Dell Force10 S4810P- Manuals

Configuring Lossless Queues ..................................................................................................... 277 Configuring the PFC Buffer in a Switch Stack ............................................................................278 Configure Enhanced Transmission Selection...

Implementation Information ............................................................................................................ 322 Configure the System to be a DHCP Server .................................................................................... 323 Configuring the Server for Aut...

Using FIP Snooping ...........................................................................................................................350 FIP Snooping Prerequisites ......................................................................................................... 350 Important Points ...

Important Points to Remember ....................................................................................................... 378 Configure GVRP ................................................................................................................................ 379 Related Configu...

IGMP Snooping ................................................................................................................................. 398 IGMP Snooping Implementation Information ........................................................................... 398 Configuring IGMP Snooping ........

Enhanced Validation of Interface Ranges ....................................................................................... 448 23 Internet Protocol Security (IPSec) ................................................................. 449 Configuring IPSec .............................................

Default iSCSI Optimization Values ................................................................................................... 495 iSCSI Optimization Prerequisites ..................................................................................................... 496 Configuring iSCSI Optim...

Configuring Shared LAG State Tracking .....................................................................................532 Important Points about Shared LAG State Tracking .................................................................. 533 LACP Basic Configuration Example .......................

Enable PIM-SM ..................................................................................................................................687 Configuring S,G Expiry Timers ......................................................................................................... 688 Configuring ...

Configuring an EdgePort .................................................................................................................. 794 Configuring Fast Hellos for Link State Detection ............................................................................ 795 46 Software-Defined Network...

Failover Roles .............................................................................................................................. 893 MAC Addressing on S-Series Stacks .......................................................................................... 893 Stacking LAG ...............

Display Stack Port Statistics ...................................................................................................... 1085 Display Stack Member Counters .............................................................................................. 1085 Enabling Application Core Dumps ...

1 About this Guide This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. This guide supports the S4810 platform.The S4810 platform is available with Dell Networking OS version 8.3...

2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols.The CLI is largely the same for the Z9000, S6000, S4810, and S4820T except for some commands and command outputs. The CLI is...

• EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information. • EXEC Privilege mode has commands to view configurations, clear counters, man...

CLI Command Mode Prompt Access Command LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE Dell(config-line-console) or Dell(config-line-vty) line console or line vty MONITOR SESSION Dell(conf-mon-sess- sessionID )# monitor session OPENFLOW INSTANCE Dell(conf-of-i...

-- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports -------------------------------------------------------------------------------- ---- 0 Management online S4810 S4810 9.4(0.0) 64 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present...

• show run | grep Ethernet returns a search result with instances containing a capitalized “Ethernet,” such as interface GigabitEthernet 0/0 . • show run | grep ethernet does not return that search result because it only searches for instances containing a non-capitalized “ethernet.” • show run | gr...

NOTE: You can filter a single command output multiple times. The save option must be the last option entered. For example: Dell# command | grep regular-expression | except regular-expression | grep other-regular-expression | find regular-expression | save . Multiple Users in Configuration Mode Dell ...

3 Getting Started This chapter describes how you start configuring your system.When you power up the chassis, the system performs a power-on self test (POST) during which the line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking Operating System (OS). B...

Accessing the Console Port To access the console port, follow these steps: For the console port pinout, refer to Accessing the RJ-45 Console Port with a DB-9 Adapter . 1. Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the S4810 console port to a termi...

Entering CLI commands Using an SSH Connection You can run CLI commands by entering any one of the following syntax to connect to a switch using the preconfigured user credentials using SSH: ssh username@hostname <CLI Command> or echo <CLI Command> | ssh admin@hostname The SSH server tran...

Default Configuration A version of Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured when you power up for the first time (except for the default hostname, which is Dell ). You must configure the system using the CLI. Configuring a Host Name The host name appea...

Configure the Management Port IP Address To access the system remotely, assign IP addresses to the management ports. 1. Enter INTERFACE mode for the Management port.CONFIGURATION mode interface ManagementEthernet slot/port • slot : the range is from 0 to 11. • port : the range is 0. 2. Assign an IP ...

* 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by defaul...

Table 3. Forming a copy Command Location source-file-url Syntax destination-file-url Syntax For a remote file location:FTP server copy ftp: // username:password@{hostip | hostname}/filepath/filename ftp: // username:password@{hostip | hostname}/ filepath/filename For a remote file location:TFTP serv...

EXEC Privilege mode copy running-config ftp: // username:password@{hostip | hostname}/filepath/ filename • Save the running-configuration to a TFTP server. EXEC Privilege mode copy running-config tftp: //{hostip | hostname}/ filepath/filename • Save the running-configuration to an SCP server. EXEC P...

9 -rw- 27674906 Jul 06 2007 00:20:24 FTOS-EF-4.7.4.302.bin 10 -rw- 27674906 Jul 06 2007 19:54:52 boot-image-FILE 11 drw- 8192 Jan 01 1980 00:18:28 diag 12 -rw- 7276 Jul 20 2007 01:52:40 startup-config.bak 13 -rw- 7341 Jul 20 2007 15:34:46 startup-config 14 -rw- 27674906 Jul 06 2007 19:52:22 boot-ima...

! interface Vlan 100 no ip address no shutdown ! interface Vlan 1000 ip address 1.1.1.1/16 no shutdown Uncompressed config size – 52 lines write memory compressedThe write memory compressed CLI will write the operating configuration to the startup-config file in the compressed mode. In stacking scen...

- - - network rw ftp: - - - network rw tftp: - - - network rw scp: You can change the default file system so that file management commands apply to a particular device or memory. To change the default directory, use the following command. • Change the default directory. EXEC Privilege mode cd direct...

For a particular target where VRF is enabled, the show output is similar to the following: Feature State ------------------------------ VRF enabled View Command History The command-history trace feature captures all commands entered by all users of the system with a time stamp and writes these messa...

1. Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file is displayed next to the software image file on the iSupport page. 2. Go on to the Dell Networking system and copy the software image to the flash drive, usin...

4 Management Management is supported on the S4810 platform.This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of...

Allowing Access to CONFIGURATION Mode Commands To allow access to CONFIGURATION mode, use the privilege exec level level configure command from CONFIGURATION mode. A user that enters CONFIGURATION mode remains at his privilege level and has access to only two commands, end and exit . You must indivi...

aux Auxiliary line console Primary terminal line vty Virtual terminal Dell(conf)#line vty 0 Dell(config-line-vty)#? exit Exit from line configuration mode Dell(config-line-vty)# Dell(conf)#interface group ? fortyGigE FortyGigabit Ethernet interface gigabitethernet GigabitEthernet interface IEEE 802....

• Disable logging to terminal lines. CONFIGURATION mode no logging monitor • Disable console logging. CONFIGURATION mode no logging console Audit and Security Logs This section describes how to configure, display, and clear audit and security logs.The following is the configuration task list for aud...

When you enabled RBAC and extended logging: • Only the system administrator user role can execute this command.• The system administrator and system security administrator user roles can view security events and system events. • The system administrator user roles can view audit, security, and syste...

The following describes the two log messages formats: • 0 – Displays syslog messages format as described in RFC 3164, The BSD syslog Protocol • 1 – Displays syslog message format as described in RFC 5424, The SYSLOG Protocol Example of Configuring the Logging Message Format Dell(conf)#logging versio...

Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server Dell(conf)#ip ssh server enab...

3. Configure logging to a local host. locahost is “127.0.0.1” or “::1”. If you do not, the system displays an error when you attempt to enable role-based only AAA authorization. Dell(conf)# logging localhost tcp port Dell(conf)#logging 127.0.0.1 tcp 5140 Sending System Messages to a Syslog Server To...

• Disable console logging. CONFIGURATION mode no logging console Sending System Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March ...

• Specify the minimum severity level for logging to a syslog server. CONFIGURATION mode logging trap level • Specify the minimum severity level for logging to the syslog history table. CONFIGURATION mode logging history level • Specify the size of the logging buffer. CONFIGURATION mode logging buffe...

%TSM-6-SFM_DISCOVERY: Found SFM 6 %TSM-6-SFM_DISCOVERY: Found SFM 7 %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP %TSM-6-SFM_DISCOVERY: Found SFM 8 %TSM-6-SFM_DISCOVERY: Found 9 SFMs %CHMGR-5-CHECKIN: Checkin from line card 5 (type EX1YB, 1 ports) %TSM-6-PORT_CONFIG: Port link status for LC 5 => ...

– user (for user programs) – uucp (UNIX to UNIX copy protocol) Example of the show running-config logging Command To view nondefault settings, use the show running-config logging command in EXEC mode. Dell#show running-config logging ! logging buffered 524288 debugging service timestamps log datetim...

Enabling Timestamp on Syslog Messages By default, syslog messages do not include a time/date stamp stating when the error or message was created.To enable timestamp, use the following command. • Add timestamp to syslog messages. CONFIGURATION mode service timestamps [log | debug] [datetime [localtim...

• Configure FTP Server Parameters (optional) • Configure FTP Client Parameters (optional) Enabling the FTP Server To enable the system as an FTP server, use the following command.To view FTP configuration, use the show running-config ftp command in EXEC privilege mode. • Enable FTP on the system. CO...

– For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. – For a loopback interface, enter the keyword loopback then a number between 0 and 16383. – For a port channel interface, enter the keywords port-channel then a number from 1 to 255 for TeraScale an...

Example of an ACL that Permits Terminal Access To view the configuration, use the show config command in LINE mode. Dell(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 Dell(config-std-nacl)#line vty 0 Dell(config-line-vty)#show config line vty 0 access-cl...

Example of Terminal Line Authentication In the following example, VTY lines 0-2 use a single authentication method, line. Dell(conf)#aaa authentication login myvtymethodlist line Dell(conf)#line vty 0 2 Dell(config-line-vty)#login authentication myvtymethodlist Dell(config-line-vty)#password myvtypa...

• Telnet to the peer RPM. You do not need to configure the management port on the peer RPM to be able to telnet to it.EXEC Privilege mode telnet-peer-rpm • Telnet to a device with an IPv4 or IPv6 address. EXEC Privilege telnet [ ip-address ] If you do not enter an IP address, Dell Networking OS ente...

You can then send any user a message using the send command from EXEC Privilege mode. Alternatively, you can clear any line using the clear command from EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode. Example of Locking CONFIGURATION Mode for Single-User Acces...

5. To save the changes, use the saveenv command. uBoot mode saveenv 6. Reload the system.uBoot mode reset 7. Copy startup-config.bak to the running config. EXEC Privilege mode copy flash://startup-config.bak running-config 8. Remove all authentication statements you might have for the console.LINE m...

5. Reload the system.uBoot mode reset 6. Configure a new enable password.CONFIGURATION mode enable {secret | password} 7. Save the running-config to the startup-config.EXEC Privilege mode copy running-config startup-config Recovering from a Failed Start on the S4810 System A system that does not sta...

Restoring the Factory Default Settings Restoring the factory-default settings deletes the existing NVRAM settings, startup configuration, and all configured settings such as, stacking or fanout. S4810MXL Switch To restore the factory default settings, use the restore factory-defaults stack-unit {0-5...

5 802.1ag 802.1ag is available only on the S4810 platforms.Ethernet operations, administration, and maintenance (OAM) are a set of tools used to install, monitor, troubleshoot, and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: • Service layer OAM — IEEE 802.1...

In addition to providing end-to-end OAM in native Layer 2 Ethernet Service Provider/Metro networks, you can also use CFM to manage and troubleshoot any Layer 2 network including enterprise, datacenter, and cluster networks. Maintenance Domains Connectivity fault management (CFM) divides a network in...

Figure 3. Maintenance Points Maintenance End Points A maintenance end point (MEP) is a logical entity that marks the end point of a domain. There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP — monitors the forwarding path internal to a bridge on the customer or provider edg...

Implementation Information Because the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configuring the CFM To configure the CFM, follow these steps: 1. Configure the ecfmacl CAM region using the cam-acl command. 2. Enable ...

Creating a Maintenance Domain Connectivity fault management (CFM) divides a network into hierarchical maintenance domains, as shown in Maintenance Domains . 1. Create maintenance domain.ETHERNET CFM mode domain name md-level number The range is from 0 to 7. 2. Display maintenance domain information....

These roles define the relationships between all devices so that each device can monitor the layers under its responsibility. Creating a Maintenance End Point A maintenance endpoint (MEP) is a logical entity that marks the endpoint of a domain.There are two types of MEPs defined in 802.1ag for an 80...

Example of Viewing Configured MIPs Dell#show ethernet cfm maintenance-points local mip -------------------------------------------------------------------- MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir MAC --------------------------------------------------------------------- 0 service...

The default is 100 minutes . The range is from 100 to 65535 minutes. Continuity Check Messages Continuity check messages (CCM) are periodic hellos. Continuity check messages: • discover MEPs and MIPs within a maintenance domain• detect loss of connectivity between MEPs• detect misconfiguration, such...

Enabling CCM To enable CCM, use the following commands. 1. Enable CCM.ECFM DOMAIN mode no ccm disable The default is Disabled . 2. Configure the transmit interval (mandatory). The interval specified applies to all MEPs in the domain.ECFM DOMAIN mode ccm transmit-interval seconds The default is 10 se...

Sending Linktrace Messages and Responses Linktrace message and response (LTM, LTR), also called Layer 2 Traceroute, is an administratively sent multicast frames transmitted by MEPs to track, hop-by-hop, the path to another MEP or MIP within the maintenance domain.All MEPs and MIPs in the same domain...

• Set the amount of time a trace result is cached. ETHERNET CFM mode traceroute cache hold-time minutes The default is 100 minutes . The range is from 10 to 65535 minutes. • Set the size of the Link Trace Cache. ETHERNET CFM mode traceroute cache size entries The default is 100 . The range is from 1...

Displaying Ethernet CFM Statistics To display Ethernet CFM statistics, use the following commands. • Display MEP CCM statistics. EXEC Privilege mode show ethernet cfm statistics [domain { name | level } vlan-id vlan-id mpid mpid • Display CFM statistics by port. EXEC Privilege mode show ethernet cfm...

Figure 7. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant . The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communica...

EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 9. EAP ...

Examples of Verifying that 802.1X is Enabled Globally and on an Interface Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. In the following example, the bold lines show that 802.1X is enabled. Dell#show run...

To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP Request Identity frame.INTERFACE mode dot1x tx-period number The range is from 1 to 65535 (1 year) The default is 30 . • Configure a maximum number of ...

The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. FTOS(conf-if-range-Te-0/0)#dot1x tx-period 90 FTOS(conf-if-range-Te-0/0)#dot1x max-eap-req 10 FTOS(conf-if-range-Te-0/0)#dot1x quiet-period 120 FTOS#show dot1x interface TenGigabitEthernet 2/1 802.1...

----------------------------- Dot1x Status: Enable Port Control: FORCE_AUTHORIZED Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 2 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval:...

Port Control: FORCE_AUTHORIZED Port Auth Status: UNAUTHORIZED Re-Authentication: Enable Untagged VLAN id: None Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 10 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 7200 seconds Max-EAP-Req: 10 Auth Type: SINGLE_HOS...

Guest VLAN: Disable Guest VLAN id: NONE Auth-Fail VLAN: Disable Auth-Fail VLAN id: NONE Auth-Fail Max-Attempts: NONE Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 10 Supplicant Timeout: 15 seconds Server Timeout: 15 seconds Re-Auth Interval: 7200 seconds Max-EAP-Req: 10 Auth Type: SING...

Figure 11. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X ) along with relevant RADIUS server configurations (refer to the illustration in Dynamic VLAN Assignment with Port Authentication ). 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. C...

If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also, some dumb-terminals, ...

for the ACL VLAN groups present on the system, an appropriate error message is displayed. The ACL manager application verifies the following parameters when you enter the acl-vlan-group command: • Whether the CAM profile is set in VFP• Whether the maximum number of groups in the system has exceeded•...

• The maximum number of VLANs that you can configure as a member of ACL VLAN groups is limited to 512 on the S4180 switch if two slices are allocated.If only one virtual flow processing slice is allocated, the maximum number of VLANs that you can configure as a member of an ACL VLAN group is 256 for...

4. Add VLAN member(s) to an ACL VLAN group.CONFIGURATION (conf-acl-vl-grp) mode member vlan { VLAN-range } 5. Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name.CONFIGURATION (conf-acl-vl-grp) mode show acl-vlan-group { group name | detail} Dell#show acl-vlan-gr...

4. View the number of flow processor (FP) blocks that is allocated for the different VLAN services.EXEC Privilege mode Dell#show cam-usage switch Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============| ============== 11 ...

The following sample output displays the CAM space utilization when Layer 2 and Layer 3 ACLs are configured: Dell#show cam-usage acl Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============|============ 11 | 0 | IN-L2 ACL ...

• Port/VLAN based IMPLICIT DENY Rules• VRF based PERMIT/DENY Rules• VRF based IMPLICIT DENY Rules NOTE: In order for the VRF ACLs to take effect, ACLs configured in the Layer 3 CAM region must have an implicit-permit option. You can use the ip access-group command to configure VRF-aware ACLs on inte...

• CAM Optimization User Configurable CAM Allocation User configurable CAM allocations are supported on the S4810 platform. Allocate space for IPV6 ACLs by using the cam-acl command in CONFIGURATION mode. The CAM space is allotted in filter processor (FP) blocks. The total space allocated must equal ...

Implementing ACLs on Dell Networking OS You can assign one IP ACL per interface with Dell Networking OS. If you do not assign an IP ACL to an interface, it is not used by the software in any other capacity.The number of entries allowed per ACL is hardware-dependent. For detailed specification on ent...

closer to 0) before rules with higher-order numbers so that packets are matched as you intended. By default, all ACL rules have an order of 255 . Example of the order Keyword to Determine ACL Sequence Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nac...

The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route map, use the show route-map command. Dell#show route-map dilling route-map dilling, permit, sequence 1...

Example of the match Command to Permit and Deny Routes Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(conf)#route-map force deny 20 Dell(config-route-map)#match tag 1000 Dell(conf)#route-map force deny 30 Dell(config-route-map)#match tag 1000 Configuring Match Routes...

• Match next-hop routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 next-hop { access-list-name | prefix-list prefix-list-name } • Match source routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip route-source { access-list-name | prefix-list prefix-list-n...

CONFIG-ROUTE-MAP mode set local-preference value • Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode set metric {+ | - | metric-value } • Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP ...

In the following example, the redistribute command calls the route map static ospf to redistribute only certain static routes into OSPF. According to the route map static ospf , only routes that have a next hop of Gigabitethernet interface 0/0 and that have a metric of 255 are redistributed into the...

Example of Using the continue Clause in a Route Map ! route-map test permit 10 match commu comm-list1 set community 1:1 1:2 1:3 set as-path prepend 1 2 3 4 5 continue 30! IP Fragment Handling Dell Networking OS supports a configurable option to explicitly deny IP fragmented packets, particularly sec...

Layer 4 ACL Rules Examples The following examples show the ACL commands for Layer 4 packet filtering. Permit an ACL line with L3 information only, and the fragments keyword is present: If a packet’s L3 information matches the L3 information in the ACL line, the packet's FO is checked. • If a packet'...

Configure a Standard IP ACL To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide . To set up extended ACLs, refer to Configure an Extended IP ACL...

If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of 5. Configuring a Standard IP ACL Filter If you are creating a standard ACL wit...

