Dell Force10 S55T S55 Configuration Guide FTOS 8.3.5.3
Dell Force10 S55T Manual
 |
View all Dell Force10 S55T manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell Force10 S55T manual content summary:
- Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 1
FTOS Configuration Guide for the S55 System FTOS 8.3.5.3 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 2
loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2012 Dell Force10. All rights reserved. Reproduction of these materials in any manner - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 3
this Guide 23 Objectives 23 Audience 23 Conventions 23 Information Symbols 24 Related Documents 24 2 Configuration Fundamentals Management 45 View command history 46 Upgrading FTOS 46 4 Management 47 Configure Privilege Levels 47 Create a Custom Privilege Level 47 Apply a Privilege - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 4
www.dell.com | support.dell.com Configure Logging 51 Log Messages in the Internal Buffer 52 Configuration Task List for System Log Management 52 Disable System Logging 52 Send System Messages to a Syslog Server 53 Configure a Unix System as a Syslog Server 53 Change System Logging Settings - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 5
Re-authenticating a Port 93 Periodic Re-authentication 93 Configuring Timeouts 94 Dynamic VLAN Assignment with Port Authentication 95 Guest and Authentication-fail VLANs 96 Configuring a Guest VLAN 97 Configuring an Authentication-fail VLAN 97 7 Access Control Lists (ACL), Prefix Lists, and - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 6
www.dell.com | support.dell.com 6| ACL Resequencing 123 Resequencing an ACL or Prefix List 124 Route Maps 125 Implementation Information 125 Important Points to Remember 125 Configuration Task List for Route Maps 126 8 Border Gateway Protocol IPv4 (BGPv4 135 Protocol Overview 136 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 7
DHCP Server 213 File Server 216 Domain Name Server 216 Switch boot and set-up behavior in Jumpstart Mode 216 10 profile for the VLAN ACL group feature 231 Troubleshoot CAM Profiling 231 CAM Profile Mismatches 231 QoS CAM Region Limitation 232 11 Dynamic Host Configuration Protocol (DHCP 233 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 8
System to be a Relay Agent 242 Configure the System for User Port Stacking 243 Configure Secure DHCP 243 Option 82 243 DHCP Snooping 244 Drop DHCP packets on snooped VLANs only 246 Dynamic ARP Inspection 247 Source Address Validation 249 12 Dell Force10 Resilient Ring Protocol 253 Protocol - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 9
Multicast Router 281 Configuring the Switch as Querier Configure Layer 2 (Data Link) Mode 288 Configure Layer 3 (Network) Mode 289 Management Interfaces 290 Configure Management Interfaces on the E-Series and C-Series and on the S55 .290 Configure Management Interfaces on the S-Series 291 VLAN - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 10
www.dell.com | support.dell.com 10 | Disable ports when one only SFM is available (E300 only 313 Disable port on one SFM 314 Link Dampening 314 Important Points to Remember 314 Enable Link Dampening 315 Ethernet Pause Frames 316 Threshold Settings 317 Enable Pause Frames 318 Configure MTU - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 11
IPv6 359 SNMP over IPv6 360 Show IPv6 Information 360 Show an IPv6 Interface 361 Show IPv6 Routes 362 Show the Running-Configuration for an Optimization 367 iSCSI Optimization Overview 367 Detection and Port Configuration for Dell Compellent Arrays 367 19 Link Aggregation Control Protoco - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 12
| support.dell.com Learning Limit Violation Actions 391 Station Move Violation Actions 392 Recovering from Learning Limit and Station Move Violations 392 Per-VLAN MAC Learning Limit 393 NIC Teaming 394 MAC Move Optimization 395 Microsoft Clustering 395 Default Behavior 396 Configuring the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 13
Configure an EdgePort 434 Flush MAC Addresses after a Topology Change 435 MSTP Sample Configurations 436 Debugging and Verifying MSTP Configuration IPv6 Multicast Policies 451 Multicast Traceroute 453 Multicast Quality of Service 453 Optimize the E-Series for Multicast Traffic 454 Allocate - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 14
www.dell.com | support.dell.com Implementing OSPF with FTOS 465 Fast Convergence ( OSPFv2, IPv4 only 466 Multi-Process OSPF (OSPFv2, IPv4 only 466 RFC-2328 Compliant OSPF Flooding 467 OSPF ACK Packing 468 OSPF Adjacency with Cisco Routers 468 Configuration Information 468 Configuration Task - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 15
Power Priorities 519 Recover from a Failed Power Supply 520 Deploying VOIP 521 Create VLANs for an Office VOIP Deployment 521 Configure LLDP-MED for an Office VOIP Deployment 522 Configure Quality of Service for an Office VOIP Deployment 523 28 Port Monitoring 527 Important Points to Remember - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 16
www.dell.com | support.dell.com 31 Quality of Service 559 Implementation Information 561 Port-based QoS Configurations 561 Set dot1p Priorities for Incoming Traffic 562 Honor dot1p Priorities on Ingress Traffic 562 Configure Port-based Rate Policing 563 Configure Port-based Rate Limiting 564 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 17
640 Troubleshooting SSH 643 Telnet 643 VTY Line and Access-Class Configuration 644 VTY Line Local Authentication and Authorization 644 VTY Line Remote Authentication and Authorization 645 VTY MAC-SA Filter Support 645 36 Service Provider Bridging 647 VLAN Stacking 647 Important - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 18
www.dell.com | support.dell.com 18 | FTOS Options for Trunk Ports 651 Debug VLAN Stacking 652 VLAN Stacking in Multi-vendor Networks 652 VLAN Stacking 679 Implementation Information 679 Configure Simple Network Management Protocol 679 Related Configuration Tasks 680 Important Points - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 19
711 STP Root Selection 713 SNMP Traps for Root Elections and Topology Changes 713 Configuring Spanning Trees as Hitless 713 40 Stacking S-Series Switches 715 S-Series Stacking Overview 715 High Availability on S-Series Stacks 715 MAC Addressing on S-Series Stacks 717 Management Access on - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 20
an S-Series Stack with SNMP 736 Troubleshoot an S-Series Stack 736 Recover from Stack Link Flaps 737 Recover from a Card Problem State on an S-Series Stack 737 Recover from a Card Mismatch State on an S-Series Stack 738 41 Storm Control 741 Configure Storm Control 741 Configure storm control - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 21
Save on Crash or Rollover 790 Last restart reason (S55 790 show hardware commands (S55 790 Troubleshooting packet loss 791 Displaying Drop Counters 792 Dataplane Statistics 793 Displaying Stack Port Statistics 795 Displaying Stack Member Counters 795 Application core dumps 796 Mini core - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 22
22 | www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 23
About this Guide Objectives This guide describes the protocols and features supported by the Dell Force10 Operating System (FTOS) and provides configuration instructions and examples for implementing them. It supports the system platforms E-Series, C-Series, and S-Series. Though this guide contains - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 24
Dell Force10 system or FTOS feature and are non-configurable. This symbol informs you of a feature that supported on Dell Force10 E-Series, C-Series, and S-Series refer to the following documents: • FTOS Command Reference • Dell Force10 Network Operations Guide • Installing and Maintaining the S55 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 25
