. PROTOCOL MSTP mode name name • Change the region revis...

The default is 15 seconds . 2. Change the hello-time parameter.PROTOCOL MSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds . 3. Change...

• Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost. The following lists the default values for port cost by interface. Table 45. Default Values for Port Costs by Interface Port Cost Default Value 100-Mb/s Ether...

• Enable EdgePort on an interface. INTERFACE mode spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] Dell Networking OS Behavior : Regarding bpduguard shutdown-on-violation behavior: – If the interface to be shut down is a port channel, all the member ports are disabled in the hardware...

Figure 88. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps:1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs...

name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface TenGigabitEthernet 3/11 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 3/11,21 no shu...

(Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs. EXEC P...

– Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows viewing an MSTP configuration. Dell#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti re...

34 Multicast Features The Dell Networking OS supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Enabling IP Multicast Before enabling any multicast protocols, you must enable IP multicast rou...

Protocol Ethernet Address PIM-SM 01:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner- traceroute-ipm . • Multicast is not supported on secondary IP addresses.• Egress L3 ACL is not applied to multicast data traffic if you enable multicast...

When the multicast route limit is reached, the following message is displayed: 3w1d13h: %RPM0-P:RP2 %PIM-3-PIM_TIB_LIMIT: PIM TIB limit reached. No new routes will be learnt until TIB level falls below low watermark. 3w1d13h: %RPM0-P:RP2 %PIM-3-PIM_TIB_LIMIT: PIM TIB below low watermark. Route learn...

Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined.Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than pe...

Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using th...

35 Open Shortest Path First (OSPFv2 and OSPFv3) This chapter describes how to configure and use Open Shortest Path First (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) on the Z9500. NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are ...

Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers. An area within the AS may not see the de...

An ABR can connect to many areas in an AS, and is considered a member of each area it connects to. Autonomous System Border Router (ASBR) The autonomous system border area router (ASBR) connects to more than one AS and exchanges information with the routers in other ASs. Generally, the ASBR connects...

available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement originated. The link-state ID for Type 4 LSAs is the router ID of the described ASBR). • Type 5: LSA — These LSAs contain information imported into OSPF from other routing processes. They ar...

OSPF Implementation The Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within the 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes. Multiple OSPF processes (OSPF MP) are supported on OSPFv2 only; up to 32 simultaneous proces...

Processing SNMP and Sending SNMP Traps Though there are may be several OSPFv2 processes, only one process can process simple network management protocol (SNMP) requests and send SNMP traps. The mib-binding command identifies one of the OSPVFv2 processes as the process responsible for SNMP management...

Configuration Information The interfaces must be in Layer 3 mode (assigned an IP address) and enabled so that they can send and receive traffic. The OSPF process must know about these interfaces. To make the OSPF process aware of these interfaces, they must be assigned to OSPF areas.You must configu...

If implementing multi-process OSPF, create an equal number of Layer 3 enabled interfaces and OSPF process IDs. For example, if you create four OSPFv2 process IDs, you must have four interfaces with Layer 3 enabled. 1. Assign an IP address to an interface.CONFIG-INTERFACE mode ip address ip-address m...

Loopback 0 is up, line protocol is up Internet Address 10.168.253.2/32, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.2, Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host. Dell# Configuring Stub Areas OSPF supports different types of LSAs to help reduce the amount of rout...

To enable both receiving and sending routing updates, use the no passive-interface interface command. Example of Viewing Passive Interfaces When you configure a passive interface, the show ip ospf process-id interface command adds the words passive interface to indicate that the hello packets are no...

NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support. Examples of Enabling Fast-Convergence In the following examp...

The bold lines in the example show the change on the interface. The change is reflected in the OSPF configuration. Dell(conf-if)# ip ospf cost 45 Dell(conf-if)#show config ! interface TengigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show i...

• retransmit-interval — LSA retransmit interval • transmit-delay — LSA transmission delay • dead-interval — dead router detection time • authentication-key — authentication key • message-digest-key — MD5 authentication key To configure virtual links, use the following command. • Configure the option...

ip prefix-list prefix-name You are in PREFIX LIST mode. • Create a prefix list with a sequence number and a deny or permit action. CONFIG- PREFIX LIST mode seq sequence-number {deny |permit} ip-prefix [ge min-prefix-length] [le max- prefix-length] The optional parameters are:– ge min-prefix-length :...

Example of Viewing OSPF Configuration after Redistributing Routes To view the current OSPF configuration, use the show running-config ospf command in EXEC mode or the show config command in ROUTER OSPF mode. Dell(conf-router_ospf)#show config ! router ospf 34 network 10.1.2.32 0.0.0.255 area 2.2.2.2...

Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations.You can copy and paste from these examples to your CLI. To support your own IP addr...

OSPF Area 0 — Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 ! interface Loopback 30 ip address 192.168.100.100/24 no shutdown ! interface TengigabitEthernet 3/1 ip address 10.1.13.3/24 no shutdown ! interface TengigabitEthern...

NOTE: The OSPFv2 network area command enables OSPF on multiple interfaces with the single command. Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3. All IPv6 addresses on an interface are included in the OSPFv3 process that is created on the interface. Enable OSPFv3 for IPv6 ...

ipv6 ospf process-id area area-id – process-id : the process ID number assigned. – area-id : the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter OSP...

default-information originate [always [metric metric-value ] [metric-type type-value ]] [route-map map-name ] Configure the following required and optional parameters:– always : indicate that default route information is always advertised. – metric metric-value : The range is from 0 to 4294967295. –...

You decide the set of IPsec protocols that are employed for authentication and encryption and the ways in which they are employed. When you correctly implement and deploy IPsec, it does not adversely affect users or hosts. AH and ESP are designed to be cryptographic algorithm-independent. OSPFv3 Aut...

– Configuring IPsec Encryption for an OSPFv3 Area – Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands. Prerequisite : Before you enable IPsec authentication on a...

• Enable IPsec encryption for OSPFv3 packets on an IPv6-based interface. INTERFACE mode ipv6 ospf encryption {null | ipsec spi number esp encryption-algorithm [ key- encryption-type ] key authentication-algorithm [ key-authentication-type ] key } – null : causes an encryption policy configured for t...

• Enable IPSec authentication for OSPFv3 packets in an area. CONF-IPV6-ROUTER-OSPF mode area- id authentication ipsec spi number {MD5 | SHA1} [ key-encryption-type ] key – area area-id : specifies the area for which OSPFv3 traffic is to be authenticated. For area-id , enter a number or an IPv6 prefi...

– key : specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AES-CBC - 32 or 64 hex digits for AES-128 and ...

Interface: TenGigabitEthernet 0/1 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound es...

36 Pay As You Grow The Pay As You Grow (PAYG) software feature allows you to purchase a Z9500 switch with 36 40G ports (144 10G ports) and upgrade to a larger number of ports as your networking needs grow. A Z9500 switch with a 36 40G-port license has only the ports on line card 0 enabled. See the P...

Enter Yes at the prompt to continue the installation; for example: Dell# install license tftp://10.11.8.12/132.lic ! 3594 bytes successfully copied Retrieving license ....... (OK) LICENSE INFORMATION Vendor : Dell Product : Dell Force10 Z9500 System Service Tag : RtHvKsJ License Service Tag : RTHVKS...

unmounting /usr/pkg (/dev/wd0i)... unmounting /boot (/dev/wd0b)... unmounting /usr (mfs:30)... unmounting /force10 (mfs:25)... unmounting /lib (mfs:22)... unmounting /f10 (mfs:19)... unmounting /tmp (mfs:12)... unmounting /kern (kernfs)... unmounting / (/dev/md0a)... done rebooting... Displaying Lic...

37 PIM Sparse-Mode (PIM-SM) Protocol-independent multicast sparse-mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM-Dense mode, which forwards multicast traffic to all subnets until a ...

3. If a host on the same subnet as another multicast receiver sends an IGMP report for the same multicast group, the gateway takes no action. If a router between the host and the RP receives a PIM Join message for which it already has a (*,G) entry, the interface on which the message was received is...

ip access-list extended access-list-name 3. Specify the source and group to which the timer is applied using extended ACLs with permit rules only.CONFIG-EXT-NACL mode [seq sequence-number ] permit ip source-address/mask | any | host source- address } { destination-address/mask | any | host destinati...