To delete a filter, enter the show config command in IP ACCESS LIST mode and locate the sequence number of the filter you want to delete. Then use the no seq sequence-number command in IP ACCESS LIST mode. Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, I...

Configure Filters, TCP Packets To create a filter for UDP packets with a specified sequence number, use the following commands. 1. Create an extended IP ACL and assign it a unique name.CONFIGURATION mode ip access-list extended access-list-name 2. Configure an extended IP ACL filter for UDP packets....

CONFIG-EXT-NACL mode {deny | permit} udp { source mask | any | host ip-address }} [count [byte]] [order] [fragments] When you use the log keyword, the CP logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to...

L2 ACL Behavior L3 ACL Behavior Decision on Targeted Traffic Permit Deny L3 ACL denies. Permit Permit L3 ACL permits. NOTE: If you configure an interface as a vlan-stack access port, only the L2 ACL filters the packets. The L3 ACL applied to such a port does not affect traffic. That is, existing rul...

4. Apply rules to the new ACL.INTERFACE mode ip access-list [standard | extended] name To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show running-config command in EXEC mode. Example of Viewing ACLs Applied to an Interface Dell(conf-if)#sh...

Dell#configure terminal Dell(conf)# ip access-list extended abcd Dell(config-ext-nacl)#permit tcp any any Dell(config-ext-nacl)#deny icmp any any Dell(config-ext-nacl)#permit 1.1.1.2 Dell(config-ext-nacl)#end Dell# show ip accounting access-list ! Extended Ingress IP access list abcd on gigethernet ...

Dell#configure terminal Dell(conf)#interface te 0/0 Dell(conf-if-te-0/0)#ip vrf forwarding blue Dell(conf-if-te-0/0)#show config ! interface TenGigabitEthernet 0/0 ip vrf forwarding blue no ip address shutdown Dell(conf-if-te-0/0)# Dell(conf-if-te-0/0)# Dell(conf-if-te-0/0)#end Dell# Applying Egress...

A route prefix is an IP address pattern that matches on bits within the IP address. The format of a route prefix is A.B.C.D/X where A.B.C.D is a dotted-decimal address and /X is the number of bits that should be matched of the dotted decimal address. For example, in 112.24.0.0/16, the first 16 bits ...

Creating a Prefix List To create a prefix list, use the following commands. 1. Create a prefix list and assign it a unique name.You are in PREFIX LIST mode. CONFIGURATION mode ip prefix-list prefix-name 2. Create a prefix list with a sequence number and a deny or permit action.CONFIG-NPREFIXL mode s...

Creating a Prefix List Without a Sequence Number To create a filter without a specified sequence number, use the following commands. 1. Create a prefix list and assign it a unique name.CONFIGURATION mode ip prefix-list prefix-name 2. Create a prefix list filter with a deny or permit action.CONFIG-NP...

ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0) seq 6 deny 2.1.0.0/16 ge 23 (hit count: 0) seq 10 permit 0.0.0.0/0 le 32 (hit count: 0) ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 seq 5 deny 100.100.1....

Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode. CONFIGURATION mode router ospf • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a non-ex...

Table 7. ACL Resequencing Rules Resquencing Rules Before Resequencing: seq 5 permit any host 1.1.1.1 seq 6 permit any host 1.1.1.2 seq 7 permit any host 1.1.1.3 seq 10 permit any host 1.1.1.4 Rules After Resequencing: seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any hos...

! ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.1 remark 6 this remark has no corresponding rule remark 8 this remark corresponds to permit ip any host 1.1.1.2 seq 8 permit ip any host 1.1.1.2 seq 10 permit ip any...

Logging of ACL Processes This functionality is supported on the S4810 platform. To assist in the administration and management of traffic that traverses the device after being validated by the configured ACLs, you can enable the generation of logs for access control list (ACL) processes. Although yo...

packets in the ACL entry, and if the logging is deactivated in a specific interval because the threshold has exceeded, the count of packets that exceeded the logging threshold value during that interval is recorded when the subsequent log record (in the next interval) is generated for that ACL entry...

NOTE: This example describes the configuration of ACL logging for standard IP access lists. You can enable the logging capability for standard and extended IPv4 ACLs, IPv6 ACLs, and standard and extended MAC ACLs. 1. Specify the maximum number of ACL logs or the threshold that can be generated by us...

monitor session 11 flow-based enable source GigabitEthernet 13/0 destination GigabitEthernet 13/1 direction both The show ip | mac | ipv6 accounting commands have been enhanced to display whether monitoring is enabled for traffic that matches with the rules of the specific ACL. Example Output of the...

9 Bidirectional Forwarding Detection (BFD) Bidirectional forwarding detection (BFD) is supported only on the S4810 platform.BFD is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol l...

NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client. BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD con...

handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated. 4. The passive system receives the control packet and changes its state to Up. Both systems agree that a session has been established. However, because both members must send a control packet...

receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 14. Session State Changes Important Points to Remember • On the S4810 platform, Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive interv...

• Configure BFD for OSPFv3 • Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical po...

Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 15. Establishing a BFD Session on Physical Ports 1. Enter interface mode.CONF...

Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:06:95:a2 Int: GigabitEthernet 4/24 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: ...

Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 7 Disabling and Re-Enabling BFD BFD is enabled on all interfaces by default, though sessions are not created unless explicitly configured. If you disable BFD, all of the sessions on that int...

Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 16. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a ...

• Change parameters for all static route sessions. CONFIGURATION mode ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information ...

Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 17. Establishing Sessions with O...

INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active ses...

To disable BFD sessions, use the following commands. • Disable BFD sessions with all OSPFv3 neighbors. ROUTER-OSPFv3 mode no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv...

To change parameters for all OSPF sessions or for OSPF sessions on a single interface, use the following commands. • Change parameters for OSPF sessions. ROUTER-OSPF mode bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for all ...

Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 18. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neigh...

The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2...

INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP Bidirectional forwarding detection (BFD) for BGP is supported on the S4810 platform. In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external...

typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. 1. Enable BFD globally.CONFIGURATION mode bfd enable 2. Specify the AS number and enter ROUTER...

ROUTER BGP mode neighbor { ip-address | peer-group-name } bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor { ip-address | peer-group-name } bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members o...

Connections established 1; dropped 0 Last reset never Local host: 2.2.2.3, Local port: 63805 Foreign host: 2.2.2.2, Foreign port: 179 E1200i_ExaScale# R2# show ip bgp neighbors 2.2.2.3 BGP neighbor is 2.2.2.3, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, ...

Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 20. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command....

Disabling BFD for VRRP If you disable any or all VRRP sessions, the sessions are torn down. A final Admin Down control packet is sent to all neighbors and sessions on the remote system change to the Down state.To disable all VRRP sessions on an interface, sessions for a particular VRRP group, or for...

Figure 22. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are ...

Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, ...

Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speakers announce only the best route for a given prefix, route reflector rules are applied after the router makes its best path ...

• Next Hop NOTE: There are no hard coded limits on the number of attributes that are supported in the BGP. Taking into account other constraints such as the Packet Size, maximum number of attributes are supported in BGP. Communities BGP communities are sets of routes with one or more common attribut...

Figure 24. BGP Best Path Selection Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. a. R...

Figure 26. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it overwri...

*> 7.0.0.0/30 10.114.8.33 0 0 18508 ? *> 9.2.0.0/16 10.114.8.33 10 0 18508 701 i AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through. The local AS number is added by the BGP speaker when advertising to a eBGP neighbor. NOTE: Any update that...

Multiprotocol BGP Multiprotocol extensions for BGP (MBGP) is defined in IETF RFC 2858. MBGP allows different types of address families to be distributed in parallel. MBGP for IPv4 multicast is supported on the S4810 platform.MBGP allows information about the topology of the IP multicast-capable rout...

internal configured, BGP advertises the metric configured in the redistribute command as MED. • If BGP peer outbound route-map has metric configured, all other metrics are overwritten by this configuration. NOTE: When redistributing static, connected, or OSPF routes, there is no metric option. Simpl...

Configure 4-byte AS numbers with the four-octet-support command. AS4 Number Representation Dell Networking OS supports multiple representations of 4-byte AS numbers: asplain, asdot+, and asdot. NOTE: The ASDOT and ASDOT+ representations are supported only with the 4-Byte AS numbers feature. If 4-Byt...

! router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 <output truncated> Dell(conf-router_bgp)#do show ip bgp BGP table version is 31571, local router ID is 172.30.1.57 <output truncated> AS-PLAIN Dell(conf-router_bgp)# bgp asnotation aspla...

• The f10BgpM2[Cfg]PeerReflectorClient field is populated based on the assumption that route- reflector clients are not in a full mesh if you enable BGP client-2-client reflection and that the BGP speaker acting as reflector advertises routes learned from one client to another client. If disabled, i...

By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled. To enable a neighbor or peer group, enter the neighbor {...

3. Enable the BGP neighbor.CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } no shutdown Examples of the show ip bgp Commands NOTE: When you change the configuration of a BGP neighbor, always reset it by entering the clear ip bgp * command in EXEC Privilege mode. To view the BGP confi...

Connections established 0; dropped 0 Last reset never No active TCP connection Dell# The following example shows verifying the BGP configuration using the show running-config bgp command.. Dell#show running-config bgp ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10....

Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy.A maximum of 256 peer groups are allowed on the sy...

10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fall-Over By default, a BGP session is governed by the hold time. BGP routers typically carry large routing tables, so frequent session resets are not desirable. The BGP fast fall-over feature reduces the convergence time while mainta...

fall-over enabled Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 52, neighbor version 52 4 accepted prefixes consume 16 bytes Prefix advertised 0, denied 0, withdrawn 0 Connections established 6; dropped 5 Last reset...

You can constrain the number of passive sessions accepted by the neighbor. The limit keyword allows you to set the total number of sessions the neighbor will accept, between 2 and 265. The default is 256 sessions. 1. Configure a peer group that does not initiate TCP connections with other peers.CONF...

Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number. The second two lines in bold show the local AS number (6500) maintained during migration. To disable this feature, use the no neighbor local-as command in CONFIGURATION ROUTER BGP mode. R2...

R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdow...

• Defer best path selection for a certain amount of time. This helps optimize path selection and results in fewer updates being sent out. To enable graceful restart, use the configure router bgp graceful-restart command. • Enable graceful restart for the BGP node. CONFIG-ROUTER-BGP mode bgp graceful...

neighbor { ip-address | peer-group-name } graceful-restart [role receiver-only] • Set the maximum time to retain the restarting neighbor’s or peer-group’s stale paths. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } graceful-restart [stale-path-time time-in-seconds ] The default is ...

Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode. Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path 0x4014154 0 3 18508 701 3549 19421 i 0x4013914 0 3 18508 701 7018 14990 i...

Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process. With the redistribute command, you can include ISIS, OSPF, static, or directly connected routes in the BGP process.To add routes from other routing instances or pro...

To allow multiple paths sent to peers, use the following commands. 1. Allow the advertisement of multiple paths for the same address prefix without the new paths replacing any previous ones.CONFIG-ROUTER-BGP mode bgp add-path [both|received|send] path-count count The range is from 2 to 64. 2. Allow ...

To configure an IP community list, use these commands. 1. Create a community list and enter COMMUNITY-LIST mode.CONFIGURATION mode ip community-list community-list-name 2. Configure a community list by denying or permitting specific community numbers or types of community.CONFIG-COMMUNITYLIST mode {...

Configuring an IP Extended Community List To configure an IP extended community list, use these commands. 1. Create a extended community list and enter the EXTCOMMUNITY-LIST mode.CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2. Two types of extended communities are supported.CONFIG-...

Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1. Enter the ROUTE-MAP mode and assign a name to a route map.CONFIGU...

To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbo...

Dell>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i 3.0.0.0/8 195.171.0.16 100 0 209 ...

CONFIG-ROUTER-BGP mode bgp default local-preference value – value : the range is from 0 to 4294967295. The default is 100 . To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode. A more flexible metho...

set next-hop ip-address Changing the WEIGHT Attribute To change how the WEIGHT attribute is used, enter the first command. You can also use route maps to change this and other BGP attributes. For example, you can include the second command in a route map to specify the next hop address. • Assign a w...

• If the prefix list contains no filters, all routes are permitted.• If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a pre...

Filtering BGP Routes Using AS-PATH Information To filter routes based on AS-PATH information, use these commands. 1. Create a AS-PATH ACL and assign it a name.CONFIGURATION mode ip as-path access-list as-path-name 2. Create a AS-PATH ACL filter with a deny or permit action.AS-PATH ACL mode {deny | p...

• Assign an ID to a router reflector cluster. CONFIG-ROUTER-BGP mode bgp cluster-id cluster-id You can have multiple clusters in an AS. • Configure the local router as a route reflector and the neighbor or peer group identified is the route reflector client.CONFIG-ROUTER-BGP mode neighbor { ip-addre...

Configuring BGP Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations.As with route reflectors, BGP confederations are recommended only for IBGP peering involving many IBGP peering sessions per router. Basically, when you co...

Route Map Continue The BGP route map continue feature, continue [ sequence-number ] , (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the sequence number). If you do not specify a sequence number, the continue feature moves to the next sequence number (als...

• When exchanging updates with the peer, BGP sends and receives IPv4 multicast routes if the peer is marked as supporting that AFI/SAFI. • Exchange of IPv4 multicast route information occurs through the use of two new attributes called MP_REACH_NLRI and MP_UNREACH_NLRI, for feasible and withdrawn ro...

EXEC Privilege mode debug ip bgp [ ip-address | peer-group peer-group-name ] notifications [in | out] • View information about BGP updates and filter by prefix name. EXEC Privilege mode debug ip bgp [ ip-address | peer-group peer-group-name ] updates [in | out] [prefix-list name] • Enable soft-recon...

Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv4 Unicast BGP table version 1395, neighbor version 1394 Prefixes accepted 1 (consume 4 bytes), 0 withdrawn by peer Prefixes advertised 0, rejected 0, 0 withdrawn ...

00000000 00000000 00000000 00000000 0181a1e4 0181a25c 41af92c0 00000000 00000000 00000000 00000000 00000001 0181a1e4 0181a25c 41af9400 00000000 PDU[2] : len 19, captured 00:34:51 ago ffffffff ffffffff ffffffff ffffffff 00130400 PDU[3] : len 19, captured 00:34:51 ago ffffffff ffffffff ffffffff ffffff...

Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you...

Dell(conf)# 1. Select a cam-acl action.CONFIGURATION mode cam-acl [default | l2acl] NOTE: Selecting default resets the CAM entries to the default settings. Select l2acl to allocate the desired space for all other regions. 2. Enter the number of FP blocks for each region.EXEC Privilege mode cam-acl {...

L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl : 0 iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 -- Stack unit 0 -- Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQo...

Example of the show cam-usage Command Dell#show cam-usage Stackunit|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============|============== 0 0 | IN-L3 ACL | 512 | 1 | 511 | | IN-V6 ACL | 0 | 0 | 0 | | IN-L2 ACL | 768 | 0 | 768 | |...

QoS CAM Region Limitation To store QoS service policies, the default CAM profile allocates a partition within the IPv4Flow region. If the QoS CAM space is exceeded, a message similar to the following displays. %EX2YD:12 %DIFFSERV-2-DSA_QOS_CAM_INSTALL_FAILED: Not enough space in L3 Cam(PolicyQos) fo...

Figure 30. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The S4810 can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol...

CoPP policies are assigned on a per-protocol or a per-queue basis, and are assigned in CONTROL-PLANE mode to each port-pipe. CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. Config...

The following example shows matching the QoS class map to the QoS policy. Dell(conf)#policy-map-input egressFP_rate_policy cpu-qos Dell(conf-policy-map-in-cpuqos)#class-map class_ospf qos-policy rate_limit_500k Dell(conf-policy-map-in-cpuqos)#class-map class_bgp qos-policy rate_limit_400k Dell(conf-...

The following example shows assigning the QoS policy to the queues. Dell(conf)#policy-map-input cpuq_rate_policy cpu-qos Dell(conf-qos-policy-in)#service-queue 5 qos-policy cpuq_1 Dell(conf-qos-policy-in)#service-queue 6 qos-policy cpuq_2 Dell(conf-qos-policy-in)#service-queue 7 qos-policy cpuq_1 Th...

CPU Queue Weights Rate (pps) Protocol 4 127 2000 IPC/IRC, VLT Control frames 5 16 300 ARP Request, NS, RS, iSCSI OPT Snooping 6 16 400 ICMP, ARP Reply, NTP, Local terminated L3, NA, RA,ICMPv6 (other Than NDP and MLD) 7 64 400 xSTP, FRRP, LACP, 802.1x,ECFM,L2PT,TRILL, Open flow 8 32 400 PVST, LLDP, G...

To configure control-plane policing, perform the following: 1. Create an IPv6 ACL for control-plane traffic policing for ospfv3.CONFIGURATION mode Dell(conf)#ipv6 access-list ospfv3 cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit ospf 2. Create a QoS input policy for the router and assign the policing.CON...

13 Data Center Bridging (DCB) Data center bridging (DCB) is supported on the S4810 platform. NOTE: Ethernet Enhancements in Data Center Bridging The following section describes DCB. The S4810 system supports loading two DCB_Config files: FCoE_DCB_Config and iSCSI_DCB_Config . These files are located...

network that may drop packets in case of network congestion. IP networks rely on transport protocols (for example, TCP) for reliable data transmission with the associated cost of greater processing overhead and performance impact. Storage traffic Storage traffic based on Fibre Channel media uses the...

The system supports loading two DCB_Config files: • FCoE converged traffic with priority 3.• iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reac...

– No bandwidth limit or no ETS processing • Bandwidth allocated by the ETS algorithm is made available after strict-priority groups are serviced. Bandwidth is distributed in the following ways: – If bandwidth is not assigned to the priority groups, all available bandwidth is equally distributed amon...

Data Center Bridging in a Traffic Flow The following figure shows how DCB handles a traffic flow on an interface. Figure 32. DCB PFC and ETS Traffic Handling Enabling Data Center Bridging DCB is automatically configured when you configure FCoE or iSCSI optimization. Data center bridging supports con...

To enable DCB with PFC buffers on a switch, enter the following commands, save the configuration, and reboot the system to allow the changes to take effect. 1. Enable DCB.CONFIGURATION mode dcb enable 2. Set PFC buffering on the DCB stack unit.CONFIGURATION mode dcb stack-unit all pfc-buffering pfc-...

dot1p Value in the Incoming Frame Egress Queue Assignment 5 5 6 6 7 7 Configuring Priority-Based Flow Control PFC provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default when you enable DCB. As an enhancement t...

To remove a DCB input policy, including the PFC configuration it contains, use the no dcb-input policy-name command in INTERFACE Configuration mode. To disable PFC operation on an interface, use the no pfc mode on command in DCB Input Policy Configuration mode. PFC is enabled and disabled as the glo...

Lossless traffic egresses out the no-drop queues. Ingress dot1p traffic from PFC-enabled interfaces is automatically mapped to the no-drop egress queues. 1. Enter INTERFACE Configuration mode.CONFIGURATION mode interface type slot/port 2. Configure the port queues that will still function as no-drop...

Valid stack-unit IDs are 0 to 5. The only valid port-set ID (port-pipe number) is 0. Dell Networking OS Behavior: If you configure PFC on a 40GbE port, count the 40GbE port as four PFC- enabled ports in the pfc-port number you enter in the command syntax.To achieve lossless PFC operation, the PFC po...