a Telnet session (Figure 2-1). When the system successfully boots, you enter the command line in the EXEC mode. Note: You must have a password configured on a virtual terminal line before you can Telnet into the system. Therefore, you must use a console connection when connecting to the system for - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 26
www.dell.com | support.dell.com CLI Modes Different sets of services specific to an interface. An interface can be physical (Management interface, 1-Gigabit Ethernet, 10-Gigabit Ethernet) or logical (Loopback, Null, port channel, or VLAN). • LINE sub-mode is the mode in which you to configure - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 27
Figure 2-2. CLI Modes in FTOS EXEC EXEC Privilege CONFIGURATION ARCHIVE AS-PATH ACL INTERFACE GIGABIT ETHERNET 10 GIGABIT ETHERNET INTERFACE RANGE LOOPBACK MANAGEMENT ETHERNET NULL PORT-CHANNEL SONET VLAN VRRP IP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST LINE - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 28
www.dell.com | support.dell.com Table 2-1. FTOS Command Modes CLI Command Mode EXEC EXEC Privilege CONFIGURATION Prompt Force10> Force10# Force10(conf)# Access Command Access the router through the console or Telnet. • From EXEC mode, enter the command enable. • From any other mode, use the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 29
bgp router isis router ospf router rip protocol spanning-tree 0 ip trace-list Figure 2-3 illustrates how to change the command mode from CONFIGURATION mode to PROTOCOL SPANNING TREE. Figure 2-3. Changing CLI Modes Force10(conf)#protocol spanning-tree 0 Force10(config-span)# New command prompt - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 30
www.dell.com | support.dell.com The do Command Enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, etc.) no shutdown "no" form of IP address command Force10(conf-if-gi-4/17)#no ip address Force10(conf-if-gi-4/17)#show config ! IP address removed - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 31
of the available keywords. The output of this command is the same for the help command. Figure 2-6. ? Command Example Force10#? calendar cd change clear clock configure copy debug --More-- "?" at prompt for list of commands Manage the hardware calendar Change current directory Change subcommands - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 32
dell.com | support.dell.com • The UP and DOWN arrow keys display previously entered commands (see Command History). • The BACKSPACE and DELETE keys erase the previous letter. • Key combinations are available to move quickly CONFIGURATION mode, the UP or DOWN arrows keys recall the previously-entered - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 33
the command show linecard all. Figure 2-9. Filtering Command Outputs with the grep Command Force10(conf)#do show linecard all | grep 0 0 not present Note: FTOS all. Figure 2-10. Filtering Command Outputs with the except Command Force10#show linecard all | except 0 -- Line cards -- Slot Status - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 34
connected over the console, Message 2 appears: Message 2 Multiple Users in Configuration mode Telnet Message % Warning: User "" on line vty0 "10.11.130.2" is in configuration mode If either of these messages appears, Dell Force10 recommends that you coordinate with the users listed in the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 35
Name • Access the System Remotely • Configure the Enable Password • Configuration File Management • File System Management When you power up the chassis, the system performs\ a Power-On Self Test (POST) during which Route Processor Module (RPM), Switch Fabric Module (SFM), and line card status LEDs - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 36
www.dell.com | support.dell.com To access the console port, follow the procedures Server Device Signal CTS DSR RxD GND GND TxD DTR RTS Default Configuration A version of FTOS is pre-loaded onto the chassis, however the system is not configured when you power up for the first time (except for the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 37
names must start with a letter and end with a letter or digit. • Characters within the string can be letters, digits, and hyphens. To configure a host name: Step Task 1 Create a new host name. Command Syntax hostname name The example below illustrates the hostname command. FTOS(conf)#hostname R1 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 38
www.dell.com | support.dell.com To configure the management port IP address: Step Task 1 Enter INTERFACE mode for only used to manage the system through the management port. To configure a management route: Step Task 1 Configure a management route to the network from which you are accessing the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 39
for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Force10 system. Command Mode CONFIGURATION Access the S-Series Remotely The S-Series does not have a dedicated management port nor a separate management - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 40
dell.com | support.dell.com Configure the Enable Password Access the EXEC Privilege mode using the enable command. The EXEC Privilege mode is unrestricted by default. Configure password from the configuration file of another Dell Force10 system. CONFIGURATION Configuration File Management Files - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 41
in Table 3-2, "Forming a copy Command," in Getting Started. • To copy a remote file to Dell Force10 system, combine the file-origin syntax for a remote file location with the file-destination syntax for a to a server, a hostname can only be used if a DNS server is configured. Getting Started | 41 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 42
copied Save the Running-configuration The running-configuration contains the current system configuration. Dell Force10 recommends that you copy your running-configuration to the startup-configuration. The system uses the startup-configuration during boot-up to configure the system. The startup - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 43
copy startup-config.bak startup-config. Configure the Overload bit for Startup Scenario For information on setting the router overload bit for a specific period of time after a switch reload is implemented, see the FTOS Command Line Reference Guide, Chapter 18 - Intermediate System to Intermediate - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 44
www.dell.com | support.dell.com View Files File information and content can only be viewed on the external flash of an RPM show file rpm{0|1}slot0://filename running-configuration show running-config startup-configuration show startup-config Command Mode EXEC Privilege 44 | Getting Started - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 45
be preserved upon a system reboot. FTOS#show running-config Current Configuration ... ! Version 8.2.1.0 ! Last configuration change at Thu Apr 3 23:06:28 2008 by admin gateway 10.10.10.100 --More-- File System Management The Dell Force10 system can use the internal Flash, external Flash, or remote - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 46
dell.com | support.dell 1970 00:00:00 Jan 01 1970 00:00:00 . .. DCIM test BT 200702~1VSN G F F slot0: 127772672 bytes total (21927936 bytes #show command-history [12/5 10:57:8]: CMD-(CLI):service password-encryption [12/5 10:57:12]: CMD-(CLI):hostname Force10 [12/5 10:57:12]: CMD-(CLI):ip telnet - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 47