Dell#sh run pim ! ip pim rp-address 1.1.1.1 group-address 224.0.0.0/4 Overriding Bootstrap Router Updates PIM-SM routers must know the address of the RP for each group for which they have (*,G) entry.This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP c...

Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs).PMBRs connect each PIM domain to the rest of the Internet.Create multicast boundaries an...

Configure PIM-SMM Configuring PIM-SSM is a two-step process. 1. Configure PIM-SMM. 2. Enable PIM-SSM for a range of addresses. Related Configuration Tasks • Use PIM-SSM with IGMP Version 2 Hosts Enabling PIM-SSM To enable PIM-SSM, follow these steps. 1. Create an ACL that uses permit rules to specif...

• You may enter multiple ssm-map commands for different access lists. You may also enter multiple ssm-map commands for the same access list, as long as they use different source addresses. • When an extended ACL is associated with this command, an error message is displayed. If you apply an extended...

39 Policy-based Routing (PBR) Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface.This chapter covers the following topics: • Overview• Implementing Policy-based Routing with Dell Networking OS• Configuration Task List for Policy-based Routi...

a tunnel interface user needs to provide tunnel id mandatory. Instead if user provides the tunnel destination IP as next hop, that would be treated as IPv4 next hop and not tunnel next hop. PBR with Multiple Tacking Option: Policy based routing with multiple tracking option extends and introduces th...

Cam Port VlanID Proto Tcp Src Dst SrcIp DstIp Next-hop Egress Index Flag Port Port MAC Port -------------------------------------------------------------------------------- --------------------------------- 06080 0 N/A IP 0x0 0 0 200.200.200.200 200.200.200.200 199.199.199.199 199.199.199.199 N/A NA...

Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/...

View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23) seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23) seq 15 permit ip any any Applied inter...

40 Port Monitoring Port monitoring (also referred to as mirroring ) allows you to monitor ingress and/or egress traffic on specified ports. The mirrored traffic can be sent to a port to which a network analyzer is connected to inspect or troubleshoot the traffic.The Dell Networking OS supports the f...

Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs. If the MD port is a Layer 3 port, the frames are tagged with VLAN ID 4095. If the MD port is in a Layer 3 VLAN, the frames are tagged with the respective Layer 3 VLAN ID. For example, in the configuration sourc...

Figure 97. Port Monitoring Example Remote Port Mirroring While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port on the same switch/router, remote port mirroring allows you to monitor Layer 2 and Layer 3 ingress and/or egress traf...

The reserved VLANs transport the mirrored traffic in sessions (blue pipes) to the destination analyzers in the local network. Two destination sessions are shown: one for the reserved VLAN that transports orange-circle traffic; one for the reserved VLAN that transports green-circle traffic. Configuri...

• You cannot configure a private VLAN or a GVRP VLAN as the reserved RPM VLAN.• The L3 interface configuration should be blocked for the reserved VLAN.• The member port of the reserved VLAN should have MTU and IPMTU value as MAX+4 (to hold the VLAN tag parameter). • To associate with a source sessio...

• You can configure the same source port to be used in multiple source sessions.• You cannot configure a source port channel or source VLAN in a source session if the port channel or VLAN has a member port that is configured as a destination port in a remote-port mirroring session. • A destination p...

Encapsulated Remote-Port Monitoring Encapsulated Remote Port Monitoring (ERPM) copies traffic from source ports/port-channels or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the destination IP address specified in the session. Important: When configuring ERPM, fol...

41 Private VLANs (PVLAN) Private VLANs (PVLANs) extend Dell Networking OS security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN).A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. Private VLANs...

– A primary VLAN has one or more secondary VLANs.– A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. – A primary VLAN has one or more promiscuous ports.– A primary VLAN might have one or more trunk ports, or none. • Secondary VLAN — a subdomain ...

INTERFACE VLAN mode [no] private-vlan mapping secondary-vlan vlan-list • Display type and status of PVLAN interfaces. EXEC mode or EXEC Privilege mode show interfaces private-vlan [interface interface ] • Display PVLANs and/or interfaces that are part of a PVLAN. EXEC mode or EXEC Privilege mode sho...

4. Select the PVLAN mode.INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • host (isolated or community VLAN port) • promiscuous (intra-VLAN communication port) • trunk (inter-switch PVLAN hub port) Example of the switchport mode private-vlan Command For interface details, re...

INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be:• Specified in comma-delimited ( VLAN-ID,VLAN-ID ) or hyphenated-range format ( VLAN-ID- VLAN-ID ). • Specified with this command even before they have been created.• Amended by specifying the new se...

INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited ( slot/ port,port,port ) or hyphenated ( slot/ port-port ). You can only add host (isolated) ports to the VLAN. Creating an Isolated VLAN An isolated VLAN is a se...

Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 98. Sample Private VLAN Topology The following configuration is based on the example diagram for the C300–1: • Te 0/0 and Te 23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000....

• All the ports in the secondary VLANs (both community and isolated VLANs) can only communicate with ports in the other secondary VLANs of that PVLAN over Layer 3, and only when the ip local- proxy-arp command is invoked in the primary VLAN. NOTE: Even after you disable ip-local-proxy-arp ( no ip-lo...

show vlan private-vlan mapping This command is specific to the PVLAN feature. Examples of Viewing a Private VLANs The show arp and show vlan commands are revised to display PVLAN data. The following example shows viewing a private VLAN for a C300 system. Dell#show vlan private-vlan Primary Secondary...

no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configur...

Figure 100. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root...

Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001....

PROTOCOL PVST mode vlan max-age The range is from 6 to 40. The default is 20 seconds . The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to ...

PVST+ in Multi-Vendor Networks Some non-Dell Networking systems which have hybrid ports participating in PVST+ transmit two kinds of BPDUs: an 802.1D BPDU and an untagged PVST+ BPDU. Dell Networking systems do not expect PVST+ BPDU (tagged or untagged) on an untagged port. If this situation occurs, ...

Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32...

• RFC 2475, An Architecture for Differentiated Services • RFC 2597, Assured Forwarding PHB Group • RFC 2598, An Expedited Forwarding PHB You cannot configure port-based and policy-based QoS on the same interface. Port-Based QoS Configurations You can configure the following QoS features on an interf...

Honoring dot1p Priorities on Ingress Traffic By default, the system does not honor dot1p priorities on ingress traffic. You can configure this feature on physical interfaces and port-channels, but you cannot configure it on individual interfaces in a port channel.You can configure service-class dyna...

Example of Configuring and Viewing Rate Policing The following example shows configuring rate policing. Dell#config t Dell(conf)#interface tengigabitethernet 1/2 Dell(conf-if)#rate police 100 40 peak 150 50 Dell(conf-if)#end Dell# The following example shows viewing the rate policing status. Dell#sh...

Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 103. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different...

Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value, IP precedence, VLANs, or characteristics defined in an IP ACL. You can also use VLAN IDs and VRF IDs to classify the traffic using layer 3 class-maps.You can specify more than one DSCP and IP pre...

The following example matches IPv6 traffic with a DSCP value of 40. Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40 The following example matches IPv4 and IPv6 traffic with a precedence value of 3. Dell(conf)# class-map match-any test1 Dell(conf-class-map)#match ip-any ...

Dell(conf)# interface fo 0/0 INTERFACE mode Dell(conf-if-fo-0/0)# ip address 90.1.1.1/16 2. Configure a Layer 2 QoS policy with Layer 2 (Dot1p or source MAC-based) match criteria.CONFIGURATION mode Dell(conf)# policy-map-input l2p layer2 3. Apply the Layer 2 policy on a Layer 3 interface.INTERFACE m...

6. Create an input policy map.CONFIGURATION mode Dell(conf)#policy-map-input pp_policmap 7. Create a service queue to associate the class map and QoS policy map.POLICY-MAP mode Dell(conf-policy-map-in)#service-queue 0 class-map pp_classmap qos-policy pp_qospolicy Ordering ACL Rules When you link cla...

