Dell MXL 10/40GbE - Manual

Information Symbols This book uses the following information symbols. NOTE: The Note icon signals important operational information. CAUTION: The Caution icon signals information about situations that could result in equipment damage or loss of data. WARNING: The Warning icon signals information abo...

2 Configuration Fundamentals The Dell Networking operating system command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols.The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and y...

ROUTER RIP SPANNING TREE Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes...

CLI Command Mode Prompt Access Command u-Boot Dell(=>)# Press any key when the following line appears on the console during a system boot: Hit any key to stop autoboot: UPLINK STATE GROUP Dell(conf-uplink-state-group- groupID )# uplink-state-group The following example shows how to change the com...

The first bold line shows the assigned IP address, the second bold line shows the no form of the IP address command, and the last bold line shows the IP address removed. Example of Viewing Disabled Commands Dell(conf)#interface gigabitethernet 4/17 Dell(conf-if-gi-4/17)#ip address 192.168.10.1/24 De...

Entering and Editing Commands Notes for entering commands. • The CLI is not case-sensitive.• You can enter partial CLI keywords. – Enter the minimum number of letters to uniquely identify a command. For example, you cannot enter cl as a partial keyword because both the clock and class-map commands b...

Command History The Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands. • When you are in CONFIGURATION mode, the UP or DOWN arrows keys recall the...

Example of the except Keyword Example of the find Keyword Dell(conf)#do show stack-unit all stack-ports all pfc details | except 0 Admin mode is On Admin is enabled Local is enabled Link Delay 45556 pause quantum stack unit 1 stack-port all Admin mode is On Admin is enabled The find keyword displays...

Console Access The MXL 10/40GbE Switch IO Module has two management ports available for system access: a serial console port and an out-of-bounds (OOB) port. Serial Console A universal serial bus (USB) (A-Type) connector is located at the front panel. The USB can be defined as an External Serial Con...

External Serial Port with a USB Connector The following table listes the pin assignments. Table 2. Pin Assignments USB Pin Number Signal Name Pin 1 RTS Pin 2 RX Pin 3 TX Pin 4 CTS Pin 5, 6 GND RxD Chassis GND Accessing the CLI Interface and Running Scripts Using SSH In addition to the capability to ...

Following are the points to remember, when you are trying to establish an SSH session to the device to run commands or script files: • There is an upper limit of 10 concurrent sessions in SSH. Therefore, you might expect a failure in executing SSH-related scripts. • To avoid denial of service (DoS) ...

EQL detection and enabling iscsi profile-compellent on an interface may cause some automatic configurations to occur like jumbo frames on all ports and no storm control and spanning tree port-fast on the port of detection 00:00:42: %STKUNIT0-M:CP %SEC-5-LOGIN_SUCCESS: Login successful for user on li...

Accessing the System Remotely You can configure the system to access it remotely by Telnet or SSH.The MXL 10/40GbE switch IO module has a dedicated management port and a management routing table that is separate from the IP routing table. Accessing the MXL Switch Remotely Configuring the system for ...

management route ip-address/mask gateway – ip-address : the network address in dotted-decimal format (A.B.C.D). – mask : a subnet mask in /prefix-length format (/ xx). – gateway : the next hop for network traffic originating from the management port. Configuring a Username and Password To access the...

* 5 is for inputting a password that is already encrypted using an MD5 hash. Obtain the encrypted password from the configuration file of another Dell Networking system. You can only use this for the enable secret password. Configuration File Management Files can be stored on and accessed from vario...

NOTE: If all of the following conditions are true, the Portmode Hybrid configuration is not applied, because of the configuration process for server ports as switch ports by default: • The running configuration is saved in flash.• The startup configuration is deleted.• The switch is reloaded.• The s...

EXEC Privilege mode copy running-config tftp: //{hostip | hostname}/ filepath/filename • Save the running-configuration to an SCP server. EXEC Privilege mode copy running-config scp: //{hostip | hostname}/ filepath/filename NOTE: When copying to a server, you can only use a host name if you have con...

Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file. Dell#dir Directory of flash: 1 drwx 4096 Jan 01 1980 00:00:00 +00:00 . 2 drwx 2048 May 10 2011 14:45:15 +00:00 .. 3 drwx 4096 Feb 17 2011 00:28:00 +...

To view file system information, use the following command.• View information about each file system. EXEC Privilege mode show file-systems The output of the show file-systems command in the following example shows the total capacity, amount of free memory, file structure, media type, read/write pri...

Example of the show command-history Command Dell#show command-history [5/18 21:58:32]: CMD-(TEL0):[enable]by admin from vty0 (10.11.68.5) [5/18 21:58:48]: CMD-(TEL0):[configure]by admin from vty0 (10.11.68.5) - Repeated 1 time. [5/18 21:58:57]: CMD-(TEL0):[interface port-channel 1]by admin from vty0...

4 Management Management is supported on the Dell Networking MXL 10/40GbE Switch IO Module.This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. Th...

privilege level, and has access to only two commands, end and exit. Individually specify each CONFIGURATION mode command to which you want to allow access using the privilege configure level level command. In the command, specify the privilege level of the user or terminal line, and specify all keyw...

• allows access to CONFIGURATION mode with the banner command • allows access to INTERFACE and LINE modes with the no command Dell(conf)#do show run privilege ! Dell(conf)#privilege exec level 3 capture Dell(conf)#privilege exec level 3 configure Dell(conf)#privilege exec level 4 resequence Dell(con...

• Configure a privilege level for a user. CONFIGURATION mode username username privilege level Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line, use the following command. • Configure a privilege level for a terminal line. Line mode privilege level level NOT...

• Enabling Audit and Security Logs • Displaying Audit and Security Logs • Clearing Audit Logs Enabling Audit and Security Logs You enable audit and security logs to monitor configuration changes or determine if these changes affect the operation of the system in the network. You log audit and securi...

Example of Enabling Audit and Security Logs Dell(conf)#logging extended Displaying Audit and Security Logs To display audit logs, use the show logging auditlog command in Exec mode. To view these logs, you must first enable the logging extended command. Only the RBAC system administrator user role c...

Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server Dell(conf)#ip ssh server enab...

In the following example the syslog server IP address is 10.156.166.48 and the listening port is 5141 . The switch IP address is 10.16.131.141 and the listening port is 5140 ssh -R 5140:10.156.166.48:5141 [email protected] -nNf 3. Configure logging to a local host. locahost is “127.0.0.1” or “::1”...

To view any changes made, use the show running-config logging command in EXEC privilege mode. Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message) , are log in the internal buffer. For example, %BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enable...

CONFIGURATION mode logging { ip-address | ipv6–address | hostname } {{udp { port }} | {tcp { port }}} Configuring a UNIX System as a Syslog Server To configure a UNIX System as a syslog server, use the following command. • Configure a UNIX system as a syslog server by adding the following lines to /...

To view any changes made, use the show running-config logging command in EXEC privilege mode, as shown in the example for Configuring a UNIX Logging Facility Level . Configuring a UNIX Logging Facility Level You can save system log messages with a UNIX system logging facility.To configure a UNIX log...

service timestamps debug datetime msec ! logging trap debugging logging facility user logging source-interface Loopback 0 logging 10.10.10.4 Dell# Synchronizing Log Messages You can configure the system to filter and consolidate the system messages for a specific line by synchronizing the message ou...

Specify the following optional parameters:– datetime : You can add the keyword localtime to include the localtime , msec , and show- timezone . If you do not add the keyword localtime , the time is UTC. – uptime : To view time since last boot. If you do not specify a parameter, the system configures...

ip ftp username name To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enabling the FTP Server . Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles.Terminal lines on th...

line vty 0 access-class myvtyacl Dell OS Behavior: Prior to Dell OS version 7.4.2.0, in order to deny access on a VTY line, apply an ACL and accounting, authentication, and authorization (AAA) to the line. Then users are denied access only after they enter a username and password. Beginning in Dell ...

Dell(config-line-vty)#show config line vty 0 password myvtypassword login authentication myvtymethodlist line vty 1 password myvtypassword login authentication myvtymethodlist line vty 2 password myvtypassword login authentication myvtymethodlist Dell(config-line-vty)# Setting Time Out of EXEC Privi...

telnet [ ip-address ] If you do not enter an IP address, the system enters a Telnet dialog that prompts you for one. Enter an IPv4 address in dotted decimal format (A.B.C.D). Example of the telnet Command for Device Access Dell# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. E...

Dell#config ! Locks configuration mode exclusively. Dell(conf)# If another user attempts to enter CONFIGURATION mode while a lock is in place, the following appears on their terminal (message 1): % Error: User "" on line console0 is in exclusive configuration mode . If any user is already in...

Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this procedu...

Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events.When you log in using the console or VTY line, the system displays the last successful login details of the current user and the number of unsuccessful login...

Display Login Statistics To view the login statistics, use the show login statistics command. Example of the show login statistics Command The show login statistics command displays the successful and failed login details of the current user in the last 30 days or the custom defined time period. Del...

Recovering from a Forgotten Password If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter.Use the following commands if you forget your password. 1. Log onto the system using the console. 2. Power...

Recovering from a Forgotten Enable Password Use the following commands if you forget the enable password. 1. Log onto the system using the console. 2. Power-cycle the chassis by switching off all of the power modules and then switching them back on. 3. Hit any key to abort the boot process. You ente...

Figure 2. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant . The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communica...

EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 4. EAP ...

dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces.INTERFACE mode interface [ range ] 3. Enable 802.1X on an interface or a range of interfaces.INTERFACE mode dot1x authentication Example of Verifying that 802.1X is Enabled Globally Example of Verifying 802.1X is E...

Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: 2 Host Mode: SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize Configuring Request Identity Re-Transmissions If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticat...

INTERFACE mode dot1x quiet-period seconds The range is from 1 to 65535. The default is 60 seconds . Example of Configuring and Verifying Port Authentication The following example shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame: • afte...

• Place a port in the ForceAuthorized, ForceUnauthorized, or Auto state. INTERFACE mode dot1x port-control {force-authorized | force-unauthorized | auto} The default state is auto . Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration info...

INTERFACE mode dot1x reauth-max number The range is from 1 to 10. The default is 2 . Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-gi-2/1)#dot1x reauthentic...

The range is from 1 to 300. The default is 30 . Example of Viewing Configured Server Timeouts The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the ne...

Figure 6. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X ) along with relevant RADIUS server configurations (refer to the illustration in Dynamic VLAN Assignment with Port Authentication ). 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. Cr...

If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also, some dumb-terminals, ...

Example of Configuring Maximum Authentication Attempts Example of Viewing Configured Authentication Dell(conf-if-gi-1/2)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 switchport dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no...

for the ACL VLAN groups present on the system, an appropriate error message is displayed. The ACL manager application verifies the following parameters when you enter the acl-vlan-group command: • Whether the CAM profile is set in VFP• Whether the maximum number of groups in the system has exceeded•...

• The maximum number of VLANs that you can configure as a member of ACL VLAN groups is limited to 512 on the MXL switch if two slices are allocated. If only one virtual flow processing slice is allocated, the maximum number of VLANs that you can configure as a member of an ACL VLAN group is 256 for ...

ip access-group { group name } out implicit-permit 4. Add VLAN member(s) to an ACL VLAN group.CONFIGURATION (conf-acl-vl-grp) mode member vlan { VLAN-range } 5. Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name.CONFIGURATION (conf-acl-vl-grp) mode show acl-vlan...

EXEC Privilege mode Dell#show cam-usage switch Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============| ============== 11 | 0 | IN-L2 ACL | 7152 | 0 | 7152 | | IN-L2 FIB | 32768 | 1081 | 31687 | | OUT-L2 ACL | 0 | 0 | 0 1...

The following sample output displays the CAM space utilization when Layer 2 and Layer 3 ACLs are configured: Dell#show cam-usage acl Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============|============ 11 | 0 | IN-L2 ACL ...

accommodate the new entries. Hot lock ACLs are enabled by default and support both standard and extended ACLs. NOTE: Hot lock ACLs are supported for Ingress ACLs only. Implementing ACL on the Dell Networking OS You can assign one IP ACL per interface with the Dell Networking OS. If you do not assign...

ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8. Therefore (without the keyword order), packets within the range 20.1.1.0/24 match positive against cmap1 and are buffered in queue 7, though you intended for these packets to match positive against ...

IP Fragments ACL Examples The following examples show how you can use ACL commands with the fragment keyword to filter fragmented packets. Example of Permitting All Packets on an Interface Example of Denying Second and Subsequent Fragments The following configuration permits all packets (both fragme...

Example of Layer 4 ACL RulesExample of TCP Packets In this first example, fragments or non-fragmented TCP packets from 10.1.1.1 with TCP destination port equal to 24 are permitted. All other fragments are denied. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)# permit tcp host 10.1.1.1 an...

seq 5 deny any seq 10 deny 10.2.0.0 /16 seq 15 deny 10.3.0.0 /16 seq 20 deny 10.4.0.0 /16 seq 25 deny 10.5.0.0 /16 seq 30 deny 10.6.0.0 /16 seq 35 deny 10.7.0.0 /16 seq 40 deny 10.8.0.0 /16 seq 45 deny 10.9.0.0 /16 seq 50 deny 10.10.0.0 /16 Dell# The following example shows how the seq command order...

NOTE: When assigning sequence numbers to filters, you might need to insert a new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or another number. The following examples shows how the seq command orders the filters according to the sequence number ass...

seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.0 Dell(config-ext-nacl)# To view all configured IP ACLs and the number of packets processed through the ACL, use the show ip accounting access-list command in EXEC Privilege mode, as shown in the first example in Configuring a Standard IP ACL Filt...

Assign an IP ACL to an Interface To pass traffic through a configured IP ACL, assign that ACL to a physical interface, a port channel interface, or a VLAN. The IP ACL is applied to all traffic entering a physical or port channel interface and the traffic is either forwarded or dropped depending on t...

no shutdown Dell(conf-if)# To filter traffic on Telnet sessions, use only standard ACLs in the access-class command. Counting ACL Hits You can view the number of packets matching the ACL by using the count option when creating ACL entries.In the MXL switch, you can configure either count (packets) o...

seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1.1.1.2 Configure Egress ACLs Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized traffic. These system-wide ACLs eliminate ...

CPU-forwarded traffic. Using permit rules with the count option, you can track on a per-flow basis whether CPU-generated and CPU-forwarded packets were transmitted successfully. 1. Apply Egress ACLs to IPv4 system traffic.CONFIGURATION mode ip control-plane [egress filter] 2. Create a Layer 3 ACL us...

Implementation Information In the Dell Networking OS, prefix lists are used in processing routes for routing protocols (for example, router information protocol [RIP], open shortest path first [OSPF], and border gateway protocol [BGP]). NOTE: The MXL Switch platform does not support all protocols. I...

The following example shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 20 was configured before filter 15 and 12, but the show config command displays the filters in the correct order. Dell(conf-nprefixl)#seq 20 permit 0.0.0.0/0 le 32 Del...

seq 10 deny 133.0.0.0/8 Dell(conf-nprefixl)# To delete a filter, enter the show config command in PREFIX LIST mode and locate the sequence number of the filter you want to delete, then use the no seq sequence-number command in PREFIX LIST mode. Viewing Prefix Lists To view all configured prefix list...

To apply a filter to routes in RIP, use the following commands. • Enter RIP mode. CONFIGURATION mode router rip • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a nonexistent prefix list, all routes are forwarded. CONFIG-ROUTER-RIP mode dist...

Example of Viewing Configured Prefix Lists (ROUTER OSPF mode) To view the configuration, use the show config command in ROUTER OSPF mode, or the show running-config ospf command in EXEC mode. Dell(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1 distribute...

• Resequence an IPv4 or MAC ACL. EXEC mode resequence access-list {ipv4 | mac} { access-list-name StartingSeqNum Step-to- Increment } • Resequence an IPv4 prefix-list. EXEC mode resequence prefix-list {ipv4} { prefix-list-name StartingSeqNum Step-to- Increment } Example of Resequencing ACLs When Rem...

seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ! ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permi...

through all instances of that route map until a match is found. The following is an example with two instances of a route map. Dell#show route-map route-map zakho, permit, sequence 10 Match clauses: Set clauses: route-map zakho, permit, sequence 20 Match clauses: interface TenGigabitEthernet 0/1 Set...

with different parameters, the system does a match ONLY if there is a match among ALL the match commands. In the following example, there is a match if a route has any of the tag values specified in the match commands. Example of the match Command to Match Any of Several Values Example of the match ...

The parameters are: – For a Loopback interface, enter the keyword loopback then a number between zero (0) and 16383. – For a 10-Gigabit Ethernet interface, enter the keyword tengigabitEthernet then the slot/port information. – For a VLAN, enter the keyword vlan then a number from 1 to 4094. – For a ...

• Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode set metric {+ | - | metric-value } • Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode set metric-type {external | internal | type-1 | type-2} • Assign an IP address as the route’s next hop. CONFIG-ROUTE-MAP...

redistribute static metric 20 metric-type 2 tag 0 route-map staticospf ! route-map staticospf permit 10 match interface GigabitEthernet 0/0 match metric 255 set level backbone Configure a Route Map for Route Tagging One method for identifying routes from different routing protocols is to assign a ta...

Logging of ACL Processes To assist in the administration and management of traffic that traverses the device after being validated by the configured ACLs, you can enable the generation of logs for access control list (ACL) processes. Although you can configure ACLs with the required permit or deny f...

packets in the ACL entry, and if the logging is deactivated in a specific interval because the threshold has exceeded, the count of packets that exceeded the logging threshold value during that interval is recorded when the subsequent log record (in the next interval) is generated for that ACL entry...

NOTE: This example describes the configuration of ACL logging for standard IP access lists. You can enable the logging capability for standard and extended IPv4 ACLs, IPv6 ACLs, and standard and extended MAC ACLs. 1. Specify the maximum number of ACL logs or the threshold that can be generated by us...

Example Output of the show Command (conf-mon-sess-11)#show config ! monitor session 11 flow-based enable source GigabitEthernet 13/0 destination GigabitEthernet 13/1 direction both The show ip | mac | ipv6 accounting commands have been enhanced to display whether monitoring is enabled for traffic th...

Example of the flow-based enable Command To view an access-list that you applied to an interface, use the show ip accounting access-list command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#flow-based enable Dell(conf)# ip access-list ext testflow Dell(config-ext-nacl...

8 Bidirectional Forwarding Detection (BFD) Bidirectional forwarding detection (BFD) is a protocol that is used to rapidly detect communication failures between two adjacent systems.It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provi...

packet to the neighbor that indicates the state change (though it might not be received if the link or receiving interface is faulty). The BFD manager notifies the routing protocols that are registered with it (clients) that the forwarding path is down and a link state change is triggered in all pro...

1. The active system sends a steady stream of control packets that indicates that its session state is Down, until the passive system responds. These packets are sent at the desired transmit interval of the Active system. The Your Discriminator field is set to zero. 2. When the passive system receiv...

Configure BFD This section contains the following procedures. • Configure BFD for Physical Ports • Configure BFD for Port-Channels • Configure BFD for Static Routes • Configure BFD for OSPF • Configure BFD for OSPFv3 • Configure BFD for BGP • Configure BFD for VRRP • Configure BFD for VLANs • Config...

The bold line shows that BFD is enabled. R1(conf)#bfd ? enable Enable BFD protocol protocol-liveness Enable BFD protocol-liveness R1(conf)#bfd enable R1(conf)#do show running-config bfd ! bfd enable R1(conf)# Establishing a Session on Physical Ports To establish a session, enable BFD at the interfac...

C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.1 2.2.2.2 Gi 4/24 Up 100 100 3 C To view specific information about BFD sessions, use the show bfd neighbors detail command. R1(conf-if-gi-4/24)#do show bfd neighbors detail Sessi...

bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] Changing Session Parameters for Physical Ports View session parameters using the show bfd neighbors detail command. The bold line shows the parameter changes. R1(conf-if-gi-4/24)#bfd interval 100 min_rx 100 multip...