is supported on platforms: This chapter explains the different protocols or services used to manage the Dell Force10 system including: • Configure Privilege Levels on page 47 • Configure Logging on page 51 • File Transfer Services on page 58 • Terminal Lines on page 60 • Lock CONFIGURATION mode - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 48
www.dell.com | support.dell.com Removing a command from EXEC mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the command privilege exec from CONFIGURATION mode. In the command, specify a level greater than the level given to a user or - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 49
bgp-pdu max-buffer-size from EXEC Privilege to EXEC mode by, requiring a minimum privilege level 3, which is the configured level for VTY 0, • allows access to CONFIGURATION mode with the banner command, and • allows access to INTERFACE and LINE modes are allowed with no commands. Management - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 50
www.dell.com | support.dell.com Figure 4-1. Create a Custom Privilege Level Force10(conf)#do show run priv ! privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence privilege exec level 3 capture bgp-pdu privilege exec level 3 capture bgp-pdu max- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 51
you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configure Logging FTOS tracks changes in the system using event and error messages. By default, FTOS logs these messages on: • the internal buffer • console - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 52
www.dell.com | support.dell.com Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer. Message 1 BootUp Events %BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enabled Configuration Task List for System Log Management - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 53
a Unix System as a Syslog Server Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.conf on the Unix system and assigning write permissions to the file. • on a 4.1 BSD UNIX system, add the line: local7.debugging /var/log/force10.log • on a 5.7 SunOS UNIX system - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 54
www.dell.com | support.dell.com Task Specify the size of the logging buffer. Note: When its logging history table. Command Syntax logging buffered size logging history size size Command Mode CONFIGURATION CONFIGURATION To change one of the settings for logging system messages, use any or all of - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 55
Figure 4-2. show logging Command Example Force10#show logging syslog logging: enabled Console logging: level %TSM-6-SFM_DISCOVERY: Found SFM 6 %TSM-6-SFM_DISCOVERY: Found SFM 7 %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP %TSM-6-SFM_DISCOVERY: Found SFM 8 %TSM-6-SFM_DISCOVERY: Found 9 SFMs - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 56
www.dell.com | support.dell.com Configure a UNIX logging facility level You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command in the CONFIGURATION mode: Command Syntax logging facility [facility-type] Command - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 57
0 to 7. Default is 2. Use the all keyword to include all messages. • limit range: 20 to 300. Default is 20. To view the logging synchronous configuration, use the show config command in the LINE mode. Enable timestamp on syslog messages syslog messages, by default, do not include a time/date stamp - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 58
on to the system; however, FTP is not supported on VLAN interfaces. For more information on FTP, refer to RFC 959, File Transfer Protocol. Configuration Task List for File Transfer Services The following list includes the configuration tasks for file transfer services: • Enable FTP server on page 59 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 59
-config ftp command (Figure 41) in the EXEC privilege mode. Figure 4-4. show running-config ftp Command Output Force10#show running ftp ! ftp-server enable ftp-server username nairobi password 0 zanzibar Force10# Configure FTP server parameters After the FTP server is enabled on the system, you can - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 60
support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. Configure a password. Enter username to use on FTP client. To view FTP configuration modems. Deny and Permit Access to a Terminal Line Dell Force10 recommends applying only standard ACLs to deny and permit - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 61
. Command Syntax ip access-class access-list Command Mode LINE To view the configuration, enter the show config command in the LINE mode, as shown in Figure 4-5. Figure 4-5. Applying an Access List to a VTY Line Force10(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 62
www.dell.com | support.dell.com To configure authentication for a terminal line: Step 1 2 3 Task Command Syntax Command Mode login authentication myvtymethodlist line vty 2 password myvtypassword login authentication myvtymethodlist Force10(config-line-vty)# Time out of EXEC Privilege Mode EXEC - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 63
configuration using the command show config from LINE mode. Figure 4-7. Configuring EXEC Timeout Force10(conf)#line con 0 Force10(config-line-console)#exec-timeout 0 Force10( :0000:0000. Elision of zeros is supported. telnet [ip-address] Command Mode EXEC Privilege EXEC Privilege Management | 63 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 64
terminal lock from CONFIGURATION mode. When you configure a manual lock, which is the default, you must enter this command time you want to enter CONFIGURATION mode and deny access to others. Figure 4-9. Locking CONFIGURATION mode Force10(conf)#configuration mode exclusive auto Force10(conf)#exit - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 65
is returned to EXEC mode. Recovering from a Forgotten Password on the S55 If you configure authentication for the console and you exit out of EXEC mode or system via console. Power-cycle the chassis by switching off all of the power modules and then switching them back on. Press any key to abort - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 66
Recovering from a Forgotten Enable Password on the S55 If you forget the enable password: Step 1 2 3 4 5 6 7 Task Command Syntax Command Mode Log onto the system via console. Power-cycle the chassis by switching off all of the power modules and then switching them back on. Press any key to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 67
command, as described below. For details on the setenv command, its supporting commands, and other commands that can help recover from a failed start , see the BuBoot chapter in the FTOS Command Line Reference for the S55. Step Task Command Syntax 1 Power-cycle the chassis (pull the power - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 68
68 | Management www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 69
VLAN. This service is sold to an end-customer by a network service provider. Typically the service provider contracts with multiple network operators to provide end-to-end service between customers. For end-to-end service between customer switches LAG, VRRP and ECMP configurations. • Ping and - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 70
dell.com | support.dell.com There is a need for Layer 2 equivalents to manage and troubleshoot native Layer 2 Ethernet networks. With these tools, you can identify, isolate, and repair faults quickly Network Service Provider a logical entity configured at a port of a switch that is an intermediate - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 71
Figure 5-2. Maintenance Points Customer Network Service Provider Network Customer Network Ethernet Access Dell Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine. • Down-MEP: monitors the forwarding path external another bridge. Configure - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 72