Create a QoS Policy There are two types of QoS policies — input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. • Layer 3 — QoS input policies allow you to rate police and set...

to which you should apply the QoS policy (using the service-queue from POLICY-MAP-IN mode). If you apply the QoS policy to a queue other than the one specified in the informational message, Dell Networking OS replaces the first 3–bits in the DSCP field with the queue ID you specified. Example of Set...

Configuring Policy-Based Rate Shaping To configure policy-based rate-shaping, use the rate-shape command. • Configure rate-shaping on egress traffic. QOS-POLICY-OUT mode rate-shape {kbps | pps} peak-rate { burst-kbps | burst-packets } [committed {kbps | pps} committed-rate { burst-kbps | burst-packe...

Queue Default Bandwidth Percentage for 4–Queue System Default Bandwidth Percentage for 8–Queue System 7 — 50% When you assign a percentage to one queue, note that this change also affects the amount of bandwidth that is allocated to other queues. Therefore, whenever you are allocating bandwidth to o...

Applying a Class-Map or Input QoS Policy to a Queue To apply a class-map or input QoS policy to a queue, use the following command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input p...

Table 53. Default dot1p to Queue Mapping dot1p Queue ID 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 The dot1p value is also honored for frames on the default VLAN. For more information, refer to Priority- Tagged Frames on the Default VLAN . • Enable the trust dot1p feature. POLICY-MAP-IN mode trust dot1p Mappin...

• You cannot apply a class-map and QoS policies to the same interface.• You cannot apply an input Layer 2 QoS policy on an interface you also configure with vlan-stack access. • If you apply a service policy that contains an ACL to more than one interface, the system uses ACL optimization to conserv...

You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configuration.This sections consists of the following topics: • Creating a D...

qos dscp-color-policy color-map-name Example: Create a DSCP Color Map The following example creates a DSCP color map profile, color-awareness policy, and applies it to interface te 0/11 . Create the DSCP color map profile, bat-enclave-map , with a yellow drop precedence , and set the DSCP values to ...

TE 0/10 mapONE TE0/11 mapTWO Display summary information about a color policy for a specific interface. Dell# show qos dscp-color-policy summary te 0/10 Interface dscp-color-map TE 0/10 mapONE Display detailed information about a color policy for a specific interface Dell# show qos dscp-color-policy...

Enabling Strict-Priority Queueing In strict-priority queuing, the system de-queues all packets from the assigned queue before servicing any other queues. You can assign strict-priority to one unicast queue, using the strict-priority command • Policy-based per-queue rate shaping is not supported on t...

Figure 104. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 54. Pre-Defined WRED Profiles Default Profile Name Minimum Threshold Maximum Threshold Maximum Drop Rate wred_drop 0 0 100 wred_teng_y 594 5941 100 wred_teng_g 594 5941 50 wr...

Applying a WRED Profile to Traffic After you create a WRED profile, you must specify on which traffic the system applies the profile. The system assigns a color-coded drop precedence — red, yellow, or green — to each packet based on the fourth bit of the 6-bit DSCP field in the packet header before ...

Explicit Congestion Notification Explicit Congestion Notification (ECN) enhances and extends WRED functionality by marking packets for later transmission instead of dropping them when a threshold value is exceeded. Use ECN for WRED to reduce the packet transmission rate in a congested, heavily-loade...

ip access-list standard dscp_40 seq 5 permit any dscp 40 ip access-list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ip access-list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class-map match-any class_dscp_40 match ip access-group dscp_40_non_ecn set-color yellow match ip acc...

Global Service-Pools for WRED with ECN You can enable WRED with ECN to work with global service-pools. Global service pools that function as shared buffers are accessed by multiple queues when the minimum guaranteed buffers for a queue are consumed. The Z9500 switch supports four global service-pool...

Queue Configuration Service-Pool Configuration WRED Threshold Relationship Q threshold = Q-T Service-pool threshold = SP-T Expected Functionality Enabled Enabled Disabled N/A N/A Queue-based ECN marking above queue threshold. ECN marking up to shared buffer limits of the service-pool and then packet...

mode Dell(conf)#service-pool wred green pool0 thresh-1 pool1 thresh-2Dell(conf)#service-pool wred yellow pool0 thresh-3 pool1 thresh-4 Dell(conf)#service-pool wred weight pool0 11 pool1 4 5. Enable ECN marking on specific queues on backplane ports with a service class.CONFIGURATION mode Dell(conf)#s...

– Allowed — indicates that the policy-map can be applied because the estimated number of CAM entries is less or equal to the available number of CAM entries. The number of interfaces in the port-pipe to which the policy-map can be applied is given in parentheses. – Exception — indicates that the num...

Enabling RIP Globally By default, RIP is disabled on the switch. To enable RIP globally, use the following commands. 1. Enter ROUTER RIP mode and enable the RIP process.CONFIGURATION mode router rip 2. Assign an IP network address as a RIP network to exchange routing information.ROUTER RIP mode netw...

192.162.2.0/24 [120/1] via 29.10.10.12, 00:01:21, Fa 0/0 192.162.2.0/24 auto-summary 192.161.1.0/24 [120/1] via 29.10.10.12, 00:00:27, Fa 0/0 192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.12, 00:01:22, Fa 0/0 192.162.3.0/24 auto-summary To disable RIP globally, use the no router ri...

distribute-list prefix-list-name in • Assign a configured prefix list to all outgoing RIP routes. ROUTER RIP mode distribute-list prefix-list-name out To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Adding RIP Rou...

• Set the RIP versions received on that interface. INTERFACE mode ip rip receive version [1] [2] • Set the RIP versions sent out on that interface. INTERFACE mode ip rip send version [1] [2] Examples of Setting the RIP Process To see whether the version command is configured, use the show config com...

Outgoing filter for all interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface Recv Send FastEthernet 0/0 2 1 2 Routing for Networks: 10.0.0.0 Routing Information Sources: Gateway Distance Last Updat...

Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link.To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the offs...

Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command. RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration — Core 2 and Core 3 . The host prompts used in ...

Core 2 RIP Output The examples in the section show the core 2 RIP output. Examples of the show ip Command with Core 2 Output • To display Core 2 RIP database, use the show ip rip database command. • To display Core 2 RIP setup, use the show ip route command. • To display Core 2 RIP activity, use the...

To view the RIP configuration activity on Core 2, use the show ip protocols command. Core2#show ip protocols Routing Protocol is "RIP" Sending updates every 30 seconds, next due in 17 Invalid after 180 seconds, hold down 180, flushed after 240 Output delay 8 milliseconds between packets Auto...

10.11.20.0 10.11.30.0 192.168.2.0 192.168.1.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.2 120 00:00:22 Distance: (default is 120) Core3# RIP Configuration Summary Examples of Viewing the RIP Configuration on Core 2 and Core 3 The following example shows viewing the RIP confi...

45 Remote Monitoring (RMON) Remote monitoring (RMON) is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces.RMO...

• Platform Adaptation — RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object. CONFIGURATION mode [no]...

increase of 15 or more (such as from 100000 to 100015). The alarm then triggers event number 1, which is configured with the RMON event command. Possible events include a log entry or an SNMP trap. If the 1.3.6.1.2.1.2.2.1.20.1 value changes to 0 (falling-threshold 0), the alarm is reset and can be ...

– integer : a value from 1 to 65,535 that identifies the RMON Statistics Table. The value must be unique in the RMON Statistic Table. – owner : (Optional) specifies the name of the owner of the RMON group of statistics. – ownername : (Optional) records the name of the owner of the RMON group of stat...

46 Rapid Spanning Tree Protocol (RSTP) The Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning ...

• All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology. • Adding a group of ports to a range of VLANs sends multiple messages to the RSTP task, avoid using the range command. When using the range command, Dell Ne...

Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Enabling Rapid Spanning Tree Protocol Globally Enable RSTP globally on all participating bridges; it is not enabled by default.When you enable RSTP, all physical and port-channel interfaces that ...

• Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds . To view the current values for global parameters, use the show spanning-tree rstp command from EXEC privilege mode. Enabling SNMP Traps for Root Elections and Topol...

Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge.To change the bridge priority, use the following command. • Assign a number as the bridge priority or designate it as the ...

– Disable the shutdown-on-violation command on the interface (the no spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] command). – Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). – Disable global spanning tree (the no spanning-tree command i...