If the remote system state changes due to the local state administration being down, this message displays: R2>01:32:53: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.1 on interface Gi 2/1 (diag: 7) Configure BFD for Static Routes BFD offers systems a li...

ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command. The bold line shows BFD for static routes is enabled. R1(conf)#ip route 2.2.3.0/24 2.2.2.2 R1(conf)#ip route bfd R1(conf)#do...

Configure BFD for OSPF When using BFD with OSPF, the OSPF protocol registers with the BFD manager on the RPM. BFD sessions are established with all neighboring interfaces participating in OSPF. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn n...

Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 12. Establishing Sessions with O...

Disabling BFD for OSPF If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state.If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state. Disabling BFD does not...

Changing OSPFv3 Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: desired tx interval , required min rx interval , detection multiplier , and system role . Configure these parameters for all OSPFv3 sessions or all OSPFv3 s...

Configure BFD for BGP In a BGP core network, bidirectional forwarding detection (BFD) provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40G...

You can configure BFD for BGP on the following types of interfaces: physical port (10GE or 40GE), port channel, and VLAN. 1. Enable BFD globally.CONFIGURATION mode bfd enable 2. Specify the AS number and enter ROUTER BGP configuration mode.CONFIGURATION mode router bgp as-number 3. Add a BGP neighbo...

The BGP link with the neighbor returns to normal operation and uses the BFD session parameters globally configured with the bfd all-neighbors command or configured for the peer group to which the neighbor belongs. • Disable a BFD for BGP session with a specified neighbor. ROUTER BGP mode neighbor { ...

Protocol BGP Messages: Registration : 5 De-registration : 4 Init : 0 Up : 6 Down : 0 Admin Down : 2 Interface TenGigabitEthernet 6/2 Protocol BGP Messages: Registration : 1 De-registration : 0 Init : 0 Up : 1 Down : 0 Admin Down : 2 The bold line shows the message displayed when you enable BFD for B...

MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Neighbor is using BGP global mode BFD configuration For address family: IPv4 Unicast BGP table version 0, neighbor version 0 ...

3. On the master router, establish a VRRP BFD sessions with the backup routers. Refer to Establishing Sessions with All VRRP Neighbors . Related Configuration Tasks • Changing VRRP Session Parameters . • Disabling BFD for VRRP . Establishing Sessions with All VRRP Neighbors BFD sessions can be estab...

INTERFACE mode vrrp bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for a particular VRRP session. INTERFACE mode vrrp bfd neighbor ip-address interval milliseconds min_rx milliseconds multiplier value role [active | passive] T...

1. Enable the BFD globally. Refer to Enabling BFD Globally . 2. Establish sessions with VLAN neighbors. Refer to Establish Sessions with VLAN Neighbors . Related Configuration Task • Changing VLAN Session Parameters . • Disabling BFD for VLANs . Establish Sessions with VLAN Neighbors To establish a ...

Changing VLAN Session Parameters BFD sessions are configured with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. You can change parameters per interface, if you make a configuratio...

• Establish sessions on port-channels. Refer to Establish Sessions on Port-Channels . Related Configuration Tasks • Changing Port-Channel Session Parameters . • Disabling BFD for Port-Channels . Establish Sessions on Port-Channels To establish a session, you must enable BFD at interface level on bot...

Changing Physical Port Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. Configure these parameters per interface; if you change a param...

Troubleshooting BFD To troubleshoot BFD, use the following commands and examples.To control packet field values or to examine the control packets in hexadecimal format, use the following command. • Examine control packet field values. CONFIGURATION mode debug bfd detail • Examine the control packets...

Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are ...

Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, ...

Route Reflectors Route reflectors (RR) reorganize the iBGP core into a hierarchy and allow some route advertisement rules. Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speake...

BGP Attributes Routes learned using BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination.These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection...

Figure 20. BGP Best Path Selection Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. a. R...

Figure 22. Multi-Exit Discriminators NOTE: With the Dell Networking OS version 8.3.1.0, configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. O...

*> 7.0.0.0/29 10.114.8.33 0 0 18508 ? *> 7.0.0.0/30 10.114.8.33 0 0 18508 ? *> 9.2.0.0/16 10.114.8.33 10 0 18508 701 i AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through. The local AS number is added by the BGP speaker when advertising ...

Multiprotocol BGP Multiprotocol extensions for BGP (MBGP) is defined in IETF RFC 2858. MBGP allows different types of address families to be distributed in parallel. MBGP allows information about the topology of the IP multicast-capable routers to be exchanged separately from the topology of normal ...

internal configured, BGP advertises the metric configured in the redistribute command as MED. • If BGP peer outbound route-map has metric configured, all other metrics are overwritten by this configuration. NOTE: When redistributing static, connected, or OSPF routes, there is no metric option. Simpl...

Traditional Format DOT Format 4294967295 65535.65535 When creating Confederations, all the routers in a Confederation must be either 4-Byte or 2-Byte identified routers. You cannot mix them. Configure 4-byte AS numbers with the four-octet-support command. AS4 Number Representation The Dell Networkin...

AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress. When migrating one AS to another, perhaps combining ASs, an eBGP network may lose its routing...

• Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link-local Next-hop. • RFC 2545 and the f10BgpM2Rfc2545Group are not supported. • An SNMP query displays up to 89 AS paths. A query for a larger AS path count displays as "…" at the end of the output. • SNMP set for BGP ...

• auto-summarization (the default is no auto-summary)• synchronization (the default is no synchronization) BGP Configuration To enable the BGP process and begin exchanging information, assign an AS number and use commands in ROUTER BGP mode to configure a BGP neighbor. By default, BGP is disabled.By...

Enabling BGP By default, BGP is not enabled on the system. The Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN).To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer.In BGP, routers with an established TCP connection are called...

Use this command to enter BGP for IPv6 mode (CONF-ROUTER_BGPv6_AF). 2. Add a neighbor as a remote AS.CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group name } remote-as as-number • peer-group name : 16 characters • as-number : from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 t...

For address family: IPv4 Unicast BGP table version 0, neighbor version 0 0 accepted prefixes consume 0 bytes Prefix advertised 0, rejected 0, withdrawn 0 Connections established 0; dropped 0 Last reset never No active TCP connection Dell# R2#show running-config bgp ! router bgp 65123 bgp router-id 1...

bgp asnotation asplain NOTE: ASPLAIN is the default method the system uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot • Enable ASDOT+ AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot+ Exa...

Example of Viewing a Newly Created Peer GroupExample of Enabling a Peer GroupExample of the show ip bgp peer-group Command After you create a peer group, you can use any of the commands beginning with the keyword neighbor to configure that peer group.When you add a peer to a peer group, it inherits ...

To disable a peer group, use the neighbor peer-group-name shutdown command in CONFIGURATION ROUTER BGP mode. The configuration of the peer group is maintained, but it is not applied to the peer group members. When you disable a peer group, all the peers within the peer group that are in the ESTABLIS...

100.100.100.100* Dell# router bgp 65517 neighbor test peer-group neighbor test fail-over neighbor test no shutdown Configuring Passive Peering When you enable a peer-group, the software sends an OPEN message to initiate a TCP connection.If you enable passive peering for the peer group, the software ...

Maintaining Existing AS Numbers During an AS Migration The local-as feature smooths out the BGP network migration operation and allows you to maintain existing ASNs during a BGP network migration.When you complete your migration, be sure to reconfigure your routers with the new information and disab...

• Allow this neighbor ID to use the AS path the specified number of times. CONFIG-ROUTER-BGP mode neighbor { IP address | peer-group-name } allowas-in number – Peer Group Name : 16 characters. – Number : 1 through 10. Format: IP Address: A.B.C.D. You must use Configuring Peer Groups ’before assignin...

• Speeds convergence by advertising a special update packet known as an end-of-RIB marker. This marker indicates the peer has been updated with all routes in the local RIB. If you configure your system to do so, the system can perform the following actions during a hot failover: • Save all forwardin...

neighbor { ip-address | peer-group-name } graceful-restart • Set the maximum restart time for the neighbor or peer-group. CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } graceful-restart [restart-time time- in-seconds ] The default is 120 seconds . • Local router supports graceful r...

4. Enter ROUTER BGP mode.CONFIGURATION mode router bgp as-number 5. Use a configured AS-PATH ACL for route filtering and manipulation.CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } filter-list as-path-name {in | out} If you assign an non-existent or empty AS-PATH ACL, the software ...

Dell(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 filter-list 1 in neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#ex Redistributing Routes In addition to filter...

Enabling Additional Paths The add-path feature is disabled by default. NOTE: Note: In some cases, while receiving 1K same routes from more than 64 iBGP neighbors, BGP sessions holdtime of 10 seconds may flap. The BGP add-path does not update packets for advertisement and cannot scale to higher numbe...

ip community-list community-list-name 2. Configure a community list by denying or permitting specific community numbers or types of community.CONFIG-COMMUNITYLIST mode {deny | permit} { community-number | local-AS | no-advertise | no-export | quote-regexp regular-expression-list | regexp regular-exp...

• soo : route origin or site-of-origin. Support for matching extended communities against regular expression is also supported. Match against a regular expression using the following keyword. • regexp : regular expression. Example of the show ip extcommunity-lists Command To set or modify an extende...

neighbor { ip-address | peer-group-name } route-map map-name {in | out} To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode. To view which BGP routes meet an IP community...

• none : remove the COMMUNITY attribute. • additive : add the communities to already existing communities. 3. Return to CONFIGURATION mode.CONFIG-ROUTE-MAP mode exit 4. Enter the ROUTER BGP mode.CONFIGURATION mode router bgp as-number 5. Apply the route map to the neighbor or peer group’s incoming o...

CONFIG-ROUTER-BGP mode bgp bestpath med {confed | missing-as-best} – confed : Chooses the bestpath MED comparison of paths learned from BGP confederations. – missing-as-best : Treat a path missing an MED as the most preferred one. To view the nondefault values, use the show config command in CONFIGU...

Changing the NEXT_HOP Attribute You can change how the NEXT_HOP attribute is used. To change how the NEXT_HOP attribute is used, enter the first command. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privile...

maximum-paths {ebgp | ibgp} number The show ip bgp network command includes multipath information for that network. Filtering BGP Routes Filtering routes allows you to implement BGP policies. You can use either IP prefix lists, route maps, AS-PATH ACLs or IP community lists (using a route map) to co...

CONFIGURATION mode router bgp as-number 5. Filter routes based on the criteria in the configured prefix list.CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } distribute-list prefix-list-name {in | out} Configure the following parameters:• ip-address or peer-group-name : enter the nei...

CONFIG-ROUTER-BGP mode neighbor { ip-address | peer-group-name } route-map map-name {in | out} Configure the following parameters:• ip-address or peer-group-name : enter the neighbor’s IP address or the peer group’s name. • map-name : enter the name of a configured route map. • in : apply the route ...

Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic.With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information. Configure clusters of routers...

redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 7.0.0.0/29 10.114.8.33 0 0 18508 ? *> 7.0.0.0/30 10.114.8.33 0 0 18508 ? * >a 9.0.0.0/8 192.0.0.0 32768 18508 701 {7018 2686 3786} ? Configuring BGP Confederations Another...

To view a count of dampened routes, history routes, and penalized routes when you enable route dampening, look at the seventh line of the show ip bgp summary command output, as shown in the following example (bold). Dell>show ip bgp summary BGP router identifier 10.114.8.131, local AS number 6551...

Enabling BGP Neighbor Soft-Reconfiguration BGP soft-reconfiguration allows for faster and easier route changing. Changing routing policies typically requires a reset of BGP sessions (the TCP connection) for the policies to take effect. Such resets cause undue interruption to traffic due to hard rese...

Example of Soft-Reconfigration of a BGP Neighbor The example enables inbound soft reconfiguration for the neighbor 10.108.1.1. All updates received from this neighbor are stored unmodified, regardless of the inbound policy. When inbound soft reconfiguration is done later, the stored information is u...

When you configure a peer to support IPv4 multicast, the system takes the following actions: • Send a capability advertisement to the peer in the BGP Open message specifying IPv4 multicast as a supported AFI/SAFI (Subsequent Address Family Identifier). • If the corresponding capability is received i...

• View information about local BGP state changes and other BGP events. EXEC Privilege mode debug ip bgp [ ip-address | peer-group peer-group-name ] events [in | out] • View information about BGP KEEPALIVE messages. EXEC Privilege mode debug ip bgp [ ip-address | peer-group peer-group-name ] keepaliv...

Sent 48 messages, 0 in queue 3 opens, 2 notifications, 0 updates 43 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(...

The ipv6acl and vman-dual-qos allocations must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges. You must save the new CAM settings to the startup-config ( write-mem or copy run start ) then reload the system for the new settings ...

View CAM-ACL Settings View the current cam-acl settings using the show cam-acl command. Example of Viewing CAM-ACL Settings Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) L2Acl : 6 Ipv4Acl : 2 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos :...

Figure 26. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The MXL switch can process maximum of 4200 PPS (packets per second). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though Per Proto...

same queue. If you are not aware of the incoming protocol traffic rate, you cannot set the required queue rate limit value. You must complete queue bandwidth tuning carefully because the system cannot open up to handle any rate, including traffic coming at the line rate.CoPP policies are assigned on...

Dell(conf)#policy-map-input egressFP_rate_policy cpu-qos Dell(conf-policy-map-in-cpuqos)#class-map class_ospf qos-policy rate_limit_500k Dell(conf-policy-map-in-cpuqos)#class-map class_bgp qos-policy rate_limit_400k Dell(conf-policy-map-in-cpuqos)#class-map class_lacp qos-policy rate_limit_200k Dell...

Dell(conf)#policy-map-input cpuq_rate_policy cpu-qos Dell(conf-qos-policy-in)#service-queue 5 qos-policy cpuq_1 Dell(conf-qos-policy-in)#service-queue 6 qos-policy cpuq_2 Dell(conf-qos-policy-in)#service-queue 7 qos-policy cpuq_1 Dell#conf Dell(conf)#control-plane Dell(conf-control-plane)#service-po...

12 Data Center Bridging (DCB) Data center bridging (DCB) is supported on the FC Flex IO module installed in the MXL 10/40GbE Switch. Ethernet Enhancements in Data Center Bridging The following section describes DCB. • The device supports the following DCB features: – Data center bridging exchange pr...

InterProcess Communication (IPC) traffic InterProcess Communication (IPC) traffic within high-performance computing clusters to share information. Server traffic is extremely sensitive to latency requirements. To ensure lossless delivery and latency-sensitive scheduling of storage and service traffi...

Ethernet (FCoE) converged traffic and one for Internet Small Computer System Interface (iSCSI) storage traffic. Configure the same lossless queues on all ports. • PFC delay constraints place an upper limit on the transmit time of a queue after receiving a message to pause a specified priority. • By ...

Data Center Bridging Exchange Protocol (DCBx) DCBx allows a switch to automatically discover DCB-enabled peers and exchange configuration information. PFC and ETS use DCBx to exchange and negotiate parameters with peer devices. DCBx capabilities include: • Discovery of DCB capabilities on peer-devic...

Enabling Data Center Bridging Data center bridging is enabled by default on an MXL 10/40GbE Switch to support converged enhanced Ethernet (CEE) in a data center network.A prerequisite for configuring DCB: • Priority-based flow control• Enhanced transmission selection• Data center bridging exchange p...

Configuring DCB Maps and its Attributes This topic contains the following sections that describe how to configure a DCB map, apply the configured DCB map to a port, configure PFC without a DCB map, and configure lossless queues. DCB Map: Configuration Procedure A DCB map consists of PFC and ETS para...

Important Points to Remember • If you remove a dot1p priority-to-priority group mapping from a DCB map ( no priority pgid command), the PFC and ETS parameters revert to their default values on the interfaces on which the DCB map is applied. By default, PFC is not applied on specific 802.1p prioritie...

Step Task Command Command Mode 1 Enter interface configuration mode on an Ethernet port. interface {tengigabitEthernet slot / port | fortygigabitEthernet slot / port } CONFIGURATION 2 Enable PFC on specified priorities. Range: 0-7. Default: None. Maximum number of lossless queues supported on an Eth...

Step Task Command Command Mode 4 Return to interface configuration mode. exit DCB MAP 5 Apply the DCB map, created to disable the PFC operation, on the interface dcb-map { name | default } INTERFACE 6 Configure the port queues that still function as no-drop queues for lossless traffic. The maximum n...

Configuring Priority-Based Flow Control PFC provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default when you enable DCB.As an enhancement to the existing Ethernet pause mechanism, PFC stops traffic transmission...

interface type slot/port 2. Configure the port queues that still functions as no-drop queues for lossless traffic.INTERFACE mode pfc no-drop queues queue-range For the dot1p-queue assignments, refer to the dot1p Priority-Queue Assignment table. The maximum number of lossless queues globally supporte...

The only valid port-set ID (port-pipe number) is 0. Dell Networking OS Behavior: If you configure PFC on a 40GbE port, count the 40GbE port as four PFC- enabled ports in the pfc-port number you enter in the command syntax.To achieve lossless PFC operation, the PFC port count and queue number used fo...

used to process. For example, you can assign a higher priority for time-sensitive applications and a lower priority for other services, such as file transfers. You can configure the amount of buffer space to be allocated for each priority and the pause or resume thresholds for the buffer. This metho...

ETS Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure ETS bandwidth allocation or queue scheduling and apply a QoS ETS output policy on an interface. • Configuring ETS bandwidth allocation or a queue scheduler for dot1p priorities in a priority grou...

PRIORITY-GROUP mode exit 5. Repeat Steps 1 to 4 to configure all remaining dot1p priorities in an ETS priority group. Dell Networking OS Behavior: A priority group consists of 802.1p priority values that are grouped for similar bandwidth allocation and scheduling, and that share latency and loss req...

If you configure only the priority group in an ETS output policy or only the dot1p priority for strict-priority scheduling, the flow is handled with group strict priority. Configuring Bandwidth Allocation for DCBx CIN After you apply an ETS output policy to an interface, if the DCBx version used in ...

7. Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface.INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, y...

dcb-policy output stack-unit {all | stack-unit-id } stack-ports all dcb- output-policy-name Entering this command removes all DCB input policies applied to stacked ports. Dell Networking Behavior: A dcb-policy output stack-unit all command overwrites any previous dcb-policy output stack-unit stack-u...

dot1p Value in Incoming Frame Queue Assignment 4 2 5 3 6 3 7 3 The following describes the dot1p-priority class group assignment dot1p Value in the Incoming Frame Priority Group Assignment 0 LAN 1 LAN 2 LAN 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment...

Example of Applying DCB PFC Input Policy and ETS Output Policy in a Switch Stack dcb-map stack-unit all stack-ports all <dcb-map-name> Applying DCB Policies in a Switch Stack You can apply a DCB policy with PFC configuration to all stacked ports in a switch stack or on a stacked switch. You ca...

DCBx Port Roles To enable the auto-configuration of DCBx-enabled ports and propagate DCB configurations learned from peer DCBx devices internally to other switch ports, use the following DCBx port roles. Auto-upstream The port advertises its own configuration to DCBx peers and receives its configura...

DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced transmission selection (ETS) and priority-based flow control (PFC) DCB features. DCBx uses the following methods to exchange DCB configuration parameters: Asymmetric DCB p...

• If the configuration received from the peer is not compatible with the internally propagated configuration used by the configuration source, the port is disabled as a client for DCBx operation and synchronization and a syslog error message is generated. The port keeps the peer link up and continue...

On the MXL switch, PFC and ETS use DCBx to exchange link-level configuration with DCBx peer devices. Figure 31. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, en...

[no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [ets-conf | ets-reco | pfc] • ets-conf : enables the advertisement of ETS Configuration TLVs. • ets-reco : enables the advertisement of ETS Recommend TLVs. • pfc enables : the advertisement of PFC TLVs. The default is Al...

Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 10. Displaying DCB Configurations Command Output show dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number ] Displays the data center bridging sta...