• You can only use a QoS DCB output policy in association with a priority group in a DCB output policy and cannot be applied to an interface as a normal QoS output policy (refer to Applying an ETS Output Policy for a Priority Group to an Interface and Creating an Output QoS Policy in the Quality of ...

Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings is applied on an egress interface. You can associate a priority group to more than one ETS output policy on different interfaces. 1. Create an ETS priori...

The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group can map to multiple queues. If you configure more than one priority queue as strict priority or more than one priori...

Dell Networking OS Behavior: Create a DCB output policy to associate a priority group with an ETS output policy with scheduling and bandwidth configuration. You can apply a DCB output policy on multiple egress ports.The ETS configuration associated with 802.1p priority traffic in a DCB output policy...

Configuring Bandwidth Allocation for DCBx CIN After you apply an ETS output policy to an interface, if the DCBx version used in your data center network is CIN, you may need to configure a QoS output policy to overwrite the default CIN bandwidth allocation.This default setting divides the bandwidth ...

dcb-policy input stack-unit {all | stack-unit-id} stack-ports all dcb-input-policy-name Entering this command removes all DCB input policies applied to stacked ports. A dcb-policy input stack-unit all command overwrites any previous dcb-policy input stack-unit stack-unit-id configurations. Similarly...

A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports. Ports receiving auto-configuration information from the configuration source ignore their current settings and use the configuration source information. Propagation of DC...

DCBx Example The following figure shows how to use DCBx. The external 40GbE ports on the base module (ports 33 and 37) of two switches are used for uplinks configured as DCBx auto-upstream ports. The S4810 is connected to third-party, top-of-rack (ToR) switches through 40GbE uplinks. The ToR switche...

5. On manual ports only : Configure the PFC and ETS TLVs advertised to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [ets-conf | ets-reco | pfc] • ets-conf : enables the advertisement of ETS Configuration TLVs. • ets-reco : enables the...

– fail : enables traces for DCBx failures. – mgmt : enables traces for DCBx management frames. – resource : enables traces for DCBx system resource frames. – sem : enables traces for the DCBx state machine. – tlv : enables traces for DCBx TLVs. Verifying the DCB Configuration To display DCB configur...

FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Local ISCSI PriorityMap is 0x10 Remote FCOE PriorityMap is 0x8 Remote ISCSI PriorityMap is 0x8 Dell# show interfaces tengigabitethernet 0/49 pfc detail Interface TenGigabitEthernet 0/49 Admin mode is on Admi...

Traffic Class TLV Pkts The following table describes the show interface ets detail command fields. Table 15. show interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. N...

Local DCBx Status ----------------- DCBx Operational Version is 0 DCBx Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 1 Protocol State: In-Sync Peer DCBx Status: ---------------- DCBx Operational Version is 0 DCBx Max Version Supported is 0 Sequence Number: 1 Acknowledgment Num...

Field Description Local DCBx Status: Sequence Number Sequence number transmitted in Control TLVs. Local DCBx Status: Acknowledgment Number Acknowledgement number transmitted in Control TLVs. Local DCBx Status: Protocol State Current operational state of DCBx protocol: ACK or IN-SYNC. Peer DCBx Statu...

dot1p Value in the Incoming Frame Priority Group Assignment 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 50% LAN 45% PFC and ETS Configuration Command Examples The following examples show PFC and ETS con...

Dell(conf-qos-policy-out)# exit Dell(conf)# qos-policy-output ipc ets Dell(conf-qos-policy-out)# bandwidth-percentage 5 Dell(conf-qos-policy-out)# exit Example of Configuring a DCB Output Policy to Apply ETS (Bandwidth Allocation and Scheduling) to IPC, SAN, and LAN Priority Traffic Dell(conf)# dcb-...

In this example, the configured ETS bandwidth allocation and scheduler behavior is as follows: Unused bandwidth usage: Normally, if there is no traffic or unused bandwidth for a priority group, the bandwidth allocated to the group is distributed to the other priority groups according to the bandwidt...

Step Task Command Command Mode priority groups is made available and allocated according to the specified percentages. If a priority group does not use its allocated bandwidth, the unused bandwidth is made available to other priority groups. Example: priority-group 0 bandwidth 60 pfc off priority-gr...

Step Task Command Command Mode 1 Enter interface configuration mode on an Ethernet port. interface { tengigabitEthernet slot / port | fortygigabitEthernet slot / port } CONFIGURATION 2 Apply the DCB map on the Ethernet port to configure it with the PFC and ETS settings in the map; for example: Dell#...

Priority-Based Flow Control Using Dynamic Buffer Method Priority-based flow control using dynamic buffer spaces is supported on the S4810 platform. In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect o...

The show dcb command has been enhanced to display the following additional buffer-related information: S4810-YU-MR-Dell (conf)#do show dcb dcb Status : Enabled PFC Queue Count : 2 --Indicate the PFC queue configured. Total buffer (lossy + lossless)(in KB): 7787--Total buffer space for lossy and loss...

14 Dynamic Host Configuration Protocol (DHCP) Dynamic host configuration protocol (DHCP) is available on the S4810 platform.DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies d...

Option Number and DescriptionIdentifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Snooping Option 82Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database. User Por...

Configure the System to be a DHCP Server Configuring the system to be a DHCP server is supported only on the S4810 platform. A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making ho...

3. Specify the range of IP addresses from which the DHCP server may assign addresses.DHCP <POOL> mode network network/prefix-length • network : the subnet address. • prefix-length : specifies the number of bits used for the network portion of the address you specify. The prefix-length range is...

lease {days [hours] [minutes] | infinite} The default is 24 hours . Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client.To specify a default gateway, follow this step. • Specify default gateway(s) for the clients on the subnet, in order of pre...

Creating Manual Binding Entries An address binding is a mapping between the IP address and the media access control (MAC) address of a client.The DHCP server assigns the client an available IP address automatically, and then creates an entry in the binding table. However, the administrator can manua...

Configure the System to be a Relay Agent This feature is available on the S4810 platform. DHCP clients and servers request and offer configuration information via broadcast DHCP messages. Routers do not forward broadcasts, so if there are no DHCP servers on the subnet, the client does not receive a ...

Figure 37. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int gig 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10....

ICMP redirects are not sent ICMP unreachables are not sent Configure the System to be a DHCP Client A DHCP client is a network device that requests an IP address and configuration parameters from a DHCP server. Implement the DHCP client functionality as follows:• The switch can obtain a dynamically ...

• To display statistics about DHCP client interfaces, use the show ip dhcp client statistics interface type slot/port command. • To clear DHCP client statistics on a specified or on all interfaces, use the clear ip dhcp client statistics {all | interface type slot/port } command. • To display dynami...

Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel (LAG) interfaces as on a physical interface. DHCP Snooping A DHCP client can run on a switch simultaneously ...

The received stacking configuration is always applied on the master stack unit. option #230 "unit-number:3#priority:2#stack-group:14" Configure Secure DHCP The following feature is available on the S4810 platform, except where noted. DHCP as defined by RFC 2131 provides no authentication or ...

ip dhcp relay information-option remote-id DHCP Snooping DHCP snooping protects networks from spoofing. In the context of DHCP snooping, ports are either trusted or not trusted. By default, all ports are not trusted. Trusted ports are ports through which attackers cannot connect. Manually configure ...

3. Enable DHCP snooping on a VLAN.CONFIGURATION mode ip dhcp snooping vlan name Adding a Static Entry in the Binding Table To add a static entry in the binding table, use the following command. • Add a static entry in the binding table. EXEC Privilege mode ip dhcp snooping binding mac Clearing the B...

Drop DHCP Packets on Snooped VLANs Only Binding table entries are deleted when a lease expires or the relay agent encounters a DHCPRELEASE. Line cards maintain a list of snooped VLANs. When the binding table fills, DHCP packets are dropped only on snooped VLANs, while such packets are forwarded acro...

MAC flooding An attacker can send fraudulent ARP messages to the gateway until the ARP cache is exhausted, after which, traffic from the gateway is broadcast. Denial of service An attacker can send a fraudulent ARP messages to a client to associate a false MAC address with the gateway address, which...

To see how many valid and invalid ARP packets have been processed, use the show arp inspection statistics command. Dell#show arp inspection statistics Dynamic ARP Inspection (DAI) Statistics --------------------------------------- Valid ARP Requests : 0 Valid ARP Replies : 1000 Invalid ARP Requests ...

The DHCP binding table associates addresses the DHCP servers assign, with the port on which the requesting client is attached. When you enable IP source address validation on a port, the system verifies that the source IP address is one that is associated with the incoming port. If an attacker is im...

15 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) is supported on the S4810 platform. ECMP for Flow-Based Affinity ECMP for flow-based affinity is available on the S4810 platform. Flow-based affinity includes the following: • Link Bundle Monitoring Configuring the Hash Algorithm TeraScale...

CONFIGURATION mode. ipv6 ecmp-deterministic Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every cha...

NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when the user configures multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups. The ecmp-group indexes are generated in even numbers (0, 2, 4, 6... 1022) and are for informatio...

Creating an ECMP Group Bundle Within each ECMP group, you can specify an interface. If you enable monitoring for the ECMP group, the utilization calculation is performed when the average utilization of the link-bundle (as opposed to a single link within the bundle) exceeds 60%. 1. Create a user-defi...

16 FCoE Transit The Fibre Channel over Ethernet (FCoE) Transit feature is supported on the S4810 switch on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a S4810 sw...

Figure 38. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be...

The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • Allocate CAM resources for FCoE.• Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-V...

For VLAN membership, you must: • create the VLANs on the switch which handles FCoE traffic (use the interface vlan command). • configure each FIP snooping port to operate in Hybrid mode so that it accepts both tagged and untagged VLAN frames (use the portmode hybrid command). • configure tagged VLAN...

Table 20. Impact of Enabling FIP Snooping Impact Description MAC address learning MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically created by FIP snooping on server-facing ports in ENode mode. MTU auto-configuration MTU size is set to mini-jumbo (250...

3. Reload the switch to enable the configuration.EXEC Privilege mode. reload After the switch is reloaded, DCB/DCBx is enabled. 4. Enable the FCoE transit feature on a switch.CONFIGURATION mode. feature fip-snooping 5. Enable FIP snooping on all VLANs or on a specified VLAN.CONFIGURATION mode or VLA...

Command Output show fip-snooping statistics [interface vlan vlan-id | interface port-type port/ slot | interface port-channel port- channel-number ] Displays statistics on the FIP packets snooped on all interfaces, including VLANs, physical ports, and port channels. clear fip-snooping statistics [in...

Field Description Port WWPN Worldwide port name of the CNA port. Port WWNN Worldwide node name of the CNA port. The following example shows the show fip-snooping config command. Dell# show fip-snooping config FIP Snooping Feature enabled Status: Enabled FIP Snooping Global enabled Status: Enabled Gl...

Number of VN Port Session Timeouts :0 Number of Session failures due to Hardware Config :0 The following example shows the show fip-snooping statistics port-channel command. Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications :2 Number...

FCoE Transit Configuration Example The following illustration shows an S4810 switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 40. Configuration Example: FIP Snooping on an S4810 S...

17 Enabling FIPS Cryptography Federal information processing standard (FIPS) cryptography is supported on the S4810 platform.This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS sta...

Enabling FIPS Mode To enable or disable FIPS mode, use the console port.Secure the host attached to the console port against unauthorized access. Any attempts to enable or disable FIPS mode from a virtual terminal session are denied. When you enable FIPS mode, the following actions are taken: • If e...

Monitoring FIPS Mode Status To view the status of the current FIPS mode (enabled/disabled), use the following commands. • Use either command to view the status of the current FIPS mode. show fips status show system Examples of the show fips status and show system Commands The following example shows...

18 Force10 Resilient Ring Protocol (FRRP) Force10 resilient ring protocol (FRRP) is supported on the S4810 platform. FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can ...

The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node. Ring Status The ring failure notification and th...

Multiple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system. More than the recommended number of rings may cause interface instability. You can configure multiple rings with a single switch connection; a single ring can have multiple FRRP groups; multiple r...

Concept Explanation There is no periodic transmission of TCRHFs. The TCRHFs are sent on triggered events of ring failure or ring restoration only. Implementing FRRP • FRRP is media and speed independent.• FRRP is a Dell proprietary protocol that does not interoperate with any other vendor.• You must...

Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands.For more information about configuring VLANS in Layer 2 mode, refer to Layer 2 . Be sure to follow these guidelines: • All VLANS must ...

3. Assign the Primary and Secondary ports and the control VLAN for the ports on the ring.CONFIG-FRRP mode. interface primary int slot/port secondary int slot/port control-vlan vlan id Interface : • For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet then the slot/port information...

5. Identify the Member VLANs for this FRRP group.CONFIG-FRRP mode. member-vlan vlan-id { range } VLAN-ID, Range : VLAN IDs for the ring’s Member VLANs. 6. Enable this FRRP group on this switch.CONFIG-FRRP mode. no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOT...

• Show the information for the identified FRRP group. EXEC or EXEC PRIVELEGED mode. show frrp ring-id Ring ID: the range is from 1 to 255. • Show the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FR...

Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example,...

• Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config ! protocol gvrp n...

not be unconfigured when it receives a Leave PDU. Therefore, the registration mode on that interface is FIXED. • Forbidden Mode — Disables the port to dynamically register VLANs and to propagate VLAN information except information about VLAN 1. A port with forbidden registration type thus allows onl...

LeaveAll Timer 5000 Dell(conf)# Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer . RPM Redundancy The current version of Dell Networking OS supports 1+1 hitless route p...

20 High Availability (HA) High availability (HA) is supported on the S4810 platform.HA is a collection of features that preserves system continuity by maximizing uptime and minimizing packet loss during system disruptions. To support all the features within the HA collection, you should have the lat...

Specifying an Auto-Failover Limit When a non-recoverable fatal error is detected, an automatic failover occurs. However, Dell Networking OS is configured to auto-failover only three times within any 60 minute period. You may specify a different auto-failover count.To re-enable the auto-failover-limi...

Unit Type : Member Unit Status : not present Dell#con Dell(conf)#stack-unit 1 provision S4810 Dell(conf)#end Dell#show system stack-unit 1 -- Unit 1 -- Unit Type : Member Unit Status : not present Required Type : S4810 - 52-port GE/TE/FG (SE) Dell# Dell(conf)#interface tengigabitethernet 1/0 Dell(co...

Graceful Restart Graceful restart is supported on the S4810 platform. Graceful restart (also known as non-stop forwarding) is a protocol-based mechanism that preserves the forwarding table of the restarting router and its neighbors for a specified period to minimize the loss of packets. A graceful-r...

• Crash Log — contains trace messages related to IPC and IRC timeouts and task crashes on line cards and is stored under the directory CRASH_LOG_DIR. For more information about trace logs and configuration options, refer to S-Series Debugging and Diagnostics . Core Dumps A core dump is the contents ...

21 Internet Group Management Protocol (IGMP) Internet group management protocol (IGMP) is supported on the S4810 platform.Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. IGMP is a Layer 3 multicast pr...

Figure 42. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a m...

response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability to filter by multic...

Figure 44. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it wa...

Figure 45. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that...

Figure 46. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command. 2. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP Vers...

• Fast Convergence after MSTP Topology Changes • Designating a Multicast Router Interface Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP.To view IGMP-enabled interfaces, use the following command. • View IGMP-enabled interfaces. EXEC Privi...

IGMP version is 3 Dell(conf-if-gi-1/13)# Viewing IGMP Groups To view both learned and statically configured IGMP groups, use the following command. • View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell(conf-...

INTERFACE mode ip igmp query-interval • Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Adjusting the IGMP Querier Timeout Value If there is more than one multicast router on a sub...

Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). Then, after no response, it removes the group from the outgoing interface for the subnet.IGMP immediate leave reduces leave latency by ...

• View the configuration. CONFIGURATION mode show running-config • Disable snooping on a VLAN. INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks • Removing a Group-Port Association • Disabling Multicast Flooding • Specifying a Port as Connected to a Multicast Router • Configuring t...

• Configure the switch to only forward unregistered packets to ports on a VLAN that are connected to mrouter ports.CONFIGURATION mode no ip igmp snooping flood Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN, use the following commands. • Staticall...

ip igmp snooping last-member-query-interval Fast Convergence after MSTP Topology Changes The following describes the fast convergence feature. When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports exce...

routes. If SSH is specified as a management application, SSH links to and from an unknown destination uses the management default route. Protocol Separation When you configure the application application-type command to configure a set of management applications with TCP/UDP port numbers to the OS, ...

can configure two default routes, one configured on the management port and the other on the front-end port. Two tables, namely, Egress Interface Selection routing table and default routing table, are maintained. In the preceding table, the columns Client and Server indicate that the applications ca...

When the feature is disabled using the no management egress-interface-selection command, the following operations are performed: • All management application configuration is removed.• All routes installed in the management EIS routing table are removed. Handling of Management Route Configuration Wh...

the show management application pkt-drop-cntr command. This counter is cleared using clear management application pkt-drop-cntr command. • Packets whose destination TCP/UDP port does not match a configured management application, take the regular route lookup flow in the IP stack. • In the ARP layer...

traffic for such end-user-originated sessions destined to management port ip1 is handled using the EIS route lookup. Handling of Transit Traffic (Traffic Separation) This is forwarded traffic where destination IP is not an IP address configured in the switch. • Packets received on the management por...

This phenomenon occurs where traffic is transiting the switch. Traffic has not originated from the switch and is not terminating on the switch. • Drop the packets that are received on the front-end data port with destination on the management port. • Drop the packets that received on the management ...

Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled dns EIS Behavior Default Behavior ftp EIS Behavior Default Behavior ntp EIS Behavior Default Behavior radius EIS Behavior Default Behavior Sflow-collector Default Behavior Snmp (SNMP Mib response and SNMP Traps) EIS Behavior Default...

Default Behavior: Route lookup is done in the default routing table and appropriate egress port is selected. Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled ftp EIS Behavior Default Behavior http EIS Behavior Default Behavior ssh EIS Behavior Default Behavior Snmp (snmp mib respo...

Designating a Multicast Router Interface To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the fra...

22 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). • 10 Gigabit Ethernet / 40 Gigabit Ethernet interfaces are supported on the S4810 platform. Basic Interface Configuration • Interface Types • View Ba...

interface GigabitEthernet 9/7 no ip address shutdown ! interface GigabitEthernet 9/8 no ip address shutdown ! interface GigabitEthernet 9/9 no ip address shutdown Enabling a Physical Interface After determining the type of physical interfaces available, to enable and configure the interfaces, enter ...

Configuration Task List for Physical Interfaces By default, all interfaces are operationally disabled and traffic does not pass through them. The following section includes information about optional configurations for physical interfaces: • Overview of Layer Modes • Configuring Layer 2 (Data Link) ...

attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This feature does not support sFlow on stacked units.When you enable this feature, all management routes (connected, static, and default) are copied to the mana...

CONFIGURATION mode interface managementethernet interface The slot range is 0. • Configure an IP address and mask on a Management interface. INTERFACE mode ip address ip-address mask – ip-address mask : enter an address in dotted-decimal format (A.B.C.D). The mask must be in / prefix format (/x). Co...

Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- *S 0.0.0.0/0 via 10.11.131.254, Gi 0/48 1/0 1d2h C 10.11.130.0/23 Direct, Gi 0/48 0/0 1d2h Dell# VLAN Interfaces VLANs are logical interfaces and are, by default, in Layer 2 mode. Physical interfaces and port cha...

Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally.Because this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can pla...

Dell Networking OS brings up 10/100/1000 interfaces that are set to auto negotiate so that their speed is identical to the speed of the first channel member in the port channel. 10/100/1000 Mbps Interfaces in Port Channels When both 10/100/1000 interfaces and GigE interfaces are added to a port chan...

Creating a Port Channel You can create up to 128 port channels with eight port members per group on the S4810 . To configure a port channel, use the following commands. 1. Create a port channel.CONFIGURATION mode interface port-channel id-number 2. Ensure that the port channel is active.INTERFACE PO...

To add a physical interface to a port, use the following commands. 1. Add the interface to a port channel.INTERFACE PORT-CHANNEL mode channel-member interface The interface variable is the physical interface type and slot/port information. 2. Double check that the interface was added to the port cha...

When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief comman...

Dell(conf-if-po-4)#int port 3 Dell(conf-if-po-3)#channel tengi 0/8 Dell(conf-if-po-3)#sho conf ! interface Port-channel 3 no ip address channel-member TenGigabitEthernet 0/8 shutdown Dell(conf-if-po-3)# Configuring the Minimum Oper Up Links in a Port Channel You can configure the minimum links in a ...

3. Verify the manually configured VLAN membership ( show interfaces switchport interface command). EXEC mode Dell(conf)# interface tengigabitethernet 0/1 Dell(conf-if-te-0/1)#switchport Dell(conf-if-te-0/1)# vlan tagged 2-5,100,4010 Dell#show interfaces switchport te 0/1 Codes: U - Untagged, T - Tag...

assigned to one link. In packet-based hashing, a single flow can be distributed on the LAG and uses one link.Packet based hashing is used to load balance traffic across a port-channel based on the IP Identifier field within the packet. Load balancing uses source and destination packet information to...

Bulk Configuration Bulk configuration allows you to determine if interfaces are present for physical interfaces or configured for logical interfaces. Interface Range An interface range is a set of interfaces to which other commands may be applied and may be created if there is at least one valid int...

Create a Multiple-Range The following is an example of multiple range. Example of the interface range Command (Multiple Ranges) Dell(conf)#interface range tengigabitethernet 0/5 - 10 , tengigabitethernet 0/1 , vlan 1 Dell(conf-if-range-te-0/5-10,te-0/1,vl-1)# Exclude Duplicate Entries The following ...

Add Ranges The following example shows how to use commas to add VLAN and port-channel interfaces to the range. Example of Adding VLAN and Port-Channel Interface Ranges Dell(config-if-range-te-1/1-2)# interface range Vlan 2 – 100 , Port 1 – 25 Dell(config-if-range-te-1/1-2-so-5/1-vl-2-100-po-1-25)# n...

Monitoring and Maintaining Interfaces Monitor interface statistics with the monitor interface command. This command displays an ongoing list of the interface status (up/down), number of packets, traffic statistics, and so on. To view the interface’s statistics, use the following command. • View the ...

Output throttles: 0 0 pps 0 m - Change mode c - Clear screen l - Page up a - Page down T - Increase refresh interval t - Decrease refresh interval q - Quit q Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool ...

NOTE: When you split a 40G port (such as fo 0/4) into four 10G ports, the 40G interface configuration is available in the startup configuration when you save the running configuration by using the write memory command. When a reload of the system occurs, the 40G interface configuration is not applic...

• improves network stability by penalizing misbehaving interfaces and redirecting traffic.• improves convergence times and stability throughout the network by isolating failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces...

clear dampening Example of the clear dampening Command Dell# clear dampening interface Gi 0/1 Dell# show interfaces dampening GigabitEthernet0/0 InterfaceStateFlapsPenaltyHalf-LifeReuseSuppressMax-Sup Gi 0/1Up00205001500300 Link Dampening Support for XML View the output of the following show command...

• Enable link bundle monitoring. ecmp-group • View all LAG link bundles being monitored. show running-config ecmp-group Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the S4810 platform. Ethernet Pause Frames allow for a temporary stop in d...

Threshold Settings Threshold settings are supported on the S4810 platform. When the transmission pause is set ( tx on ), you can set three thresholds to define the controls more closely. Ethernet pause frames flow control can be triggered when either the flow control buffer threshold or flow control...

* Number of flow-control packet pointers: the range is from 1 to 2047 (default = 75 ). * Flow-control buffer threshold in KB: the range is from 1 to 2013 (default = 49KB ). * Flow-control discard threshold in KB: the range is from 1 to 2013 (default= 75KB ) Pause control is triggered when either the...

For example, the VLAN contains tagged members with Link MTU of 1522 and IP MTU of 1500 and untagged members with Link MTU of 1518 and IP MTU of 1500. The VLAN’s Link MTU cannot be higher than 1518 bytes and its IP MTU cannot be higher than 1500 bytes. Port-Pipes A port pipe is a Dell Networking-spec...

4. Access the port.CONFIGURATION mode interface interface slot/port 5. Set the local port speed.INTERFACE mode speed {10 | 100 | 1000 | auto} 6. Optionally, set full- or half-duplex.INTERFACE mode duplex {half | full} 7. Disable auto-negotiation on the port.INTERFACE mode no negotiation auto If the ...

interface GigabitEthernet 0/1 no ip address speed 100 duplex full no shutdown Set Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave once auto-negotiation is enabled. CAUTION: Ensure that only one end of the ...

Examples of the show Commands The following example lists the possible show commands that have the configured keyword available: Dell#show interfaces configured Dell#show interfaces stack-unit 0 configured Dell#show interfaces tengigabitEthernet 0 configured Dell#show ip interface configured Dell#sh...

Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, Dell Networking OS automatically turns on counting when you enable the application, and is turned off when you disable the application. NOTE: If you enable more than four counter-depende...

– (OPTIONAL) To clear statistics for all VRRP groups configured, enter the keyword vrrp . Enter a number from 1 to 255 as the vrid . – (OPTIONAL) To clear unknown source address (SA) drop counters when you configure the MAC learning limit on the interface, enter the keywords learning-limit . Example...

Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. 1. Define the transform set.CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption des 2. Define the crypto policy.CONFIGURATION mode crypto ipsec policy my...

24 IPv4 Routing IPv4 routing is supported on the S4810 platform. The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in th...

• Assigning IP Addresses to an Interface (mandatory) • Configuring Static Routes (optional) • Configure Static Routes for the Management Interface (optional) For a complete listing of all commands related to IP addressing, refer to the Dell Networking OS Command Line Interface Reference Guide . Assi...

interface GigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown ! Dell(conf-if)# Dell(conf-if)#show conf ! interface GigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown ! Dell(conf-if)# Configuring Static Routes A static route is an IP address that you manually configure and that the routing p...

S 6.1.2.4/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.5/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.6/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.7/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.8/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.9/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.10/32 via ...

S 6.1.2.6/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.7/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.8/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.9/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.10/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.11/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.12/32 vi...

Using the Configured Source IP Address in ICMP Messages This feature is supported on the S4810 platform. ICMP error or unreachable messages are now sent with the configured IP address of the source interface instead of the front-end port IP address as the source IP address. Enable the generation of ...

To configure the duration for which the device waits for the ACK packet to be sent from the requesting host to establish the TCP connection, perform the following steps: 1. Define the wait duration in seconds for the TCP connection to be established.CONFIGURATION mode Dell(conf)#ip tcp reduced-syn-a...

CONFIGURATION mode ip domain-lookup • Specify up to six name servers. CONFIGURATION mode ip name-server ip-address [ ip-address2 ... ip-address6 ] The order you entered the servers determines the order of their use. Example of the show hosts Command To view current bindings, use the show hosts comma...

Configuring DNS with Traceroute To configure your switch to perform DNS with traceroute, use the following commands. • Enable dynamic resolution of host names. CONFIGURATION mode ip domain-lookup • Specify up to six name servers. CONFIGURATION mode ip name-server ip-address [ ip-address2 ... ip-addr...

corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time.For more information about ARP, refer to RFC 826, An Ethernet Address Resolution Protocol . In Dell Networking OS, Proxy ARP enables hosts with knowledge of the n...

-------------------------------------------------------------------------------- Internet 10.1.2.4 17 08:00:20:b7:bd:32 Ma 1/0 - CP Dell# Enabling Proxy ARP By default, Proxy ARP is enabled. To disable Proxy ARP, use the no proxy-arp command in the interface mode.To re-enable Proxy ARP, use the foll...

Figure 48. ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable ARP learning via gratuitous ARP, the system does not look up the target IP. It only updates the ARP entry for the Layer 3 interface with the source IP of the request. Configuring ARP Re...

ICMP For diagnostics, the internet control message protocol (ICMP) provides routing information to end stations by choosing the best route (ICMP redirect messages) or determining if a router is reachable (ICMP Echo or Echo Reply).ICMP error messages inform the router of problems in a particular pack...

2. Configure a broadcast address on interfaces that will receive UDP broadcast traffic. Refer to Configuring a Broadcast Address . Important Points to Remember • The existing ip directed broadcast command is rendered meaningless if you enable UDP helper on the same interface. • The broadcast traffic...

untagged GigabitEthernet 1/2 no shutdown To view the configured broadcast address for an interface, use show interfaces command. R1_E600(conf)#do show interfaces vlan 100 Vlan 100 is up, line protocol is down Address is 00:01:e8:0d:b9:7a, Current address is 00:01:e8:0d:b9:7a Interface index is 11077...

Figure 49. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching inter...

UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a destination IP address that matches the configured broadcas...

When using the IP helper and UDP helper on the same interface, use the debug ip dhcp command. Example Output from the debug ip dhcp Command Packet 0.0.0.0:68 -> 255.255.255.255:67 TTL 128 2005-11-05 11:59:35 %RELAY-I-PACKET, BOOTP REQUEST (Unicast) received at interface 172.21.50.193 BOOTP Reques...

25 IPv6 Routing Internet protocol version 6 (IPv6) routing is supported on the S4810 platform. NOTE: The IPv6 basic commands are supported on all platforms. However, not all features are supported on all platforms, nor for all releases. To determine the Dell Networking Operating System (OS) version ...

NOTE: Dell Networking OS provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS). By default, RA response messages are sent when an RS message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports ...

IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 52. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any d...

The following lists the Next Header field values. Value Description 0 Hop-by-Hop option header 4 IPv4 6 TCP 8 Exterior Gateway Protocol (EGP) 41 IPv6 43 Routing header 44 Fragmentation header 50 Encrypted Security 51 Authentication header 59 No Next Header 60 Destinations option header NOTE: This ta...

However, if the Destination Address is a Hop-by-Hop options header, the Extension header is examined by every forwarding router along the packet’s route. The Hop-by-Hop options header must immediately follow the IPv6 header, and is noted by the value 0 (zero) in the Next Header field. Extension head...

of double colons is supported in a single address. Any number of consecutive 0000 groups may be reduced to two colons, as long as there is only one double colon used in an address. Leading and/or trailing zeros in a group can also be omitted (as in ::1 for localhost, 1:: for network addresses and ::...

Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform. The sections following the table give gre...

Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location S4810 (outbound SSH) Layer 3 only Secure Shell (SSH) server support over IPv6 (inbound SSH) Layer 3 only 8.3.10 Secure Shell (SSH) Over an IPv6 Transport IPv6 Access Control Lists 8.3.10 IPv6 Access ...

Figure 53. Path MTU Discovery Process IPv6 Neighbor Discovery IPv6 neighbor discovery protocol (NDP) is supported on the S4810 platform. NDP is a top-level protocol for neighbor discovery on an IPv6 network. In lieu of address resolution protocol (ARP), NDP uses “Neighbor Solicitation” and “Neighbor...

Figure 54. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate...

The DNS server address does not allow the following: • link local addresses• loopback addresses• prefix addresses• multicast addresses• invalid host addresses If you specify this information in the IPv6 RDNSS configuration, a DNS error is displayed. Example for Configuring an IPv6 Recursive DNS Serv...

Displaying IPv6 RDNSS Information To display IPv6 interface information, including IPv6 RDNSS information, use the show ipv6 interface command in EXEC or EXEC Privilege mode. Examples of Displaying IPv6 RDNSS Information The following example displays IPv6 RDNSS information. The output in the last 3...

Secure Shell (SSH) Over an IPv6 Transport IPv6 secure shell (SSH) is supported on the S4810 platform. Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Lay...

The total space allocated must equal 13. The ipv6acl range must be a factor of 2. • Show the current CAM settings. EXEC mode or EXEC Privilege mode show cam-acl • Provides information on FP groups allocated for the egress acl. CONFIGURATION mode show cam-acl-egress Allocate at least one group for L2...

– prefix : IPv6 route prefix – type { slot/port } : interface type and slot/port – forwarding router : forwarding router’s address – tag : route tag Enter the keyword interface then the type of interface and slot/port information: – For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthe...

• snmp-server community access-list-name ipv6 • snmp-server group ipv6 • snmp-server group access-list-name ipv6 Showing IPv6 Information All of the following show commands are supported on the S4810 platform. View specific IPv6 configuration with the following commands. • List the IPv6 show options...

– For a VLAN interface, enter the keyword vlan then the VLAN ID. Example of the show ipv6 interface Command (S4810 ) Dell#show ipv6 int man 1/0 ManagementEthernet 1/0 is up, line protocol is up IPV6 is enabled Stateless address autoconfiguration is enabled Link Local address: fe80::201:e8ff:fe8b:386...

– To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command. Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0 static 0 0 Total...

– For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/ port information. – For the Management interface on the RPM, enter the keyword ManagementEthernet then the slot/port information. – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the ...

Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets. When ...

If more than 256 simultaneous sessions are logged continuously, the following message displays indicating the queue rate limit has been reached: %STKUNIT2-M:CP %iSCSI-5-ISCSI_OPT_MAX_SESS_EXCEEDED: New iSCSI Session Ignored: ISID - 400001370000 InitiatorName - iqn.1991-05.com.microsoft:dt-brcd-cna-2...

iSCSI optimization, which can turn on flow control again on reboot, use the no iscsi enable command and save the configuration. When you enable iSCSI on the switch, the following actions occur: • Link-level flow control is globally enabled, if it is not already enabled, and PFC is disabled.• iSCSI s...

Parameter Default Value iSCSI session monitoring Disabled. The CAM allocation for iSCSI is set to zero (0). iSCSI Optimization Prerequisites The following are iSCSI optimization prerequisites. • iSCSI optimization requires LLDP on the switch. LLDP is enabled by default (refer to Link Layer Discovery...

8. (Optional) Set the aging time for iSCSI session monitoring.CONFIGURATION mode [no] iscsi aging time time . The range is from 5 to 43,200 minutes. The default is 10 minutes . 9. (Optional) Configures DCBX to send iSCSI TLV advertisements.LLDP CONFIGURATION mode or INTERFACE LLDP CONFIGURATION mode...

27 Intermediate System to Intermediate System Intermediate system to intermediate system (Is-IS) is supported on the S4810 platform. • IS-IS is supported on the S4810 with Dell Networking Operating System (OS) 8.3(10.0).•• The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest...

A new TLV (the Restart TLV) is introduced in the IIH PDUs, indicating that the router supports graceful restart. Timers Three timers are used to support IS-IS graceful restart functionality. After you enable graceful restart, these timers manage the graceful restart process. There are three times, T...

• Accepts external IPv6 information and advertises this information in the PDUs. The following table lists the default IS-IS values. Table 31. IS-IS Default Values IS-IS Parameter Default Value Complete sequence number PDU (CSNP) interval 10 seconds IS-to-IS hello PDU interval 10 seconds IS-IS inter...

4. Enter an IPv4 Address.INTERFACE mode ip address ip-address mask Assign an IP address and mask to the interface. The IP address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 5. Enter an IPv6 Address.INTERFACE mode ipv6 address i...

3. Set the minimum interval between SPF calculations.ROUTER ISIS AF IPV6 mode spf-interval [level-l | level-2 | interval] [initial_wait_interval [second_wait_interval]] Use this command for IPv6 route computation only when you enable multi-topology. If using single-topology mode, to apply to both IP...

Mode: Normal L1-State:NORMAL, L2-State: NORMAL L1: Send/Receive: RR:0/0, RA: 0/0, SA:0/0 T1 time left: 0, retry count left:0 L2: Send/Receive: RR:0/0, RA: 0/0, SA:0/0 T1 time left: 0, retry count left:0 Dell# To view all interfaces configured with IS-IS routing along with the defaults, use the show ...

lsp-refresh-interval seconds – seconds : the range is from 1 to 65535. The default is 900 seconds . • Set the maximum time LSPs lifetime. ROUTER ISIS mode max-lsp-lifetime seconds – seconds : the range is from 1 to 65535. The default is 1200 seconds . Example of Viewing IS-IS Configuration (ROUTER I...

Metric Style Characteristics Cost Range Supported on IS-IS Interfaces narrow transition Sends narrow (old) TLVs and accepts both narrow (old) and wide (new) TLVs. 0 to 63 wide transition Sends wide (new) TLVs and accepts both narrow (old) and wide (new) TLVs. 0 to 16777215 To change the IS-IS metric...

– default-metric : the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. The range is from 0 to 16777215 if the metric style is wide or wide transition. • Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | lev...

• Change the IS-type for the IS-IS process. ROUTER ISIS mode is-type {level-1 | level-1-2 | level-2} Example of the show isis database Command to View Level 1-2 Link State Databases To view which IS-type is configured, use the show isis protocol command in EXEC Privilege mode. The show config comman...

Applying IPv6 Routes To apply prefix lists to incoming or outgoing IPv6 routes, use the following commands. NOTE: These commands apply to IPv6 IS-IS only. To apply prefix lists to IPv4 routes, use ROUTER ISIS mode, previously shown. • Apply a configured prefix list to all incoming IPv6 IS-IS routes....

NOTE: These commands apply to IPv4 IS-IS only. To apply prefix lists to IPv6 routes, use ADDRESS-FAMILY IPV6 mode, shown later. • Include BGP, directly connected, RIP, or user-configured (static) routes in IS-IS. ROUTER ISIS mode redistribute {bgp as-number | connected | rip | static} [level-1 level...

– map-name : enter the name of a configured route map. • Include specific OSPF routes in IS-IS.ROUTER ISIS mode redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value ] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name ] Configure th...

Setting the Overload Bit Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the ove...

• narrow (supports only type, length, and value [TLV] up to 63)• wide (supports TLV up to 16777215)• transition (supports both narrow and wide and uses a TLV up to 63)• narrow transition (accepts both narrow and wide and sends only narrow or old-style TLV)• wide transition (accepts both narrow and w...

Table 34. Metric Value when the Metric Style Changes Multiple Times Beginning Metric Style Next Metric Style Resulting Metric Value Next Metric Style Final Metric Value wide transition truncated value wide original value is recovered wide transition transition truncated value wide transition origina...

28 Link Aggregation Control Protocol (LACP) Link aggregation control protocol (LACP) is supported on the S4810 platform. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across...

• There is a difference between the shutdown and no interface port-channel commands: – The shutdown command on LAG “xyz” disables the LAG and retains the user commands. However, the system does not allow the channel number “xyz” to be statically created. – The no interface port-channel channel-numbe...

• Configure LACP mode. LACP mode [no] port-channel number mode [active | passive | off] – number : cannot statically contain any links. The default is LACP active . • Configure port priority. LACP mode [no] lacp port-priority priority-value The range is from 1 to 65535 (the higher the number, the lo...