www.dell.com | support.dell.com Implementation Information • Since the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configure CFM Configuring CFM is a five-step process: 1. Configure the ecfmacl CAM region using the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 73
process. Command Syntax ethernet cfm disable Command Mode CONFIGURATION ETHERNET CFM Create a Maintenance Domain Connectivity Fault ETHERNET CFM EXEC Privilege Force10# show ethernet cfm domain Domain Name: customer Level: 7 Total Service: 1 Services MA-Name VLAN CC-Int X-CHK Status - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 74
internal to an bridge on the customer or provider edge; on Dell Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine. • Down-MEP: monitors the forwarding path external another bridge. Configure Up- MEPs on ingress ports, ports that send traffic towards - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 75
logical entity configured at a port of a switch that service instance, and it belongs to the entire MD. Task Command Syntax Command Mode Create an MIP. Display configured Force10#show ethernet cfm maintenance-points local mip MPID Domain Name Level Type Port CCM-Status MA Name VLAN - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 76
www.dell.com | support.dell.com • MIP Database (MIP-DB): Every MIP must maintain a database of : 00:01:e8:58:68:78 Domain Name: cfm0 MA Name: test0 Level: 7 VLAN: 10 MP ID: 900 Sender Chassis ID: Force10 MEP Interface status: Up MEP Port status: Forwarding Receive RDI: FALSE MP Status: Active - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 77
• detect mis-configuration, such as VLAN ID mismatch between MEPs configuration or cross-connect error. 5. Reception of a CCM containing a port status/interface status TLV, which indicates a failed bridge or aggregated port. The Continuity Check protocol sends fault notifications (Syslogs, and SNMP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 78
www.dell.com | support.dell.com Enable CCM Step 1 Task Enable CCM. 2 Configure the transmit interval (mandatory). The interval operation for an MEP. mep cross-check enable Default: Disabled mep cross-check mep-id Configure the amount of time the system waits for a remote MEP to come up before - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 79
-time minutes Default: 100 minutes Range: 10-65535 minutes traceroute cache size entries Default: 100 Range: 1 - 4095 entries show ethernet cfm traceroute-cache Command Mode CONFIGURATION ETHERNET CFM ETHERNET CFM EXEC Privilege 802.1ag | 79 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 80
www.dell.com | support.dell.com Task Command Syntax Command Mode Force10#show ethernet cfm traceroute-cache Traceroute to 00:01:e8:52:4a:f8 on Domain Customer2, Level 7, MA name Test2 with VLAN 2 Hops Host IngressMAC Ingr Action Relay Action Next Host Egress MAC Egress Action FWD - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 81
4/10 Enabled test0 10 DOWN 00:01:e8:59:23:45 Force10(conf-if-gi-0/6)#do show ethernet cfm domain Domain Name: My_Name MD Index: 1 Level: 0 Total Service: 1 Services MA-Index MA-Name VLAN CC-Int X-CHK Status 1 test 0 1s enabled Domain Name: Your_Name MD Index: 2 Level: 2 Total - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 82
www.dell.com | support.dell.com Task Command Syntax Command Mode Display CFM statistics by port. show ethernet cfm port-statistics [interface] EXEC Privilege Force10#show ethernet cfm port-statistics interface gigabitethernet 0/5 Port statistics for port: Gi 0/5 RX Statistics Total CFM - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 83
6 802.1X c e s 802.1X is supported on platforms: Protocol Overview 802.1X is a method of port security typically RADIUS) via a mandatory intermediary network access device, in this case, a Dell Force10 switch. The network access device mediates all communication between the end-user device and the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 84
www.dell.com | support.dell.com Figure 6-1. EAPOL Frame Format Preamble Start Frame Destination MAC Source supplicant. In this state, network traffic can be forwarded normally. Note: The Dell Force10 switches place 802.1X-enabled ports in the unauthorized state by default. The Port- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 85
3. The authenticator decapsulates the EAP Response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame, and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge. The Access-Challenge is request that the supplicant prove - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 86
-Reject 11: Access-Challenge Type (79) Length EAP-Method Data (Supplicant Requested Credentials) fnC0034mp RADIUS Attributes for 802.1 Support Dell Force10 systems includes the following RADIUS attributes in all 802.1X-triggered Access-Request messages: • Attribute 5-NAS-Port: the physical - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 87
Port-control on page 92 • Re-authenticating a Port on page 93 • Configuring Timeouts on page 94 • Configuring a Guest VLAN on page 97 • Configuring an Authentication-fail VLAN on page 97 Important Points to Remember • FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 88
www.dell.com | support.dell.com Figure 6-4. Enabling 802.1X Supplicant Authenticator 2/1 2/2 Authentication Server Force10(conf )#dot1x authentication Force10(conf )#interface range gigabitethernet 2/1 - 2 Force10(conf-if-range-gi-2/1-2)#dot1x authentication Force10(conf-if-range-gi-2/1-2)# - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 89
6-6. Verifying 802.1X Interface Configuration Force10#show dot1x interface gigabitethernet 2/1 802.1x information on Gi 2/1: Dot1x Status: Enable Port Control: AUTO Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 90
www.dell.com | support.dell.com Configuring Request Identity Re-transmissions If the authenticator sends a have been booting when the request arrived, or there might be a physical layer problem. To configure the amount of time that the authenticator waits before re-transmitting an EAP Request - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 91
Configuring a Request Identity Re-transmissions Force10(conf-if-range-gi-2/1)#dot1x tx-period 90 Force10(conf-if-range-gi-2/1)#dot1x max-eap-req 10 Force10(conf-if-range-gi-2/1)#dot1x quiet-period 120 Force10 802.1X requires that a port can be manually placed into any of three states: • - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 92
www.dell.com | support.dell.com • ForceUnauthorized an unauthorized state. A device connected to a port in 6-8 shows configuration information for a port that has been force-authorized. Figure 6-8. Configuring Port-control Force10(conf-if-gi-2/1)#dot1x port-control force-authorized Force10(conf-if - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 93
a Port Periodic Re-authentication After the supplicant has been authenticated, and the port has been authorized, the authenticator can be configured to re-authenticates the supplicant periodically. If re-authentication is enabled, the supplicant is required to re-authenticate every 3600 seconds - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 94
www.dell.com | support.dell.com Figure 6-9. Configuring a Reauthentiction Period Force10(conf-if-gi-2/1)#dot1x reauthentication interval 7200 Force10(conf-if-gi-2/1)#dot1x reauth-max 10 Force10(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.1x information on Gi 2/1: Dot1x - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 95