PFC Link Delay 45556 pause quanta Application Priority TLV Parameters : -------------------------------------- FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Local ISCSI PriorityMap is 0x10 Remote FCOE PriorityMap is 0x8 Remote ISCSI PriorityMap is 0x8 0...

Table 12. show interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on ...

Dell(conf)# show interface tengigabitethernet 0/49 dcbx detail Dell#show interface te 0/49 dcbx detail E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled ...

QoS dot1p Traffic Classification and Queue Assignment The following section describes QoS dot1P traffic classification and assignments. DCB supports PFC, ETS, and DCBx to handle converged Ethernet traffic that is assigned to an egress queue according to the following QoS methods: Honor dot1p You can...

Configuring the Dynamic Buffer Method To configure the dynamic buffer capability, perform the following steps: 1. Enable the DCB application. By default, DCB is enabled and link-level flow control is disabled on all interfaces.CONFIGURATION mode S6000-109-Dell(conf)#dcb enable 2. Configure the share...

13 Debugging and Diagnostics This chapter describes debugging and diagnostics for the MXL switch. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check f...

PRESENT Test 9 - SD Flash Access Test ....................................... PASS Test 10.000 - Qsfp Plus Power Mode Test ............................. PASS Test 10.001 - Qsfp Plus Power Mode Test ............................. PASS Test 10 - Qsfp Plus Power Mode Test ..................................

Example of the dir flash: Command Dell#dir flash://TRACE_LOG_DIR Directory of flash:/TRACE_LOG_DIR 1 drwx 4096 Jan 17 2011 15:02:16 +00:00 . 2 drwx 4096 Jan 01 1980 00:00:00 +00:00 .. 3 -rwx 100583 Feb 11 2011 20:41:36 +00:00 failure_trace0_RPM0_CP flash: 2143281152 bytes total (2069291008 bytes fre...

show hardware stack-unit { 0-5 } cpu party-bus statistics • View the ingress and egress internal packet-drop counters, MAC counters drop, and FP packet drops for the stack unit on per port basis.EXEC Privilege mode show hardware stack-unit { 0-5 } drops unit { 0-0 } port { 33–56 } This view helps id...

Example of the show interfaces transceiver Command Dell#show int ten 0/49 transceiver SFP is present SFP 49 Serial Base ID fields SFP 49 Id = 0x03 SFP 49 Ext Id = 0x04 SFP 49 Connector = 0x07 SFP 49 Transceiver Code = 0x00 0x00 0x00 0x01 0x20 0x40 0x0c 0x01 SFP 49 Encoding = 0x01 SFP 49 BR Nominal =...

Recognize an Over-Temperature Condition An overtemperature condition occurs, for one of two reasons: the card genuinely is too hot or a sensor has malfunctioned. Inspect cards adjacent to the one reporting the condition to discover the cause. • If directly adjacent cards are not normal temperature, ...

* Management Unit -- Thermal Sensor Readings (deg C) -- Unit Sensor0 Sensor1 Sensor2 Sensor3 Sensor4 Sensor5 Sensor6 Sensor7 Sensor8 Sensor9 -------------------------------------------------------------------------------- ---------- 0 45 43 66 61 66 62 70 65 67 71 Recognize an Under-Voltage Conditio...

OID String OID Name Description .1.3.6.1.4.1.6027.3.16.1.1.5 fpStatsPerPortTable View the forwarding plane statistics containing the packet buffer usage per port per stack unit. .1.3.6.1.4.1.6027.3.16.1.1.6 fpStatsPerCOSTable View the forwarding plane statistics containing the packet buffer statisti...

Total IngMac Drops :0 Total Mmu Drops :0 Total EgMac Drops :0 Total Egress Drops :0 Dell#show hardware stack-unit 0 drops unit 0 Port# :Ingress Drops :IngMac Drops :Total Mmu Drops :EgMac Drops :Egress Drops 1 0 0 0 0 0 2 0 0 0 0 0 3 0 0 0 0 0 4 0 0 0 0 0 5 0 0 0 0 0 6 0 0 0 0 0 7 0 0 0 0 0 8 0 0 0 ...

txPkt(COS1) :0 txPkt(COS2) :0 txPkt(COS3) :0 txPkt(COS4) :0 txPkt(COS5) :0 txPkt(COS6) :0 txPkt(COS7) :0 txPkt(UNIT0) :0 The show hardware stack-unit cpu party-bus statistics command displays input and output statistics on the party bus, which carries inter-process communication traffic between CPUs...

RDBGC0.ge0 : 34 +24 RDBGC1.ge0 : 366 +235 RDBGC5.ge0 : 16 +12 RDBGC7.ge0 : 18 +12 GR64.ge0 : 5,176 +24 GR127.ge0 : 1,566 +1,433 GR255.ge0 : 4 +4 GRPKT.ge0 : 1,602 +1,461 GRBYT.ge0 : 117,600 +106,202 GRMCA.ge0 : 366 +235 GRBCA.ge0 : 12 +9 GT64.ge0 : 4 +3 GT127.ge0 : 964 +964 GT255.ge0 : 4 +4 GT511.ge...

The panic string contains key information regarding the crash. Several panic string types exist, and they are displayed in regular English text to allow easier understanding of the crash cause. Example of Application Mini Core Dump Listings Example of a Mini Core Text File Dell#dir Directory of flas...

The tcpdump command has a finite run process. When you enable the tcpdump command, it runs until the capture-duration timer and/or the packet-count counter threshold is met. If you do not set a threshold, the system uses a default of a 5 minute capture-duration and/or a single 1k file as the stoppin...

14 Dynamic Host Configuration Protocol (DHCP) The dynamic host configuration protocol (DHCP) is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators....

Option Number and DescriptionIdentifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Snooping Option 82Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database. End Opti...

Configure the System to be a DHCP Server Configuring the system to be a DHCP server is supported on the MXL switch. A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host manage...

DHCP mode pool name 3. Specify the range of IP addresses from which the DHCP server may assign addresses.DHCP <POOL> mode network network/prefix-length • network : the subnet address. • prefix-length : specifies the number of bits used for the network portion of the address you specify. The pr...

Specifying an Address Lease Time To specify an address lease time, use the following command. • Specify an address lease time for the addresses in a pool. DHCP <POOL> lease {days [hours] [minutes] | infinite} The default is 24 hours . Specifying a Default Gateway The IP address of the default ...

Figure 34. Enabling the DHCP Server Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Using DNS for Address Resolution A domain is a group of networks. DHCP clients query DNS ...

Creating Manual Binding Entries An address binding is a mapping between the IP address and the media access control (MAC) address of a client.The DHCP server assigns the client an available IP address automatically, and then creates an entry in the binding table. However, the administrator can manua...

clear ip dhcp binding ip address • Clear a DHCP address conflict. EXEC Privilege mode. clear ip dhcp conflict • Clear DHCP server counters. EXEC Privilege mode. clear ip dhcp server statistics Configure the System to be a Relay Agent DHCP clients and servers request and offer configuration informati...

Figure 35. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command Dell#show ip int tengig 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10....

ICMP redirects are not sent ICMP unreachables are not sent Configure the System to be a DHCP Client A DHCP client is a network device that requests an IP address and configuration parameters from a DHCP server. Implement the DHCP client functionality as follows: • The switch can obtain a dynamically...

EXEC Privilege mode release dhcp interface type slot/port 4. Acquire a new IP address with renewed lease time from a DHCP server.EXEC Privilege mode renew dhcp interface type slot/port Example of the show ip dhcp client statistics Command Example of the show ip dhcp lease command DHCP Client: Debug ...

Interface Te 0/1 May 27 15:55:31: %STKUNIT0-M:CP %DHCLIENT-5-DHCLIENT-LOG: DHCLIENT_DBG_PKT: Received DHCPOFFER packet in Interface Te 0/1 with Lease-Ip:10.16.134.250, Mask:255.255.0.0,Server-Id: 10.16.134.249 The following shows an example of the packet- and event-level debug messages displayed for...

• Management routes added by the DHCP client are not added to the running configuration. NOTE: Management routes added by the DHCP client include the specific routes to reach a DHCP server in a different subnet and the management route. DHCP Client Operation with Other Features The DHCP client opera...

To use the router as the VRRP owner, if you enable a DHCP client on an interface that is added to a VRRP group, assign a priority less than 255 but higher than any other priority assigned in the group. Configure Secure DHCP DHCP as defined by RFC 2131 provides no authentication or security mechanism...

DHCP Snooping DHCP snooping protects networks from spoofing. In the context of DHCP snooping, ports are either trusted or not trusted. By default, all ports are not trusted. Trusted ports are ports through which attackers cannot connect. Manually configure ports connected to legitimate servers and r...

ip dhcp snooping trust 3. Enable DHCP snooping on a VLAN.CONFIGURATION mode ip dhcp snooping vlan Enabling IPv6 DHCP Snooping To enable IPv6 DHCP snooping, use the following commands. 1. Enable IPv6 DHCP snooping globally.CONFIGURATION mode ipv6 dhcp snooping 2. Specify ports connected to IPv6 DHCP ...

Clearing the DHCP IPv6 Binding Table To clear the DHCP IPv6 binding table, use the following command. • Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Cont...

Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic IPv6 Address MAC Address Expires(Sec) Type VLAN Interface ===========================================...

Dynamic ARP Inspection Dynamic address resolution protocol (ARP) inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding table. ARP is a stateless protocol that provides no authentication mechanism. Network devices accept ARP requests and repl...

NOTE: Dynamic ARP inspection (DAI) uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system. However, the ExaScale default CAM profile allocates only nine entries to the L2SysFlow regi...

--------------------------------------- Valid ARP Requests : 0 Valid ARP Replies : 1000 Invalid ARP Requests : 1000 Invalid ARP Replies : 0 Dell# Bypassing the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environ...

packet. Likewise, if the IP address is fake, the address is not on the list of permissible addresses for the port and the packet is dropped. To enable IP source address validation, use the following command. • Enable IP source address validation. INTERFACE mode ip dhcp source-address-validation DHCP...

15 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) is supported on the MXL switch. ECMP for Flow-Based Affinity ECMP for flow-based affinity is available on the MXL switch. NOTE: IPv6 /128 routes having multiple paths do not form ECMPs. The /128 route is treated as a host entry and finds i...

Link Bundle Monitoring Monitoring linked ECMP bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time. A threshold of 60% is defined as an acceptable amount of traffic on a member link. Links are monitored in 15-second intervals for three conse...

16 FC FLEXIO FPORT FC FlexIO FPort is now supported on the MXL switch platform. FC FLEXIO FPORT The MXL blade switch is a Trident+ based switch which is plugged into the Dell M1000 Blade server chassis. The blade module contains two slots for pluggable flexible module. The goal is to provide support...

INTERFACE mode fcoe-map <fcoe-map-name> {tengigabitEthernet slot/port | fortygigabitEthernet slot/port} The FCoE map contains FCoE and FC parameter settings (refer to FCoE Maps ). Manually apply the fcoe-map to any Ethernet ports used for FCoE. Name Server Each participant in the FC environmen...

FCoE Maps To identify the SAN fabric to which FCoE storage traffic is sent, use an FCoE map. Using an FCoE map, an NPG operates as an FCoE-FC bridge between an FC SAN and FCoE network by providing FCoE-enabled servers and switches with the necessary parameters to log in to a SAN fabric. An FCoE map ...

7. Configure the time interval (in seconds) used to transmit FIP keepalive advertisements.FCoE MAP mode fka-adv-period seconds The range is from 8 to 90 seconds. The default is 8 seconds . Zoning The zoning configurations are supported for Fabric FCF Port mode operation on the MXL. In FCF Port mode,...

Creating Zone Alias and Adding Members To create a zone alias and add devices to the alias, follow these steps. 1. Create a zone alias name.CONFIGURATION mode fc alias ZoneAliasName 2. Add devices to an alias.ALIAS CONFIGURATION mode member word The member can be WWPN (00:00:00:00:00:00:00:00), port...

Activating a Zoneset Activating a zoneset makes the zones within it effective.On a switch, only one zoneset can be active. Any changes in an activated zoneset do not take effect until it is re-activated. By default, the fcoe-map fabric map-name does not have any active zonesets. 1. Enter enter the f...

17 FCoE Transit The Fibre Channel over Ethernet (FCoE) Transit feature is supported on the MXL 10/40GbE switch. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FCoE transit is not supported on Fibre Channel interfaces. Fibre Channel over Ethernet FCo...

Figure 36. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be...

Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configuring FIP Snooping procedure. As soon as you enable the FCoE transit feature on a switch-bridge, existing VLAN-sp...

FCoE traffic is allowed on the port only after the switch learns the FC-MAP value associated with the specified FCF MAC address and verifies that it matches the configured FC-MAP value for the FCoE VLAN. Configure a Port for a Bridge-to-FCF Link If a port is directly connected to an FCF, configure t...

Bridging (DCB) chapter). Dell Networking recommends also enabling enhanced transmission selection (ETS); however, ETS is recommended but not required.If you enable DCBx and PFC mode is on (PFC is operationally up) in a port configuration, FIP snooping is operational on the port. If the PFC parameter...

The default is 0x0EFC00. The valid values are from 0EFC00 to 0EFCFF. 4. Enter interface configuration mode to configure the port for FIP snooping links.CONFIGURATION mode interface port-type slot/port By default, a port is configured for bridge-to-ENode links. 5. Configure the port for bridge-to-FCF...

Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/ port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FCoE MAC MAC address of the FCoE session assigned by the FCF. FC-ID Fibre Channel ID assigned by the FCF. Port WWPN Worldwide por...

Table 22. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FC-MAP FC-Map value advertised by the FCF. ENode Interface Slot/number of the ...

Number of FLOGO Accepts :0 Number of FLOGO Rejects :0 Number of CVL :0 Number of FCF Discovery Timeouts :0 Number of VN Port Session Timeouts :0 Number of Session failures due to Hardware Config :0 Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan...

FCoE Transit Configuration Example The following illustration shows an MXL switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. In this example, DCBx and PFC are enabled on the FIP snooping ...

18 FIPS Cryptography Federal information processing standard (FIPS) cryptography is supported on the MXL switch platform.This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS standar...

• FIPS mode is enabled. – If you enable the SSH server when you enter the fips mode enable command, it is re-enabled for version 2 only . – If you re-enable the SSH server, a new RSA host key-pair is generated automatically. You can also manually create this key-pair using the crypto key generate co...

Example of the show fips status Command Example of the show system Command Dell#show fips status FIPS Mode : Enabled for the system using the show system command. Dell#show system Stack MAC : 00:01:e8:8a:ff:0c Reload Type : normal-reload [Next boot : normal-reload] -- Unit 0 -- Unit Type : Managemen...

19 Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimiz...

Figure 39. Normal Operating FRRP Topology A virtual LAN (VLAN) is configured on all node ports in the ring. All ring ports must be members of the Member VLAN and the Control VLAN. The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health c...

Ring Failure If a Transit node detects a link down on any of its ports on the FRRP ring, it immediately sends a link-down control frame on the Control VLAN to the Master node.When the Master node receives this control frame, the Master node moves from the Normal state to the Ring-Fault state and unb...

Figure 40. Multiple Rings Connected by a Single Switch Example Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks. The Master node originates a high-speed frame that circulates around the ring. This frame, appropriately, sets...

• Transit node ring port states — blocking, pre-forwarding, forwarding, and disabled.• STP disabled on ring interfaces.• Master node secondary port is in blocking state during Normal operation.• Ring health frames (RHF) – Hello RHF: sent at 500ms (hello interval); Only the Master node transmits and ...

– Configure Primary and Secondary ports • Setting the FRRP Timers Other FRRP related commands are: • Clearing the FRRP Counters • Viewing the FRRP Configuration • Viewing the FRRP Information Creating the FRRP Group Create the FRRP group on each switch in the ring. To create the FRRP group, use the ...

• For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/po...

CONFIG-FRRP mode. member-vlan vlan-id { range } VLAN-ID, Range : VLAN IDs for the ring’s Member VLANs. 6. Enable this FRRP group on this switch.CONFIG-FRRP mode. no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-I...

Viewing the FRRP Information To view general FRRP information, use one of the following commands. • Show the information for the identified FRRP group. EXEC or EXEC PRIVELEGED mode. show frrp ring-id Ring ID: the range is from 1 to 255. • Show the state of all FRRP groups. EXEC or EXEC PRIVELEGED mo...

Sample Configuration and Topology The following example shows a basic FRRP topology. Figure 41. Basic Topology and CLI Commands Example of R1 MASTERExample of R2 TRANSITExample of R3 TRANSIT interface GigabitEthernet 1/24 no ip address switchport no shutdown ! interface GigabitEthernet 1/34 no ip ad...

Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example,...

Related Configuration Tasks • Configure GVRP Registration • Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#...

Configure GVRP Registration Configure GVRP registration. There are three GVRP registration modes: • Normal Registration — Allows dynamic creation, registration, and de-registration of VLANs (if you enabled dynamic VLAN creation). By default, the registration mode is set to Normal when you enable GVR...

• LeaveAll — After startup, a GARP device globally starts a LeaveAll timer. After expiration of this interval, it sends out a LeaveAll message so that other GARP devices can re-register all relevant attribute information. The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll...

21 Internet Group Management Protocol (IGMP) Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group.IGMP is a Layer 3 multicast protocol that hosts use to join or leave a multicast group. Multicast routing pr...

Figure 43. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. • Responding to an IGMP Query – One router on a subnet is elected as the qu...

group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability to filter by multicast source, which helps multicast ...

Figure 45. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it wa...

Figure 46. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries.1. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that ...

Figure 47. Membership Queries: Leaving and Staying IGMP Snooping IGMP snooping enables switches to use information in IGMP packets to generate a forwarding table that associates ports with multicast groups so that when they receive multicast frames, they can forward them only to interested receivers...

• IGMP snooping is supported on all MXL 10/40GbE stack members.• IGMP snooping reacts to spanning tree protocol (STP) and multiple spanning tree protocol (MSTP) topology changes by sending a general query on the interface that transitions to the forwarding state. • Configuring IGMP Snooping Configur...

Example of the show config Command Dell(conf-if-vl-100)#show config ! interface Vlan 100 no ip address ip igmp snooping fast-leave shutdown Dell(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered ...

Adjusting the Last Member Query Interval To adjust the last member query interval, use the following command. When the querier receives a Leave message from a receiver, it sends a group-specific query out of the ports specified in the forwarding table. If no response is received, it sends another. T...

22 Interfaces This chapter describes 100/1000/10000 Mbps Ethernet, 10 Gigabit Ethernet, and 40 Gigabit Ethernet interface types, both physical and logical, and how to configure them with the Dell Networking operating software (OS). Basic Interface Configuration • Interface Types • View Basic Interfa...

Interface Types The following table describes different interface types. Interface Type Modes Possible Default Mode Requires Creation Default State Physical L2, L3 Unset No Shutdown (disabled) Management N/A N/A No No Shutdown (enabled) Loopback L3 L3 Yes No Shutdown (enabled) Null N/A N/A No Enable...

GigabitEthernet 1/2 unassigned YES Manual up up GigabitEthernet 1/3 unassigned YES Manual up up GigabitEthernet 1/4 unassigned YES Manual up up GigabitEthernet 1/5 10.10.10.1 YES Manual up up GigabitEthernet 1/6 unassigned NO Manual administratively down down GigabitEthernet 1/7 unassigned NO Manual...

To confirm that the interface is enabled, use the show config command in INTERFACE mode. To leave INTERFACE mode, use the exit command or end command. You cannot delete a physical interface. Physical Interfaces The switch interfaces support Layer 2 and Layer 3 traffic over the 100/1000/10000, 10-Gig...

INTERFACE mode ip address ip-address mask [secondary] The ip-address must be in dotted-decimal format (A.B.C.D) and the mask must be in slash format (/ xx). Add the keyword secondary if the IP address is the interface’s backup IP address. Example of the show ip interface Command You can only configu...