Configuring the LAG Interfaces as Dynamic After creating a LAG, configure the dynamic LAG interfaces. To configure the dynamic LAG interfaces, use the following command. • Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Co...

Dell(conf-if-po-32)#switchport Dell(conf-if-po-32)#lacp long-timeout Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.45a5 Actor Admin Key 1, Oper Key 1...

Figure 58. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking. To achie...

As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 59. Configuring Shared LAG State Tracking The...

• If a LAG that is part of a failover group is deleted, the failover group is deleted.• If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two ro...

29 Layer 2 Layer 2 features are supported on the S4810 platform. Manage the MAC Address Table Dell Networking OS provides the following management activities for the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries • Configuring a Static MAC Address • ...

The range is from 10 to 1000000. Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-a...

interface ) before the system verifies that sufficient CAM space exists. If the CAM check fails, a message is displayed: %E90MH:5 %ACL_AGENT-2-ACL_AGENT_LIST_ERROR: Unable to apply access-list Mac-Limit on GigabitEthernet 5/84 In this case, the configuration is still present in the running-config an...

no ip address switchport mac learning-limit 1 dynamic no-station-move mac learning-limit station-move-violation log no shutdown Learning Limit Violation Actions Learning limit violation actions are supported only on the S4810 platform.To configure the system to take an action when the MAC learning l...

Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down using the shu...

When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (shown in the following) and Port 0/5 is the failover port. When the NIC fails, the system automatically sends an ARP request for the gateway or host NIC to resolve the ARP and refresh the ...

LACP) port-channel interface as either the primary or backup link in a redundant pair with a physical interface. To ensure that existing network applications see no difference when a primary interface in a redundant pair transitions to the backup interface, be sure to apply identical configurations ...

inactive: Vl 1 00:24:55: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Gi 3/42 00:24:55: %RPM0-P:CP %IFMGR-5-ACTIVE: Changed Vlan interface state to active: Vl 1 00:24:55: %RPM0-P:CP %IFMGR-5-STATE_STBY_ACT: Changed interface state from standby to active: Gi 3/42 Dell(conf-if-gi-3/41...

Figure 70. Configuring Far-End Failure Detection The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not availabl...

4. If the FEFD enabled system is configured to use FEFD in Normal mode and neighboring echoes are not received after three intervals, (you can set each interval can be set between 3 and 300 seconds) the state changes to unknown. 5. If the FEFD system has been set to Aggressive mode and neighboring e...

To report interval frequency and mode adjustments, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3.INTERFACE mode ip address ip address , switchport 2. Activate the necessary ports administratively.INTEFACE mode no shutdown 3. Enable fefd globally.CONFIGU...

To set up and activate two or more connected interfaces, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3.INTERFACE mode ip address ip address , switchport 2. Activate the necessary ports administratively.INTERFACE mode no shutdown 3. INTERFACE mode fefd {...

Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Gi 1/0) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Gi 4/0) Sender hold time -- 3 (second) 2w1d22h : FEFD packet received on interface Gi 4/0 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:...

30 Link Layer Discovery Protocol (LLDP) The link layer discovery protocol (LLDP) is supported on the S4810 platform. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration informat...

Table 37. Type, Length, Value (TLV) Types Type TLV Description 0 End of LLDPDU Marks the end of an LLDPDU. 1 Chassis ID An administratively assigned name that identifies the LLDP agent. 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received. 3 Tim...

Figure 73. Organizationally Specific TLV IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs. Table 38. O...

Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: • manage inventory• manage Power over Ethernet (PoE)• identify physical location• identify network policy LLDP-MED is designed for, but not limited to, VoIP endpoints. TIA Organizationally Speci...

Type SubType TLV Description None or all TLVs must be supported. Dell Networking OS does not currently support these TLVs. 127 5 Inventory — Hardware Revision Indicates the hardware revision of the LLDP-MED device. 127 6 Inventory — Firmware Revision Indicates the firmware revision of the LLDP-MED d...

Figure 74. LLDP-MED Capabilities TLV Table 40. Dell Networking OS LLDP-MED Capabilities Bit Position TLV Dell Networking OS Support 0 LLDP-MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6–15 reser...

Extended Power via MDI TLV The extended power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices. Advertise the extended power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • Power Type — there are two po...

Important Points to Remember • LLDP is enabled by default.• Dell Networking systems support up to eight neighbors per interface.• Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not con...

Enabling LLDP LLDP is enabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs.To enable LLDP, use the following command. 1. Enter Protocol LLDP mode.CONFIGURATION or INTERFACE mode protocol lldp 2. Enable LLDP.PROTOC...

3. Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no . Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • If you configure the ...

Figure 77. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Examples of Viewing LLDP Configurations Dell(conf)#protocol lldp Dell(conf-lldp)#show config ! protocol ...

Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • Display brief information about adjacent devices. show lldp neighbors • Display all of the information ...

Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds . To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval. CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals R1(conf)#proto...

• Return to the default setting. CONFIGURATION mode or INTERFACE mode no mode Example of Configuring a Single Mode R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-...

advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#multiplier ? <2-10> Multiplier (default=4) R1(conf-lldp)# multiplier 5 R1(conf-lldp)#show config ! protocol lldp adve...

Figure 78. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs• the LLDP configuration on the local agent• IEEE 802.1AB Or...

31 Microsoft Network Load Balancing This functionality is supported on the S4810 platform. Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. NLB uses a distributed methodology or pattern to eq...

• With NLB feature enabled, after learning the NLB ARP entry, all the subsequent traffic is flooded on all ports in VLAN1. With NLB, the data frame is forwarded to all the servers for them to perform load-balancing. NLB Multicast Mode Scenario Consider a sample topology in which four servers, namely...

flooded out of all member ports. Since all the servers in the cluster receive traffic, failover and balancing are preserved. Enable and Disable VLAN Flooding • The older ARP entries are overwritten whenever newer NLB entries are learned.• All ARP entries, learned after the feature is enabled, are de...

32 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on the S4810 platform. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous se...

Figure 84. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP.CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains.CONFIGURATION mode ip msdp peer connect-source Multicast Source Discovery Protocol (MSDP...

Examples of Configuring and Viewing MSDP R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr Local Addr State Source SA Up/Down Description To view details about a peer, use the show ip msdp peer command in ...

Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking OS caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the ...

Figure 88. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command.• Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check.CONFIGURATION mode ip msdp default-peer ip-address li...

Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 73 00:13:49 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 73 00:13:4...

Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache. To apply the redistribute filter to ...

R3_E600(conf)#do show ip msdp sa-cache R3_E600(conf)# R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.0(639) Connect Source: Lo 0 State: Listening Up/Down Time: 00:01:19 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from th...

Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP addres...

Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.3(639) Connect Source: Lo 0 State: Established Up/Down Time: 00:04:26 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (i...

Configuring Anycast RP To configure anycast RP, use the following commands. 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address.CONFIGURATION mode interface loopback 2. Make this address the RP for the gro...

neighbor 192.168.0.22 remote-as 100 neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.22 update-source Loopback 0 neighbor 192.168.0.22 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.11 connect-source Loopback 0 ip msdp peer 192.168.0.22 connect-source Loopback 0 ip msdp sa-filter o...

Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 47. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tr...

• Prevent Network Disruptions with BPDU Guard • Enabling SNMP Traps for Root Elections and Topology Changes • Configuring Spanning Trees as Hitless Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands.When you enable MSTP, all phy...

Influencing MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it becomes the root bridge.To change the bridge priority, use the following command. • Assign a number as the bridge priority. PROTOCOL MSTP mode msti inst...

NOTE: Some non-Dell Networking OS equipment may implement a non-null default region name. SFTOS, for example, uses the Bridge ID, while others may use a MAC address. Changing the Region Name or Revision To change the region name or revision, use the following commands. • Change the region name. PROT...

Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port. • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding por...

you implement only bpduguard , although the interface is placed in an Error Disabled state when receiving the BPDU, the physical interface remains up and spanning-tree drops packets in the hardware after a BPDU violation. BPDUs are dropped in the software after receiving the BPDU violation. This fea...

To view the enable status of this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 9...

! (Step 3) interface Vlan 100 no ip address tagged GigabitEthernet 1/21,31 no shutdown ! interface Vlan 200 no ip address tagged GigabitEthernet 1/21,31 no shutdown ! interface Vlan 300 no ip address tagged GigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the foll...

(Step 2) interface 1/0/31 no shutdown spanning-tree port mode enable switchport protected 0 exit interface 1/0/32 no shutdown spanning-tree port mode enable switchport protected 0 exit (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit in...

34 Multicast Features Multicast features are supported on the S4810 platform. NOTE: Multicast is supported on secondary IP addresses on the S4810 platform. NOTE: Multicast routing for IPv6 is not supported. The Dell Networking Operating System (OS) supports the following multicast protocols: • PIM S...

Protocol Ethernet Address PIM-SM 01:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner- traceroute-ipm . • Multicast is not supported on secondary IP addresses.• Egress L3 ACL is not applied to multicast data traffic if you enable multicast...

• If the limit is decreased after it is reached, Dell Networking OS does not clear the existing sessions. Entries are cleared after a timeout (you may also clear entries using clear ip mroute ). NOTE: Dell Networking OS waits at least 30 seconds between stopping and starting IGMP join processing. Yo...

Location Description • ip igmp access-group igmpjoinfilR2G2 • no shutdown Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined.Hosts whose IGMP requests are denied will use the retry mecha...

Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using th...

35 Open Shortest Path First (OSPFv2 and OSPFv3) Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on the S4810 platform.This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Opera...

Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers. An area within the AS may not see the de...

An ABR can connect to many areas in an AS, and is considered a member of each area it connects to. Autonomous System Border Router (ASBR) The autonomous system border area router (ASBR) connects to more than one AS and exchanges information with the routers in other ASs. Generally, the ASBR connects...

available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement originated. The link-state ID for Type 4 LSAs is the router ID of the described ASBR). • Type 5: LSA — These LSAs contain information imported into OSPF from other routing processes. They ar...

OSPF with Dell Networking OS Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within that 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes. Dell Networking OS supports multiple OSPF processes (OSPF MP) on OSPFv2 only. The S481...

Multi-Process OSPFv2 (IPv4 only) Multi-process OSPF is supported on the S4810 platform with Dell Networking OS version 7.8.1.0 and later, and is supported on OSPFv2 with IPv4 only. Multi-process OSPF allows multiple OSPFv2 processes on a single router. Multiple OSPFv2 processes allow for isolating r...

Dell (conf-if-gi-2/2)#ip ospf dead-interval 80 Dell(conf-if-gi-2/2)# In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell (conf-if-gi-2/2)#ip ospf dead-interval 20 Dell (conf-if-gi-2/2)#do show ip os int gi1/3 GigabitEthernet 2/2 is up, line protocol is u...

• Troubleshooting OSPFv2 1. Configure a physical interface. Assign an IP address, physical or Loopback, to the interface to enable Layer 3 routing. 2. Enable OSPF globally. Assign network area and neighbors. 3. Add interfaces or configure other attributes. For a complete list of the OSPF commands, r...

Assigning a Router ID In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also descr...

3. Return to CONFIGURATION mode to enable the OSPFv2 process globally.CONFIGURATION mode router ospf process-id [vrf] The range is from 0 to 65535. After the OSPF process and the VRF are tied together, the OSPF process ID cannot be used again in the system. If you try to enable more OSPF processes t...

Example of Viewing OSPF Status on a Loopback Interface Dell#show ip ospf 1 int GigabitEthernet 13/23 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.2, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DROTHER, Priority 1 Design...

Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database- summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID Router ...

Example of Viewing Passive Interfaces When you configure a passive interface, the show ip ospf process-id interface command adds the words passive interface to indicate that the hello packets are not transmitted on that interface (shown in bold). Dell#show ip ospf 34 int GigabitEthernet 0/0 is up, l...

NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support. Examples of the fast-converge Command In the examples below,...

The bold lines in the example show the change on the interface. The change is reflected in the OSPF configuration. Dell(conf-if)# ip ospf cost 45 Dell(conf-if)#show config ! interface GigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip o...

Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process.For more information, refer to Graceful Restart . The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • grace period — the length of time the graceful restart process can last b...

3. Configure the graceful restart role or roles that this OSPFv2 router performs.CONFIG-ROUTEROSPF- id mode graceful-restart role [helper-only | restart-only] Dell Networking OS supports the following options:• Helper-only : the OSPFv2 router supports graceful-restart only as a helper router. • Rest...

seq sequence-number {deny |permit} ip-prefix [ge min-prefix-length] [le max- prefix-length] The optional parameters are:– ge min-prefix-length : is the minimum prefix length to match (from 0 to 32). – le max-prefix-length : is the maximum prefix length to match (from 0 to 32). For configuration info...

network 10.1.2.32 0.0.0.255 area 2.2.2.2 network 10.1.3.24 0.0.0.255 area 3.3.3.3 distribute-list dilling in Dell(conf-router_ospf)# Troubleshooting OSPFv2 Dell Networking OS has several tools to make troubleshooting easier. Be sure to check the following, as these questions represent typical issues...

• View debug messages. EXEC Privilege mode debug ip ospf process-id [event | packet | spf | database-timers rate-limit] To view debug messages for a specific OSPF process ID, use the debug ip ospf process-id command. If you do not enter a process ID, the command applies to the first OSPF process. To...

OSPF Area 0 — Gl 2/1 and 2/2 router ospf 22222 network 192.168.100.0/24 area 0 network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0 ! interface Loopback 20 ip address 192.168.100.20/24 no shutdown ! interface GigabitEthernet 2/1 ip address 10.2.21.2/24 no shutdown ! interface GigabitEthernet 2/2 ...

Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands. 1. Assign an IPv6 address to the interface.CONF-INT-type slot/port mode ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits; separate ea...

– number : the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Enter an example that illustrates the cu...

period command. The grace period is the time that the OSPFv3 neighbors continue to advertise the restarting router as though it is fully adjacent. When you enable graceful restart (restarting role), an OSPFv3 restarting expects its OSPFv3 neighbors to help when it restarts by not advertising the bro...

The following example shows the show ipv6 ospf database grace-lsa command. Dell#show ipv6 ospf database grace-lsa ! Type-11 Grace LSA (Area 0) LS Age : 10 Link State ID : 6.16.192.66 Advertising Router : 100.1.1.1 LS Seq Number : 0x80000001 Checksum : 0x1DF1 Length : 36 Associated Interface : Gi 5/3...

between the two mechanisms is the extent of the coverage. ESP only protects IP header fields if they are encapsulated by ESP. You decide the set of IPsec protocols that are employed for authentication and encryption and the ways in which they are employed. When you correctly implement and deploy IPs...

– Configuring IPsec Authentication on an Interface – Configuring IPsec Encryption on an Interface – Configuring IPsec Authentication for an OSPFv3 Area – Configuring IPsec Encryption for an OSPFv3 Area – Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface To co...

NOTE: When you configure encryption using the ipv6 ospf encryption ipsec command, you enable both IPsec encryption and authentication. However, when you enable authentication on an interface using the ipv6 ospf authentication ipsec command, you do not enable encryption at the same time. The SPI valu...

If you have enabled IPSec encryption in an OSPFv3 area using the area encryption command, you cannot use the area authentication command in the area at the same time. The configuration of IPSec authentication on an interface-level takes precedence over an area-level configuration. If you remove an i...

– area area-id : specifies the area for which OSPFv3 traffic is to be encrypted. For area-id , enter a number or an IPv6 prefix. – spi number : is the security policy index (SPI) value. The range is from 256 to 4294967295. – esp encryption-algorithm : specifies the encryption algorithm used with ESP...

Examples of the show crypto ipsec Commands In the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted (shown in bold). The following example shows the show crypto ipsec policy command. Dell#show crypto ipsec policy Crypto IPSec client s...

outbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE inbound esp sas outbound esp sas Interface: TenGigabitEthernet 0/1 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outb...

• show ipv6 routes Viewing Summary Information To get general route, configuration, links status, and debug information, use the following commands. • View the summary information of the IPv6 routes. EXEC Privilege mode show ipv6 route summary • View the summary information for the OSPFv3 database. ...

36 Policy-based Routing (PBR) Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface.This chapter covers the following topics: • Overview• Implementing Policy-based Routing with Dell Networking OS• Configuration Task List for Policy-based Routi...

Implementing Policy-based Routing with Dell Networking OS • Non-contiguous bitmasks for PBR• Hot-Lock PBR Non-contiguous bitmasks for PBR Non-contiguous bitmasks for PBR allows more granular and flexible control over routing policies. Network addresses that are in the middle of a subnet can be inclu...

NOTE: If, the redirect-list is applied to an interface, the output of show ip redirect-list redirect-list- name command displays reachability and ARP status for the specified next-hop. Showing CAM PBR Configuration Example : Dell(conf-if-te-2/1)#do show cam pbr stack-unit 0 port-set 0 TCP Flag: Bit ...

Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/...

View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23), ARP resolved seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23), ARP resolved seq 15 per...

37 PIM Sparse-Mode (PIM-SM) Protocol-independent multicast sparse-mode (PIM-SM) is supported on the S4810 platform.PIM-SM is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM-Dense mode, which forwards...

Important Point to Remember If you use a Loopback interface with a /32 mask as the RP, you must enable PIM Sparse-mode on the interface. Configuring PIM-SM Configuring PIM-SM is a three-step process. 1. Enable multicast routing (refer to the following step). 2. Select a rendezvous point. 3. Enable P...

Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. • Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Example of Viewing an RP on a ...

interface out of which it is sent and a DR priority value. The router with the greatest priority value is the DR. If the priority value is the same for two routers, then the router with the greatest IP address is the DR. By default, the DR priority value is 192, so the IP address determines the DR. ...

Configure PIM-SMM Configuring PIM-SSM is a two-step process. 1. Configure PIM-SMM. 2. Enable PIM-SSM for a range of addresses. Related Configuration Tasks • Use PIM-SSM with IGMP Version 2 Hosts Enabling PIM-SSM To enable PIM-SSM, follow these steps. 1. Create an ACL that uses permit rules to specif...

• When you remove the mapping configuration, Dell Networking OS removes the corresponding (S,G) states that it created and re-establishes the original (*,G) states. • You may enter multiple ssm-map commands for different access lists. You may also enter multiple ssm-map commands for the same access ...

Configuring Port Monitoring To configure port monitoring, use the following commands. 1. Verify that the intended monitoring port has no configuration other than no shutdown, as shown in the following example.EXEC Privilege mode show interface 2. Create a monitoring session using the command monitor...

3. Apply the ACL to the monitored port.INTERFACE mode ip access-group access-list Example of the flow-based enable Command To view an access-list that you applied to an interface, use the show ip accounting access-list command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess...

Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A.The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN. Monitored links are configured in two source sessions shown with orange and gre...

• By default, destination port sends the mirror traffic to the probe port by stripping off the rpm header. We can also configure the destination port to send the mirror traffic with the rpm header intact in the original mirror traffic.. • By default, ingress traffic on a destination port is dropped....

R 100 Active T Fo 0/44 R 300 Active T Fo 0/52 Configuring the Sample Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination swi...

5. Show the output for the LACP. Dell#show interfaces port-channel brief Codes: L - LACP Port-channel O - OpenFlow Controller Port-channel LAG Mode Status Uptime Ports L1 L3 up 00:01:17 Te 0/44 (Up) L2 L2 up 00:00:58 Te 0/45 (Up) Dell# Configuring the Encapsulated Remote Port Mirroring The ERPM sess...

ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported. As...

40 Private VLANs (PVLAN) The private VLAN (PVLAN) feature is supported on the S4810 platform.For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide . Private VLANs extend the Dell Networking ...

– A primary VLAN has one or more secondary VLANs.– A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. – A primary VLAN has one or more promiscuous ports.– A primary VLAN might have one or more trunk ports, or none. • Secondary VLAN — a subdomain ...

INTERFACE VLAN mode [no] private-vlan mapping secondary-vlan vlan-list • Display type and status of PVLAN interfaces. EXEC mode or EXEC Privilege mode show interfaces private-vlan [interface interface ] • Display PVLANs and/or interfaces that are part of a PVLAN. EXEC mode or EXEC Privilege mode sho...

4. Select the PVLAN mode.INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • host (isolated or community VLAN port) • promiscuous (intra-VLAN communication port) • trunk (inter-switch PVLAN hub port) Example of the switchport mode private-vlan Command For interface details, re...

4. Map secondary VLANs to the selected primary VLAN.INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be:• Specified in comma-delimited ( VLAN-ID,VLAN-ID ) or hyphenated-range format ( VLAN-ID- VLAN-ID ). • Specified with this command even before they ...

4. Add one or more host ports to the VLAN.INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited ( slot/ port,port,port ) or hyphenated ( slot/ port-port ). You can only add host (isolated) ports to the VLAN. Creating...

Dell(conf-vlan-100)# private-vlan mode isolated Dell(conf-vlan-100)# untagged Gi 2/2 Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 101. Sample Private VLAN Topology The following configuration is based on the example diagram for the C300–1: • Gi 0/0 a...

• The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000. • All the ports in the secondary VLANs (both community and isolated VLANs) can only communicate with ports in the other secondary VLANs of that PVLAN over Layer 3, and only when the ip local- ...

Table 51. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Inform...

Enabling PVST+ When you enable PVST+, Dell Networking OS instantiates STP on each active VLAN. 1. Enter PVST context.PROTOCOL PVST mode protocol spanning-tree pvst 2. Enable PVST+.PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. ...

Figure 103. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root...

Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001....

PROTOCOL PVST mode vlan max-age The range is from 6 to 40. The default is 20 seconds . The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to ...

PVST+ in Multi-Vendor Networks Some non-Dell Networking systems which have hybrid ports participating in PVST+ transmit two kinds of BPDUs: an 802.1D BPDU and an untagged PVST+ BPDU. Dell Networking systems do not expect PVST+ BPDU (tagged or untagged) on an untagged port. If this situation occurs, ...

Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32...

Figure 105. Dell Networking QoS Architecture Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication . It also implements these Internet Engineering Task Force (IETF) documents: • RFC 2474, Definition of the Differentiated Ser...

Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value. You cannot assign a dot1p value to an individua...

class dynamic dotp or trust dot1p . When priority-tagged frames ingress a tagged port, the frames are dropped because, for a tagged port, the default VLAN is 0. Dell Networking OS Behavior : Hybrid ports can receive untagged, tagged, and priority tagged frames. The rate metering calculation might be...

Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 106. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different...

Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value or IP precedence, and characteristics defined in an IP ACL. You can also use VLAN IDs and VRF IDs to classify the traffic using layer 3 class-maps.You may specify more than one DSCP and IP precede...

The following example matches IPv6 traffic with a DSCP value of 40. Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40 The following example matches IPv4 and IPv6 traffic with a precedence value of 3. Dell(conf)# class-map match-any test1 Dell(conf-class-map)#match ip-any ...

numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended. • Specify the order in which you want to apply ACL rules using the keyword order . order The order can range from 0 to 254. By default, all ACL rules have an order of 255 . Displaying Configured ...

----------------------------------------------------------------------- 20416 1 18 IP 0x0 0 0 23.64.0.5/32 0.0.0.0/0 20 2 20417 1 18 IP 0x0 0 0 0.0.0.0/0 0.0.0.0/0 - 0 20418 1 0 IP 0x0 0 0 23.64.0.2/32 0.0.0.0/0 10 1 20419 1 0 IP 0x0 0 0 0.0.0.0/0 0.0.0.0/0 - 0 20420 1 0 IP 0x0 0 0 23.64.0.3/32 0.0....

Creating an Input QoS Policy To create an input QoS policy, use the following steps. 1. Create a Layer 3 input QoS policy.CONFIGURATION mode qos-policy-input Create a Layer 2 input QoS policy by specifying the keyword layer2 after the qos-policy-input command. 2. After you create an input QoS policy...

Configuring Policy-Based Rate Shaping To configure policy-based rate shaping, use the following command. • Configure rate shape egress traffic. QOS-POLICY-OUT mode rate-shape Allocating Bandwidth to Queue Schedule packets for egress based on Deficit Round Robin (DRR). These strategies both offer a g...

Create Policy Maps There are two types of policy maps: input and output. Creating Input Policy Maps There are two types of input policy-maps: Layer 3 and Layer 2. 1. Create a Layer 3 input policy map.CONFIGURATION mode policy-map-input Create a Layer 2 input policy map by specifying the keyword laye...

Table 55. Default DSCP to Queue Mapping DSCP/CP hex range (XXX)xxx DSCP Definition Traditional IP Precedence Internal Queue ID DSCP/CP decimal 111XXX Network Control 3 48–63 110XXX Internetwork Control 3 48–63 101XXX EF (Expedited Forwarding) CRITIC/ECP 2 32–47 100XXX AF4 (Assured Forwarding) Flash ...

Mapping dot1p Values to Service Queues All traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, you can create service classes based the queueing strategy in Honoring dot1p Values on Ingress Packets . You may apply this queuing strategy globally by entering the fol...

Creating Output Policy Maps Creating output policy maps is supported on the S4810 platform. 1. Create an output policy map.CONFIGURATION mode policy-map-output 2. After you create an output policy map, do one or more of the following: Applying an Output QoS Policy to a Queue Specifying an Aggregate ...

• Displaying Color Maps• Display Color Map Configuration Creating a DSCP Color Map You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, yellow, red) for the input traffic. The system uses this information to classif...

Create the DSCP color map profile, bat-enclave-map , with a yellow drop precedence , and set the DSCP values to 9,10,11,13,15,16 Dell(conf)# qos dscp-color-map bat-enclave-map Dell(conf-dscp-color-map)# dscp yellow 9,10,11,13,15,16 Dell (conf-dscp-color-map)# exit Assign the color map, bat-enclave-m...

Display detailed information about a color policy for a specific interface Dell# show qos dscp-color-policy detail te 0/10 Interface TenGigabitEthernet 0/10 Dscp-color-map mapONE yellow 4,7 red 20,30 Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking ...

The range is from 1 to 3. Weighted Random Early Detection Weighted random early detection (WRED) is supported on the S4810 platform. The WRED congestion avoidance mechanism drops packets to prevent buffering resources from being consumed.Traffic is a mixture of various kinds of packets. The rate at ...

Default Profile Name Minimum Threshold Maximum Threshold Maximum Drop Rate wred_teng_g 467 4671 50 wred_fortyg_y 467 4671 50 wred_fortyg_g 467 4671 25 Creating WRED Profiles To create WRED profiles, use the following commands. 1. Create a WRED profile.CONFIGURATION mode wred-profile 2. Specify the m...

wred_teng_y 467 4671 100 wred_teng_g 467 4671 50 wred_fortyg_y 467 4671 50 wred_fortyg_g 467 4671 25 0 Dell# Displaying WRED Drop Statistics To display WRED drop statistics, use the following command. • Display the number of packets Dell Networking OS the WRED profile drops. EXEC Privilege mode show...

• The estimated number of CAM entries the policy-map will consume.• Whether or not the policy-map can be applied.• The number of interfaces in a port-pipe to which the policy-map can be applied. Specifically: • Available CAM — the available number of CAM entries in the specified CAM partition for th...

are time-sensitive, such as video on demand (VoD) or voice over IP (VoIP) applications. In such cases, you can use ECN in conjunction with WRED to resolve the dropping of packets under congested conditions. Using ECN, the packets are marked for transmission at a later time after the network recovers...

WRED/ECN configurations for the queues that belong to backplane ports are common to all the backplane ports and cannot be specified separately for each backplane port granularity. This behavior occurs to prevent system-level complexities in enabling this support for backplane ports. Also, WRED/ECN i...

Guidelines for Configuring ECN for Classifying and Color- Marking Packets Keep the following points in mind while configuring the marking and mapping of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: – ACK– FIN– SYN– ...

Applying this policy-map “ecn_0_pmap” will mark all the packets with ‘ecn == 0’ as yellow packets on queue0 (default queue). Classifying Incoming Packets Using ECN and Color-Marking Explicit Congestion Notification (ECN) is a capability that enhances WRED by marking the packets instead of causing WR...

This marking action to set the color of the packet is allowed only on the ‘match-any’ logical operator of the class-map. This marking-action can be configured for all of the below L3 match sequence types: • match ip access-group• match ip dscp• match ip precedence• match ip vlan Sample configuration...

seq 15 permit any dscp 40 ecn 3 ! ip access-list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ! ip access-list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 ! class-map match-any class_dscp_40 match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40_e...

Sample configuration to mark non-ecn packets as “yellow” with Multiple traffic class Consider the example where there are no different traffic classes that is all the packets are egressing on the default ‘queue0’.Dell Networking OS can be configured as below to mark the non-ecn packets as yellow pac...

Enabling RIP Globally By default, RIP is not enabled in Dell Networking OS. To enable RIP globally, use the following commands. 1. Enter ROUTER RIP mode and enable the RIP process on Dell Networking OS.CONFIGURATION mode router rip 2. Assign an IP network address as a RIP network to exchange routing...

192.162.2.0/24 [120/1] via 29.10.10.12, 00:01:21, Fa 0/0 192.162.2.0/24 auto-summary 192.161.1.0/24 [120/1] via 29.10.10.12, 00:00:27, Fa 0/0 192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.12, 00:01:22, Fa 0/0 192.162.3.0/24 auto-summary To disable RIP globally, use the no router ri...

distribute-list prefix-list-name in • Assign a configured prefix list to all outgoing RIP routes. ROUTER RIP mode distribute-list prefix-list-name out To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Adding RIP Rou...

The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold). Dell#show ip protocols Routing Protocols is RIP Sending updates every...

Enable debugging of RIP. Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function. Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command. RIP Configuration Example The examples in this section show ...

Core 2 RIP Output The examples in the section show the core 2 RIP output. Examples of the show ip Commands to View Core 2 Information • To display Core 2 RIP database, use the show ip rip database command. • To display Core 2 RIP setup, use the show ip route command. • To display Core 2 RIP activity...

The following example shows the show ip protocols command to show the RIP configuration activity on Core 2. Core2#show ip protocols Routing Protocol is "RIP" Sending updates every 30 seconds, next due in 17 Invalid after 180 seconds, hold down 180, flushed after 240 Output delay 8 millisecon...

GigabitEthernet 3/44 2 2 GigabitEthernet 3/43 2 2 Routing for Networks: 10.11.20.0 10.11.30.0 192.168.2.0 192.168.1.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.2 120 00:00:22 Distance: (default is 120) Core3# RIP Configuration Summary Examples of Viewing RIP Configuration on...

long as the master RPM had been running long enough to sample all the data. NMS backs up all the long-term data collection and displays the failover downtime from the performance graph. • Chassis Down — When a chassis goes down, all sampled data is lost. But the RMON configurations are saved in the ...

The following example configures RMON alarm number 10. The alarm monitors the MIB variable 1.3.6.1.2.1.2.2.1.20.1 (ifEntry.ifOutErrors) once every 20 seconds until the alarm is disabled, and checks the rise or fall of the variable. The alarm is triggered when the 1.3.6.1.2.1.2.2.1.20.1 value shows a...

– controlEntry : specifies the RMON group of statistics using a value. – integer : a value from 1 to 65,535 that identifies the RMON Statistics Table. The value must be unique in the RMON Statistic Table. – owner : (Optional) specifies the name of the owner of the RMON group of statistics. – ownerna...

45 Rapid Spanning Tree Protocol (RSTP) Rapid spanning tree protocol (RSTP) is supported on the S4810 platform. Protocol Overview RSTP is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperability w...

Important Points to Remember • RSTP is disabled by default.• Dell Networking OS supports only one Rapid Spanning Tree (RST) instance.• All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology. • Adding a group of por...

3. Enable the interface.INTERFACE mode no shutdown Example of Verifying an Interface is in Layer 2 Mode and Enabled To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. The bold lines indicate that the interface is in Layer 2 mode. Dell(conf-if...

NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds . • Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40. Th...

To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode. Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps collectively, use this command. Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-serve...

• If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.• When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware. • When you remove a physical port from a port channel in ...

47 Security Security features are supported on the S4810 platform.This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide . AAA...

– system : sends accounting information of any other AAA configuration. – exec : sends accounting information when a user has logged in to EXEC mode. – command level : sends accounting of commands executed at the specified privilege level. – suppress : Do not generate accounting records for a specif...

CONFIG-LINE-VTY mode accounting commands 15 com15 accounting exec execAcct Example of Enabling AAA Accounting with a Named Method List Dell(config-line-vty)# accounting commands 15 com15 Dell(config-line-vty)# accounting exec execAcct Monitoring AAA Accounting Dell Networking OS does not support per...

NOTE: In the release 9.4.(0.0), RADIUS and TACACS servers support VRF-awareness functionality. You can create RADIUS and TACACS groups and then map multiple servers to a group. The group to which you map multiple servers is bound to a single VRF. Configuration Task List for AAA Authentication The fo...

3. Assign a method-list-name or the default list to the terminal line. LINE mode login authentication { method-list-name | default} To view the configuration, use the show config command in LINE mode or the show running- config in EXEC Privilege mode. NOTE: Dell Networking recommends using the none ...

The following example shows enabling authentication from the RADIUS server. Dell(config)# aaa authentication enable default radius tacacs Radius and TACACS server has to be properly setup for this. Dell(config)# radius-server host x.x.x.x key <some-password> Dell(config)# tacacs-server host x....

Privilege levels 2 through 14 are not configured and you can customize them for different users and access. After you configure other privilege levels, enter those levels by adding the level parameter after the enable command or by configuring a user name or password that corresponds to the privileg...

Configuring the Enable Password Command To configure Dell Networking OS, use the enable command to enter EXEC Privilege level 15. After entering the command, Dell Networking OS requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a priv...

Line 2: All other users are assigned a password to access privilege level 8. Line 3: The configure command is assigned to privilege level 8 because it needs to reach CONFIGURATION mode where the snmp-server commands are located. Line 4: The snmp-server commands, in CONFIGURATION mode, are assigned t...

• Configure a custom privilege level for the terminal lines. LINE mode privilege level level – level level : The range is from 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • Specify either a plain text or encrypted password. LINE mode passwo...

Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in plain text). RADIUS uses UDP as the transport protocol between the RADIUS server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Ser...

Configuration Task List for RADIUS To authenticate users using RADIUS, you must specify at least one RADIUS server so that the system can communicate with and configure RADIUS as one of your authentication methods. The following list includes the configuration tasks for RADIUS. • Defining a AAA Meth...

• Enable AAA login authentication for the specified RADIUS method list. LINE mode login authentication { method-list-name | default} This procedure is mandatory if you are not using default lists. • To use the method list. CONFIGURATION mode authorization exec methodlist Specifying a RADIUS Server H...

Setting Global Communication Parameters for all RADIUS Server Hosts You can configure global communication parameters ( auth-port , key , retransmit , and timeout parameters) and specific host communication parameters on the same system. However, if you configure both global and specific host parame...

TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support for login authentication. Configuration Task List for TACACS+ The following list includes the configuration task for TACACS+ functions. • Choosing TACACS+ as the Authentication Met...

Example of a Failed Authentication To view the configuration, use the show config in LINE mode or the show running-config tacacs + command in EXEC Privilege mode. If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatica...

Example of Specifying a TACACS+ Server Host Dell(conf)# Dell(conf)#aaa authentication login tacacsmethod tacacs+ Dell(conf)#aaa authentication exec tacacsauthorization tacacs+ Dell(conf)#tacacs-server host 25.1.1.2 key Force Dell(conf)# Dell(conf)#line vty 0 9 Dell(config-line-vty)#login authenticat...

Command Authorization The AAA command authorization feature configures Dell Networking OS to send each configuration command to a TACACS server for authorization before it is added to the running configuration. By default, the AAA authorization commands configure the system to check both EXEC mode a...

ip ssh server version {1|2} • Display SSH connection information. EXEC Privilege mode show ip ssh Specifying an SSH Version The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 De...

The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes. Dell(conf)#ip ssh rekey volume 4096 Configuring the SSH Server Key...

The default HMAC algorithms are the following: • hmac-md5• hmac-md5-96• hmac-sha1• hmac-sha1-96• hmac-sha2-256• hmac-sha2-256-96 When FIPS is enabled, the default HMAC algorithm is hmac-sha1-96. Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm...

• Using RSA Authentication of SSH • Configuring Host-Based SSH Authentication Important Points to Remember • If you enable more than one method, the order in which the methods are preferred is based on the ssh_config file on the Unix machine. • When you enable all the three authentication methods, p...

5. Bind the public keys to RSA authentication.EXEC Privilege mode ip ssh rsa-authentication my-authorized-keys flash: //public_key Example of Generating RSA Keys admin@Unix_client#ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/admin/.ssh/id_rsa):...

admin@Unix_client# cat ssh_host_rsa_key.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8K7jLZRVfjgHJzUOmXxuIbZx/ AyWhVgJDQh39k8v3e8eQvLnHBIsqIL8jVy1QHhUeb7GaDlJVEDAMz30myqQbJgXBBRTWgBpLWwL/ doyUXFufjiL9YmoVTkbKcFmxJEMkE3JyHanEi7hg34LChjk9hL1by8cYZP2kYS2lnSyQWk= admin@Unix_client# ls id_rsa id_rsa.pub shost...

Telnet To use Telnet with SSH, first enable SSH, as previously described. By default, the Telnet daemon is enabled. If you want to disable the Telnet daemon, use the following command, or disable Telnet in the startup config. To enable or disable the Telnet daemon, use the [no] ip telnet server enab...

You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as authorization. Configure local authentication globally and configure access classes on a per-user basis. Dell Networking OS can assign different access classes to different users b...

Dell(config-line-vty)#end (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address.To ...

command to each role and as a result, it is easier and much more efficient to administer user rights. If a user’s role matches one of the allowed user roles for that command, then command authorization is granted. A constrained RBAC model provides for separation of duty and as a result, provides gre...

You must specify at least local authentication. For consistency, the best practice is to define the same authentication method list across all lines, in the same order of comparison; for example VTY and console port. You could also use the default authentication method to apply to all the LINES (con...

operator user role. This role does not have access to the commands that are available to the system security administrator for cryptography operations, AAA, or the commands reserved solely for the system administrator. • Security Administrator (secadmin): This user role can control the security poli...

Adding and Deleting Users from a Role To create a user name that is authenticated based on a user role, use the username name password encryption-type password role role-name command in CONFIGURATION mode. Example The following example creates a user name that is authenticated based on a user role. ...

accounting commands role netadmin ucraaa line vty 3 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 4 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 5 login authentication ucraaa authoriz...

role is Force10-avpair = ” shell:role=< user-role >“ where user-role is a user defined or system- defined role. In the following example, you create an AV pair for a system-defined role, sysadmin. Force10-avpair= "shell:role=sysadmin" In the following example, you create an AV pair for...