for 802.1X. Verify that the port has been authorized and placed in the desired VLAN (Figure 6-11, red text). In Figure 6-11 shows the configuration on the Dell Force10 system before connecting the end-user device in black and blue text, and after connecting the device in red text. The blue - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 96
Force10 switch RADIUS Server 4 1/10 Force10# Dell Force10 system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured, or the VLAN - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 97
failing to respond within the timeout period using the command dot1x guest-vlan from INTERFACE mode, as shown in Figure 6-12. Figure 6-12. Configuring a Guest VLAN Force10(conf-if-gi-1/2)#dot1x guest-vlan 200 Force10(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 switchport dot1x guest - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 98
www.dell.com | support.dell.com Figure 6-13. Configuring an Authentication-fail VLAN Force10(conf-if-gi-1/2)#dot1x auth-fail-vlan 100 max-attempts 5 Force10(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 switchport dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 99
Route-maps are supported on platforms: c e s Ingress IP and MAC ACLs are supported on platforms: e Egress IP and MAC ACLs are supported on platforms: the first filter, the second filter (if configured) is applied. When a packet matches a filter, the switch drops or forwards the packet based on the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 100
www.dell.com | support.dell.com • Configuring ACLs to Loopback on page 116 • Applying an ACL on Loopback Interfaces on page 117 • IP Prefix Lists on page 118 • ACL Resequencing on page 123 • Route Maps on page 125 IP Access Control Lists (ACLs) In the Dell Force10 switch/routers, you can create two - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 101
FTOS displays the following message if the total allocated space is not correct: % Error: Sum of all regions does not total to 100%. User Configurable CAM Allocation c User Configurable CAM Allocations are supported on platform and Allocate space for IPV6 ACLs on the by using the cam-acl command in - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 102
www.dell.com | support.dell.com • L3 ACL (ipv4acl): 6 • L2 ACL(l2acl) : 5 • IPv6 L3 ACL (ipv6acl): 0 • L3 not the policy can be enabled. Figure 7-1. Command Example: test cam-usage (C-Series) Force10#test cam-usage service-policy input TestPolicy linecard all Linecard | Portpipe | CAM Partition - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 103
ACL rules that are already configured, those counters are reset when supported over VLANs in Version 6.2.1.1 and higher. V ACLs and VLANs There are some differences when assigning ACLs to a VLAN problem related to control traffic. We to queues using the command service-queue, FTOS matches the class - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 104
pmap Force10(conf-policy-map-in)#service-queue 7 class-map cmap1 Force10(conf-policy-map-in)#service-queue 4 class-map cmap2 Force10(conf-policy-map-in)#exit Force10(conf)#interface gig 1/0 Force10(conf-if-gi-1/0)#service-policy input pmap IP Fragment Handling FTOS supports a configurable option - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 105
• Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option at all. Force10(conf)#ip access-list extended ABC Force10(conf-ext-nacl)#permit ip any 10.1.1.1/32 Force10(conf-ext-nacl)#deny ip any 10.1.1.1./32 fragments Force10(conf-ext-nacl - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 106
.dell.com | support.dell.com To log all the packets denied and to override the implicit deny rule and the implicit permit rule for TCP/ UDP fragments, use a configuration similar to the following. Force10(conf)#ip access-list extended ABC Force10(conf-ext-nacl)#permit tcp any any fragment Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 107
Command Mode CONFIG-STD-NACL Purpose Configure a drop or forward filter. The parameters are: • log and monitor options are supported on E-Series only. Note: When permit tcp 10.3.0.0/16 any seq 25 deny ip host 10.5.0.0 any log Force10(config-std-nacl)# To delete a filter, use the no seq sequence- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 108
www.dell.com | support.dell.com To configure a filter without a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode 1 ip access-list standard access-list-name CONFIGURATION 2 {deny | permit} {source [mask - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 109
a sequence number to the filter. Note: On E-Series ExaScale systems, TCP ACL flags are not supported in an extended ACL with IPv6 microcode. An error message is shown if IPv6 microcode is configured and an ACL is entered with a TCP filter included. FMloairysct5e1t00e8(s:ct3o2na:fs3-4ii:pnvd%6iE - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 110
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 seq sequence-number {deny | CONFIG-EXT-NACL Configure an extended IP ACL filter Force10(config-ext-nacl)#seq 15 deny ip host 112.45.0.0 any log Force10(config-ext-nacl)#seq 5 permit tcp 12.1.3.45 0.0.255.255 any Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 111
supported on E-Series only. Configure a deny or permit filter to examine TCP packets. • log and monitor options are supported on E-Series only. Configure udp 154.44.0.0 0.0.255.255 host 34.6.0.0 Force10(config-ext-nacl)# To view all configured IP ACLs and the number of packets processed through - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 112
and L3 ACL Filtering on Switched Packets L2 ACL Behavior Deny Deny Permit Permit L3 ACL Behavior Deny Permit Deny Permit Decision on Targeted Traffic Denied by L3 ACL Permitted by L3 ACL Denied by L3 ACL Permitted by L3 ACL Note: If an interface is configured as a "vlan-stack access" port, the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 113
vlan vlan-range] 4 ip access-list [standard | extended] name Command Mode CONFIGURATION INTERFACE INTERFACE INTERFACE Purpose Enter the interface number. Configure out: configure the ACL to filter outgoing traffic. This keyword is supported only nimule in no shutdown Force10(conf-if)# Use only - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 114
in no shutdown Force10(conf-if-gige0/0)#end Force10#configure terminal Force10(conf)#ip access-list extended abcd Force10(config-ext-nacl)#permit tcp any any Force10(config-ext-nacl)#deny icmp any any Force10(config-ext-nacl)#permit 1.1.1.2 Force10(config-ext-nacl)#end Force10#show ip accounting - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 115
supported on platforms and the Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring Force10(conf-if-gige0/0)#end Force10#configure terminal Begin applying rules to Force10(conf)#ip access-list extended abcd Force10(config-ext-nacl)#permit tcp any any Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 116
dell.com | support.dell CONFIGURATION Apply Egress ACLs to IPv6 system traffic. ipv6 control-plane [egress filter] CONFIGURATION [egress filter] commands are not supported on S55 systems. FTOS Behavior: VRRP hellos including routing protocols, remote access, SNMP, ICMP, and etc. Effective filtering - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 117
Loopback interfaces supported on platform Force10(conf-if-lo-0)#end Force10#configure terminal Force10(conf)#ip access-list extended abcd Force10(config-ext-nacl)#permit tcp any any Force10(config-ext-nacl)#deny icmp any any Force10(config-ext-nacl)#permit 1.1.1.2 Force10(config-ext-nacl)#end Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 118
dell.com | support.dell.com Note: See also the section VTY Line Local Authentication and Authorization on page 644. IP Prefix Lists c e s Prefix Lists are supported match the criterion in the first filter, the second filter (if configured) is applied. When the route prefix matches a filter, FTOS - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 119