The MXL switch system supports the management Ethernet interface as well as the standard interface on any front-end port. You can use either method to connect to the system. Configuring Management Interfaces on the MXL Switch On the MXL Switch IO Module, the dedicated management interface provides m...

Server Port AdminState is Down Pluggable media not present Interface index is 38080769 Internet address is not set Mode of IP Address Assignment : NONE DHCP Client-ID :tenG145001ec9bb02c2 MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 ...

INTERFACE mode ip address ip-address mask [secondary] – ip-address mask : enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). – secondary : the IP address is the interface’s backup IP address. You can configure up to eight secondary IP addresses. Example of a...

Null Interfaces The Null interface is another virtual interface. There is only one Null interface. It is always up, but no traffic is transmitted through this interface.To enter INTERFACE mode of the Null interface, use the following command. • Enter INTERFACE mode of the Null interface. CONFIGURATI...

With this feature, you can create larger-capacity interfaces by utilizing a group of lower-speed links. For example, you can build a 40-Gigabit interface by aggregating four 10-Gigabit Ethernet interfaces together. If one of the five interfaces fails, traffic is redistributed across the three remain...

In this example, you can change the common speed of the port channel by changing its configuration so the first enabled interface referenced in the configuration is a 1000 Mb/s speed interface. You can also change the common speed of the port channel here by setting the speed of the TenGig 0/0 inter...

• description • shutdown/no shutdown • mtu • ip mtu (if the interface is on a Jumbo-enabled by default) NOTE: The MXL switch supports jumbo frames by default (the default maximum transmission unit [MTU] is 1554 bytes) You can configure the MTU using the mtu command from INTERFACE mode. To view the i...

Last clearing of "show interface" counters 00:05:44 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttl...

INTERFACE PORT-CHANNEL mode interface port-channel id number 3. Add the interface to the second port channel.INTERFACE PORT-CHANNEL mode channel-member interface Example of Moving an Interface to a New Port Channel The following example shows moving the TenGigabitEthernet 1/8 interface from port cha...

• Add the port channel to the VLAN as a tagged interface. INTERFACE VLAN mode tagged port-channel id number An interface with tagging enabled can belong to multiple VLANs. • Add the port channel to the VLAN as an untagged interface. INTERFACE VLAN mode untagged port-channel id number An interface wi...

– ipv6-selection — Set the IPV6 key fields to use in hash computation. – tunnel — Set the tunnel key fields to use in hash computation. Hash Algorithm The load-balance command selects the hash criteria applied to port channels. If even distribution is not obtained with the load-balance command, the ...

Default Configuration without Start-up Config This feature is enabled by default and can be enabled on reload by deleting the start-up config file. On reload, all the server ports (1-32) come up as switch ports in No Shut mode. Uplinks remain in Shut mode ensuring that there are no network loops.Wit...

The interface range prompt offers the interface (with slot and port information) for valid interfaces. The maximum size of an interface range prompt is 32. If the prompt size exceeds this maximum, it displays (...) at the end of the output. NOTE: Non-existing interfaces are excluded from the interfa...

Dell(conf)#interface range tengigabitethernet 2/0 - 23 , tengigabitethernet 2/0 - 23 , tengigab 2/0 - 23 Dell(conf-if-range-te-2/0-23)# Exclude a Smaller Port Range The following is an example show how the smaller of two port ranges is omitted in the interface-range prompt. Example of the Interface-...

To define an interface-range macro, use the following command. • Defines the interface-range macro and saves it in the running configuration file. CONFIGURATION mode define interface-range macro_name {vlan vlan_ID - vlan_ID } | {{tengigabitethernet | fortyGigE} slot/ interface - interface } [ , {vla...

– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Example of the monitor interface Command The information displays in a continuous run, refres...

the signal that returns. By examining the reflection, TDR is able to indicate whether there is a cable fault (when the cable is broken, becomes unterminated, or if a transceiver is unplugged).TDR is useful for troubleshooting an interface that is not establishing a link; that is, when the link is fl...

– portmode quad : Identifies the uplink port as a split 10GbE SFP+ port. To display the stack-unit number, enter the show system brief command. • Save the configuration and reload the switch. CONFIGURATION mode write memory reload Merging SFP+ Ports to QSFP 40G Ports To remove FANOUT mode in 40G QSF...

Because different networking vendors define MTU differently, check their documentation when planning MTU sizes across a network. The following table lists the various Layer 2 overheads found in the Dell Networking OS and the number of bytes. Table 24. Layer 2 Overhead Transmission Media MTU Range (i...

Important Points to Remember • Before using the QSA to convert a 40 Gigabit Ethernet port to a 10 Gigabit SFP or SFP+ port, enable 40 G to 4*10 fan-out mode on the device. • When you insert a QSA into a 40 Gigabit port, you can use only the first 10 Gigabit port in the fan-out mode to plug-in SFP or...

The globally assigned 48-bit Multicast address 01-80-C2-00-00-01 is used to send and receive pause frames. To allow full duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with a destination address equal to this multicast address. The pause...

Configure MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be enough to include the Layer 2 header. For example, for VLAN packets, if the IP MTU is 1400, the Link MTU must be no less than 1422: 1400-byte IP MTU + 22-byte VLA...

Port-Pipes A high-speed data bus connection used to switch traffic between front-end ports is known as the port pipe. A port pipe is a Dell Networking-specific term for the hardware path that packets follow through a system. The MXL switch supports single port pipe only. Auto-Negotiation on Ethernet...

5. Set the local port speed.INTERFACE mode speed {100 | 1000 | 10000 | auto} 6. Optionally, set full- or half-duplex.INTERFACE mode duplex {half | full} 7. Disable auto-negotiation on the port.INTERFACE mode no negotiation auto If the speed was set to 1000, do not disable auto-negotiation. 8. Verify...

speed 100 duplex full no shutdown Set Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave after you enable auto-negotiation. CAUTION: Ensure that only one end of the node is configured as forced-master and the...

Dell#show interfaces configured Dell#show interfaces tengigabitEthernet 0 configured Dell#show ip interface configured Dell#show ip interface tengigabitEthernet 1 configured Dell#show interfaces fortygigabitEthernet 0 configured Dell#show ip interface fortygigabitEthernet 1 configured Dell#show ip i...

The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100. Dell#show interfaces TenGigabitEthernet 10/0 is down, line protocol is down Hardware is Dell Force10Eth, address is 00:01:e8:01:9e:d9 Internet address is not set MTU 1554 byt...

NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by the Dell Networking OS: • Egress VLAN• Ingress VLAN• Next Hop 2• Next Hop 1• Egress ACLs• ILM• IP FLOW• IP ACL•...

Enhanced Validation of Interface Ranges You can avoid specifying spaces between the range of interfaces, separated by commas, that you configure by using the interface range command. For example, if you enter a list of interface ranges, such as interface range fo 2/0-1,te 10/0,gi 3/0,fa 0/0 , this c...

Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. 1. Define the transform set.CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption des 2. Define the crypto policy.CONFIGURATION mode crypto ipsec policy my...

24 IPv4 Routing The Dell Networking OS supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking operating system (OS). IP Feature Default DNS Disa...

Configuration Tasks for IP Addresses The following describes the tasks associated with IP address configuration. Configuration tasks for IP addresses includes: • Assigning IP Addresses to an Interface (mandatory) • Configuring Static Routes (optional) • Configure Static Routes for the Management Int...

Example the show config Command Example of the show ip interface Command To view the configuration, use the show config command in INTERFACE mode or use the show ip interface command in EXEC privilege mode, as shown in the second example. Dell(conf-if-te-0/16)#show conf ! interface TenGigabitEtherne...

----------- ------- ----------- ----------- S 2.1.2.0/24 Direct, Nu 0 0/0 00:02:30 S 6.1.2.0/24 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.2/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.3/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.4/32 via 6.1.20.2, Te 5/0 1/0 00:02:30 S 6.1.2.5/32 via 6.1.20.2, Te...

172.31.1.0/24 ManagementEthernet 1/0 Connected Dell# IPv4 Path MTU Discovery Overview The size of the packet that can be sent across each hop in the network path without being fragmented is called the path maximum transmission unit (PMTU). This value might vary for the same route between two devices...

Configuring the ICMP Source Interface You can enable the ICMP error and unreachable messages to contain the configured IP address of the source device instead of the previous hop's IP address. This configuration helps identify the devices along the path because the DNS server maps the loopback IP ad...

Enabling Directed Broadcast By default, the system drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks.To enable the system to receive directed broadcasts, use the following command. • Enable directed broad...

Name servers are not set Host Flags TTL Type Address -------- ----- ---- ---- ------- ks (perm, OK) - IP 2.2.2.2 patch1 (perm, OK) - IP 192.68.69.2 tomm-3 (perm, OK) - IP 192.68.99.2 gxr (perm, OK) - IP 192.71.18.2 f00-3 (perm, OK) - IP 192.71.23.1 Dell> To view the current configuration, use the...

a probe count (default is 3 ), minimum TTL (default is 1 ), maximum TTL (default is 30 ), and port number (default is 33434 ). CONFIGURATION mode traceroute [ host | ip-address ] To keep the default setting for these parameters, press the ENTER key. Example of the traceroute Command The following te...

Configuration Tasks for ARP For a complete listing of all ARP-related commands, refer to the Dell Networking OS Command Line Reference Guide . Configuration tasks for ARP include: • Configuring Static ARP Entries (optional) • Enabling Proxy ARP (optional) • Clearing ARP Cache (optional) • ARP Learni...

• Re-enable Proxy ARP. INTERFACE mode ip proxy-arp To view if Proxy ARP is enabled on the interface, use the show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only non-default information is displayed in the show config command output. Clear...

ARP Learning via ARP Request In the Dell Networking OS versions prior to 8.3.1.0, the system learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address. If t...

Configuring ARP Retries In the Dell Networking OS versions prior to 8.3.1.0, the number of ARP retries is set to five and is not configurable. After five retries, the system backs off for 20 seconds before it sends a new request. Beginning with the Dell Networking OS version 8.3.1.0, the number of A...

For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide . Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled.When enabled, ICMP unreachable messages are created and sent out all interfaces.To disable and ...

Example of Enabling UDP Helper Example of the show ip udp-helper Command Dell(conf-if-te-1/1)#ip udp-helper udp-port 1000 Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 ip address 2.1.1.1/24 ip udp-helper udp-port 1000 no shutdown To view the interfaces and ports on which you en...

3. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured. Figure 50. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matc...

UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a destination IP address that matches the configured broadcas...

5/1 TenGig 5/ 2 Vlan 3 01:44:54: Pkt rcvd on TenGig 7/0 is handed over for DHCP processing. When using the IP helper and UDP helper on the same interface, use the debug ip dhcp command. Example Output from the debug ip dhcp Command Packet 0.0.0.0:68 -> 255.255.255.255:67 TTL 128 2005-11-05 11:59:...

25 IPv6 Addressing Internet protocol version 6 (IPv6) is supported on the MXL switch platform. NOTE: The IPv6 basic commands are supported on all platforms. However, not all features are supported on all platforms, nor for all releases. To determine the Dell Networking OS version supporting which fe...

• Duplicate Address Detection (DAD) — Before configuring its IPv6 address, an IPv6 host node device checks whether that address is used anywhere on the network using this mechanism. • Prefix Renumbering — Useful in transparent renumbering of hosts in the network when an organization changes its serv...

IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 53. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any d...

Source Address (128 bits) The Source Address field contains the IPv6 address for the packet originator. Destination Address (128 bits) The Destination Address field contains the intended recipient’s IPv6 address. This can be either the ultimate destination or the address of the next hop router. Exte...

This field can contain one or more options. The first byte if the field identifies the Option type, and directs the router how to handle the option. 00 Skip and continue processing. 01 Discard the packet. 10 Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet’s Source ...

Link-local Addresses Link-local addresses, starting with fe80:, are assigned only in the local link area. The addresses are generated usually automatically by the operating system's IP layer for each network interface. This provides instant automatic network connectivity for any IPv6 host and means ...

Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location MXL Multicast IPv6 in the Dell Networking OS Command Line Reference Guide . IPv6 QoS trust DSCP values N/A IPv6 Multicast in this chapter ICMPv6 ICMPv6 is supported on the MXL switch platform. ICMP f...

Figure 54. Path MTU Discovery Process IPv6 Neighbor Discovery IPv6 neighbor discovery protocol (NDP) is supported on the MXL swtich platform. NDP is a top-level protocol for neighbor discovery on an IPv6 network. In lieu of address resolution protocol (ARP), NDP uses “Neighbor Solicitation” and “Nei...

Figure 55. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets With the Dell Networking OS version 8.3.1.0, you can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to...

• invalid host addresses If you specify this information in the IPv6 RDNSS configuration, a DNS error is displayed. Example for Configuring an IPv6 Recursive DNS Server The following example configures a RDNNS server with an IPv6 address of 1000::1 and a lifetime of 1 second. Debugging IPv6 RDNSS In...

rendezvous point (RP) of the share tree distribution tree to distribute multicast traffic to a multicast group. Messages to join the multicast group (Join messages) are sent towards the RP and data is sent from senders to the RP so receivers can discover who are the senders and begin receiving traff...

• L3 QoS (ipv4qos): 1• L2 QoS (l2qos): 1 To have the changes take effect, save the new CAM settings to the startup-config ( write-mem or copy run start ) then reload the system for the new settings. • Allocate space for IPV6 ACLs. Enter the CAM profile name then the allocated amount. CONFIGURATION m...

NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits. Separate each group by a colon (:). Omitting zeros is accepted as described in Addressing . Assigning a Static IPv6 Route IPv6 static routes are supported on the MXL switch platform.To configure IPv6 static routes,...

– mask : prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing . SNMP over IPv6 The simple network management protocol (SNMP) is support...

• Show the currently running configuration for the specified interface. EXEC mode show ipv6 interface type { slot/port } Enter the keyword interface then the type of interface and slot/port information: – For all brief summary of IPv6 status and configuration, enter the keyword brief . – For all IPv...

Example of the show ipv6 route summary Command Example of the show ipv6 route Command Example of the show ipv6 route static Command Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0 static 0 0 Total 5 0 Dell#show ipv6 route Codes: C - connected, L - local, S - s...

– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Example of the show running-config interface Command Dell#show run int gi 2/2 ! interface Gig...

26 iSCSI Optimization The MXL switch enables internet small computer system interface (iSCSI) optimization with default iSCSI parameter settings and is auto-provisioned to support the following features. • Detection and Auto-Configuration for Dell EqualLogic Arrays • Configuring Detection and Ports ...

Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets. When ...

• At the first detection of an EqualLogic array, an MTU of 12000 is enabled on all ports and port- channels (if it has not already been enabled). • Spanning-tree portfast is enabled on the interface LLDP identifies.• Unicast storm control is disabled on the interface LLDP identifies. Configuring Det...

Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 26. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Enabled iSCSI CoS mode (802.1p priority queue mapping) Enabled: dot1p priority 4 without ...

27 Intermediate System to Intermediate System Intermediate system to intermediate system (Is-IS) is supported on the MXL switch platform. • The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-I...

• MT ID #5: Reserved for IPv6 in-band management purposes. Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi- topology. A router operating in multi-topology mode does not recognize the ability of the single-topology mode router ...

by an active RPM have been downloaded into the forwarding information base (FIB) on the line cards (the data plane) and are still resident. For packets that have existing FIB/content addressable memory (CAM) entries, forwarding between ingress and egress ports can continue uninterrupted while the co...

To support IPv6, the Dell Networking implementation of IS-IS performs the following tasks: • Advertises IPv6 information in the PDUs.• Processes IPv6 information received in the PDUs.• Computes routes to IPv6 destinations.• Downloads IPv6 routes to the RTM for installing in the FIB.• Accepts externa...

• For a VLAN, enter the keyword vlan then a number from 1 to 4094. 4. Enter an IPv4 Address.INTERFACE mode ip address ip-address mask Assign an IP address and mask to the interface. The IP address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the ...

– interval : wait time (the range is from 5 to 120. The default is 5 .) – retry-times : number of times an unacknowledged restart request is sent before the restarting router gives up the graceful restart engagement with the neighbor. (The range is from 1 to 10 attempts. The default is 1 .) • Config...

Suppress Adj rcv count : 0 (level-1), 0 (level-2) Restart CSNP rcv count : 0 (level-1), 0 (level-2) Database Sync count : 0 (level-1), 0 (level-2) Circuit GigabitEthernet 2/10: Mode: Normal L1-State:NORMAL, L2-State: NORMAL L1: Send/Receive: RR:0/0, RA: 0/0, SA:0/0 T1 time left: 0, retry count left:...

lsp-mtu size – size : the range is from 128 to 9195. The default is 1497 . • Set the LSP refresh interval. ROUTER ISIS mode lsp-refresh-interval seconds – seconds : the range is from 1 to 65535. The default is 900 seconds . • Set the maximum time LSPs lifetime. ROUTER ISIS mode max-lsp-lifetime seco...

Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with IS-IS enabled, you can assign a cost or metric that is used in the link state calculation.To change the metric or cost of the interface, use the follow...

Changing the IS-Type To change the IS-type, use the following commands. You can configure the system to act as a Level 1 router, a Level 1-2 router, or a Level 2 router.To change the IS-type for the router, use the following commands. • Configure IS-IS operating level for a router. ROUTER ISIS mode ...

– static : for user-configured routes. – bgp : for BGP routes only. • Deny RTM download for pre-existing redistributed IPv4 routes. ROUTER ISIS mode distribute-list redistributed-override in Applying IPv6 Routes To apply prefix lists to incoming or outgoing IPv6 routes, use the following commands. N...

Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process. With the redistribute command syntax, you can include BGP, OSPF, RIP, static, or directly connected routes in the IS-IS process. NOTE: Do not route iBGP rout...

redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value ] [metric-type {external | internal}] [route-map map-name ] Configure the following parameters:– level-1 , level-1-2 , or level-2 : assign all redistributed routes to a level. The default is le...

The Dell Networking OS supports both DES and HMAC-MD5 authentication methods. This password is inserted in Level 2 LSPs, Complete SNPs, and Partial SNPs. To view the passwords, use the show config command in ROUTER ISIS mode or the show running- config isis command in EXEC Privilege mode. To remove ...

To disable all debugging, use the undebug all command. IS-IS Metric Styles The following sections provide additional information about the IS-IS metric styles. • Configuring the IS-IS Metric Style • Configure Metric Values The Dell Networking OS supports the following IS-IS metric styles: • narrow (...

Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide transition narrow transition default value (10) if the original value is greater than 63. A message is sent to the console. wide transition transition truncated value (the truncated value appears in the LSP only). The origin...

28 Link Aggregation Control Protocol (LACP) Link aggregation control protocol (LACP) is supported on the MXL switch platform. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel , can provide both load-sharing and port redundancy across line cards. You...

– If a physical interface is a part of a dynamic LAG, it cannot be added as a member of a static LAG. The channel-member gigabitethernet x/y command is rejected in the static LAG interface for that physical interface. • A dynamic LAG can be created with any type of configuration.• There is a differe...

[no] port-channel-protocol lacp The default is LACP disabled . This command creates context. • Configure LACP mode. LACP mode [no] port-channel number mode [active | passive | off] – number : cannot statically contain any links. The default is LACP active . • Configure port priority. LACP mode [no] ...

Example of Configuring a LAG Interface Example of the tagged Command Dell(conf)#interface port-channel 32 Dell(conf-if-po-32)#no shutdown Dell(conf-if-po-32)#switchport The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG. Dell(conf)#interface v...

default timeout value to be 30 seconds . Invoking the longer timeout might prevent the LAG from flapping if the remote system is up but temporarily unable to transmit PDUs due to a system interruption. NOTE: The 30-second timeout is available for dynamic LAG interfaces only. You can enter the lacp l...

As shown in the following illustration, the line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2. Traffic is equally distributed between LAGs 1 and 2. If LAG 1 fails, all traffic from R1 to R4 flows across LAG 2 only. This condition over-subscribes the link and packets are ...