Active accounted actions on tty2, User john Priv 1 Role netoperator Task ID 1, EXEC Accounting record, 00:00:30 Elapsed, service=shell Active accounted actions on tty3, User admin Priv 15 Role sysadmin Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell Display Information About User ...

Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line Role access: netadmin,sysadmin Displaying Information About Users Logged into the Switch To display information on all users logged into the switch, using the sho...

48 Service Provider Bridging Service provider bridging is supported on the S4810 platform. VLAN Stacking Virtual local area network (VLAN) stacking is supported on the S4810 platform. VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges , which is an amendment to IEEE 802...

Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1. Creating Access and Trunk Ports 2. Assign access and trunk ports to a VLAN ( Creating Access and Trunk Ports ). 3. Enabling VLAN-Stacking for a VLAN . Related Configuration Tasks • Configuring the Protocol Type Value for t...

interface GigabitEthernet 7/12 no ip address switchport vlan-stack trunk no shutdown Enable VLAN-Stacking for a VLAN To enable VLAN-Stacking for a VLAN, use the following command. • Enable VLAN-Stacking for the VLAN. INTERFACE VLAN mode vlan-stack compatible Example of Viewing VLAN Stack Member Stat...

To configure trunk ports, use the following commands. 1. Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making it a hybrid port.INTERFACE mode portmode hybrid NOTE: You can add a trunk port to an 802.1Q VLAN as well as a Stacking VLAN only when the TPID 0x8100....

Example of Debugging a VLAN and its Ports The port notations are as follows: • MT — stacked trunk • MU — stacked access port • T — 802.1Q trunk port • U — 802.1Q access port • NU — Native VLAN (untagged) Dell# debug member vlan 603 vlan id : 603 ports : Gi 2/47 (MT), Gi 3/1(MU), Gi 3/25(MT), Gi 3/26...

Network Position Incoming Packet TPID System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.0+ 0x8100 single-tag match switch to VLAN switch to VLAN 0x81XY single-tag first-byte match switch to VLAN switch to default VLAN Core untagged 0xUVWX — switch to default VLAN switch to default VLAN double...

• Make packets eligible for dropping based on their DEI value. CONFIGURATION mode dei enable By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an Dell Networking OS drop preced...

Example of Viewing DEI-Marking Configuration To display the DEI-marking configuration, use the show interface dei-mark [ interface slot/ port | linecard number port-set number ] in EXEC Privilege mode. Dell#show interface dei-mark Default CFI/DEI Marking: 0 Interface Drop precedence CFI/DEI --------...

Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly, use the following commands. 1. Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag.CONFIGURATION mode cam-acl l2acl number ipv4acl number ipv6acl number ip...

Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1. Verify that the system is running the default CAM profile. Use this CAM profile for L2PT.EXEC Privilege mode show cam-profile 2. Enable protocol tunneling globally on the system.CONFIGURATION mode...

4. Set a maximum rate at which the RPM processes BPDUs for L2PT.VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging i...

Important Points to Remember • The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via snmpset.• Dell Networking recommends the sFlow Collector be connected to the Dell Networking chassis through a line card port rather than the route processor module (RPM) management...

0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub-sampling Linecard 1 Port set 0 H/W sampling rate 8192 Gi 1/16: configured rate 8192, actual rate 8192, sub-sampling rate 1 Gi 1/17: configured rate 16384, actual rate 16384, sub-sampling rate 2 Linecard 3 Port set ...

Dell#show sflow sFlow services are enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.116, UDP port: 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 6...

Example of Viewing sFlow Configuration (Line Card) Dell#show sflow stack-unit 1 stack-unit 1 Samples rcvd from h/w :165 Samples dropped for sub-sampling :69 Total UDP packets exported :77 UDP packets exported via RPM :77 UDP packets dropped : Configuring Specify Collectors The sflow collector comman...

50 Simple Network Management Protocol (SNMP) Simple network management protocol (SNMP) is supported on the S4810 platform. NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including all Get and a limited number of Set operations (such as ...

Configuration Task List for SNMP Configuring SNMP version 1 or version 2 requires a single step. NOTE: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking sys...

Creating a Community For SNMPv1 and SNMPv2, create a community to enable the community-based security in Dell Networking OS.The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager . A network element that processes SNMP re...

snmp-server group group-name 3 noauth auth read name write name • Configure an SNMPv3 view. CONFIGURATION mode snmp-server view view-name oid-tree {included | excluded} NOTE: To give a user read and write view privileges, repeat this step for each privilege type. • Configure the user with an authori...

• Read the value of a single managed object. snmpget -v version -c community agent-ip { identifier.instance | descriptor.instance } • Read the value of the managed object directly below the specified object. snmpgetnext -v version -c community agent-ip { identifier.instance | descriptor.instance } •...

snmp coldstart SNMP_COLD_START: Agent Initialized - SNMP COLD_START. SNMP_WARM_START:Agent Initialized - SNMP WARM_START. snmp linkdown PORT_LINKDN:changed interface state to down:%d snmp linkup PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of D...

SNMP OID <oid> %RPM0-P:CP %SNMP-4-RMON_HC_RISING_THRESHOLD: STACKUNIT0 high-capacity rising threshold alarm from SNMP OID <oid> Copy Configuration Files Using SNMP To do the following, use SNMP from a remote client. • copy the running-config file to the startup-config file• copy configur...

Copying a Configuration File To copy a configuration file, use the following commands. NOTE: In UNIX, enter the snmpset command for help using the following commands. Place the f10-copy-config.mib file in the directory from which you are executing the snmpset command or in the snmpset tool path. 1. ...

• Copy the running-config to the startup-config from the UNIX machine. snmpset -v 2c -c public force10system-ip-address copySrcFileType. index i 2 copyDestFileType. index i 3 Examples of Copying Configuration Files The following examples show the command syntax using MIB object names and the same co...

Copying the Startup-Config Files to the Server via FTP To copy the startup-config to the server via FTP from the UNIX machine, use the following command. Copy the startup-config to the server via FTP from the UNIX machine. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address cop...

s filepath/filename copyDestFileType. index i 3 copyServerAddress. index a server-ip-address copyUserName. index s server-login-id copyUserPassword. index s server-login-password Example of Copying a Binary File From the Server to the Startup-Configuration via FTP > snmpset -v 2c -c private -m ./...

Obtaining a Value for MIB Objects To obtain a value for any of the MIB objects, use the following command. • Get a copy-config MIB object value. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address [ OID.index | mib-object.index ] index : the index value used in the snmpset comm...

Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN. Example of Assigning a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2...

• Seven hex pairs represent a stack unit. Seven pairs accommodate the greatest number of ports available — 64 ports on the S4810 . On the S4810 , the last stack unit begins on the 66th bit. The first hex pair, 00 in the previous example, represents ports 1 to 7 in Stack Unit 0. The next pair to the ...

Example of Adding an Untagged Port to a VLAN using SNMP In the following example, Port 0/2 is added as an untagged member of VLAN 10. >snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0...

The following OIDs are configurable through the snmpset command. The node OID is 1.3.6.1.4.1.6027.3.18 F10-ISIS-MIB::f10IsisSysOloadSetOverload F10-ISIS-MIB::f10IsisSysOloadSetOloadOnStartupUntil F10-ISIS-MIB::f10IsisSysOloadWaitForBgp F10-ISIS-MIB::f10IsisSysOloadV6SetOverload F10-ISIS-MIB::f10Isis...

Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs regarding 802.1d, as 802.1d itself does not define them. As a switchport must belong a VLAN (the default VL...

Example of Fetching MAC Addresses Learned on a Non-default VLAN Using SNMP In the following example, GigabitEthernet 1/21 is moved to VLAN 1000, a non-default VLAN. To fetch the MAC addresses learned on non-default VLANs, use the object dot1qTpFdbTable. The instance number is the VLAN number concate...

To display the interface number, use the following command. • Display the interface index number. EXEC Privilege mode show interface Example of Deriving the Interface Index Number To view the system image on Flash Partition A, use the chSysSwInPartitionAImgVers object or, to view the system image on...

Untagged 2) dot3aCommonAggFdbStatus SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.4.1107755009.1 = INTEGER: 1 << Status active, 2 – status inactive Example of Viewing Status of Learned MAC Addresses If we learn MAC addresses for the LAG, status is shown for those as well. dot3aCurAggVlanId SNMPv2-S...

51 Stacking Stacking is supported on the S4810 platform.Stacking is supported on the S4810 platform with the Dell Networking Operating System (OS) version 8.3.7.1, version 8.3.10.2, and newer. NOTE: The S4810 commands accept Unit ID numbers 0-11, though the S4810 supports stacking up to three units ...

• Logs The master switch maintains stack operation with minimal impact in the event of: • Switch failure• Inter-switch stacking link failure• Switch insertion• Switch removal If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority o...

----------------------------------------------------------------- 0 Member not present 1 Management online S4810 S4810 4810-8-3-12-1447 64 2 Standby online S4810 S4810 4810-8-3-12-1447 64 3 Member online S4810 S4810 4810-8-3-12-1447 64 4 Member online S4810 S4810 4810-8-3-12-1447 64 5 Member not pre...

0 Standby online S4810S4810 7.8.1.0 52 1 Management online S4810S4810 7.8.1.0 52 2 Member online S4810S4810 7.8.1.0 52 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present Stacking LAG When multiple links are used between stack units, Dell Networki...

High Availability on S-Series Stacks S-Series stacks have master and standby management units analogous to Dell Networking route processor modules (RPM). The master unit synchronizes the running configuration and protocol states so that the system fails over in the event of a hardware or software fa...

Management Access on S-Series Stacks You can access the stack via the console port or VTY line. • Console access — You may access the stack through the console port of the master unit (stack manager) only. Similar to a standby RPM, the console port of the standby unit does not provide management cap...

– Stacking with 1G interfaces is not supported. • Stacking on the S4810 is accomplished through front-end user ports on the chassis.• All stack units must have the same version of Dell Networking OS. S-Series Stacking Installation Tasks The following are the S-Series stacking installation tasks.• Cr...

If the stack is running Dell Networking OS version 8.3.12.0 and the new unit is running an earlier software version, the new unit is put into a card problem state. • If the unit is running Dell Networking OS version 8.3.10.x, it is upgraded to use the same Dell Networking OS version as the stack, re...

3. Reload the switch.EXEC Privilege mode reload Dell Networking OS automatically assigns a number to the new unit and adds it as member switch in the stack. The new unit synchronizes its running and startup configurations with the stack. 4. After the units are reloaded, the system reboots. The units...

Setting ports Te 0/0 Te 0/1 Te 0/2 Te 0/3 as stack group will make their interface configs obsolete after a reload. [confirm yes/no]:yes S4810-1#show system stack-ports Topology: Ring Interface Connection Link Speed Admin Link Trunk (Gb/s) Status Status Group ----------------------------------------...

4. Assign a stack group to each unit.CONFIGURATION mode stack-unit id stack-group id 5. Connect the new unit to the stack using stacking cables. Example of Adding an S4810 Stack Unit with a Conflicting Stack Number (Before and After) The following example shows adding a stack unit with a conflicting...

stack group configuration conflict occurs between the new unit and the provisioned stack unit, the configuration of the new unit takes precedence. 1. Add the configured unit to the top or bottom of the stack. 2. Power on the switch. 3. Attach cables to connect ports on the added switch to one or mor...

• Dell Networking OS resets all the units in the losing stack; they all become stack members.• If there is no unit numbering conflict, the stack members retain their previous unit numbers. Otherwise, the stack manager assigns new unit numbers, based on the order that they come online. • The stack ma...

redundancy force-failover stack-unit A new standby is elected. When the former stack master comes back online, it becomes a member unit. • Prevent the stack master from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot stack-unit This command does not affect a forced fail...

1 0 up up 7200 up 7200 1 1 up up 7200 up 7440 Speed in RP The following example shows three switches stacked together in a daisy chain topology. stack-2#show system stack-ports Topology: Daisy chain Interface Connection Link Speed Admin Link Trunk (Gb/s) Status Status Group -------------------------...

1 Member online S4810 S4810 8-3-7-13 64 2 Member not present 3 Standby online S4810 S4810 8-3-7-13 64 The following examples shows removing a stack member (after). Dell#show system brief Stack MAC : 00:01:e8:8a:df:e6 Reload Type : normal-reload -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Ver...

Recover from Stack Link Flaps S-Series stack link integrity monitoring enables units to monitor their own stack ports and disable any stack port that flaps five times within 10 seconds. Dell Networking OS displays console messages for the local and remote members of a flapping link, and on the prima...

52 Storm Control Storm control is supported on the S4810 platform.The storm control feature allows you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking Operating System (OS) Behavior : Dell Networking OS supports broadcast control (the stor...

53 Spanning Tree Protocol (STP) The spanning tree protocol (STP) is supported on the S4810 platform. Protocol Overview STP is a Layer 2 protocol — specified by IEEE 802.1d — that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the prot...

To configure and enable the interfaces for Layer 2, use the following command. 1. If the interface has been assigned an IP address, remove it.INTERFACE mode no ip address 2. Place the interface in Layer 2 mode.INTERFACE switchport 3. Enable the interface.INTERFACE mode no shutdown Example of the sho...

To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. R2#show spanning-tree 0 Executing IEEE co...

PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds . To view the current values for global parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally . Modifying Inte...

CAUTION: Enable PortFast only on links connecting to an end station. PortFast can cause loops if it is enabled on an interface connected to a network. To enable PortFast on an interface, use the following command. • Enable PortFast on an interface. INTERFACE mode spanning-tree stp-id portfast [bpdug...

• disables spanning tree on an interface• drops all BPDUs at the line card without generating a console message Example of Blocked BPDUs Dell(conf-if-gi-0/7)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e805.fb07 Root Bridge h...

Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard STP root guard is supported on the S4810 platform. Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the...

Figure 123. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior : The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-chann...

STP Loop Guard STP loop guard is supported only on the S4810 platform. The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault. When a cable or interface fails, a participating STP link ma...

Figure 124. STP Loop Guard Prevents Forwarding Loops Configuring Loop Guard Enable STP loop guard on a per-port or per-port channel basis. Dell Networking OS Behavior : The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel...

• You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed: % Error: RootGuard is configured. Cannot configure LoopGuard . • Enabling Portfast BP...

54 System Time and Date System time and date settings and the network time protocol (NTP) are supported on the S4810 platform.You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hard...

Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Setting the Hardware Clock with the Time Derived from NTP • Disabling NTP on an Interface • Configuring a Source IP Address for NTP Packets (optional) ...

Example of Updating the System Clock Relative to NTP R5/R8(conf)#do show calendar 06:31:02 UTC Mon Mar 13 1989 R5/R8(conf)#ntp update-calendar 1 R5/R8(conf)#do show calendar 06:31:26 UTC Mon Mar 13 1989 R5/R8(conf)#do show calendar 12:24:11 UTC Thu Mar 12 2009 Configuring NTP Broadcasts With Dell Ne...

– For a loopback interface, enter the keyword loopback then a number between 0 and 16383. – For a port channel interface, enter the keyword lag then a number from 1 to 255 for TeraScale and ExaScale. – For a SONET interface, enter the keyword sonet then the slot/port information. – For a 10-Gigabit ...

Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings. • Setting the Time and Date for the Switch Hardware Clock • Setting the Time and Date for th...

– month : enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year . – day : enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to time day mo...

– time-zone : enter the three-letter name for the time zone. This name displays in the show clock output. – start-month : enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year . – start-day : enter the number of t...

– start-day : Enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to time day month year . – start-year : Enter a four-digit number as the year. The range is from 1993 to 2035. – start-time : Enter the time in hours:minutes. Fo...

55 Tunneling Tunnel interfaces create a logical tunnel for IPv4 or IPv6 traffic. Tunneling supports RFC 2003, RFC 2473, and 4213.DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring ...

ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu-3)#tunnel source 5::5 Dell(conf-...

Configuring a Tunnel Interface You can configure the tunnel interface using the ip unnumbered and ipv6 unnumbered commands. To configure the tunnel interface to operate without a unique explicit ip or ipv6 address, select the interface from which the tunnel will borrow its address. The following sam...

Configuring the tunnel source anylocal The anylocal argument can be used in place of the ip address or interface, but only with multipoint receive-only mode tunnels. The tunnel source anylocal command will allow the multipoint receive-only tunnel to decapsulate tunnel packets addressed to any IPv4 o...

56 Uplink Failure Detection (UFD) Uplink failure detection (UFD) is supported on the S4810 platform. Feature Description UFD provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. A switch provides ...

Figure 126. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group . An interface in an uplink-state group can be a physical interface or a po...

Figure 127. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the up...

Configuring Uplink Failure Detection To configure UFD, use the following commands. 1. Create an uplink-state group and enable the tracking of upstream links on the switch/router.CONFIGURATION mode uplink-state-group group-id • group-id : values are from 1 to 16. To delete an uplink-state group, use ...

4. (Optional) Enable auto-recovery so that UFD-disabled downstream ports in the uplink-state group come up when a disabled upstream port in the group comes back up.UPLINK-STATE-GROUP mode downstream auto-recover The default is auto-recovery of UFD-disabled downstream ports is enabled. To disable aut...

Example of Syslog Messages Before and After Entering the clear ufd-disable uplink-state- group Command (S50) The following example message shows the Syslog messages that display when you clear the UFD-Disabled state from all disabled downstream interfaces in an uplink-state group by using the clear ...

02:38:53: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Fo 13/3 02:38:53: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Fo 13/5 02:38:53: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Fo 13/6 Displaying Uplink Failure Detection To display information o...

The following example shows viewing the UFD configuration for the S50. Dell# show running-config uplink-state-group ! no enable uplink state track 1 downstream GigabitEthernet 0/2, 4, 6, 11-19 upstream TengigabitEthernet 0/48, 52 upstream PortChannel 1 ! uplink state track 2 downstream GigabitEthern...

57 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes . ...

58 Virtual LANs (VLANs) Virtual LANs (VLANs) are supported on the S4810 platform.VLANs are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move...

By default, VLAN 1 is the Default VLAN. To change that designation, use the default vlan-id command in CONFIGURATION mode. You cannot delete the Default VLAN. NOTE: You cannot assign an IP address to the Default VLAN. To assign an IP address to a VLAN that is currently the Default VLAN, create anoth...

information is preserved as the frame moves through the network. The following example shows the structure of a frame with a tag header. The VLAN ID is inserted in the tag header. Figure 128. Tagged Frame Format The tag header contains some key information that Dell Networking OS uses: • The VLAN pr...

• Configure a port-based VLAN (if the VLAN-ID is different from the Default VLAN ID) and enter INTERFACE VLAN mode.CONFIGURATION mode interface vlan vlan-id To activate the VLAN, after you create a VLAN, assign interfaces in Layer 2 mode to the VLAN. Example of Verifying a Port-Based VLAN To view th...

Moving Untagged Interfaces To move untagged interfaces from the Default VLAN to another VLAN, use the following commands. 1. Access INTERFACE VLAN mode of the VLAN to which you want to assign the interface.CONFIGURATION mode interface vlan vlan-id 2. Configure an interface as untagged.INTERFACE mode...