maximum prefix length to be matched (0 to 32). If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes (permit 0.0.0.0/0 le 32). The "permit all" filter should be the last filter in your prefix list. To permit - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 120
dell.com | support.dell.com Figure 7-13. Command Example: seq Force10(conf-nprefixl)#seq 20 permit 0.0.0.0/0 le 32 Force10(conf-nprefixl)#seq 12 deny 134.23.0.0 /16 Force10(conf-nprefixl)#seq 15 deny 120.23.14.0 /8 le 16 Force10 the order in which they were configured (for example, the first filter - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 121
: count: 3, range entries: 3, sequences: 5 - 10 ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 Force10> Use a prefix list for route redistribution To pass traffic through a configured prefix list, you must use the prefix list in a route redistribution command. The prefix - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 122
(RIP is supported on C and E-Series.), use either of the following commands in the ROUTER RIP mode: Command Syntax router rip distribute-list prefix-list-name in [interface] distribute-list prefix-list-name out [interface | connected | static | ospf] Command Mode CONFIGURATION CONFIG-ROUTER-RIP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 123
(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1 distribute-list prefix awe in Force10(conf-router_ospf)# ACL Resequencing ACL Resequencing allows you to re-number the rules and remarks in an access or prefix list. The placement of rules - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 124
www.dell.com | support.dell.com Resequencing an ACL or Prefix List Resequencing host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Force10# end Force10# resequence access-list ipv4 test 2 2 Force10# show running-config acl ! ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 125
any host 1.1.1.4 Force10# end Force10# resequence access-list ipv4 test 2 2 Force10# show running-config acl ! ip access-list extended test remark 2 XYZ 12 permit ip any host 1.1.1.4 Route Maps c e s Route-maps are supported on platforms: Like ACLs and prefix lists, route maps are composed of a - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 126
www.dell.com | support.dell.com • Two or more match clauses within the same route-map the next or a specified route-map sequence is processed after a match is found. Configuration Task List for Route Maps You configure route maps in the ROUTE-MAP mode and apply them in various commands in the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 127
20 Match clauses: interface GigabitEthernet 0/1 Set clauses: tag 35 level stub-area Force10# Figure 7-24 shows an example of a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 128
www.dell.com | support.dell.com Figure 7-24. Command Example: show route-map Force10#show route-map dilling route-map dilling, permit, sequence 10 Match clauses: Set clauses: route-map dilling, permit, sequence 15 Match clauses: interface Loopback 23 Set clauses: tag 3444 Force10# To delete a route - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 129
though other instances of the route-map denies it. To configure match criterion for a route map, use any or all VLAN, enter the keyword vlan followed by a number from 1 to 4094. E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 130
www.dell.com | support.dell.com Command Syntax match ip address prefix-list-name external to OSPF, ISIS level-1, ISIS level-2, or locally generated. Match routes with a specific tag. To configure a set condition, use any or all of the following commands in the ROUTE-MAP mode: Command Syntax - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 131
convention is to keep the number of match and set filters in a route map low. Set commands do not require a corresponding match command. Configure a route map for route redistribution Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 132
a continue clause at the end of a route-map module. In this example, if a match is found in the route-map "test" module 10, module 30 will be processed. Note: If the continue clause is configured without specifying a module, the next sequential module is processed. 132 | Access Control Lists (ACL - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 133
Figure 7-27. Command Example: continue ! route-map test permit 10 match commu comm-list1 set community 1:1 1:2 1:3 set as-path prepend 1 2 3 4 5 continue 30! Access Control Lists (ACL), Prefix Lists, and Route-maps | 133 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 134
www.dell.com | support.dell.com 134 | Access Control Lists (ACL), Prefix Lists, and Route-maps - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 135
ex s c et This chapter is intended to provide a general description of Border Gateway Protocol version 4 (BGPv4) as it is supported in the Dell Force10 Operating System (FTOS). This chapter includes the following topics: • Protocol Overview • Autonomous Systems (AS) • Sessions and Peers • Route - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 136
www.dell.com | support.dell.com • Ignore Router-ID for some best-path calculations • 4-Byte AS Numbers • AS4 Number Representation • AS Number Migration • BGP4 Management Information Base (MIB) • Important Points to Remember • Configuration Information • Configuration Task List for BGP • MBGP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 137
from one network to another. The ISP is considered to be "selling transit service" to the customer network, so thus the term Transit AS. When BGP BGP (IBGP) AS 2 Interior BGP (IBGP) BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 138
www.dell.com | support.dell.com Figure 8-2. Full Mesh Examples 4 Routers 6 Routers 8 Routers The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 139
, and Notification messages to/from its peer. Peer Groups Peer Groups are neighbors grouped according to common routing policies. They enable easier system configuration and management by allowing groups of routers to share and inherit policies. Peer groups also aid in convergence speed. When a BGP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 140
www.dell.com | support.dell.com { • If a route was received from a nonclient peer, reflect the route to all client peers. • If the route was received from a client peer, reflect the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 141
BGP Attributes Routes learned via BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 142
www.dell.com | support.dell.com Figure 8-4. BGP Best Path Selection No, or Not Resulting . 4. Prefer the path with the shortest AS_PATH (unless the bgp bestpath as-path ignore command is configured, then AS_PATH is not considered). The following criteria apply: • An AS_SET has a path length of - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 143
paths as equal and does not perform steps 9 through 11 listed below, if the following criteria is met: • the IBGP multipath or EBGP multipath are configured (maximum-path command) • the paths being compared were received from the same AS with the same number of ASs in the AS Path but with - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 144
www.dell.com | support.dell.com Weight The Weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 145
AS 100 Router A Router B Set MED to 100 T1 Link Router C OC3 Link AS 200 Router E Set MED to 50 Router D Note: With FTOS Release 8.3.1.0, configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 146