47 Security This chapter describes several ways to provide access security to the Dell Networking system.For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide . Role-Based Access Control With Role-Based Access Co...

allows you to change permissions based on the role. You can modify the permissions specific to that command and/or command option. For more information, see Modifying Command Permissions for Roles . NOTE: When you enter a user role, you have already been authenticated and authorized. You do not need...

For consistency, the best practice is to define the same authorization method list across all lines, in the same order of comparison; for example VTY and console port. You could also use the default authorization method list to apply to all the LINES (console port, VTY). If you do not, the following...

Role Modes netoperator netadmin Exec Config Interface Router IP Route-map Protocol MAC secadmin Exec Config Line sysadmin Exec Config Interface Line Router IP Route-map Protocol MAC User Roles This section describes how to create a new user role and configure command permissions and contains the fol...

Example of Creating a User Role The configuration in the following example creates a new user role, myrole , which inherits the security administrator (secadmin) permissions. Create a new user role, myrole and inherit security administrator permissions. Dell(conf)#userrole myrole inherit secadmin Ve...

The following example removes the secadmin access to LINE mode and then verifies that the security administrator can no longer access LINE mode, using the show role mode configure line command in EXEC Privilege mode. Dell(conf)#role configure deleterole secadmin ? LINE Initial keywords of the comman...

The following example adds a user, to the secadmin user role. Dell (conf)#username john role secadmin password 0 password AAA Authentication and Authorization for Roles This section describes how to configure AAA Authentication and Authorization for Roles. Configuration Task List for AAA Authenticat...

line vty 7 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 8 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 9 login authentication ucraaa authorization exec ucraaa accounting commands rol...

Role Accounting This section describes how to configure role accounting and how to display active sessions for roles.This sections consists of the following topics: • Configuring AAA Accounting for Roles • Applying an Accounting Method to a Role • Displaying Active Accounting Sessions for Roles Conf...

service=shell Display Information About User Roles This section describes how to display information about user roles.This sections consists of the following topics: • Displaying User Roles• Displaying Information About Roles Logged into the Switch• Displaying Active Accounting Sessions for Roles Di...

the output and both the privilege and roles for all users is also displayed. If the role is not defined, the system displays "unassigned" . Example of Displaying Information About Users Logged into the Switch Dell#show users Authorization Mode: role or privilege Line User Role Privilege Host...

Example of Enabling AAA Accounting with a Named Method List Dell(config-line-vty)# accounting commands 15 com15 Dell(config-line-vty)# accounting exec execAcct Monitoring AAA Accounting The system does not support periodic interim accounting because the periodic command can cause heavy congestion wh...

• Configuring AAA Authentication Login Methods • Enabling AAA Authentication • Enabling AAA Authentication—RADIUS For a complete list of all commands related to login authentication, refer to the Security chapter in the Dell Networking OS Command Reference Guide . Configure Login Authentication for ...

NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH). You can create multiple method lists and assign them to different terminal lines. Enabling AAA Authentication To enable A...

To use local authentication for enable secret on the console, while using remote authentication on VTY lines, issue the following commands. Dell(config)# aaa authentication enable mymethodlist radius tacacs Dell(config)# line vty 0 9 Dell(config-line-vty)# enable authentication mymethodlist Server-S...

AAA Authorization The system enables AAA new-model by default. You can set authorization to be either local or remote . Different combinations of authentication and authorization yield different results. By default, the system sets both to local . Privilege Levels Overview Limiting access to the sys...

For a complete listing of all commands related to privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide . Configuring a Username and Password In the Dell Networking OS, you can assign a specific username to limit user access to the system. To...

Configuring Custom Privilege Levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels.Within the Dell Networking OS, commands have certain privilege levels. With the privilege command, you ...

• command : a CLI keyword (up to five keywords allowed). • reset : return the command to its default privilege mode. Examples of Custom Privilege Level Commands To view the configuration, use the show running-config command in EXEC Privilege mode. The following example shows a configuration to allow...

end Exit from Configuration mode exit Exit from Configuration mode no Reset a command snmp-server Modify SNMP parameters Dell(conf)# Specifying LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines.The user’s privilege level is the same a...

RADIUS Remote authentication dial-in user service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information...

ACL Configuration Information The RADIUS server can specify an ACL. If an ACL is configured on the RADIUS server, and if that ACL is present, the user may be allowed access based on that ACL. If the ACL is absent, authorization fails, and a message is logged indicating this.RADIUS can specify an ACL...

To view the configuration, use the show config in LINE mode or the show running-config command in EXEC Privilege mode. Defining a AAA Method List to be Used for RADIUS To configure RADIUS to authenticate or authorize users on the system, create a AAA method list.Default method lists do not need to b...

radius-server retransmit retries – retries : the range is from 0 to 100. Default is 3 retries . • Configure the time interval the system waits for a RADIUS server host response. CONFIGURATION mode radius-server timeout seconds – seconds : the range is from 0 to 1000. Default is 5 seconds . To view t...

Use this command multiple times to configure multiple TACACS+ server hosts. 2. Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method.CONFIGURATION mode aaa authentication login { method-list-name | default} tacacs+ [ ...me...

on vty0 (10.11.9.209) %SYSTEM-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0 ( 10.11.9.209 ) Monitoring TACACS+ To view information on TACACS+ transactions, use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode...

CONFIGURATION mode tacacs-server host { hostname | ip-address } [port port-number ] [timeout seconds ] [key key ] Configure the optional communication parameters for the specific host:– port port-number : the range is from 0 to 65335. Enter a TCP port number. The default is 49 . – timeout seconds : ...

Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. To disable SSH server functions, use the no ip ssh server enable command. Using SCP with SSH to Copy a Software Image To use secure copy (SCP) to copy a software image through an SSH connection fro...

Dell#copy scp: flash: Address or name of remote host []: 10.10.10.1 Port number of the server [22]: 99 Source file name []: test.cfg User name to login remote host: admin Password to login remote host: Removing the RSA Host Keys and Zeroizing Storage Use the crypto key zeroize rsa command to delete ...

The following ciphers are available. • 3des-cbc • aes128-cbc • aes192-cbc • aes256-cbc • aes128-ctr • aes192-ctr • aes256-ctr The default cipher list is 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr Example of Configuring a Cipher List The following example shows you how...

Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server ciphers cipher-list command in CONFIGURATION mode. cipher-list- : Enter a space-delimited list of ciphers the SSH server will support. The following ciphers are available. • 3des-cb...

• Enable SSH password authentication. CONFIGURATION mode ip ssh password-authentication enable Example of Enabling SSH Password Authentication To view your SSH configuration, use the show ip ssh command from EXEC Privilege mode. Dell(conf)#ip ssh server enable % Please wait while SSH Daemon initiali...

Configuring Host-Based SSH Authentication Authenticate a particular host. This method uses SSH version 2. To configure host-based authentication, use the following commands. 1. Configure RSA Authentication. Refer to Using RSA Authentication of SSH . 2. Create shosts by copying the public RSA key to ...

The following example shows creating rhosts . admin@Unix_client# ls id_rsa id_rsa.pub rhosts shosts admin@Unix_client# cat rhosts 10.16.127.201 admin Using Client-Based SSH Authentication To SSH from the chassis to the SSH client, use the following command.This method uses SSH version 1 or version 2...

VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in the Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 59. VTY Access Authentication Method VTY access-class support? Username access-class support? Re...

Example of Configuring VTY Authorization Based on Access Class Retrieved from a Local Database (Per User) Dell(conf)#user gooduser password abc privilege 10 access-class permitall Dell(conf)#user baduser password abc privilege 10 access-class denyall Dell(conf)# Dell(conf)#aaa authentication login l...

48 Service Provider Bridging Service provider bridging provides the ability to add a second VLAN ID tag in an Ethernet frame and is referred to as VLAN stacking in the Dell Networking OS. VLAN Stacking Virtual local area network (VLAN) stacking is supported on the platform. VLAN stacking, also calle...

Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1. Creating Access and Trunk Ports 2. Assign access and trunk ports to a VLAN ( Creating Access and Trunk Ports ). 3. Enabling VLAN-Stacking for a VLAN . Related Configuration Tasks • Configuring the Protocol Type Value for t...