T Gi 3/1 4 Active U Gi 3/2 Dell# The only way to remove an interface from the Default VLAN is to place the interface in Default mode by using the no switchport command in INTERFACE mode. Assigning an IP Address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to ...

To configure a port so that it can be a member of an untagged and tagged VLANs, use the following commands. 1. Remove any Layer 2 or Layer 3 configurations from the interface.INTERFACE mode 2. Configure the interface for Hybrid mode.INTERFACE mode portmode hybrid 3. Configure the interface for Switc...

59 VLT Proxy Gateway You can configure a proxy gateway in VLT domains. A proxy gateway enables you to locally route the packets that are destined to a L3 endpoint in another VLT domain. Proxy Gateway in VLT Domains Using a proxy gateway, the VLT peers in a domain can route the L3 packets destined fo...

8. LLDP port channel interface can’t be changed to legacy lag when proxy gateway is enabled. 9.“vlt-peer-mac transmit” is recommended only for square VLT without any diagonal links. 10. VRRP and IPv6 routing is not supported now. 11. With the existing hardware capabilities, only 512 my_station_tcam ...

• There are only a couple of MACs for each unit to be transmitted so that all current active MACs can definitely be carried on the newly defined TLV. • This TLV is recognizable only by FTOS devices with this feature support. Other device will ignore this field and should still be able to process oth...

8. Packet duplication – Assume exclude-vlan (say VLAN 10) is configured on C2/D2 for C1’s MAC. If packets for VLAN 10 with C1’s MAC get a hit at C2, they will be switched to both D2 (via ICL) and C1 via inter DC link. This could lead to packet duplication. So, if C1’s MAC is learnt at C2 then the pa...

Figure 129. VLT on S4810 Switches VLT on Core Switches You can also deploy VLT on core switches. Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing. This set up requires “horizontal” stacking at the a...

Figure 130. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, p...

Configure Virtual Link Trunking VLT requires that you enable the feature and then configure the same VLT domain, backup link, and VLT interconnect on both peer switches. Important Points to Remember • You cannot enable S4810 stacking simultaneously with VLT. If you enable both at the same time, unex...

• Software features supported on VLT physical ports – In a VLT domain, the following software features are supported on VLT physical ports: 802.1p, LLDP, flow control, IPv6 dynamic routing, port monitoring, and jumbo frames. • Software features not supported with VLT – In a VLT domain, the following...

MAC address is selected as the Primary Peer. You can configure another peer as the Primary Peer using the VLT domain domain-id role priority priority-value command. If the VLTi link fails, the status of the remote VLT Primary Peer is checked using the backup link. If the remote VLT Primary Peer is a...

VLT and Stacking You cannot enable stacking on S4810 units with VLT. If you enable stacking on a unit on which you want to enable VLT, you must first remove the unit from the existing stack. For information about how to remove a unit from a stack, refer to Removing a Unit from an S-Series Stack . Af...

PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop rou...

(DR) if they are incorrectly hashed. In addition to being first-hop or last -hop routers, the peer node can also act as an intermediate router. On a VLT-enabled PIM router, if any PIM neighbor is reachable through a Spanned Layer 3 (L3) VLAN interface, this must be the only PIM-enabled interface to ...

local DA entries in TCAM. In case a VLT node is down, a timer that allows you to configure the amount of time needed for peer recovery provides resiliency. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast.VLT unicast routin...

• VLT resiliency — After a VLT link or peer failure, if the traffic hashes to the VLT peer, the traffic continues to be routed using multicast until the PIM protocol detects the failure and adjusts the multicast distribution tree. • Optimal routing — The VLT peer that receives the incoming traffic c...

Non-VLT ARP Sync Synchronization for non-ARP routing table entries is supported on the S4810 platform. ARP entries (including ND entries) learned on other ports are synced with the VLT peer to support station move scenarios. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with...

Sample RSTP Configuration The following is a sample of an RSTP configuration. Using the example shown in the Overview section as a sample VLT topology, the primary VLT switch sends BPDUs to an access device (switch or server) with its own RSTP bridge ID. BPDUs generated by an RSTP-enabled access dev...

Configuring a VLT Interconnect To configure a VLT interconnect, follow these steps. 1. Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode.CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the...

Enabling VLT and Creating a VLT Domain To enable VLT and create a VLT domain, use the following steps. 1. Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode.CONFIGURATION mode vlt domain domain-id The domain ID range is from 1 to 1000. Configure the same doma...

Configuring a VLT Backup Link To configure a VLT backup link, use the following command. 1. Specify the management interface to be used for the backup link through an out-of-band management network.CONFIGURATION mode interface managementethernet slot/ port Enter the slot (0-1) and the port (0). 2. C...

Reconfiguring the Default VLT Settings (Optional) To reconfigure the default VLT settings, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain.CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2. (Optional) After you configur...

VLT Sample Configuration To review a sample VLT configuration setup, study these steps. 1. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2.VLT DOMAIN mode vlt domain domain id 2. Configure the VLTi between VLT peer 1 and VLT peer 2. 3. You can configure LACP/static LAG between...

no ip address switchport no shutdown s60-1# s60-1#show interfaces port-channel 100 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 100 L2 up 03:33:48 Te 0/48 (Up) Te 0/50 (Up) s60-1# Verify VLT is up. Verify that the VLTi (ICL) link, backup link connectivity (heartbeat status), and...

Figure 132. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer1(conf)#vlt doma...

Configure eVLT on Peer 4. Domain_2_Peer4(conf)#interface port-channel 100 Domain_2_Peer4(conf-if-po-100)# switchport Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4. Domain_2_Peer4(conf)#interface ...

Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode show vlt backup-link • Display general status information ab...

Examples of the show vlt and show spanning-tree rstp Commands The following example shows the show vlt backup-link command. Dell_VLTpeer1# show vlt backup-link VLT Backup Link ----------------- Destination: 10.11.200.18 Peer HeartBeat status: Up HeartBeat Timer Interval: 1 HeartBeat Timeout: 3 UDP P...

Dell_VLTpeer2# show vlt statistics VLT Statistics ---------------- HeartBeat Messages Sent: 994 HeartBeat Messages Received: 978 ICL Hello's Sent: 89 ICL Hello's Received: 89 The following example shows the show spanning-tree rstp command. The bold section displays the RSTP state of port channels in...

Configuring Virtual Link Trunking (VLT Peer 1) Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi). Dell_VLTpeer1(conf)#vlt domain 999 Dell_VLTpeer1(conf-vlt-domain)# peer-link port-channel 100 Dell_VLTpeer1(conf-vlt-domain)# back-up destination 10.11.206.35 Dell_VLTp...

Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 72. Troubleshooting VLT Description Behavior at Peer Up Behavior During Run...

Description Behavior at Peer Up Behavior During Run Time Action to Take that the MAC address is the same on both units. Unit ID mismatch The VLT peer does not boot up. The VLTi is forced to a down state. A syslog error message is generated. The VLT peer does not boot up. The VLTi is forced to a down...

Specifying VLT Nodes in a PVLAN You can configure VLT peer nodes in a private VLAN (PVLAN). VLT enables redundancy without the implementation of Spanning Tree Protocol (STP), and provides a loop-free network with optimal bandwidth utilization. Because the VLT LAG interfaces are terminated on two dif...

PVLAN Operations When a VLT Peer is Restarted When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back online, a verification is performed with the newly received PVLAN configuration from the peer. If any differences are identified, the ...

VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 Access Access Secondary (Community) Secondary (Community) No No - Primary VLAN Y - Primary VLAN X No No Promiscuo us Access Primary Secondary No No Trunk Access Primary/Normal Secondary No No Configur...

4. Ensure that the port channel is active.INTERFACE PORT-CHANNEL mode no shutdown 5. To configure the VLT interconnect, repeat Steps 1–4 on the VLT peer switch. 6. Enter VLT-domain configuration mode for a specified VLT domain.CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1...

5. Access INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces.CONFIGURATION mode interface vlan vlan-id 6. Enable the VLAN.INTERFACE VLAN mode no shutdown 7. To obtain maximum VLT resiliency, configure the PVLAN IDs and mappings to be identical on both the VLT peer node...

proxy ARP. For example, consider a sample topology in which VLAN 100 is configured on two VLT nodes, node 1 and node 2. ICL link is not configured between the two VLT nodes. Assume that the VLAN 100 IP address in node 1 is 10.1.1.1/24 and VLAN 100 IP address in node 2 is 20.1.1.2/24. In this case, i...

VLT Nodes as Rendezvous Points for Multicast Resiliency You can configure virtual link trunking (VLT) peer nodes as rendezvous points (RPs) in a Protocol Independent Multicast (PIM) domain. PIM uses a VLT node as the RP to distribute multicast traffic to a multicast group. Messages to join the multi...

without the implementation of Spanning Tree Protocol (STP), thereby providing a loop-free network with optimal bandwidth utilization. Peer routing for IPv6 packets in a VLT domain is supported. This mechanism of IPv6 peer routing is supported on all the platforms that are compatible with IPv6 routin...

Sample Configuration of IPv6 Peer Routing in a VLT Domain Consider a sample scenario as shown in the following figure in which two VLT nodes, Unit1 and Unit2, are connected in a VLT domain using an ICL or VLTi link. To the south of the VLT domain, UNit1 and Unit2 are connected to a ToR switch named ...

61 Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multi...

Figure 133. VRF Network Example VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Infor...

Feature/Capability Support Status for Default VRF Support Status for Non-default VRF BGP Yes No ACL Yes Yes Multicast Yes No NDP Yes No RAD Yes No Ingress/Egress Storm-Control (per-interface/global) Yes No DHCP DHCP requests are not forwarded across VRF instances. The DHCP client and server must be ...

Task Command Syntax Command Mode Create a non-default VRF instance by specifying a name and VRF ID number, and enter VRF configuration mode. ip vrf vrf-name vrf-id VRF ID range: 1 to 63 and 0 (default VRF) CONFIGURATION Assigning an Interface to a VRF You must enter the ip vrf forwarding command bef...

Configuring VRRP on a VRF Instance You can configure the VRRP feature on interfaces that belong to a VRF instance.In a virtualized network that consists of multiple VRFs, various overlay networks can exist on a shared physical infrastructure. Nodes (hosts and servers) that are part of the VRFs can b...

L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- C 2.0.0.0/24 Direct, Vl 192 0/0 00:26:44 O 20.0.0.0/24 via 2.0.0.1, V...

62 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is supported on the S4810 platform. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address fo...

Figure 136. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to conver...

decreases based on the dynamics of the network, the advertisement intervals may increase or decrease accordingly. CAUTION: Increasing the advertisement interval increases the VRRP Master dead interval, resulting in an increased failover time for Master/Backup election. Take caution when increasing t...

• Create a virtual router for that interface with a VRID. INTERFACE mode vrrp-group vrid The VRID range is from 1 to 255. NOTE: The interface must already have a primary IP address defined and be enabled, as shown in the second example. • Delete a VRRP group. INTERFACE mode no vrrp-group vrid Exampl...

You can use the version both command in INTERFACE mode to migrate from VRRPv2 to VRRPv3. When you set the VRRP version to both , the switch sends only VRRPv3 advertisements but can receive VRRPv2 or VRRPv3 packets. To migrate an IPv4 VRRP group from VRRPv2 to VRRPv3: 1. Set the switches with the low...

belonging to either subnet 50.1.1.0/24 or subnet 60.1.1.0/24, but not from both subnets (though Dell Networking OS allows the same). • If the virtual IP address and the interface’s primary/secondary IP address are the same, the priority on that VRRP group MUST be set to 255. The interface then becom...

The following example shows the same VRRP group (VRID 111) configured on multiple interfaces on different subnets. Dellshow vrrp ------------------ GigabitEthernet 1/1, VRID: 111 , Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec...

Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 2343, Gratuitous ARP sent: 5 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.10 Authentication: (none) ------------------ GigabitEthernet 1/2, VRID: 111, Net: ...

Disabling Preempt The preempt command is enabled by default. The command forces the system to change the MASTER router if another router with a higher priority comes online. Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. NOTE: You must config...

If you are configured for VRRP version 2, the timer values must be in multiples of whole seconds. For example, timer value of 3 seconds or 300 centisecs are valid and equivalent. However, a timer value of 50 centisecs is invalid because it not is not multiple of 1 second. If are using VRRP version 3...

default value of 10 (also known as cost ). If the tracked interface’s state goes up, the VRRP group’s priority increases by 10.The lowered priority of the VRRP group may trigger an election. As the Master/Backup VRRP routers are selected based on the VRRP group’s priority, tracking features ensure t...

show track • (Optional) Display the configuration and the UP or DOWN state of tracked interfaces and objects in VRRP groups, including the time since the last change in an object’s state.EXEC mode or EXEC Privilege mode show vrrp • (Optional) Display the configuration of tracked objects in VRRP grou...

GigabitEthernet 7/30, IPv6 VRID: 1 , Version: 3, Net: fe80::201:e8ff:fe01:95cc VRF: 0 default-vrf State: Master, Priority: 100, Master: fe80::201:e8ff:fe01:95cc (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 0, Bad pkts rc...

This time is the gap between an interface coming up and being operational, and VRRP enabling. The seconds range is from 0 to 900. The default is 0 . • Set the delay time for VRRP initialization on all the interfaces in the system configured for VRRP. INTERFACE mode vrrp delay reload seconds This tim...

VRRP in a VRF Configuration The following example shows how to enable VRRP operation in a VRF virtualized network for the following scenarios. • Multiple VRFs on physical interfaces running VRRP.• Multiple VRFs on VLAN interfaces running VRRP. To view a VRRP in a VRF configuration, use the show comm...

! S1(conf)#interface GigabitEthernet 12/3 S1(conf-if-gi-12/3)#ip vrf forwarding VRF-3 S1(conf-if-gi-12/3)#ip address 20.1.1.5/24 S1(conf-if-gi-12/3)#vrrp-group 15 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-gi-12/3-vrid-105)#priority 255 S1(conf-if-gi-12/3-vrid-105)#v...

63 S-Series Debugging and Diagnostics This chapter describes debugging and diagnostics for the S4810 platform. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagno...

Running Offline Diagnostics To run offline diagnostics, use the following commands. For more information, refer to the examples following the steps. 1. Place the unit in the offline state.EXEC Privilege mode offline stack-unit id You cannot enter this command on a MASTER or Standby stack unit. NOTE:...

PRESENT Test 1.001 - Psu Power Good Test .................................... PASS Test 1 - Psu Power Good Test ....................................... FAIL diagS4810ChkPsuPresence[625]: ERROR: Psu : 0 is not present Test 2.000 - Fan Psu Status test .................................... NOT PRESENT T...

Table 76. Line Card Restart Causes and Reasons Causes Displayed Reasons Remote power cycle of the chassis push button reset reload soft reset reboot after a crash soft reset Hardware Watchdog Timer The hardware watchdog command automatically reboots an Dell Networking OS switch/router with a single ...

show hardware stack-unit { 0-11 } unit { 0-1 } table-dump { table name } Enabling Environmental Monitoring The S4810 components use environmental monitoring hardware to detect transmit power readings, receive power readings, and temperature updates.To receive periodic power updates, you must enable ...

2. Check air flow through the system. Ensure that the air ducts are clean and that all fans are working correctly. 3. After the software has determined that the temperature levels are within normal limits, you can re- power the card safely. To bring back the line card online, use the power-on comman...

OID String OID Name Description .1.3.6.1.4.1.6027.3.16.1.1.4 fpPacketBufferTable View the modular packet buffers details per stack unit and the mode of allocation. .1.3.6.1.4.1.6027.3.16.1.1.5 fpStatsPerPortTable View the forwarding plane statistics containing the packet buffer usage per port per st...

• Dynamic buffer — this pool is shared memory that is allocated as needed, up to a configured limit. Using dynamic buffers provides the benefit of statistical buffer sharing. An interface requests dynamic buffers when its dedicated buffer pool is exhausted. The buffer manager grants the request base...

6 3.00 256 7 3.00 256 The following example shows viewing the default buffer profile on a linecard. Dell# sho buffer-profile detail fp-uplink stack-unit 0 port-set 0 Linecard 0 Port-set 0 Buffer-profile fsqueue-hig Dynamic Buffer 1256.00 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes)...

Sample Buffer Profile Configuration The two general types of network environments are sustained data transfers and voice/data. Dell Networking recommends a single-queue approach for data transfers. Example of a Single Queue Application for S50N with Default Packet Pointers ! buffer-profile fp fsqueu...

Displaying Drop Counters To display drop counters, use the following commands. • Identify which stack unit, port pipe, and port is experiencing internal drops. show hardware stack-unit 0–11 drops [unit 0 [ port 0–63 ]] • Display drop counters. show hardware stack-unit drops unit port Example of the ...

--- Egress FORWARD PROCESSOR Drops --- IPv4 L3UC Aged & Drops : 0 TTL Threshold Drops : 0 INVALID VLAN CNTR Drops : 0 L2MC Drops : 0 PKT Drops of ANY Conditions : 0 Hg MacUnderflow : 0 TX Err PKT Counter : 0 Dataplane Statistics The show hardware stack-unit cpu data-plane statistics command prov...

Example of Viewing Party Bus Statistics Dell#sh hardware stack-unit 2 cpu party-bus statistics Input Statistics: 27550 packets, 2559298 bytes 0 dropped, 0 errors Output Statistics: 1649566 packets, 1935316203 bytes 0 errors Display Stack Port Statistics The show hardware stack-unit stack-port comman...

GTPKT.ge0 : 973 +972 GTBCA.ge0 : 1 +1 GTBYT.ge0 : 71,531 +71,467 RUC.cpu0 : 972 +971 TDBGC6.cpu0 : 1,584 +1,449= Enabling Application Core Dumps Application core dumps are disabled by default.A core dump file can be very large. Due to memory requirements the file can only be sent directly to an FTP ...

flash: 3104256 bytes total (2959872 bytes free) Dell# Example of a Mini Core Text File VALID MAGIC -----------------PANIC STRING ----------------- panic string is :<null> ---------------STACK TRACE START--------------- 0035d60c <f10_save_mmu+0x120>: 00274f8c <panic+0x144>: 0024e2b0...

64 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), Dell Networking OS also supports predecessor standards. One way to search for predeces...

MTU 9,252 bytes RFC and I-D Compliance Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table ...

General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 80. General IPv4 Protocols RFC# Full Name S-Series 791 Internet Protocol 7.6.1 792 Internet Control Message Protocol 7.6.1 826 An Ethernet Address Resolution Protocol 7.6.1 ...

General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 81. General IPv6 Protocols RFC# Full Name S-Series 1886 DNS Extensions to support IP version 6 7.8.1 1981 (Partial) Path MTU Discovery for IP version 6 7.8.1 2460 Internet P...

Multicast The following table lists the Dell Networking OS support per platform for Multicast protocol. Table 86. Multicast RFC# Full Name S-Series 1112 Host Extensions for IP Multicasting 7.8.1 2236 Internet Group Management Protocol, Version 2 7.8.1 2710 Multicast Listener Discovery (MLD) for IPv6...

RFC# Full Name S4810 S4820T Z-Series FORCE10-SMI Force10 Structure of Management Information 7.6.1 FORCE10-SYSTEM-COMPONENT-MIB Force10 System Component MIB (enables the user to view CAM usage information) 7.6.1 FORCE10-TC-MIB Force10 Textual Convention 7.6.1 FORCE10-TRAP-ALARM-MIB Force10 Trap Alar...