Important Points about Shared LAG State Tracking The following is more information about shared LAG state tracking. • This feature is available for static and dynamic LAGs.• Only a LAG can be a member of a failover group.• You can configure shared LAG state tracking on one side of a link or on both ...

29 Layer 2 Layer 2 features are supported on the MXL switch platform. Manage the MAC Address Table The Dell Networking OS provides the following management activities for the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries • Configuring a Static MAC A...

CONFIGURATION mode mac-address-table aging-time seconds The range is from 10 to 1000000. Dell Networking OS Behavior : The time elapsed before the configured MAC aging time expires is not precisely as configured. For example, the VLAN configuration mac-address-table aging-time 1 , does not remove dy...

interface/VLAN. After the limit is reached, the system drops all traffic from a device with an unlearned MAC address. This section describes the following: • mac learning-limit Dynamic • mac learning-limit station-move • Learning Limit Violation Actions • Setting Station Move Violation Actions • Rec...

• Display a list of all of the interfaces configured with MAC learning limit or station move violation. CONFIGURATION mode show mac learning-limit violate-action NOTE: When the MAC learning limit (MLL) is configured as no-station-move , the MLL will be processed as static entries internally. For sta...

Figure 69. Configuring the mac-address-table station-move refresh-arp Command MAC Move Optimization MAC move optimization is supported only on the E-Series platform. Station-move detection takes 5000ms because this is the interval at which the detection algorithm runs.The threshold option is the num...

30 Link Layer Discovery Protocol (LLDP) The link layer discovery protocol (LLDP) is supported on the MXL switch platform. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration inf...

Table 32. Type, Length, Value (TLV) Types Type TLV Description 0 End of LLDPDU Marks the end of an LLDPDU. 1 Chassis ID An administratively assigned name that identifies the LLDP agent. 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received. 3 Tim...

Management TLVs A management TLV is an optional TLVs sub-type. This kind of TLV contains essential management information about the sender. Organizationally Specific TLVs A professional organization or a vendor can define organizationally specific TLVs. They have two mandatory fields (as shown in th...

Type TLV Description does not currently support this TLV. 127 Maximum Frame Size Indicates the maximum frame size capability of the MAC and PHY. TIA-1057 (LLDP-MED) Overview Link layer discovery protocol — media endpoint discovery (LLDP-MED) as defined by ANSI/ TIA-1057— provides additional organiza...

Type SubType TLV Description 127 11 Inventory — Asset ID Indicates a user specified device number to manage inventory. 127 12–255 Reserved — LLDP-MED Capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. LL...

Value Device Type 4 Network Connectivity 5–255 Reserved LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations. LLDP-MED network policies TLV include: • VLAN ID• VLAN tagged or untagged status• Laye...

Type Application Description 6 Video Conferencing Specify this application type for dedicated video conferencing and other similar appliances supporting real-time interactive video. 7 Streaming Video Specify this application type for dedicated video conferencing and other similar appliances supporti...

Figure 75. Extended Power via MDI TLV Configure LLDP Configuring LLDP is a two-step process. 1. Enable LLDP globally. 2. Advertise TLVs out of an interface. Related Configuration Tasks • Viewing the LLDP Configuration • Viewing Information Advertised by Adjacent LLDP Agents • Configuring LLDPDU Inte...

Example of the protocol lldp Command (CONFIGURATION Level) R1(conf)#protocol lldp R1(conf-lldp)#? advertise Advertise TLVs dcbx Configure Dcbx Parameters disable Disable LLDP protocol globally end Exit from configuration mode exit Exit from LLDP configuration mode fcoe Configure priority bits for FC...

To undo an LLDP configuration, precede the relevant command with the keyword no . Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • If you configure the system globally, all interfaces send LLDPDUs with the specified TLVs.• If you ...

Figure 76. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Example of Viewing LLDP Global Configurations Example of Viewing LLDP Interface Configurations R1(conf)#...

Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • Display brief information about adjacent devices. show lldp neighbors • Display all of the information ...

Total In Error Frames: 0 Total Unrecognized TLVs: 0 Total TLVs Discarded: 0 Next packet will be sent after 4 seconds The neighbors are given below: ----------------------------------------------------------------------- Remote Chassis ID Subtype: Mac address (4) Remote Chassis ID: 00:00:c9:ad:f6:12 ...

Configuring Transmit and Receive Mode After you enable LLDP, Dell Networking systems transmit and receive LLDPDUs by default. To configure the system to transmit or receive only and return to the default, use the following commands. • Transmit only. CONFIGURATION mode or INTERFACE mode mode tx • Rec...

Configuring a Time to Live The information received from a neighbor expires after a specific amount of time (measured in seconds) called a time to live (TTL).The TTL is the product of the LLDPDU transmit interval (hello) and an integer called a multiplier. The default multiplier is 4 , which results...

• View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. debug lldp detail Figure 77. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networkings OS supports all IEEE 802.1AB MIB objects. The following tables list the objects as...

31 Microsoft Network Load Balancing Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across...

With NLB, the data frame is forwarded to all the servers for them to perform load-balancing. NLB Multicast Mode Scenario Consider a sample topology in which four servers, namely S1 through S4, are configured as a cluster or a farm. This set of servers is connected to a Layer 3 switch, which in turn ...

Enable and Disable VLAN Flooding • The older ARP entries are overwritten whenever newer NLB entries are learned.• All ARP entries, learned after the feature is enabled, are deleted when the feature is disabled, and RP2 triggers an ARP resolution. The feature is disabled with the no ip vlan-flooding ...

32 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on the MXL switch platform. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguo...

Figure 79. MSDP SA Message Format Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows ...

Configure the Multicast Source Discovery Protocol Configuring MSDP is a four-step process. 1. Enable an exterior gateway protocol (EGP) with at least two routing domains.Refer to the following figures. The MSDP Sample Configurations show the OSPF-BGP configuration used in this chapter for MSDP. Also...

Figure 83. Configuring MSDP Enabling MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP.CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains.CONFIGURATION mode Multicast Source Discovery Protocol (MSDP) 567

ip msdp peer connect-source Example of Configuring MSDP Example of Viewing Peer Information R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr Local Addr State Source SA Up/Down Description 192.168.0.1 192....

Example of the show ip msdp sa-cache Command R3_E600#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.0.0.1 10.11.4.2 192.168.0.1 192.168.0.1 76 00:10:44 Limiting the Source-Active Cache Set the upper limit of the number of active s...

Figure 87. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check.CONFIGURATION mode ip msdp default-peer ip-address l...

Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Acti...

CONFIGURATION mode ip msdp redistribute list Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in th...

! ip access-list extended myremotefilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 R3_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.0.0.1 10.11.4.2 192.168.0.1 192.168.0.1 1 00:03:59 R3_E600(conf)#do show ip msdp ...

To display the configured SA filters for a peer, use the show ip msdp peer command from EXEC Privilege mode. Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a P...

Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics. CONFIGURATION mode clear ip msdp peer peer-address Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3_E600(conf)#do s...

03:17:10 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:17:27 : MSDP-0: Peer 192.168.0.3, sent Source Active msg Input (S,G) filter: none Output (S,G) filter: none MSDP with Anycast RP Anycast RP uses MSDP with PIM-SM to allow more than one active group to use RP mapping. PIM-SM allows only activ...

Figure 88. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address.CONFIGURATION mode interface loopback 2. Make...

3. In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address.CONFIGURATION mode interface loopback 4. Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect-source....

MSDP Sample Configurations The following examples show the running-configurations described in this chapter. For more information, refer to the illustrations in the Related Configuration Tasks section. MSDP Sample Configuration: R1 Running-Config MSDP Sample Configuration: R2 Running-Config MSDP Sam...

Spanning Tree Variations The Dell Networking operating system (OS) supports four variations of spanning tree, as shown in the following table. Table 42. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w M...

• Configuring an EdgePort • Flush MAC Addresses after a Topology Change • Debugging and Verifying MSTP Configurations • Prevent Network Disruptions with BPDU Guard • SNMP Traps for Root Elections and Topology Changes Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MS...

Example of the msti Command Example of Viewing MSTP Port States Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)# msti 1 vlan 100 Dell(conf-mstp)#msti 2 vlan 200-300 Dell(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP...

A lower number increases the probability that the bridge becomes the root bridge. The range is from 0 to 61440, in increments of 4096. The default is 32768 . Example of Assigning and Verifying the Root Bridge Priority By default, the simple configuration shown previously yields the same forwarding p...

The range is from 0 to 65535. The default is 0 . Example of the name Command To view the current region name and revision, use the show spanning-tree mst configuration command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst conf...

The default is 2 seconds . 3. Change the max-age parameter.PROTOCOL MSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds . 4. Change the max-hops parameter.PROTOCOL MSTP mode max-hops number The range is from 1 to 40. The default is 20 . Example of the forward-delay Paramet...

edge-port bpdu filter default Figure 90. BPDU Filtering Enabled Globally Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port. • Port cost is a value that is based on the interface type. The greater t...

To change the port cost or priority of an interface, use the following commands. 1. Change the port cost of an interface.INTERFACE mode spanning-tree msti number cost cost The range is from 0 to 200000. For the default, refer to the default values shown in the table. 2. Change the port priority of a...

* Use the shutdown command on the interface. * Disable the shutdown-on-violation command on the interface (using the no spanning- tree mstp edge-port [bpduguard | [shutdown-on-violation]]) command). * Disable spanning tree on the interface (using the no spanning-tree command in INTERFACE mode). * Di...

Figure 91. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps:1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs...

name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface GigabitEthernet 3/11 no ip address switchport no shutdown ! interface GigabitEthernet 3/21 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged GigabitEthernet 3/11,21 no shutdown ! i...

(Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs. EXEC P...

– Is the Region name blank? That may mean that a name was configured on one router and but was not configured or was configured differently on another router (spelling and capitalization counts). • MSTP Instances. – To verify the VLAN to MSTP instance mapping, use the show commands. – Are there “ext...

34 Multicast Features Multicast features are supported on the MXL switch platform.The Dell Networking operating system (OS) supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • PIM Source-Specific Mode (PIM-SSM) • Internet Group Management Protocol (IGMP) • Multicast Source Disco...

• Preventing a PIM Router from Processing a Join Limiting the Number of Multicast Routes When the total number of multicast routes on a system limit is reached, the Dell Networking OS does not process any IGMP or multicast listener discovery protocol (MLD) joins to PIM — though it still processes le...

Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined.Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than pe...

35 Open Shortest Path First (OSPFv2 and OSPFv3) Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on the MXL switch platform.This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking ...

You can divide an AS into a number of areas, which are groups of contiguous networks and attached hosts. Routers with multiple interfaces can participate in multiple areas. These routers, called area border routers (ABRs), maintain separate databases for each area. Areas are a logical grouping of OS...

Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An ABR takes information it has learned on one of i...

• Type 4: AS Border Router Summary LSA (OSPFv2), Inter-Area-Router LSA (OSPFv3) — In some cases, Type 5 External LSAs are flooded to areas where the detailed next-hop information may not be available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement ...

Router Priority and Cost Router priority and cost is the method the system uses to “rate” the routers. For example, if not assigned, the system selects the router with the highest priority as the DR. The second highest priority is the BDR. • Priority is a numbered rating 0 to 255. The higher the num...

example, if you create five OSPFv2 processes on a system, there must be at least five interfaces assigned in Layer 3 mode. Each OSPFv2 process is independent. If one process loses adjacency, the other processes continue to function. Processing SNMP and Sending SNMP Traps Though there are may be seve...

Dell(conf-if-te-2/2)# In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell (conf-if-te-2/2)#ip ospf dead-interval 20 Dell (conf-if-te-2/2)#do show ip os int tengig 1/3 TenGigabitEthernet 2/2 is up, line protocol is up Internet Address 20.0.0.1/24, Area 0 ...

• Troubleshooting OSPFv2 1. Configure a physical interface. Assign an IP address, physical or Loopback, to the interface to enable Layer 3 routing. 2. Enable OSPF globally. Assign network area and neighbors. 3. Add interfaces or configure other attributes. 4. Set the time interval between when the s...

• vrf name : enter the keyword VRF and the instance name to tie the OSPF instance to the VRF. All network commands under this OSPF instance are later tied to the VRF instance. The range is from 0 to 65535. The OSPF process ID is the identifying number assigned to the OSPF process. The router ID is t...

Enabling Multi-Process OSPF (OSPFv2, IPv4 Only) Multi-process OSPF allows multiple OSPFv2 processes on a single router.The MXL switch supports up to 16 OSPFv2 processes. When configuring a single OSPF process, follow the same steps previously described. Repeat them as often as necessary for the desi...

You can assign the area in the following step by a number or with an IP interface address. • Enable OSPFv2 on an interface and assign a network address range to a specific OSPF area. CONFIG-ROUTER-OSPF-id mode network ip-address mask area area-id The IP Address Format is A.B.C.D/M. The area ID range...

To view currently active interfaces and the areas assigned to them, use the show ip ospf interface command. Dell>show ip ospf 1 interface TenGigabitEthernet 12/17 is up, line protocol is up Internet Address 10.2.2.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.1.2.1, Network Type BROADCAST, Cost: ...

To configure a stub area, use the following commands. 1. Review all areas after they were configured to determine which areas are NOT receiving type 5 LSAs.EXEC Privilege mode show ip ospf process-id database database-summary 2. Enter CONFIGURATION mode.EXEC Privilege mode configure 3. Enter ROUTER ...

• start-interval : set the minimum interval between the initial sending and resending the same LSA. The range is from 0 to 600,000 milliseconds. • hold-interval : set the next interval to send the same LSA. This interval is the time between sending the same LSA after the start-interval has been atte...

Dell#show ip ospf 34 int TenGigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0...

In the examples below, Convergence Level shows the fast-converge parameter setting and Min LSA origination shows the LSA parameters (shown in bold). Dell(conf-router_ospf-1)#fast-converge 2 Dell(conf-router_ospf-1)#ex Dell(conf)#ex Dell#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supp...

– seconds : the range is from 1 to 65535 (the default is 10 seconds ). The hello interval must be the same on all routers in the OSPF network. • Use the MD5 algorithm to produce a message digest or key, which is sent instead of the key. CONFIG-INTERFACE mode ip ospf message-digest-key keyid md5 key ...

interface TenGigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface GigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, C...

• role — the role or roles the configured router can perform. NOTE: By default, OSPFv2 graceful restart is disabled. To enable and configure OSPFv2 graceful restart, use the following commands. 1. Enable OSPFv2 graceful-restart globally and set the grace period.CONFIG-ROUTEROSPF- id mode graceful-re...

Dell#show run ospf ! router ospf 1 graceful-restart grace-period 300 graceful-restart role helper-only graceful-restart mode unplanned-only graceful-restart helper-reject 10.1.1.1 graceful-restart helper-reject 20.1.1.1 network 10.0.2.0/24 area 0 Dell# Creating Filter Routes To filter routes, use pr...

Redistributing Routes You can add routes from other routing instances or protocols to the OSPF process. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. NOTE: Do not route iBGP routes to OSPF unless there are route-maps associated with the...

router ospf 3 ! router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 ! router ospf 5 ! router ospf 6 ! router ospf 7 mib-binding ! router ospf 8 ! router ospf 90 area 2 virtual-link 4.4.4.4 area 2 virtual-link 90.90.90.90 retransmit-interval 300 ! ipv6 router ospf 999 default-information origin...

Configuration Task List for OSPFv3 (OSPF for IPv6) The configuration options of OSPFv3 are the same as those options for OSPFv2, but you may configure OSPFv3 with differently labeled commands. Specify process IDs and areas and include interfaces and addresses in the process. Define areas as stub or ...

Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following command. • Enable IPv6 unicast routing globally. CONFIGURATION mode ipv6 unicast routing Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands. 1. Assign an IPv6 ad...

Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf { process ID } The range is from 0 to 65535. • Assign the router ID for this OS...

default-information originate [always [metric metric-value ] [metric-type type-value ]] [route-map map-name ] Configure the following required and optional parameters:– always : indicate that default route information is always advertised. – metric metric-value : The range is from 0 to 4294967295. –...

before the system switches over to the secondary RPM. OSPFv3 is notified that a planned restart is happening. – Unplanned-only : the OSPFv3 router supports graceful-restart only for unplanned restarts. During an unplanned restart, OSPFv3 sends out a Grace LSA once the secondary RPM comes online. The...

Process 1 database summary Type Count/Status Oper Status 1 Admin Status 1 Area Bdr Rtr Status 0 AS Bdr Rtr Status 1 AS Scope LSA Count 0 AS Scope LSA Cksum sum 0 Originate New LSAS 73 Rx New LSAS 114085 Ext LSA Count 0 Rte Max Eq Cost Paths 5 GR grace-period 180 GR mode planned and unplanned Area 0 ...

With IPsec-based authentication, Crypto images are used to include the IPsec secure socket application programming interface (API) required for use with OSPFv3. To ensure integrity, data origin authentication, detection and rejection of replays, and confidentiality of the packet, RFC 4302 and RFC 43...

– AH is used to authenticate OSPFv3 headers and certain fields in IPv6 headers and extension headers. – MD5 and SHA1 authentication types are supported; encrypted and unencrypted keys are supported. • In an OSPFv3 encryption policy: – Both encryption and authentication are used.– IPsec security asso...

– key : specifies the text string used in authentication. All neighboring OSPFv3 routers must share key to exchange information. For MD5 authentication, the key must be 32 hex digits (non- encrypted) or 64 hex digits (encrypted). For SHA-1 authentication, the key must be 40 hex digits (non-encrypted...

– key-authentication-type : (optional) specifies if the authentication key is encrypted. The valid values are 0 or 7 . • Remove an IPsec encryption policy from an interface. no ipv6 ospf encryption ipsec spi number • Remove null encryption on an interface to allow the interface to inherit the encryp...

Configuring IPsec Encryption for an OSPFv3 Area To configure, remove, or display IPsec encryption in an OSPFv3 area, use the following commands. Prerequisite : Before you enable IPsec encryption in an OSPFv3 area, first enable OSPFv3 globally on the router (refer to Configuration Task List for OSPFv...

Displaying OSPFv3 IPsec Security Policies To display the configuration of IPsec authentication and encryption policies, use the following commands. • Display the AH and ESP parameters configured in IPsec security policies, including the SPI number, key, and algorithms used.EXEC Privilege mode show c...

36 Policy-based Routing (PBR) Policy-based Routing is supported on the MXL platform.This chapter covers the following topics: • Overview• Implementing Policy-based Routing with Dell Networking OS• Configuration Task List for Policy-based Routing• Sample Configuration Overview Policy-based Routing (P...

a tunnel interface user needs to provide tunnel id mandatory. Instead if user provides the tunnel destination IP as next hop, that would be treated as IPv4 next hop and not tunnel next hop. PBR with Multiple Tacking Option: Policy based routing with multiple tracking option extends and introduces th...

Sample Configuration The following configuration is an example for setting up a PBR. These are not comprehensive directions. They are intended to give you a some guidance with typical configurations. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to su...

37 PIM Sparse-Mode (PIM-SM) Protocol-independent multicast sparse-mode (PIM-SM) is supported on the MXL switch platform.PIM-SM is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM-Dense mode, which for...

path tree switchover latency by copying and forwarding the first (S,G) packet received on the SPT to the PIM task immediately upon arrival. The arrival of the (S,G) packet confirms for PIM that the SPT is created, and that it can prune itself from the shared tree. Important Point to Remember If you ...

Configuring S,G Expiry Timers By default, S, G entries expire in 210 seconds. You can configure a global expiry time (for all [S,G] entries) or configure an expiry time for a particular entry.If you configure both, the ACL supersedes the global configuration for the specified entries.When you create...

! ip access-list extended SGtimer seq 5 permit ip 10.1.2.0/24 225.1.1.0/24 seq 10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf) #ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer To display the expiry time configuration, use the show running...

To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configuring a Designated Router Multiple PIM-SM routers might be c...