! interface TenGigabitEthernet 2/12 no ip address switchport vlan-stack trunk no shutdown Enable VLAN-Stacking for a VLAN To enable VLAN-Stacking for a VLAN, use the following command. • Enable VLAN-Stacking for the VLAN. INTERFACE VLAN mode vlan-stack compatible Example of Viewing VLAN Stack Member...

To configure trunk ports, use the following commands. 1. Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making it a hybrid port.INTERFACE mode portmode hybrid NOTE: You can add a trunk port to an 802.1Q VLAN as well as a Stacking VLAN only when the TPID 0x8100....

Example of Debugging a VLAN and its Ports The port notations are as follows: • MT — stacked trunk • MU — stacked access port • T — 802.1Q trunk port • U — 802.1Q access port • NU — Native VLAN (untagged) Dell# debug member vlan 603 vlan id : 603 ports : Te 1/47 (MT), Te 2/1(MU), Te 2/25(MT), Te 2/26...

Figure 110. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabl...

Table 60. Drop Eligibility Behavior Ingress Egress DEI Disabled DEI Enabled Normal Port Normal Port Retain CFI Set CFI to 0. Trunk Port Trunk Port Retain inner tag CFI Retain inner tag CFI. Retain outer tag CFI Set outer tag CFI to 0. Access Port Trunk Port Retain inner tag CFI Retain inner tag CFI ...

Marking Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress. For ingress information, refer to Honoring the Incoming DEI Value . To mark egress packets, use the following command. • Set the DEI value on egress according to the color curr...

service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly, use the following commands. 1. Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag.CONFIGURATION mode cam-acl l2...

show cam-profile 2. Enable protocol tunneling globally on the system.CONFIGURATION mode protocol-tunnel enable 3. Tunnel BPDUs the VLAN.INTERFACE VLAN mode protocol-tunnel stp Specifying a Destination MAC Address for BPDUs By default, the system uses a Dell Networking-unique MAC address for tunnelin...

The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel Provider Backbone Bridging IEEE 802.1ad—Provider Bridges amends 802.1Q—Virtual Br...

Important Points to Remember • The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via snmpset.• By default, sFlow collection is supported only on data ports. If you want to enable sFlow collection through management ports, use the management egress-interface-selectio...

INTERFACE mode sflow max-header-size extended By default, the maximum header size of a packet is 128 bytes. When sflow max-header-size extended is enabled, 256 bytes are copied. These bytes are useful for VxLAN, NvGRE, IPv4, and IPv6 tunneled packets. NOTE: Interface mode configuration takes priorit...

sFlow Show Commands You can display sFlow statistics at the switch, interface, and line card level. • Displaying Show sFlow Globally • Displaying Show sFlow on an Interface • Displaying Show sFlow on a Line Card Displaying Show sFlow Global To view sFlow statistics, use the following command. • Disp...

The following example shows the show running-config interface command. Dell#show running-config interface tengigabitethernet 1/16 ! interface TenGigabitEthernet 1/16 no ip address mtu 9252 ip mtu 9234 switchport sflow enable sflow sample-rate 8192 no shutdown Displaying Show sFlow on a Line Card To ...

• Change the global default counter polling interval. CONFIGURATION mode or INTERFACE mode sflow polling-interval interval value – interval value : in seconds. The range is from 15 to 86400 seconds. The default is 20 seconds . Back-Off Mechanism If the sampling rate for an interface is set to a very...

Global default sampling rate: 4096 Global default counter polling interval: 15 Global extended information enabled: gateway, router, switch 1 collectors configured Collector IP addr: 10.10.10.3, Agent IP addr: 10.10.0.0, UDP port: 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples ...

50 Simple Network Management Protocol (SNMP) The Simple Network Management Protocol (SNMP) is designed to manage devices on IP networks by monitoring device operation, which might require administrator intervention. NOTE: On Dell Networking routers, standard and private SNMP management information b...

Configuring SNMP version 3 requires configuring SNMP users in one of three methods. Refer to Setting Up User-Based Security (SNMPv3) . Related Configuration Tasks • Managing Overload on Startup • Reading Managed Object Values • Writing Managed Object Values • Subscribing to Managed Object Value Upda...

snmp-server group groupname { oid-tree } auth read name write name • Configure an SNMPv3 view. CONFIGURATION mode snmp-server view view-name 3 noauth {included | excluded} NOTE: To give a user read and write privileges, repeat this step for each privilege type. • Configure an SNMP group (with passwo...

Examples of Reading Managed Object Values In the following example, the value “4” displays in the OID before the IP address for IPv4. For an IPv6 IP address, a value of “16” displays. > snmpget -v 2c -c mycommunity 10.11.131.161 sysUpTime.0 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (328526...

snmp-server contact text You may use up to 55 characters. The default is None . • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1).CONFIGURATION mode snmp-server location text You may use up to 55 character...

snmp-server host ip-address [traps | informs] [version 1 | 2c |3] [ community-string ] To send trap messages, enter the keyword traps . To send informational messages, enter the keyword informs . To send the SNMP version to use for notification messages, enter the keyword version . To identify the S...

Level 7 VLAN 1000 entity Enable entity change traps Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1487406) 4:07:54.06, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 4 Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1488564) 4:08:05.64, SNMPv...

MIB Object OID Object Values Description copyServerAddress .1.3.6.1.4.1.6027.3.5.1.1.1.1.8 IP Address of the server. The IP address of the server.• If you specify copyServerAddress, you must also specify copyUserName and copyUserPassword. copyUserName .1.3.6.1.4.1.6027.3.5.1.1.1.1.9 Username for the...

• -c : View the community, either public or private. • -m : View the MIB files for the SNMP command. • -r : Number of retries using the option • -t : View the timeout. • -v : View the SNMP version (either 1, 2, 2d, or 3). The following examples show the snmpset command to copy a configuration. These...

FTOS-COPY-CONFIG-MIB::copySrcFileType.7 = INTEGER: runningConfig(3) FTOS-COPY-CONFIG-MIB::copyDestFileType.7 = INTEGER: startupConfig(2) The following example shows copying configuration files from a UNIX machine using the OID. >snmpset -c public -v 2c 10.11.131.162 .1.3.6.1.4.1.6027.3.5.1.1.1.1....

Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP. snmpset -v 2c ...

MIB Object OID Values Description 7 = unknown copyEntryRowStatus .1.3.6.1.4.1.6027.3.5.1.1.1.1.15 Row status Specifies the state of the copy operation. Uses CreateAndGo when you are performing the copy. The state is set to active when the copy is completed. Obtaining a Value for MIB Objects To obtai...

MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory. Table 64. MIB Objects for Displaying the Availab...

MIB Object OID Description chSysCoresStackUnitNumber 1.3.6.1.4.1.6027.3.25.1.2.8.1.4 Contains information that includes which stack unit or processor the core file was originated from. chSysCoresProcess 1.3.6.1.4.1.6027.3.25.1.2.8.1.5 Contains information that includes the process names that generat...

Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN. Example of Assigning a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2...

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNMPv2-SMI::mib-2.17.7.1.4.3.1.4.1107787786 = Hex-STRING: 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00...

and 1.3.6.1.4.1.6027.3.18.1.6 Enabling and Disabling a Port using SNMP To enable and disable a port using SNMP, use the following commands. 1. Create an SNMP community on the Dell system.CONFIGURATION mode snmp-server community 2. From the Dell Networking system, identify the interface index of the ...

-------------Query from Management Station---------------------- >snmpwalk -v 2c -c techpubs 10.11.131.162 .1.3.6.1.4.1.6027.3.2.1.1.5 SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.1.1000.0.1.232.6.149.172.1 = INTEGER: 1000 SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.2.1000.0.1.232.6.149.172.1 = Hex- STR...

For example, the interface index 51528196 for the FortyGigE 0/4 port is 0000 0011 0001 0010 0100 0010 0000 0100 in binary format as shown in the following figure. In this example, if you start from the least significant bit on the right: • The first 14 bits (00001000000010) identify a Z9500 line car...

Example of Viewing Status of Learned MAC Addresses If we learn MAC addresses for the LAG, status is shown for those as well. dot3aCurAggVlanId SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.1.1.0.0.0.0.0.1.1 = INTEGER: 1 dot3aCurAggMacAddr SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.2.1.0.0.0.0.0.1.1 = Hex-S...