www.dell.com | support.dell.com Generally, an IGP indicator means that the route was code of INCOMPLETE. The lower case letter (i) indicates an Origin code of IGP. Figure 8-7. Origin attribute reported Force10#show ip bgp BGP table version is 0, local router ID is 10.101.15.13 Status codes: s - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 147
you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. FTOS 8.3.1.0 and later support configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes. The - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 148
www.dell.com | support.dell.com • If the redistribute command does not have any metric configured and BGP Peer out-bound route-map does have metric-type internal configured, BGP advertises the IGP cost as MED. • If the redistribute command has metric configured (route-map set metric or redistribute - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 149
Confederation must be either 4-Byte or 2-Byte identified routers. You cannot mix them. Configure the 4-byte AS numbers with the four-octet-support command. AS4 Number Representation FTOS version 8.2.1.0 supports multiple representations of an 4-byte AS Numbers: asplain, asdot+, and asdot. Note: The - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 150
dell.com | support.dell is reflected immediately in the running-configuration and the show commands (Figure 8-9 Force10(conf-router_bgp)#bgp asnotation asplain Force10(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 151
SUPPORT DISABLED Force10(conf-router_bgp)#no bgp four-octet-as-support Force10(conf-router_bgp)#sho conf ! router bgp 100 neighbor 172.30.1.250 local-as 65057 Force10 the connection with Router C without immediately updating Router C's configuration. Local-AS allows this to happen by allowing Router - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 152
www.dell.com | support.dell.com Figure 8-11. Local-AS Scenario Router A AS 100 Router B AS 200 Router C AS 300 Before Migration Router A AS 100 AS 100 Router B Local AS - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 153
Information Base (MIB) support with many new SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Force10 website, www.force10networks.com. Note: See the Dell Force10 iSupport webpage for the Force10-BGP4-V2-MIB - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 154
the other clients. • High CPU utilization may be observed during an SNMP walk of a large BGP Loc-RIB. • To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Force10 recommends setting the timeout and retry count values to a relatively - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 155
the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). Note: In FTOS, all newly configured neighbors and peer groups are disabled. You must enter the neighbor {ip-address | peer-group-name} no shutdown command to enable a neighbor or peer - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 156
www.dell.com | support.dell.com • Configure passive peering • Maintain existing AS numbers during an AS migration • Allow an AS number to appear in its own AS path • Enable graceful restart • Filter on an AS-Path attribute • Configure IP community lists • Manipulate the COMMUNITY attribute • Change - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 157
and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. Disabling 4-Byte AS Numbers also disables ASDOT and ASDOT+ number representation. All AS Numbers will be displayed in ASPLAIN - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 158
www.dell.com | support.dell.com Enter show config in CONFIGURATION ROUTER BGP mode to view the BGP configuration. Use the show ip router's identifier, FTOS uses the highest IP address of the Loopback interfaces configured. Since Loopback interfaces are virtual, they cannot go down, thus preventing - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 159
details on using the show ip bgp neighbors command, refer to the FTOS Command Line Interface Reference. Figure 8-14. Command example: show ip bgp neighbors Force10#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote AS 18508, external link BGP version 4, remote router ID 10.20.20.20 External - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 160
supported at a time. You cannot combine the types of representations within an AS. Task Enable ASPLAIN AS Number representation. Figure 8-16 Command Syntax bgp asnotation asplain Command Mode CONFIG-ROUTER-BGP Note: ASPLAIN is the default method FTOS uses and does not appear in the configuration - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 161
CONFIG-ROUTER-BGP CONFIG-ROUTER-BGP Figure 8-16. Command example and output: bgp asnotation asplain Force10(conf-router_bgp)#bgp asnotation asplain Force10(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 162
www.dell.com | support.dell.com Configure Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. Another advantage of peer groups is that members of a peer groups inherit the configuration properties of the group and share same update policy. A maximum of - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 163
of a peer group (zanzibar). Figure 8-19. Command example: show config (creating peer-group) Force10(conf-router_bgp)#neighbor zanzibar peer-group Force10(conf-router_bgp)#show conf ! Configuring neighbor router bgp 45 zanzibar bgp fast-external-fallover bgp log-neighbor-changes neighbor - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 164
www.dell.com | support.dell.com Figure 8-20. Command example: show config (peer-group enabled Force10(conf-router_bgp)#neighbor zanzibar no shutdown Force10(conf-router_bgp)#show config ! router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 165
Figure 8-21. Command example: show ip bgp peer-group Force10>show ip bgp peer-group Peer-group zanzibar, remote AS .68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Force10> BGP fast fall-over By default, a BGP session is governed by the hold time. BGP routers typically carry - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 166
www.dell.com | support.dell.com The BGP fast fall-over feature is configured on a per-neighbor or peer-group basis Fast Fall-Over, use the [no] neighbor [neighbor | peer-group] fall-over command in CONFIGURATION ROUTER BGP mode Use the show ip bgp neighbors command as shown in Figure 8-22 to verify - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 167
Figure 8-22. Command example: show ip bgp neighbors Force10#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.5 BGP state ESTABLISHED, in this state for 00:19:15 Last read - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 168
dell.com | support.dell.com Figure 8-23. Command example: show ip bgp peer-group Force10#sh ip bgp peer-group Peer-group test Fall-over enabled BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is test authentication configured is - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 169
.65535 (Dotted format) No Prepend specifies that local AS values are not prepended to announcements from the neighbor. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Disable this feature, using the no neighbor local-as command in - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 170
dell.com | support.dell.com Figure 8-24. Local-as information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support You must Configure Peer Groups before assigning - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 171
network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list the peer has been updated with all routes in the local RIB. If you configure your system to do so, FTOS can perform the following actions during a hot - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 172
www.dell.com | support.dell.com • Advertise to all BGP neighbors and peer-groups that the optimize path selection and results in fewer updates being sent out. Enable graceful restart using the configure router bgp graceful-restart command. The table below shows the command and its available options: - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 173