Enabling PIM-SM Graceful Restart To enable PIM-SM graceful restart, use the following commands. • Enable PIM-SM graceful restart (non-stop forwarding capability). CONFIGURATION mode ip pim graceful-restart nsf – (option) restart-time : the time the Dell Networking system requires to restart. The def...

Use PIM-SSM with IGMP Version 2 Hosts PIM-SSM requires receivers that support IGMP version 3. You can employ PIM-SSM even when receivers support only IGMP version 1 or version 2 by translating (*,G) entries to (S,G) entries. Translate (*,G) entries to (S,G) entries using the ip igmp ssm-map acl comm...

------ ------ ----------- --- ---- --------- -------- 1 Te 0/0 Te 0/1 both Port N/A N/A 2 Te 0/0 Te 0/2 both Port N/A N/A Dell (conf-mon-sess-2)#do show running-config monitor session ! monitor session 1 source TenGigabitEthernet 0/0 destination TenGigabitEthernet 0/1 direction both ! monitor sessio...

--------- ------ ----------- --------- ---- ---- 0 Gi 1/1 Gi 1/2 rx interface Flow-based Remote Port Mirroring Remote Port Mirroring is supported on the MXL Switch platform.While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port o...

Configuring Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports conn...

• The L3 interface configuration should be blocked for RPM VLAN.• The member port of the reserved VLAN should have MTU and IPMTU value as MAX+4 (to hold the VLAN tag parameter). • To associate with source session, the reserved VLAN can have at max of only 4 member ports.• To associate with destinati...

• A destination port for remote port mirroring cannot be used as a source port, including the session in which the port functions as the destination port. • A destination port cannot be used in any spanning tree instance.• The reserved VLAN used to transport mirrored traffic must be a L2 VLAN. L3 VL...

Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source remote-vlan 20 destination te 0/4 Dell(conf-mon-sess-2)#tagged destination te 0/4 Dell(conf-mon-sess-2)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 0/5 Dell(conf-mon-sess-3)#t...

ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported. As...

40 Private VLANs (PVLAN) The private VLAN (PVLAN) feature is supported on the MXL switch platform.For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide . Private VLANs extend the Dell Networ...

• Primary VLAN — the base VLAN of a PVLAN: – A switch can have one or more primary VLANs, and it can have none.– A primary VLAN has one or more secondary VLANs.– A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. – A primary VLAN has one or more ...

[no] private-vlan mode {community | isolated | primary} • Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode [no] private-vlan mapping secondary-vlan vlan-list • Display type and status of PVLAN interfaces. EXEC mode or EXEC Privilege mode show interfaces private-vlan [interface i...

3. Set the port in Layer 2 mode.INTERFACE mode switchport 4. Select the PVLAN mode.INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • host (isolated or community VLAN port) • promiscuous (intra-VLAN communication port) • trunk (inter-switch PVLAN hub port) Example of the swit...

private-vlan mode primary 4. Map secondary VLANs to the selected primary VLAN.INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be:• Specified in comma-delimited ( VLAN-ID,VLAN-ID ) or hyphenated-range format ( VLAN-ID- VLAN-ID ). • Specified with this...

private-vlan mode community 4. Add one or more host ports to the VLAN.INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited ( slot/ port,port,port ) or hyphenated ( slot/ port-port ). You can only add host (isolated)...

Dell(conf)# interface vlan 100 Dell(conf-vlan-100)# private-vlan mode isolated Dell(conf-vlan-100)# untagged Te 2/2 Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 99. Sample Private VLAN Topology The following configuration is based on the example diag...

• The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. • The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports. • The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the pri...

Example of Viewing a Private VLANExample of the show vlan private-vlan mapping Command Example of Viewing VLAN StatusExample of Viewing Private VLAN Configuration The show arp and show vlan commands are revised to display PVLAN data. Dell#show vlan private-vlan Primary Secondary Type Active Ports --...

Table 46. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Inform...

protocol spanning-tree pvst 2. Enable PVST+.PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFA...

Figure 101. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root...

Root Identifier has priority 32768, Address 001e.c9f1.00f3 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 32768, Address 001e.c9f1.00f3 Configured hello time 2, max age 20, forward delay 15 Bpdu filter disabled globally We are the root of VLAN 2 Current root ha...

• Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds . • Change the max-age parameter. PROTOCO...

The EdgePort status of each interface is given in the output of the show spanning-tree pvst command, as previously shown. Dell Networking OS Behavior : Regarding the bpduguard shutdown-on-violation command behavior: • If the interface to be shut down is a port channel, all the member ports are disab...

Figure 102. PVST+ with Extend System ID • Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ...

no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! protocol spanning-...

Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication . It also implements these Internet Engineering Task Force (IETF) documents: • RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers • ...

dot1p Queue Number 7 3 • Change the priority of incoming traffic on the interface. dot1p-priority Example of Configuring a dot1p Priority on an Interface NOTE: The dot1p-priority command marks all incoming traffic on an interface with a specified dot1p priority and maps all incoming traffic to the c...

Priority-Tagged Frames on the Default VLAN Priority-tagged frames are 802.1Q tagged frames with VLAN ID 0. For VLAN classification, these packets are treated as untagged. However, the dot1p value is still honored when you configure service-class dynamic dot1p or trust dot1p . When priority-tagged fr...

Example of rate—shape Command Dell#config Dell(conf)#interface tengigabitethernet 1/0 Dell(conf-if)#rate shape 500 50 Dell(conf-if)#end Dell# Guidelines for Configuring ECN for Classifying and Color- Marking Packets Keep the following points in mind while configuring the marking and mapping of incom...

seq 5 permit any ecn 0 class-map match-any ecn_0_cmap match ip access-group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map “ecn_0_pmap” will mark all the packets with ‘ecn == 0’ as yellow packets on queue0 (default queue). Classifyi...

By default Dell Networking OS drops all the ‘RED’ or ‘violate’ packets. The following combination of marking actions to be specified match sequence of the class-map command: • set a new DSCP for the packet• set the packet color as ‘yellow’• set the packet color as ‘yellow’ and set a new DSCP for the...

Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 105. Constructing Policy-Based QoS Configurations DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configu...

Creating a DSCP Color Map You can create a DSCP color map to outline the differentiated services codepoint (DSCP) mappings to the appropriate color mapping (green, yellow, red) for the input traffic. The system uses this information to classify input traffic on an interface based on the DSCP value o...

Assign the color map, bat-enclave-map to interface . Displaying DSCP Color Maps To display DSCP color maps, use the show qos dscp-color-map command in EXEC mode. Examples for Creating a DSCP Color Map Display all DSCP color maps. Dell# show qos dscp-color-map Dscp-color-map mapONE yellow 4,7 red 20,...

Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value or IP precedence, and characteristics defined in an IP ACL. You can also use VLAN IDs and VRF IDs to classify the traffic using layer 3 class-maps.You may specify more than one DSCP and IP precede...

The following example matches IPv6 traffic with a DSCP value of 40. Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40 The following example matches IPv4 and IPv6 traffic with a precedence value of 3. Dell(conf)# class-map match-any test1 Dell(conf-class-map)#match ip-any ...

In cases such as these, where class-maps with overlapping ACL rules are applied to different queues, use the keyword order . The Dell Networking OS writes to the CAM ACL rules with lower order numbers (order numbers closer to 0) before rules with higher order numbers so that packets are matched as y...

20418 1 0 IP 0x0 0 0 23.64.0.3/32 0.0.0.0/0 12 1 20419 1 10 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 14 1 24511 1 0 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 - 0 Create a QoS Policy There are two types of QoS policies — input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mecha...

Setting a DSCP Value for Egress Packets You can set the DSCP value for egress packets based on ingress QOS classification. The 6 bits that are used for DSCP are also used to identify the queue in which traffic is buffered. Example of Setting a DSCP Value for Egress Packets Dell#config Dell(conf)#qos...

Allocating Bandwidth to Queue The Dell Networking recommends pre-calculating your bandwidth requirements before creating them. Make sure you apply the QoS policy to all the four queues and that the sum of the bandwidths allocated through them is exactly 100.When you apply the QoS policies through ou...

Dell# Specifying WRED Drop Precedence • Specify a WRED profile to yellow and/or green traffic. QOS-POLICY-OUT mode wred For more information, refer to Applying a WRED Profile to Traffic . Create Policy Maps There are two types of policy maps: input and output. Creating Input Policy Maps There are tw...

Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following command. • Apply an input QoS policy to an input policy map. POLICY-MAP-IN mode policy-aggregate Honoring DSCP Values on Ingress Packets The Dell Networking OS provides the abil...

Table 51. Default dot1p to Queue Mapping dot1p Queue ID 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 The dot1p value is also honored for frames on the default VLAN. For more information, refer to Priority- Tagged Frames on the Default VLAN . • Enable the trust dot1p feature. POLICY-MAP-IN mode trust dot1p Enabli...

match ip dscp 0 match ip access-group qos-BE1-ACL The packet classification logic for the configuration shown is as follows: 1. Match packets against match-any qos-AF4 . If a match exists, queue the packet as AF4 in Queue 4, and if no match exists, go to the next class map. 2. Match packets against ...

Applying an Input Policy Map to an Interface To apply an input policy map to an interface, use the following command. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. • You cannot apply an input Layer 2 QoS policy on an interface you also ...

Applying an Output Policy Map to an Interface To apply an output policy map to an interface, use the following command. • Apply an input policy map to an interface. INTERFACE mode service-policy output You can apply the same policy map to multiple interfaces, and you can modify a policy map after yo...

Enabling Strict-Priority Queueing Strict-priority means that the Dell Networking OS de-queues all packets from the assigned queue before servicing any other queues. • The strict-priority supersedes bandwidth-percentage and bandwidth-weight percentage configurations. • A queue with strict priority ca...

Figure 106. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Table 52. Pre-Defined WRED Profiles Default Profile Name Minimum Threshold Maximum Threshold Maximum Drop Rate wred_drop 0 0 100 wred_teng_y 467 4671 100 wred_teng_g 467 4671 50 wr...

Applying a WRED Profile to Traffic After you create a WRED profile, you must specify to which traffic the system should apply the profile. The Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it.DSCP is a ...

Interface Te 0/20 Drop-statistic Dropped Pkts Green 11234 Yellow 12484 Out of Profile 0 Dell# Displaying egress-queue Statistics To display egress-queue statistics of both transmitted and dropped packets and bytes, use the following command. • Display the number of packets and number of bytes on the...

To apply a Layer 2 policy on Layer 3 interfaces, perform the following: 1. Configure an interface with an IP address or a VLAN subinterfaceCONFIGURATION mode Dell(conf)# int fo 0/0 INTERFACE mode Dell(conf-if-fo-0/0)# ip address 90.1.1.1/16 2. Configure the Layer 2 policy with Layer 2 (Dot1p or sour...

2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 0/0 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 0/0 8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 0/0 12.0.0.0/8 auto-summary 20.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 0...

ROUTER RIP mode passive-interface interface Adding RIP Routes from Other Instances In addition to filtering routes, you can add routes from other routing instances or protocols to the RIP process.With the redistribute command, you can include open shortest path first (OSPF), static, or directly conn...

To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Setting the Send and Receive Version To change the RIP version globally or on an interface in the system, use the following command.To specify the RIP version, use t...

Gateway Distance Last Update Distance: (default is 120) Dell# To configure an interface to receive or send both versions of RIP, include 1 and 2 in the command syntax. The command syntax for sending both RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example. Dell(conf-if)#ip rip...

– value The range is from 1 to 16. – route-map-name : The name of a configured route map. To confirm that the default route configuration is completed, use the show config command in ROUTER RIP mode. Summarize Routes Routes in the RIPv2 routing table are summarized by default, thus reducing the size...

Configure the following parameters:– prefix-list-name : the name of an established Prefix list to determine which incoming routes are modified – offset : the range is from 0 to 16. – interface : the type, slot, and number of an interface. To view the configuration changes, use the show config comman...

Figure 107. RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-gi-2/31)# Core2(conf-if-gi-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10...

L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- R 10.11.10.0/24 via 10.11.20.2, TenGig 3/21 120/1 00:01:14 C 10.11.20...

Fault Recovery RMON provides the following fault recovery functions. Interface Down — When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring pro...

– event-number : event number to trigger when the falling threshold exceeds its limit. This value is identical to the alarmFallingEventIndex in the alarmTable of the RMON MIB. If there is no corresponding falling-threshold event, the value should be zero. – owner string : (Optional) specifies an own...

Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode. • Enable RMON MIB statistics collection. CONFIGURATION INTERFACE (config-if) mode [no] rmon collection statistics {controlEntry...

– seconds : (Optional) the number of seconds in each polling cycle. The value is ranged from 5 to 3,600 (Seconds). The default is 1,800 (as defined in RFC-2819). Example of the rmon collection history Command To remove a specified RMON history group of statistics collection, use the no form of this ...

45 Rapid Spanning Tree Protocol (RSTP) Rapid spanning tree protocol (RSTP) is supported on the MXL switch platform. Protocol Overview RSTP is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperabil...

• Flush MAC Addresses after a Topology Change Important Points to Remember • RSTP is disabled by default.• The Dell Networking OS supports only one Rapid Spanning Tree (RST) instance.• All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically ...

• Only one path from any bridge to any other bridge is enabled.• Bridges block a redundant path by disabling one of the link ports. To enable RSTP globally for all Layer 2 interfaces, use the following commands. 1. Enter PROTOCOL SPANNING TREE RSTP mode.CONFIGURATION mode protocol spanning-tree rstp...

BPDU : sent 121, received 2 The port is not in the Edge port mode, bpdu filter is disabled Port 379 (TenGigabitethernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has prio...

edge-port bpdu filter default Figure 109. BPDU Filtering Enabled Globally Modifying Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port priority values. • Port cost — a value that is based on the interface type. The previous table lists the default values. The grea...

shutdown Dell(conf-if-te-2/0)# Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge.To change the bridge priority, use the following command.• Assign a number as the bridge pr...

The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priorit...

46 Security Security features are supported on the MXL switch platform.This chapter describes several ways to provide access security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference...

aaa accounting {commands | exec | suppress | system} { default | name } {start- stop | wait-start | stop-only} {tacacs+} The variables are:– command level : sends accounting of commands executed at the specified privilege level. – exec : sends accounting information when a user has logged in to EXEC...

Configuring AAA Accounting for Terminal Lines To enable AAA accounting with a named method list for a specific terminal line (where com15 and execAcct are the method list names), use the following commands. • Configure AAA accounting for terminal lines. CONFIG-LINE-VTY mode accounting commands 15 co...

and different users. In the Dell Networking OS, AAA uses a list of authentication methods, called method lists, to define the types of authentication and the sequence in which they are applied. You can define a method list or use the default method list. User-defined method lists take precedence ove...

• none : no authentication. • radius : use the RADIUS servers configured with the radius-server host command. • tacacs+ : use the TACACS+ servers configured with the tacacs-server host command. 2. Enter LINE mode.CONFIGURATION mode line {aux 0 | console 0 | vty number [ ... end-number ]} 3. Assign a...

CONFIGURATION mode tacacs-server host x.x.x.x key some-password Example of Enabling Authentication from the RADIUS Server Example of Enabling Local Authentication for the Console and Remote Authentication for VTY Lines To get enable authentication from the RADIUS server and use TACACS as a backup, i...

• Privilege level 1 — is the default level for EXEC mode. At this level, you can interact with the router, for example, view some show commands and Telnet and ping to test connectivity, but you cannot configure the router. This level is often called the “user” level. One of the commands available in...

Line 3: The configure command is assigned to privilege level 8 because it needs to reach CONFIGURATION mode where the snmp-server commands are located. Line 4: The snmp-server commands, in CONFIGURATION mode, are assigned to privilege level 8. Dell(conf)# username john privilege 8 password john Dell...

privilege level level – level level : The range is from 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • Specify either a plain text or encrypted password. LINE mode password [ encryption-type ] password Configure the following optional and re...

For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service . RADIUS Authentication and Authorization The Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aa...

Auto-Command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line.The auto-command command is executed when the user is authenticated and before the prompt appears to the user. • Automatically execute a command. auto-command Se...

• Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the RADIUS authentication method.CONFIGURATION mode aaa authentication login method-list-name radius • Create a method list with RADIUS and TACACS+ as authorization methods. CONFIGURATION mode aaa au...

radius-server timeout seconds – seconds : the range is from 0 to 1000. Default is 5 seconds . To view the configuration of RADIUS communication parameters, use the show running-config command in EXEC Privilege mode. Monitoring RADIUS To view information on RADIUS transactions, use the following comm...

Use this command multiple times to configure multiple TACACS+ server hosts. 2. Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method.CONFIGURATION mode aaa authentication login { method-list-name | default} tacacs+ [ ...me...

on vty0 (10.11.9.209) %RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0 ( 10.11.9.209 ) Monitoring TACACS+ To view information on TACACS+ transactions, use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode d...

Specifying a TACACS+ Server Host To specify a TACACS+ server host and configure its communication parameters, use the following command. • Enter the host name or IP address of the TACACS+ server host. CONFIGURATION mode tacacs-server host { hostname | ip-address } [port port-number ] [timeout second...

If rejected by the AAA server, the command is not added to the running config, and a message displays: 04:07:48: %RPM0-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure Command authorization failed for user (denyall) on vty0 ( 10.11.9.209 ) Protection from TCP Tiny and Overlapping Fragment A...

show ip ssh Specifying an SSH Version The following example shows using the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 Dell(conf)#do show ip ssh SSH server : disabled. SSH server version : v2. Passwor...

The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes. Dell(conf)#ip ssh rekey volume 4096 Configuring the SSH Server Key...

• hmac-sha1-96• hmac-sha2-256• hmac-sha2-256-96 The default HMAC algorithms are the following: • hmac-md5• hmac-md5-96• hmac-sha1• hmac-sha1-96• hmac-sha2-256• hmac-sha2-256-96 When FIPS is enabled, the default HMAC algorithm is hmac-sha1-96. Example of Configuring a HMAC Algorithm The following exa...

Secure Shell Authentication Secure Shell (SSH) is disabled by default. Enable SSH using the ip ssh server enable command. SSH supports three methods of authentication: • Enabling SSH Authentication by Password • Using RSA Authentication of SSH • Configuring Host-Based SSH Authentication Important Po...

CONFIGURATION mode no ip ssh password-authentication enable 4. Bind the public keys to RSA authentication.EXEC Privilege mode ip ssh rsa-authentication enable 5. Bind the public keys to RSA authentication.EXEC Privilege mode ip ssh rsa-authentication my-authorized-keys flash: //public_key Example of...

Example of Creating shosts Example of Creating rhosts admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_key ssh_host_rsa_key admin@Unix_client# cat ssh_host_rsa_key.pub ssh-rsa AAAAB...

In this case, verify that host-based authentication is set to “Yes” in the file ssh_config (root permission is required to edit this file): permission denied (host based). If the IP address in the RSA key does not match the IP address from which you attempt to log in, the following message appears. ...

1. Create a username. 2. Enter a password. 3. Assign an access class. 4. Enter a privilege level. You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as authorization. Configure local authentication globally and configure access classe...

Dell(conf)# Dell(conf)#aaa authentication login tacacsmethod tacacs+ Dell(conf)#tacacs-server host 256.1.1.2 key Force10 Dell(conf)# Dell(conf)#line vty 0 9 Dell(config-line-vty)#login authentication tacacsmethod Dell(config-line-vty)# Dell(config-line-vty)#access-class deny10 Dell(config-line-vty)#...

• Configuring AAA Authorization for Roles• Configuring an Accounting for Roles• Applying an Accounting Method to a Role• Displaying Active Accounting Sessions for Roles• Configuring TACACS+ and RADIUS VSA Attributes for RBAC• Displaying User Roles• Displaying Accounting for User Roles• Displaying In...

Configuring Role-based Only AAA Authorization You can configure authorization so that access to commands is determined only by the user’s role. If the user has no user role, access to the system is denied as the user will not be able to login successfully. When you enable role-based only AAA authori...

exec-timeout 0 0 line vty 0 login authentication test authorization exec test line vty 1 login authentication test authorization exec test To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 ...