51 Storm Control Storm control allows you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking OS Behavior : The switch supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic. Configure Storm Control St...

52 Spanning Tree Protocol (STP) The spanning tree protocol (STP) is a Layer 2 protocol — specified by IEEE 802.1d — that eliminates loops in a bridged topology by enabling only a single path through the network. Protocol Overview By eliminating loops, STP improves scalability in a large network and ...

INTERFACE mode no ip address 2. Place the interface in Layer 2 mode.INTERFACE switchport 3. Enable the interface.INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-...

To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. R2#show spanning-tree 0 Executing IEEE co...

the default is 2 seconds . • Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology).PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds . To view the current values for...

only implement bpduguard , although the interface is placed in an Error Disabled state when receiving the BPDU, the physical interface remains up and spanning-tree drops packets in the hardware after a BPDU violation. BPDUs are dropped in the software after receiving the BPDU violation. CAUTION: Ena...

• disables spanning tree on an interface• drops all BPDUs at the line card without generating a console message Example of Blocked BPDUs Dell(conf-if-te-0/7)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e805.fb07 Root Bridge h...

Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the bridge- priority command) is selected as the root ...

Figure 117. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior : The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-chann...

INTERFACE mode or INTERFACE PORT-CHANNEL mode spanning-tree {0 | mstp | rstp | pvst} rootguard – 0 : enables root guard on an STP-enabled port assigned to instance 0. – mstp : enables root guard on an MSTP-enabled port. – rstp : enables root guard on an RSTP-enabled port. – pvst : enables root guard...

As soon as a BPDU is received on an STP port in a Loop-Inconsistent state, the port returns to a blocking state. If you disable STP loop guard on a port in a Loop-Inconsistent state, the port transitions to an STP blocking state and restarts the max-age timer. Figure 118. STP Loop Guard Prevents For...

– Rapid Spanning Tree Protocol (RSTP) – Multiple Spanning Tree Protocol (MSTP) – Per-VLAN Spanning Tree Plus (PVST+) • You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is already configured, the follow...

53 System Time and Date System time and date settings are user-configurable and maintained through the network time protocol (NTP).System times and dates are also set in hardware settings using the Dell Networking OS CLI. Network Time Protocol The network time protocol (NTP) synchronizes timekeeping...

Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a Source IP Address for NTP Packets (optional) Enabling NTP NTP is disabled by default. To enable NTP, spec...

Example of Configuring NTP Broadcasts 2w1d11h : NTP: Maximum Slew:-0.000470, Remainder = -0.496884 Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, the system drops any NTP packets sent to that interface.To disable NTP on an inter...

Time and Date You can set the time and date in the Dell Networking OS using the CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings. • Setting the Time and Date for the Switch Software Clock • Setting the Timezone • Setting Daylight Savi...

– timezone-name : enter the name of the timezone. Do not use spaces. – offset : enter one of the following: * a number from 1 to 23 as the number of hours in addition to UTC for the timezone.* a minus sign (-) then a number from 1 to 23 as the number of hours. Example of the clock timezone Command D...

00:00:00 pacific Sat Nov 7 2009" Setting Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight saving time on a specific day every year.If you have already set daylight saving for a one-time setting, you can set that date and time as the recurring s...

54 Tunneling Tunnel interfaces create a logical tunnel for IPv4 or IPv6 traffic. Tunneling supports RFC 2003, RFC 2473, and 4213.DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring ...

interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu...

Configuring a Tunnel Interface You can configure the tunnel interface using the ip unnumbered and ipv6 unnumbered commands. To configure the tunnel interface to operate without a unique explicit ip or ipv6 address, select the interface from which the tunnel will borrow its address. The following sam...

Configuring Tunnel source anylocal Decapsulation The tunnel source anylocal command allows a multipoint receive-only tunnel to decapsulate tunnel packets addressed to any IPv4 or IPv6 (depending on the tunnel mode) address configured on the switch that is operationally UP.The source anylocal paramet...

55 Upgrade Procedures For detailed upgrade procedures, refer to the Dell Networking OS Release Notes for your switch. The release notes describe the requirements and steps to follow to upgrade to a desired OS version. Upgrade Overview To upgrade system software on the switch, follow these general st...

56 Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. Feature Description A switch provides upstream connectivity for devices, such ...

Figure 120. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group . An interface in an uplink-state group can be a physical interface or a po...

Figure 121. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the up...

– An uplink-state group is considered to be operationally down if it has no upstream interfaces in the Link-Up state. No uplink-state tracking is performed when a group is disabled or in an Operationally Down state. • You can assign physical port or port-channel interfaces to an uplink-state group. ...

Clearing a UFD-Disabled Interface You can manually bring up a downstream interface in an uplink-state group that UFD disabled and is in a UFD-Disabled Error state.To re-enable one or more disabled downstream interfaces and clear the UFD-Disabled Error state, use the following command. • Re-enable a ...

down: Te 0/47 02:37:29: %SYSTEM-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 0/47 02:37:29 : UFD: Group:3, UplinkState: DOWN 02:37:29: %SYSTEM-P:CP %IFMGR-5-OSTATE_DN: Changed uplink state group state to down: Group 3 02:37:29: %SYSTEM-P:CP %IFMGR-5-OSTATE_DN: Downstream interface se...

If a downstream interface in an uplink-state group is disabled (Oper Down state) by uplink-state tracking because an upstream port is down, the message error-disabled[UFD] displays in the output. • Display the current configuration of all uplink-state groups or a specified group. EXEC mode or UPLINK...

Interface index is 280544512 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:25:46 Queueing strategy: fifo Input Statistics: 0 packets, 0 ...

57 Virtual LANs (VLANs) Virtual LANs (VLANs) are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group.When in Layer 2 mode, VLANs move traffic at wire speed and can span multipl...

By default, VLAN 1 is the Default VLAN. To change that designation, use the default vlan-id command in CONFIGURATION mode. You cannot delete the Default VLAN. NOTE: You cannot assign an IP address to the Default VLAN. To assign an IP address to a VLAN that is currently the Default VLAN, create anoth...

preserved as the frame moves through the network. The following example shows the structure of a frame with a tag header. The VLAN ID is inserted in the tag header. Figure 122. Tagged Frame Format The tag header contains some key information that the system uses: • The VLAN protocol identifier ident...

• Configure a port-based VLAN (if the VLAN-ID is different from the Default VLAN ID) and enter INTERFACE VLAN mode.CONFIGURATION mode interface vlan vlan-id To activate the VLAN, after you create a VLAN, assign interfaces in Layer 2 mode to the VLAN. Example of Verifying a Port-Based VLAN To view th...

The following example shows the steps to add a tagged interface (in this case, port channel 1) to VLAN 4. To view the interface’s status. Interface (po 1) is tagged and in VLAN 2 and 3, use the show vlan command. In a port-based VLAN, use the tagged command to add the interface to another VLAN. The ...

untagged interface This command is available only in VLAN interfaces. Move an Untagged Interface to Another VLAN The no untagged interface command removes the untagged interface from a port-based VLAN and places the interface in the Default VLAN. You cannot use the no untagged interface command in t...

NOTE: You cannot assign an IP address to the Default VLAN (VLAN 1). To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command. You can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic. For more information, refer to Bulk Configu...

switchport 4. Add the interface to a tagged or untagged VLAN.VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasional...

58 Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multi...

Figure 123. VRF Network Example VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Infor...

DHCP DHCP requests are not forwarded across VRF instances. The DHCP client and server must be on the same VRF instance. VRF Configuration The VRF configuration tasks are: 1. Enabling VRF in Configuration Mode 2. Creating a Non-Default VRF 3. Assign an Interface to a VRF You can also: • View VRF Inst...

Task Command Syntax Command Mode Assign an interface to a VRF instance. ip vrf forwarding vrf- name INTERFACE Assigning a Front-end Port to a Management VRF Starting in 9.7(0.0) release, you can assign a front-end port to a management VRF and make the port to act as a host interface. NOTE: You canno...

Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. Refer to Open Shortest Path First (OSPFv2) for complete OSPF configuration information.Assign an OSPF process to a VRF instance . Return to CONFIGURATION mode to enable the OSPF process. The OSPF Process ID i...