User Roles This section describes how to create a new user role and configure command permissions and contains the following topics. • Creating a New User Role • Modifying Command Permissions for Roles • Adding and Deleting Users from a Role Creating a New User Role Instead of using the system defin...

Create a new user role, myrole and inherit security administrator permissions. Dell(conf)#userrole myrole inherit secadmin Verify that the user role, myrole , has inherited the security administrator permissions. The output highlighted in bold indicates that the user role has successfully inherited ...

Dell(conf)#do show role mode ? configure Global configuration mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell(conf)#do show role mode configure line Role access:sysadmin Example: Gran...

This section contains the following AAA Authentication and Authorization for Roles configuration tasks: • Configuring AAA Authentication for Roles • Configuring AAA Authorization for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication ...

authorization exec ucraaa accounting commands role netadmin ucraaa line vty 9 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa ! Configuring TACACS+ and RADIUS VSA Attributes for RBAC For RBAC and privilege levels, the Dell Networking OS RADIUS and TACAC...

• Configuring AAA Accounting for Roles • Applying an Accounting Method to a Role • Displaying Active Accounting Sessions for Roles Configuring AAA Accounting for Roles To configure AAA accounting for roles, use the aaa accounting command in CONFIGURATION mode. aaa accounting {system | exec | command...

Display Information About User Roles This section describes how to display information about user roles.This sections consists of the following topics: • Displaying User Roles• Displaying Information About Roles Logged into the Switch• Displaying Active Accounting Sessions for Roles Displaying User ...

47 Service Provider Bridging Service provider bridging is supported on the MXL switch platform. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges , which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks . VLAN stacking enables service ...

Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1. Creating Access and Trunk Ports 2. Assign access and trunk ports to a VLAN ( Creating Access and Trunk Ports ). 3. Enable VLAN-Stacking for a VLAN . Related Configuration Tasks • Configuring the Protocol Type Value for the...

Dell#show run interface gi 7/12 ! interface GigabitEthernet 7/12 no ip address switchport vlan-stack trunk no shutdown Enable VLAN-Stacking for a VLAN To enable VLAN-Stacking for a VLAN, use the following command. • Enable VLAN-Stacking for the VLAN. INTERFACE VLAN mode vlan-stack compatible Example...

Configuring Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic.You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port.To configure trunk por...

Debugging VLAN Stacking To debug VLAN stacking, use the following command. • Debug the internal state and membership of a VLAN and its ports. debug member Example of Debugging a VLAN and its Ports The port notations are as follows: • MT — stacked trunk • MU — stacked access port • T — 802.1Q trunk p...

Network Position Incoming Packet TPID System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.0+ 0x81XY single-tag first-byte match switch to VLAN switch to default VLAN Core untagged 0xUVWX — switch to default VLAN switch to default VLAN double-tag 0xUVWX 0xUVWX double-tag match switch to VLAN swi...

• Make packets eligible for dropping based on their DEI value. CONFIGURATION mode dei enable By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to a Dell Networking OS drop precede...

Example of Viewing DEI-Marking Configuration To display the DEI-marking configuration, use the show interface dei-mark [ interface slot/ port | linecard number port-set number ] in EXEC Privilege mode. Dell#show interface dei-mark Default CFI/DEI Marking: 0 Interface Drop precedence CFI/DEI --------...

CONFIGURATION mode cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number {vman-qos | vman-qos-dual- fp} number • vman-qos : mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. This method requires half as...

Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1. Verify that the system is running the default CAM profile. Use this CAM profile for L2PT.EXEC Privilege mode show cam-profile 2. Enable protocol tunneling globally on the system.CONFIGURATION mode...

3. Reload the system.EXEC Privilege mode reload 4. Set a maximum rate at which the RPM processes BPDUs for L2PT.VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, ...

To avoid the back-off, either increase the global sampling rate or configure all the line card ports with the desired sampling rate even if some ports have no sFlow configured. Important Points to Remember • The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration using th...

Enabling sFlow Max-Header Size Extended To configure the maximum header size of a packet to 256 bytes, use the following commands: • Set the maximum header size of a packet. CONFIGURATION mode INTERFACE mode sflow max-header-size extended By default, the maximum header size of a packet is 128 bytes....

If you enable sFlow on an interface, the show output displays the following (shown in bold). Dell(conf-if-te-1/10)#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 86400 Global d...

Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.116, UDP port: 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub-sampling...

• Identify sFlow collectors to which sFlow datagrams are forwarded. CONFIGURATION mode sflow collector ip-address agent-addr ip-address [ number [max-datagram-size number ] ] | [max-datagram-size number ] The default UDP port is 6343 . The default max-datagram-size is 1400 . Changing the Polling Int...

sFlow on LAG ports When a physical port becomes a member of a LAG, it inherits the sFlow configuration from the LAG port. Enabling Extended sFlow The MXL switch support extended-switch information processing only. Extended sFlow packs additional information in the sFlow datagram depending on the typ...

49 Simple Network Management Protocol (SNMP) Simple network management protocol (SNMP) is supported on the MXL switch platform.Network management stations use SNMP to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a...

Configuring SNMP version 3 requires configuring SNMP users in one of three methods. Refer to Setting Up User-Based Security (SNMPv3) . Related Configuration Tasks • Set up SNMP • Setting Up User-Based Security (SNMPv3) • Reading Managed Object Values • Writing Managed Object Values • Configuring Con...

FIPS Mode Privacy Options Authentication Options Disabled des56 (DES56-CBC) aes128 (AES128-CFB) md5 (HMAC-MD5-96) sha (HMAC-SHA1-96) Enabled aes128 (AES128-CFB) sha (HMAC-SHA1-96) To enable security for SNMP packets transferred between the server and the client, you can use the snmp-server user user...

Reading Managed Object Values You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent.Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet addre...

In the following example, the value 4 displays in the OID before the IP address for IPv4. >snmpwalk -v 2c -c public 10.11.195.63 1.3.6.1.2.1.4.34 IP-MIB::ip.34.1.3.1. 4 .1.1.1.1 = INTEGER: 1107787778 IP-MIB::ip.34.1.3.1. 4 .2.1.1.1 = INTEGER: 1107787779 IP-MIB::ip.34.1.3.2.16.254.128.0.0.0.0.0.0....

• (From a management station) Identify the system manager along with this person’s contact information (for example, an email address or phone number).CONFIGURATION mode snmpset -v version -c community agent-ip sysContact.0 s “contact-info” You may use up to 55 characters. The default is None . • (F...

snmp-server enable traps Enable all Dell Networking enterprise-specific and RFC-defined traps using the snmp-server enable traps command from CONFIGURATION mode. Enable all of the RFC-defined traps using the snmp-server enable traps snmp command from CONFIGURATION mode. 3. Specify the interfaces out...

entity Enable entity change traps Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1487406) 4:07:54.06, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 4 Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1488564) 4:08:05.64, SNMPv2-MIB::snmpTrapOID...

SNMPv2-SMI::enterprises.6027.3.15.4.0.3, SNMPv2-SMI::enterprises.6027.3.15.4.1.1.0 = INTEGER: 45420801, SNMPv2-SMI::enterprises.6027.3.15.4.1.2.0 = INTEGER: 2, SNMPv2-SMI::enterprises.6027.3.15.4.0 = STRING: "ETS_TRAP_TYPE_PEER_STATE_CHANGE: ETS Peer state changed to disabled for port Te 0/44...

Table 59. List of Syslog Server MIBS that have read access MIB Object OID Object Values Description dF10SysLogTraps 1.3.6.1.4.1.6027.3.30.1.1 1 = reachable2 = unreachable Specifies whether the syslog server is reachable or unreachable. Following example shows the SNMP trap that is sent when connecti...

MIB Object OID Object Values Description 5 = scp copyUserName, and copyUserPassword. copyDestFileName .1.3.6.1.4.1.6027.3.5.1.1.1.1.7 Path (if the file is not in the default directory) and filename. Specifies the name of destination file. copyServerAddress .1.3.6.1.4.1.6027.3.5.1.1.1.1.8 IP Address ...

• To complete the command, use as many MIB Objects in the command as required by the MIB Object descriptions. Error in packet. Reason: notWritable (that object does not support modification) Failed object: FTOS-COPY-CONFIG-MIB::copySrcFileType.101 NOTE: You can use the entire OID rather than the obj...

Copying the Startup-Config Files to the Running-Config To copy the startup-config to the running-config from a UNIX machine, use the following command. • Copy the startup-config to the running-config from a UNIX machine. snmpset -c private -v 2c force10system-ip-address copySrcFileType. index i 3 co...

Additional MIB Objects to View Copy Statistics Dell Networking provides more MIB objects to view copy statistics, as shown in the following table. Table 61. Additional MIB Objects for Copying Configuration Files via SNMP MIB Object OID Values Description copyState .1.3.6.1.4.1.6027.3.5.1.1.1.1.11 1=...

MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory. Table 62. MIB Objects for Displaying the Availab...

MIB Object OID Description chSysCoresTimeCreated 1.3.6.1.4.1.6027.3.19.1.2.9.1.3 Contains the time at which core files are created. chSysCoresStackUnitNumber 1.3.6.1.4.1.6027.3.19.1.2.9.1.4 Contains information that includes which stack unit or processor the core file was originated from. chSysCores...

NOTE: You can use the entire OID rather than the object name. Use the form: OID.index . Example of Getting a MIB Object Value (Using Object Name) Example of Getting a MIB Object Value (Using OID) The following examples show the snmpget command to obtain a MIB object value. These examples assume that...

> snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.1107787786 = STRING: " My VLAN " [Dell Networking system output] Dell#show int vlan 10 Vlan 10 is down, line protocol is down Vlan alias name is: My VLA...

The first hex pair, 00 in the previous example, represents ports 1 to 7 in Stack Unit 0. The next pair to the right represents ports 8 to 15. To resolve the hex pair into a representation of the individual ports, convert the hex pair to binary. Consider the first hex pair 00, which resolves to 0000 ...

Example of Adding an Untagged Port to a VLAN using SNMP Example of Adding a Tagged Port to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00...

snmp-server community 2. From the Dell Networking system, identify the interface index of the port for which you want to change the admin status.EXEC Privilege mode show interface Or, from the management system, use the snmpwwalk command to identify the interface index. 3. Enter the snmpset command ...

SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.3.1000.0.1.232.6.149.172.1 = INTEGER: 1 SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.4.1000.0.1.232.6.149.172.1 = INTEGER: 1 Deriving Interface Indices The Dell Networking OS assigns an interface number to each (configured or unconfigured) physical and logical in...

The system image can also be retrieved by performing an SNMP walk on the following OID: MIB Object is chSysSwModuleTable and the OID is 1.3.6.1.4.1.6027.3.10.1.2.8. Dell#show interface tengig 1/21 TenGigabitEthernet 1/21 is up, line protocol is up Hardware is Dell Force10Eth, address is 00:01:e8:0d:...

Status active, 2 – status inactive Layer 3 LAG does not include this support. SNMP trap works for the Layer 2 / Layer 3 / default mode LAG. SNMPv2-MIB::sysUpTime.0 = Timeticks: (8500842) 23:36:48.42 SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkDown IF-MIB::ifIndex.33865785 = INTEGER: 33865785 SNMPv2...

Entity MIBS The Entity MIB provides a mechanism for presenting hierarchies of physical entities using SNMP tables. The Entity MIB contains the following groups, which describe the physical elements and logical elements of a managed system The following tables are implemented for the MXL switch. Phys...

SNMPv2-SMI::mib-2.47.1.1.1.1.2.8 = STRING: "Unit: 0 Port 5 10G Level" SNMPv2-SMI::mib-2.47.1.1.1.1.2.9 = STRING: "Unit: 0 Port 6 10G Level" ---output truncated Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router,...

50 Stacking Stacking is supported on the MXL switch platform.Stacking is supported on a MXL 10/40GbE switch on the 40GbE ports (for the base module) or a 2-Port 40GbE QSFP+ module. You can connect up to six MXL 10/40GbE switches in a single stack. Stacking provides a single point of management and n...

Figure 117. Four-Stacked MXL 10/40GbE Switches Stack Management Roles The stack elects the management units for the stack management. • Stack master — primary management unit, also called the master unit. • Standby — secondary management unit. The master holds the control plane and the other units m...

• Switch removal If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority or MAC address becomes standby. NOTE: For the MXL switch, the entire stack has only one management IP address. Stack Master Election The stack elects a master ...

4 Member online MXL-10/40GbE MXL-10/40GbE 9-1-0-853 56 5 Member online MXL-10/40GbE MXL-10/40GbE 9-1-0-853 56 Dell# Failover Roles If the stack master fails (for example, is powered off), it is removed from the stack topology. The standby unit detects the loss of peering communication and takes owne...

Figure 118. Dual-Ring Stacking Topology for MXL 10/40GbE Switches Example 2: Dual Daisy-Chain Stack Across Multiple Chassis Using two separate, daisy-chained stacks in a stacking topology provides redundancy and increased high availability in case of stack failure. Also, stacking upgrades are simpli...

Figure 119. Dual Daisy-Chain Stacking Topology for MXL 10/40GbE Switches Stack Group/Port Numbers By default, each unit in Standalone mode is numbered stack-unit 0. Stack-unit numbers are assigned to member switches when the stack comes up. The following example shows the stack-group numbers of 40Gb...

Figure 120. Stack-Group on an MXL 10/40GbE Switch Configuring a Switch Stack Configuring a switch stack is a four step process. To configure and bring up a switch stack, follow these steps: 1. Connect the switches to be stacked with 40G direct attach or QSFP fibre cables. 2. Configure the stacking p...

• Stacking is supported only with other MXL 10/40GbE switches. A maximum of six MXL 10/40GbE switches is supported in a single stack. You cannot stack the MXL 10/40GbE switch with the M IO Aggregator or another type of switch. • A maximum of four stack groups (40GbE ports) is supported on a stacked ...

Ports Fo 0/33 have been configured as stacking ports. Please save and reload for config to take effect Stack-groups are easier to think of simply as stack ports. For example, using the stack-group 0 command simply turns the lower port (port 9) into a stacking port. Similarly, stack-group 1 , stack-g...

Accessing the CLI To configure a stack, you must access the stack master in one of the following ways. • For remote out-of-band management (OOB), enter the OOB management interface IP address into a Telnet or secure shell (SSH) client and log in to the switch using the user ID and password to access...

NOTE: If the stacked switches all reboot at approximately the same time, the switch with the highest MAC address is automatically elected as the master switch. The switch with the next highest MAC address is elected as standby. As each switch joins the stack, it is assigned the lowest available stac...

• If you renumber a switch to a number already assigned to another stack unit, the following error message displays: Dell#stack-unit 5 renumber 0 % ERROR: stack unit 0 already exists. Assign a stack-number to a unit.EXEC Privilege mode stack-unit unit-number renumber new-number Provisioning a Stack ...

Converting 4x10GbE Ports to 40GbE for Stacking Stacking is supported only on 40GbE links by connecting 40GbE ports on the base module or a 2-Port QSFP+ module.However, on a 2-Port 40GbE QSFP+ module, the ports operate by default in 4x10GbE (quad) mode with breakout cables as eight 10GbE ports. Chang...

Adding a Stack Unit You can add a new unit to an existing stack both when the unit has no stacking ports (stack groups) configured and when the unit already has stacking ports configured.If the units to be added to the stack have been previously used, they are assigned the smallest available unit ID...

• If the new unit has been configured with a stack number that is already assigned to a stack member, the stack avoids a numbering conflict by assigning the new switch the first available stack number. • If the stack has been provisioned for the stack number that is assigned to the new unit, the pre...

redundancy force-failover stack-unit A new standby is elected. When the former stack master comes back online, it becomes a member unit. • Prevent the stack master from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot stack-unit This command does not affect a forced fail...

Using Show Commands To display information on the stack configuration, use the show commands on the master switch. • Displays stacking roles (master, standby, and member units) and the stack MAC address. show system [brief] • Displays the FlexIO modules currently installed in expansion slots 0 and 1...

--------------------------------------- 0 1 4 5 Dell#show system stack-unit 1 stack-group Stack group Ports ------------------------------ 0 0/33 1 0/37 2 0/41 3 0/45 4 0/49 5 0/53 Dell# Dell# show system stack-ports Topology: Ring Interface Connection Link Speed Admin Link Trunk (Gb/s) Status Statu...

show redundancy 3. Displays input and output flow statistics on a stacked port. show hardware stack-unit unit-number stack-port port-number 4. Clears statistics on the specified stack unit. The valid stack-unit numbers are from 0 to 5. clear hardware stack-unit unit-number counters Example of the sh...

Running Config: succeeded Mar 24 2012 20:07:39 ACL Mgr: succeeded Mar 24 2012 20:07:39 LACP: no block sync done STP: no block sync done Dell# show hardware stack-unit 1 stack-port 53 Input Statistics: 7934 packets, 1049269 bytes 0 64-byte pkts, 7793 over 64-byte pkts, 100 over 127-byte pkts 0 over 2...

Master Switch Fails • Problem : The master switch fails due to a hardware fault, software crash, or power loss. • Resolution : A failover procedure begins: 1. Keep-alive messages from the MXL 10/40GbE master switch time out after 60 seconds and the switch is removed from the stack. 2. The standby sw...

Stack Unit in Card-Problem State Due to Incorrect Dell Networking OS Version • Problem : A stack unit enters a Card-Problem state because the switch has a different the Dell Networking OS version than the master unit. The switch does not come online as a stack unit. • Resolution : To restore a stack...

Upgrading a Switch Stack To upgrade all switches in a stack with the same Dell Networking OS version, follow these steps. 1. Copy the new Dell Networking OS image to a network server. 2. Download the Dell Networking OS image by accessing an interactive CLI that requests the server IP address and ima...

Upgrade system image for all stack-units [yes/no]: yes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!! ! Image upgraded to all Dell# configure Dell(conf)# boot system stack-unit all primary system: A: Dell(conf)# end Dell# write memory Jan 3 14...

51 Storm Control Storm control is supported on the MXL switch platform.The storm control feature allows you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking OS Behavior : The Dell Networking OS supports broadcast control (the storm-control ...

52 Spanning Tree Protocol (STP) The spanning tree protocol (STP) is supported on the MXL switch platform. Protocol Overview STP is a Layer 2 protocol — specified by IEEE 802.1d — that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the...

3. Enable the interface.INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown ...

PROTOCOL SPANNING TREE mode forward-delay seconds The range is from 4 to 30. The default is 15 seconds . • Change the hello-time parameter (the BPDU transmission interval). PROTOCOL SPANNING TREE mode hello-time seconds NOTE: With large configurations (especially those with more ports) Dell Networki...

spanning-tree 0 priority priority-value The range is from 0 to 15. The default is 8 . To view the current values for interface parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally . Enabling PortFast The Po...

Prevent Network Disruptions with BPDU Guard Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs. If an edge...

Global BPDU Filtering When BPDU Filtering is enabled globally, it stops transmitting BPDUs on the operational port fast enabled ports by default. When it receives BPDUs, it automatically participates in the spanning tree. By default global bpdu filtering is disabled. Figure 124. BPDU Filtering Enabl...

Figure 125. BPDU Filtering Enabled Globally Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. You can also specify that a bridge is the root or the secondary root. To change the bridge pri...

Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the bridge- priority command) is selected as the root ...

Figure 126. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior : The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-chann...

53 System Time and Date System time and date settings and the network time protocol (NTP) are supported on the MXL switch platform.You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking operating system (OS) command line interfaces (CLIs) and...

Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a Source IP Address for NTP P...

Configuring NTP Broadcasts With the Dell Networking OS, you can receive broadcasts of time information. You can set interfaces within the system to receive NTP information through broadcast.To configure an interface to receive NTP broadcasts, use the following commands. • Set the interface to receiv...

– For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. To view the configuration, use the show running-config ntp command in EXEC privilege mode (refer to the example in Configuring NTP Authentication ). Configuring NTP Authentication NTP authentication an...

NOTE: • Leap Indicator ( sys.leap , peer.leap , pkt.leap ) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover ...

• Setting Daylight Saving Time Once • Setting Recurring Daylight Saving Time Setting the Time and Date for the Switch Software Clock You can change the order of the month and day parameters to enter the time and date as time day month year . You cannot delete the software clock. The software clock r...

Set Daylight Saving Time The Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. To set the clock for d...

clock summer-time time-zone recurring start-week start-day start-month start- time end-week end-day end-month end-time [ offset ] – time-zone : Enter the three-letter name for the time zone. This name displays in the show clock output. – start-week : (OPTIONAL) Enter one of the following as the week...

54 Tunneling Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and ...

ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu-3)#tunnel source 5::5 Dell(conf-...

ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel source 40.1.1.1 tunnel allow-remote 40.1.1.2 tunnel mode ipip decapsulate-any no shutdown Configuring the Tunnel Source Anylocal You can use the anylocal argument in place of the ip address or interface, but only with multipoint receive-only mode ...

55 Uplink Failure Detection (UFD) Uplink failure detection (UFD) is supported on the MXL switch platform. Feature Description UFD provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. A switch prov...

Figure 128. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group . An interface in an uplink-state group can be a physical interface or a po...

result, downstream devices can execute the protection or recovery procedures they have in place to establish alternate connectivity paths, as shown in the following illustration. Figure 129. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a...

Important Points to Remember When you configure UFD, the following conditions apply. • You can configure up to 16 uplink-state groups. By default, no uplink-state groups are created. – An uplink-state group is considered to be operationally up if it has at least one upstream interface in the Link-Up...

no enable The default is upstream-link tracking is automatically enabled in an uplink-state group. To re-enable upstream-link tracking, use the enable command. Clearing a UFD-Disabled Interface You can manually bring up a downstream interface in an uplink-state group that UFD disabled and is in a UF...

to down: Group 3 00:10:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Te 0/4 00:10:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Te 0/5 00:10:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-...

– Port channel: enter port-channel {1-512} . If a downstream interface in an uplink-state group is disabled (Oper Down state) by uplink-state tracking because an upstream port is down, the message error-disabled[UFD] displays in the output. • Display the current configuration of all uplink-state gro...

Hardware is Force10Eth, address is 00:01:e8:32:7a:47 Current address is 00:01:e8:32:7a:47 Interface index is 280544512 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "sho...

56 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes . ...

57 Virtual LANs (VLANs) Virtual LANs (VLANs) are supported on the MXL switch platform.VLANs are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs...

VLANs and Port Tagging To add an interface to a VLAN, the interface must be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. The Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you...

NOTE: In a VLAN, the shutdown command stops Layer 3 (routed) traffic only. Layer 2 traffic continues to pass through the VLAN. If the VLAN is not a routed VLAN (that is, configured with an IP address), the shutdown command has no affect on VLAN traffic. When you delete a VLAN (using the no interface...

Moving Untagged Interfaces To move untagged interfaces from the Default VLAN to another VLAN, use the following commands. 1. Access INTERFACE VLAN mode of the VLAN to which you want to assign the interface.CONFIGURATION mode interface vlan vlan-id 2. Configure an interface as untagged.INTERFACE mode...

The only way to remove an interface from the Default VLAN is to place the interface in Default mode by using the no switchport command in INTERFACE mode. Assigning an IP Address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an I...

INTERFACE mode 2. Configure the interface for Hybrid mode.INTERFACE mode portmode hybrid 3. Configure the interface for Switchport mode.INTERFACE mode switchport 4. Add the interface to a tagged or untagged VLAN.VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carr...

Figure 132. Multi-Domain VLT Example VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends con...

• Failure scenarios – On a link failover, when a VLT port channel fails, the traffic destined for that VLT port channel is redirected to the VLTi to avoid flooding. – When a VLT switch determines that a VLT port channel has failed (and that no other local port channels are available), the peer with ...

VLT Bandwidth Monitoring When bandwidth usage of the VLTi (ICL) exceeds 80%, a syslog error message (shown in the following message) and an SNMP trap are generated. %STKUNIT0-M:CP %VLTMGR-6-VLT-LAG-ICL: Overall Bandwidth utilization of VLT-ICL- LAG (port-channel 25) crosses threshold. Bandwidth usag...

PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop rou...

(DR) if they are incorrectly hashed. In addition to being first-hop or last -hop routers, the peer node can also act as an intermediate router. The VLT peer nodes can also act as normal PIM routers on Layer 3 ports and on VLANS that do not have any VLT port members. In addition to being first-hop or...

• For optimal performance, configure the VLT VLAN routing metrics to prefer VLT VLAN interfaces over non-VLT VLAN interfaces. • When using factory default settings on a new switch deployed as a VLT node, packet loss may occur due to the requirement that all ports must be open. • You can enable ECMP ...

node. Configuration mismatches are logged in the syslog and displayed in the output of the show vlt inconsistency command. When you enable VLT unicast, VLAN wildcarding is enabled to support up to 4094 VLANs. If you enable VLT unicast, the following actions occur: • L3 routing is enabled on any new ...

RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the VLT startup phase. You may also use RSTP for loop prevention in the network outside of the VLT port channel. For inf...

primary VLT switch determines the RSTP roles and states on VLT ports and ensures that the VLT interconnect link is never blocked.In the case of a primary VLT switch failure, the secondary switch starts sending BPDUs with its own bridge ID and inherits all the port states from the last synchronizatio...

Enter the same port-channel number configured with the peer-link port-channel command as described in Configuring VLT and Connecting a VLT Domain . NOTE: To be included in the VLTi, the port channel must be in Default mode ( no switchport or VLAN assigned). 2. Remove an IP address from the interface...

Configuring a VLT Port Delay Period To configure a VLT port delay period, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain.CONFIGURATION mode vlt domain domain-id The range of domain IDs from 1 to 1000. 2. Enter an amount of time, in seconds, to delay the...

Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode show vlt backup-link • Display general status information ab...

The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is used in the VLT interconnect trunk (VLTi) to connect to VLT peer2. Port channels 110, 111, and 120 are used to connect to access switches or servers (vlt). Dell_VLTpeer1# show spanning-tree rstp brief Ex...

PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during the VLT startup phase. You may also use PVST+ for loop prevention in the network outside of the VLT port channel. Fo...

Po 1 128.2 128 188 FWD(vltI) 0 0 90b1.1cf4.9b79 128.2 Po 2 128.3 128 2000 FWD(vlt) 0 0 90b1.1cf4.9b79 128.3 Te 0/100 128.230 128 2000 FWD 0 0 90b1.1cf4.9b79 128.230 Te 0/103 128.233 128 2000 FWD 0 0 90b1.1cf4.9b79 128.233 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ---------- ------...

Domain_1_Peer3#no shutdown Domain_2_Peer3(conf)#vlt domain 200 Domain_2_Peer3(conf-vlt-domain)#peer-link port-channel 1 Domain_2_Peer3(conf-vlt-domain)#back-up destination 10.18.130.11 Domain_2_Peer3(conf-vlt-domain)#system-mac mac-address 00:0b:00:0b:00:0b Domain_2_Peer3(conf-vlt-domain)#unit-id 0 ...

Enable PIM Multicast Routing on the VLT node globally. VLT_Peer1(conf)#ip multicast-routing Enable PIM on the VLT port VLANs. VLT_Peer1(conf)#interface vlan 4001 VLT_Peer1(conf-if-vl-4001)#ip address 140.0.0.1/24 VLT_Peer1(conf-if-vl-4001)#ip pim sparse-mode VLT_Peer1(conf-if-vl-4001)#tagged port-ch...

Configure the backup link. Dell_VLTpeer1(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer1(conf-if-ma-0/0)# ip address 10.11.206.23/ Dell_VLTpeer1(conf-if-ma-0/0)#no shutdown Dell_VLTpeer1(conf-if-ma-0/0)#exit Configure the VLT interconnect (VLTi). Dell_VLTpeer1(conf)#interface port-channel 100 D...

Configure the VLT interconnect (VLTi). Dell_VLTpeer2(conf)#interface port-channel 100 Dell_VLTpeer2(conf-if-po-100)#no ip address Dell_VLTpeer2(conf-if-po-100)# channel-member fortyGigE 0/46,50 Dell_VLTpeer2(conf-if-po-100)#no shutdown Dell_VLTpeer2(conf-if-po-100)#exit Configure the port channel to...

Description Behavior at Peer Up Behavior During Run Time Action to Take A syslog error message is generated. A syslog error message is generated. if Peer 1 is unit ID “0”, Peer 2 unit ID must be “1’. Version ID mismatch A syslog error message and an SNMP trap are generated. A syslog error message an...

the peer-link port-channel id-number peer-down-vlan vlan interface number command and the switchport command. After you specify the VLTi link and VLT LAGs, you can associate the same port channel or LAG bundle that is a part of a VLT to a PVLAN by using the interface interface and switchport mode pr...

MAC Synchronization for VLT Nodes in a PVLAN For the MAC addresses that are learned on non-VLT ports, MAC address synchronization is performed with the other peer if the VLTi (ICL) link is part of the same VLAN as the non-VLT port. For MAC addresses that are learned on VLT ports, the VLT LAG mode of...

• Layer 3 communication between secondary VLANs in a private VLAN is enabled by using the ip local-proxy-arp command in INTERFACE VLAN configuration mode. • The ARP request is not received on the ICL Under such conditions, the IP stack performs the following operations: • The ARP reply is sent with ...

VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 - Secondary (Community) - Secondary (Community) Yes Yes - Secondary (Isolated) - Secondary (Isolated) Yes Yes Promiscuo us Trunk Primary Normal No No Promiscuo us Trunk Primary Primary Yes No Access A...

Creating a VLT LAG or a VLT VLAN 1. Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration modeCONFIGURATION mode interface port-channel id-number . Enter the same port-channel number configured with the peer-link port-channel command. NOTE: To be inclu...

The range is from 1 to 4094. Associating the VLT LAG or VLT VLAN in a PVLAN 1. Access INTERFACE mode for the port that you want to assign to a PVLAN.CONFIGURATION mode interface interface 2. Enable the port.INTERFACE mode no shutdown 3. Set the port in Layer 2 mode.INTERFACE mode switchport 4. Selec...

Proxy ARP Capability on VLT Peer Nodes A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the traffic to the proxy ARP-enabled device, which in turn transmits the packets to the destination. By default, proxy ARP is enabled. To d...

secondary VLANs. When the ICL link or peer is down, and the ARP request for a private VLAN IP address reaches the wrong peer, then the wrong peer responds to the ARP request with the peer MAC address. The IP address of the VLT node VLAN interface is synchronized with the VLT peer over ICL when the V...

59 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is supported on the MXL switch platform. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC addre...

Figure 135. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to conver...

switch. To avoid throttling VRRP advertisement packets, Dell Networking recommends increasing the VRRP advertisement interval to a value higher than the default value of 1 second. CAUTION: Increasing the advertisement interval increases the VRRP Master dead interval, resulting in an increased failov...

• Create a virtual router for that interface with a VRID. INTERFACE mode vrrp-group vrid The VRID range is from 1 to 255. NOTE: The interface must already have a primary IP address defined and be enabled, as shown in the second example. • Delete a VRRP group. INTERFACE mode no vrrp-group vrid Exampl...

2. Set the switch with the highest priority to version to 3. 3. Set all the switches from both to version 3. NOTE: Do not run VRRP version 2 and version 3 in the same group for an extended period of time Example: Migrating an IPv4 VRRP Group from VRRPv2 to VRRPv3 NOTE: Carefully following this proce...

Authentication: (none) Dell# When the VRRP process completes its initialization, the State field contains either Master or Backup. Setting VRRP Group (Virtual Router) Priority Setting a virtual router priority to 255 ensures that router is the “owner” virtual router for the VRRP group. VRRP elects t...

Configuring VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, the Dell Networking OS includes the password in its VRRP transmission. The receiving router uses that password to verify the transmis...

Example of Disabling PreemptExample of Verifying Preempt is Disabled Re-enable preempt by entering the preempt command. When you enable preempt, it does not display in the show commands, because it is a default setting. Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)#no preempt Del...

Example of the advertise-interval Command Example of Verifying the Configured Advertisement Interval The following example shows how to change the advertise interval using the advertise-interval command. Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)#advertise-interval 10 Dell(con...

NOTE: You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACE-VRID mode) before you actually create the tracked object (using a track object-id command in CONFIGURATION mode). However, no changes in the VRRP group’s priority occur until the tracked object ...

virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 Dell(conf-if-te-1/1-vrid-111)# Dell#show track Track 2 IPv6 route 2040::/64 metric threshold Metric threshold is Up (STATIC/0/0) 5 changes, last change 00:02:16 Metric threshold down 255 up 254 First-hop interface is G...

• Set the delay time for VRRP initialization on an individual interface. INTERFACE mode vrrp delay minimum seconds This time is the gap between an interface coming up and being operational, and VRRP enabling. The seconds range is from 0 to 900. The default is 0 . • Set the delay time for VRRP initia...

60 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), the system also supports predecessor standards. One way to search for predecessor stan...

General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 73. General IPv4 Protocols RFC# Full Name 791 Internet Protocol 792 Internet Control Message Protocol 826 An Ethernet Address Resolution Protocol 1027 Using ARP to Implement...

Routing Information Protocol (RIP) The following table lists the Dell Networking OS support per platform for RIP protocol. Table 76. Routing Information Protocol (RIP) RFC# Full Name 1058 Routing Information Protocol 2453 RIP Version 2 Network Management The following table lists the Dell Networking...

RFC# Full Name FORCE10-IF-EXTENSION-MIB Force10 Enterprise IF Extension MIB (extends the Interfaces portion of the MIB-2 (RFC 1213) by providing proprietary SNMP OIDs for other counters displayed in the "show interfaces" output) FORCE10-LINKAGG-MIB Force10 Enterprise Link Aggregation MIB FOR...

61 FC Flex IO Modules This part provides a generic, broad-level description of the operations, capabilities, and configuration commands of the Fiber Channel (FC) Flex IO module. FC Flex IO Modules This part provides a generic, broad-level description of the operations, capabilities, and configuratio...

• Two 40GbE, four 10GBASE-T, and four 8GB FC ports FC Flex IO Module Capabilities and Operations The FC Flex IO module has the following characteristics: • You can install one or two FC Flex IO modules on the MXL 10/40GbE Switch or I/O Aggregator. Each module supports four FC ports. • Each port can ...

Processing of Data Traffic The Dell Networking OS determines the module type that is plugged into the slot. Based on the module type, the software performs the appropriate tasks. The FC Flex IO module encapsulates and decapsulates the FCoE frames. The module directly switches any non-FCoE or non-FIP...

Installing and Configuring the Switch After you unpack the MXL 10/40GbE Switch, refer to the flow chart in the following figure for an overview of the steps you must follow to install the blade and perform the initial configuration. FC Flex IO Modules 1037

Installing and Configuring Flowchart for FC Flex IO Modules 1038 FC Flex IO Modules

To see if a switch is running the latest Dell Networking OS version, use the show version command. To download a Dell Networking OS version, go to http://support.dell.com . Installation Site Preparation Before installing the switch or switches, make sure that the chosen installation location meets t...

Interconnectivity of FC Flex IO Modules with Cisco MDS Switches In a network topology that contains Cisco MDS switches, FC Flex IO modules that are plugged into the MXL and I/O Aggregator switches enable interoperation for a robust, effective deployment of the NPIV proxy gateway and FCoE-FC bridging...

For information about how to use FCoE and iSCSI, refer to Fibre Channel over Ethernet and iSCSI Optimization . 6. Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs.PROTOCOL LLDP mode [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 t...

Example of Applying DCB PFC Input Policy and ETS Output Policy in a Switch Stack dcb-map stack-unit all stack-ports all <dcb-map-name> Interworking of DCB Map With DCB Buffer Threshold Settings The dcb-input and dcb-output configuration commands are deprecated. You must use the dcp-map command...

Fibre Channel over Ethernet for FC Flex IO Modules FCoE provides a converged Ethernet network that allows the combination of storage-area network (SAN) and LAN traffic on a Layer 2 link by encapsulating Fibre Channel data into Ethernet frames.The Fibre Channel (FC) Flex IO module is supported on Del...

NPIV Proxy Gateway Operations and Capabilities Benefits of an NPIV Proxy Gateway The MXL 10/40GbE Switch and M I/O Aggregator with the FC Flex IO module functions as a top-of-rack edge switch that supports Converged Enhanced Ethernet (CEE) traffic — FCoE for storage, Interprocess Communication (IPC)...

servers over the NPIV proxy gateway to FC switches in the fabric. An FCoE map virtualizes the upstream SAN fabric as an FCF to downstream CNA ports on FCoE-enabled servers as follows: • As soon as an FC N port comes online ( no shutdown command), the NPG starts sending FIP multicast advertisements, ...

Configuring an NPIV Proxy Gateway Prerequisite : Before you configure an NPIV proxy gateway (NPG) with the FC Flex IO module on an MXL 10/40GbE Switch or an M I/O Aggregator, ensure that the following features are enabled. • DCB is enabled by default with the FC Flex IO module on the MXL 10/40GbE Sw...

If you delete the dot1p priority-to-priority group mapping ( no priority pgid command) before you apply the new DCB map, the default PFC and ETS parameters are applied on the interfaces. This change may create a DCB mismatch with peer DCB devices and interrupt the network operation. Applying a DCB M...

FCoE devices are reachable. Default: FIP keep- alive monitoring is enabled. 7 Configure the time interval (in seconds) used to transmit FIP keepalive advertisements. Range: 8-90 seconds. Default: 8 seconds. fka-adv-period seconds FCoE MAP Applying an FCoE Map on Server-facing Ethernet Ports You can ...

Dell(config)# interface tengigabitethernet 1/0 Dell(config-if-te-0/0)#dcb-map SAN_DCB_MAP 3. Create the dedicated VLAN to be used for FCoE traffic: Dell(conf)#interface vlan 1002 4. Configure an FCoE map to be applied on downstream (server-facing) Ethernet and upstream (core-facing) FC ports: Dell(c...

Command Description NOTE: Although the show interface status command displays the Fiber Channel (FC) interfaces with the abbreviated label of 'Fc' in the output, if you attempt to specify a FC interface by using the interface fc command in the CLI interface, an error message is displayed. You must c...

Table 85. show interfaces status Field Descriptions Field Description Port Server-facing 10GbE Ethernet (Te), 40GbE Ethernet (Fo), or fabric- facing Fibre Channel (Fc) port with slot / port information. Description Text description of port. Status Operational status of port: Ethernet ports - up (tra...

Table 86. show fcoe-map Field Descriptions Field Description Fabric-Name Name of a SAN fabric. Fabric ID The ID number of the SAN fabric to which FC traffic is forwarded. VLAN ID The dedicated VLAN used to transport FCoE storage traffic between servers and a fabric over the NPG. The configured VLAN ...

Table 87. show qos dcb-map Field Descriptions Field Description State Complete: All mandatory DCB parameters are correctly configured. In progress: The DCB map configuration is not complete. Some mandatory parameters are not configured. PFC Mode PFC configuration in the DCB map: On (enabled) or Off....

Field Description Fabric-Map Name of the FCoE map containing the FCoE/FC configuration parameters for the server CNA-fabric connection. Login Method Method used by the server CNA to log in to the fabric; for example: FLOGI - ENode logged in using a fabric login (FLOGI). FDISC - ENode logged in using...

Field Description FCF MAC Fibre Channel forwarder MAC: MAC address of MXL 10/40GbE Switch or M I/O Aggregator with the FC Flex IO module FCF interface. Fabric Intf Fabric-facing MXL 10/40GbE Switch or M I/O Aggregator with the FC Flex IO module Fibre Channel port ( slot / port ) on which FCoE traffi...