Task Command Syntax Command Mode Configure a static neighbor. ipv6 neighbor vrf management 1::1 tengigabitethernet 1/1 xx:xx:xx:xx:xx:xx CONFIGURATION Sample VRF Configuration The following configuration illustrates a typical VRF set-up. Figure 124. Setup OSPF and Static Routes Virtual Routing and F...

0/0 00:20:19 Dell# Route Leaking VRFs Static routes can be used to redistribute routes between non-default to default/non-default VRF and vice-versa. You can configure route leaking between two VRFs using the following command: ip route vrf x.x.x.x s.s.s.s nh.nh.nh.nh vrf default. This command indic...

C 133.3.3.0/24 Direct, Te 1/13 0/0 22:39:61 Dell# show ip route vrf VRF-Shared O 11.1.1.1/32 via VRF-Red:111.1.1.1 110/0 00:00:10 C 111.1.1.0/24 Direct, VRF-Red:Te 1/11 0/0 22:39:59 O 22.2.2.2/32 via VRF-Blue:122.2.2.2 110/0 00:00:11 C 122.2.2.0/24 Direct, VRF-Blue:Te 1/22 0/0 22:39:61 O 44.4.4.4/32...

Figure 126. Example of VLT Deployment VLT on Core Switches You can also deploy VLT on core switches. Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing. This set up requires “horizontal” stacking at t...

Figure 127. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, p...

Configure Virtual Link Trunking VLT requires that you enable the feature and then configure the same VLT domain, backup link, and VLT interconnect on both peer switches. Important Points to Remember • VLT port channel interfaces must be switch ports.• If you include RSTP on the system, configure it ...

the master or backup for all VRRP groups configured on its interfaces. For more information, refer to Setting VRRP Group (Virtual Router) Priority . – To verify that a VLT peer is consistently configured for either the master or backup role in all VRRP groups, use the show vrrp command on each peer....

RSTP and VLT VLT provides loop-free redundant topologies and does not require RSTP. RSTP can cause temporary port state blocking and may cause topology changes after link or node failures. Spanning tree topology changes are distributed to the entire layer 2 network, which can cause a network-wide fl...

• VLT Sync — Entries learned on the VLT interface are synced on both VLT peers. • Non-VLT Sync — Entries learned on non-VLT interfaces are synced on both VLT peers. • Tunneling — Control information is associated with tunnel traffic so that the appropriate VLT peer can mirror the ingress port as the...

To route traffic to and from the multicast source and receiver, enable PIM on the L3 side connected to the PIM router using the ip pim sparse-mode command. Each VLT peer runs its own PIM protocol independently of other VLT peers. To ensure the PIM protocol states or multicast routing information bas...

Layer 3 on the other node. Configuration mismatches are logged in the syslog and display in the show vlt mismatch command output. If you enable VLT unicast routing, the following actions occur: • L3 routing is enabled on any new IP or IPv6 address configured for a VLAN interface that is up.• L3 rout...

Important Points to Remember • You cannot configure a VLT node as a rendezvous point (RP), but any PIM-SM compatible VLT node can serve as a designated router (DR). • You can only use one spanned VLAN from a PIM-enabled VLT node to an external neighboring PIM router. • If you connect multiple spanne...

RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the VLT startup phase. You may also use RSTP for loop prevention in the network outside of the VLT port channel. For inf...

In the case of a primary VLT switch failure, the secondary switch starts sending BPDUs with its own bridge ID and inherits all the port states from the last synchronization with the primary switch. An access device never detects the change in primary/secondary roles and does not see it as a topology...

no ip address 3. Add one or more port interfaces to the port channel.INTERFACE PORT-CHANNEL mode channel-member interface interface : specify one of the following interface types: • 1-Gigabit Ethernet: Enter gigabitethernet slot/port . • 10-Gigabit Ethernet: Enter tengigabitethernet slot/port . • 40...

lacp ungroup member-independent {vlt | port-channel port-channel-id } LACP on VLT ports (on a VLT switch or access device), which are members of the virtual link trunk, is not brought up until the VLT domain is recognized on the access device. 5. Repeat Steps 1 to 4 on the VLT peer switch to configu...

Reconfiguring the Default VLT Settings (Optional) To reconfigure the default VLT settings, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain.CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2. (Optional) After you configur...

9. Place the interface in Layer 2 mode.INTERFACE PORT-CHANNEL mode switchport 10. Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device.INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number Valid port-channel ID numbers ar...

Role Priority: 32768 ICL Link Status: Up HeartBeat Status: Up VLT Peer Status: Up Local System MAC address: 00:01:e8:8c:4d:08 Remote System MAC address: 00:01:e8:8c:4d:1c Dell-2#show vlt detail Local LAG Id Peer LAG Id Local Status Active VLANs ------------ ----------- ------------ ------------ 2 2 ...

Configure PVST+ on VLT Peers to Prevent Forwarding Loops (VLT Peer 2) Dell_VLTpeer2(conf)#protocol spanning-tree pvst Dell_VLTpeer2(conf-pvst)#no disable Dell_VLTpeer2(conf-pvst)#vlan 1000 bridge-priority 4096 Configure both ends of the VLT interconnect trunk with identical PVST+ configurations. Whe...

Figure 129. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer1(conf)#vlt doma...

Configure eVLT on Peer 4. Domain_2_Peer4(conf)#interface port-channel 100 Domain_2_Peer4(conf-if-po-100)# switchport Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4. Domain_2_Peer4(conf)#interface ...

VLT_Peer2(conf-if-vl-4001)#exit VLT_Peer2(conf)#end Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode show vlt...

Examples of the show vlt and show spanning-tree rstp Commands The following example shows the show vlt backup-link command. Dell_VLTpeer1# show vlt backup-link VLT Backup Link ----------------- Destination: 10.11.200.18 Peer HeartBeat status: Up HeartBeat Timer Interval: 1 HeartBeat Timeout: 3 UDP P...

Dell_VLTpeer2# show vlt statistics VLT Statistics ---------------- HeartBeat Messages Sent: 994 HeartBeat Messages Received: 978 ICL Hello's Sent: 89 ICL Hello's Received: 89 The following example shows the show spanning-tree rstp command. The bold section displays the RSTP state of port channels in...

Configuring Virtual Link Trunking (VLT Peer 1) Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi). Dell_VLTpeer1(conf)#vlt domain 999 Dell_VLTpeer1(conf-vlt-domain)# peer-link port-channel 100 Dell_VLTpeer1(conf-vlt-domain)# back-up destination 10.11.206.35 Dell_VLTp...

Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 70. Troubleshooting VLT Description Behavior at Peer Up Behavior During Run...

Description Behavior at Peer Up Behavior During Run Time Action to Take that the MAC address is the same on both units. Unit ID mismatch The VLT peer does not boot up. The VLTi is forced to a down state. A syslog error message is generated. The VLT peer does not boot up. The VLTi is forced to a down...

Specifying VLT Nodes in a PVLAN You can configure VLT peer nodes in a private VLAN (PVLAN). VLT enables redundancy without the implementation of Spanning Tree Protocol (STP), and provides a loop-free network with optimal bandwidth utilization. Because the VLT LAG interfaces are terminated on two dif...

PVLAN Operations When a VLT Peer is Restarted When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back online, a verification is performed with the newly received PVLAN configuration from the peer. If any differences are identified, the ...

VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 Access Access Secondary (Community) Secondary (Community) No No - Primary VLAN Y - Primary VLAN X No No Promiscuo us Access Primary Secondary No No Trunk Access Primary/Normal Secondary No No Configur...

4. Ensure that the port channel is active.INTERFACE PORT-CHANNEL mode no shutdown 5. To configure the VLT interconnect, repeat Steps 1–4 on the VLT peer switch. 6. Enter VLT-domain configuration mode for a specified VLT domain.CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1...

interface vlan vlan-id 6. Enable the VLAN.INTERFACE VLAN mode no shutdown 7. To obtain maximum VLT resiliency, configure the PVLAN IDs and mappings to be identical on both the VLT peer nodes. Set the PVLAN mode of the selected VLAN to primary.INTERFACE VLAN mode private-vlan mode primary 8. Map seco...

request for 20.1.1.1 reaches node 1, node 1 will not perform the ARP request for 20.1.1.2. Proxy ARP is supported only for the IP address belongs to the received interface IP network. Proxy ARP is not supported if the ARP requested IP address is different from the received interface IP subnet. For e...

VLT Nodes as Rendezvous Points for Multicast Resiliency You can configure virtual link trunking (VLT) peer nodes as rendezvous points (RPs) in a Protocol Independent Multicast (PIM) domain. PIM uses a VLT node as the RP to distribute multicast traffic to a multicast group. Messages to join the multi...

Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 ! interface Port-channel 20 no ip address switchport vlan-stack trunk vlt-peer-lag port-channel 20 n...

60 VLT Proxy Gateway You can configure a proxy gateway in VLT domains. A proxy gateway enables you to locally route the packets that are destined to a L3 endpoint in another VLT domain. Proxy Gateway in VLT Domains Using a proxy gateway, the VLT peers in a domain can route the L3 packets destined fo...

8. LLDP port channel interface can’t be changed to legacy lag when proxy gateway is enabled. 9.“vlt-peer-mac transmit” is recommended only for square VLT without any diagonal links. 10. VRRP and IPv6 routing is not supported now. 11. With the existing hardware capabilities, only 512 my_station_tcam ...

• There are only a couple of MACs for each unit to be transmitted so that all current active MACs can definitely be carried on the newly defined TLV. • This TLV is recognizable only by FTOS devices with this feature support. Other device will ignore this field and should still be able to process oth...

8. Packet duplication – Assume exclude-vlan (say VLAN 10) is configured on C2/D2 for C1’s MAC. If packets for VLAN 10 with C1’s MAC get a hit at C2, they will be switched to both D2 (via ICL) and C1 via inter DC link. This could lead to packet duplication. So, if C1’s MAC is learnt at C2 then the pa...

61 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP Overview VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (L...

Figure 130. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to conver...

decreases based on the dynamics of the network, the advertisement intervals may increase or decrease accordingly. CAUTION: Increasing the advertisement interval increases the VRRP Master dead interval, resulting in an increased failover time for Master/Backup election. Take caution when increasing t...

• Create a virtual router for that interface with a VRID. INTERFACE mode vrrp-group vrid The VRID range is from 1 to 255. NOTE: The interface must already have a primary IP address defined and be enabled, as shown in the second example. • Delete a VRRP group. INTERFACE mode no vrrp-group vrid Exampl...

You can use the version both command in INTERFACE mode to migrate from VRRPv2 to VRRPv3. When you set the VRRP version to both , the switch sends only VRRPv3 advertisements but can receive VRRPv2 or VRRPv3 packets. To migrate an IPv4 VRRP group from VRRPv2 to VRRPv3: 1. Set the switches with the low...

group and the interface’s physical MAC address is changed to that of the owner VRRP group’s MAC address. • If you configure multiple VRRP groups on an interface, only one of the VRRP Groups can contain the interface primary or secondary IP address. Configuring a Virtual IP Address To configure a vir...

Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.10 Authentication: (none) ------------------ TenGigabitEthernet 1/2, VRID: 111 , Net: 10.10.2.1 State: Master, Priority: 100, Master: 10.10.2.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec ...

TenGigabitEthernet 1/2, VRID: 111, Net: 10.10.2.1 State: Master, Priority: 125, Master: 10.10.2.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 601, Gratuitous ARP sent: 2 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.2.2 10.10.2.3...

NOTE: You must configure all virtual routers in the VRRP group the same: you must configure all with preempt enabled or configure all with preempt disabled. Because preempt is enabled by default, disable the preempt function with the following command. • Prevent any BACKUP router with a higher prior...

To change the advertisement interval in seconds or centisecs, use the following command. A centisecs is 1/100 of a second. • Change the advertisement seconds interval setting. INTERFACE-VRID mode advertise-interval seconds The range is from 1 to 255 seconds. The default is 1 second . • For VRRPv3, c...

default value of 10 (also known as cost ). If the tracked interface’s state goes up, the VRRP group’s priority increases by 10.The lowered priority of the VRRP group may trigger an election. As the Master/Backup VRRP routers are selected based on the VRRP group’s priority, tracking features ensure t...

• (Optional) Display the configuration of tracked objects in VRRP groups on a specified interface. EXEC mode or EXEC Privilege mode show running-config interface interface Example of Configuring and Verifying the Tracking Configuration The following example shows configuring VRRP tracking. Dell(conf...

Virtual IP address: 2007::1 fe80::1 Tracking states for 2 resource Ids: 2 - Up IPv6 route, 2040::/64, priority-cost 20, 00:02:11 3 - Up IPv6 route, 2050::/64, priority-cost 30, 00:02:11 The following example shows viewing the VRRP configuration on an interface. Dell#show running-config interface ten...

The seconds range is from 0 to 900. The default is 0 . Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is int...

Although R2 and R3 have the same default, priority (100), R2 is elected master in the VRRPv3 group because the TenGigE 0/0 interface has a higher IPv6 address than the TenGigE 1/0 interface on R3. Router 2 R2(conf)#interface tengigabitethernet 0/0 R2(conf-if-te-0/0)#no ip address R2(conf-if-te-0/0)#...

VRRP in a VRF Configuration The following example shows how to enable VRRP operation in a VRF virtualized network for the following scenarios. • Multiple VRFs on physical interfaces running VRRP.• Multiple VRFs on VLAN interfaces running VRRP. To view a VRRP in a VRF configuration, use the show comm...

! S1(conf)#interface TenGigabitEthernet 2/3 S1(conf-if-te-2/3)#ip vrf forwarding VRF-3 S1(conf-if-te-2/3)#ip address 20.1.1.5/24 S1(conf-if-te-2/3)#vrrp-group 15 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-te-2/3-vrid-105)#priority 255 S1(conf-if-te-2/3-vrid-105)#virt...

S2(conf-if-vl-100-vrid-101)#priority 255 S2(conf-if-vl-100-vrid-101)#virtual-address 10.10.1.2 S2(conf-if-vl-100)#no shutdown ! S2(conf-if-te-2/4)#interface vlan 200 S2(conf-if-vl-200)#ip vrf forwarding VRF-2 S2(conf-if-vl-200)#ip address 10.10.1.2/24 S2(conf-if-vl-200)#tagged tengigabitethernet 12/...

62 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the...

SFF-8431 SFP+ Direct Attach Cable (10GSFP+Cu) MTU 9,252 bytes RFC and I-D Compliance The system supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of the Dell Networking OS first supports the standard. Gener...

RFC# Full Name S-Series/Z-Series draft-ietf-idrrestart- 06 Graceful Restart Mechanism for BGP 7.8.1 General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 75. General IPv4 Protocols RFC# Full Name S-Series/Z- Series C-Series E-S...

RFC# Full Name S-Series/Z- Series C-Series E-Series TeraScale E-Series ExaScale 1812 Requirements for IP Version 4 Routers 7.6.1 7.5.1 √ 8.1.1 2131 Dynamic Host Configuration Protocol 7.6.1 7.5.1 √ 8.1.1 2338 Virtual Router Redundancy Protocol (VRRP) 7.6.1 7.5.1 √ 8.1.1 3021 Using 31-Bit Prefixes on...

Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 78. Network Management RFC# Full Name S4810 S4820T Z-Series 1155 Structure and Identification of Management Information for TCP/IP-based Internets 7.6.1 1156 Management Inf...

RFC# Full Name S4810 S4820T Z-Series FORCE10-LINKAGG-MIB Force10 Enterprise Link Aggregation MIB 7.6.1 FORCE10-CHASSIS-MIB Force10 E-Series Enterprise Chassis MIB FORCE10-COPY-CONFIG-MIB Force10 File Copy MIB (supporting SNMP SET operation) 7.7.1 FORCE10-MONMIB Force10 Monitoring MIB 7.6.1 FORCE10-P...

RFC# Full Name S-Series/Z-Series 2740 OSPF for IPv6 9.1(0.0) 3623 Graceful OSPF Restart 7.8.1 4222 Prioritized Treatment of Specific OSPF Version 2 Packets and Congestion Avoidance 7.6.1 Routing Information Protocol (RIP) The following table lists the Dell Networking OS support per platform for RIP ...