Figure 8-26). Figure 8-26. Command example: show ip bgp paths Force10#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an AS-PATH ACL to filter a specific AS_PATH value. Step - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 174
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 {deny | permit} filter accepted expressions. Return to CONFIGURATION mode 4 router bgp as-number CONFIGURATION Enter ROUTER BGP mode. 5 neighbor {ip-address | CONFIG-ROUTER-B Use a configured AS-PATH ACL for route - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 175
10.155.15.2 filter-list 1 in Force10(conf-router_bgp)#ex Force10(conf)#ip as-path access-list Eagle Force10(config-as-path)#deny 32$ Force10(config-as-path)#ex Force10(conf)#router bgp 99 Force10(conf-router_bgp)#neighbor AAA filter-list Eagle in Force10(conf-router_bgp)#show conf ! router bgp 99 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 176
www.dell.com | support.dell.com Table 8-4. Regular Expressions Regular Expression Definition ( ) (parenthesis) [ ] (brackets) - -path-access-list command in EXEC Privilege mode to view the AS-PATH ACL configuration. For more information on this command and route filtering, refer to Filter BGP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 177
ROUTER BGP or CONF-ROUTER_BGPv6_ AF Purpose Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range: 1 to 65535 • match external range are sent to CONFED-EBGP and IBGP peers. FTOS also supports BGP Extended Communities as described in RFC 4360-BGP Extended - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 178
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an IP community list. Step Command Syntax Command Mode Purpose 1 ip community-list community-list-name CONFIGURATION Create a Community list and enter the COMMUNITY- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 179
28. Command example: show ip community-lists Force10#show ip community-lists ip community-list standard 667 deny 702:667 deny 703:667 Use these commands in the following sequence, starting in the CONFIGURATION mode, To use an IP Community list or Extended Community List to filter routes, you must - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 180
www.dell.com | support.dell.com Manipulate the COMMUNITY attribute In addition to permitting or By default, FTOS does not send the COMMUNITY attribute. Use the following command in the CONFIGURATION ROUTER BGP mode to send the COMMUNITY attribute to BGP neighbors. Command Syntax neighbor {ip- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 181
To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show BGP community. Figure 8-29. Command example: show ip bgp community (Partial) Force10>show ip bgp community BGP table version is 3762622, local router ID is - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 182
www.dell.com | support.dell.com Use any or all of the following commands in the CONFIGURATION ROUTER BGP mode to change how an MED as the most preferred one Use the show config command in the CONFIGURATION ROUTER BGP mode to view the nondefault values. Change LOCAL_PREFERENCE attribute In FTOS, - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 183
-map command in EXEC Privilege mode. Change NEXT_HOP attribute You can change how the NEXT_HOP attribute is used. Use the following command in the CONFIGURATION ROUTER BGP mode to change the how the NEXT_HOP attribute is used. Command Syntax neighbor {ip-address | peer-group-name} next-hop-self - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 184
www.dell.com | support.dell.com You can also use route maps to change this and other BGP enable multipath to allow up to 16 parallel paths to a destination. Use the following command in the CONFIGURATION ROUTER BGP mode to allow more than one path. Command Syntax maximum-paths {ebgp | ibgp} number - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 185
denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes. For example, you could have the following filter as the last filter in your prefix list permit 0.0.0.0/0 le - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 186
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to filter routes using a route map. Step 1 2 Command Syntax route-map map-name [permit | deny] [sequence-number] {match | set} Command Mode CONFIGURATION CONFIG-ROUTE-MAP 3 exit - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 187
following parameters: • ip-address or peer-group-name: enter the neighbor's IP address or the peer group's name. • as-path-name: enter the name of a configured AS-PATH ACL. • in: apply the AS-PATH ACL map to inbound routes. • out: apply the AS-PATH ACL to outbound routes. Use the show - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 188
dell.com | support.dell.com Aggregate routes FTOS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active. Use the following command in the CONFIGURATION Force10#show - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 189
All Confederation routers must be either 4-Byte or 2-Byte. You cannot have a mix of router ASN support, Use the show config command in the CONFIGURATION ROUTER BGP mode to view the configuration. Enable route flap dampening When EBGP routes become unavailable, they "flap" and the router issues both - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 190
www.dell.com | support.dell.com Figure 8-31. Setting Reuse and Restart Route Values Force10(conf-router_bgp)#bgp dampening ? Half-life time for the penalty (default = 15) route-map Route-map to specify criteria for dampening Set time before value decrements Force10(conf- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 191
Mode CONFIG-ROUTE-MAP Purpose Enter the following optional parameters to configure route dampening parameters: • half-life range: 1 to 45 output (Figure 8-32). Figure 8-32. Command example: show ip bgp summary Force10>show ip bgp summary BGP router identifier 10.114.8.131, local AS number 65515 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 192
www.dell.com | support.dell.com Use the following command in EXEC Privilege mode to clear compare MED attributes though the paths are from the same AS. Use the following command in CONFIGURATION ROUTER BGP mode to change the path selection from the default mode (deterministic) to non-deterministic - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 193
holdtime values is the new holdtime value, and • whichever is the lower value; one-third of the new holdtime value, or the configured keepalive value is the new keepalive value. BGP neighbor soft-reconfiguration Changing routing policies typically requires a reset of BGP sessions (the TCP connection - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 194
dell.com | support.dell supports the route refresh capability, the following message should be displayed: Received route refresh capability from peer. If you specify a BGP peer group by using the peer-group-name argument, all members of the peer group inherit the characteristic configured Force10> - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 195
of actions overrides the previous set of actions with the same set command. • If the set community additive and set as-path prepend commands are configured, the communities and AS numbers are prepended. Border Gateway Protocol IPv4 (BGPv4) | 195 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 196
www.dell.com | support.dell.com MBGP Configuration e c MBGP for IPv6 unicast is supported on platforms t c e s MBGP for IPv4 Multicast is supported on platform t e MBGP is not supported on the E-Series ExaScale x platform. Multiprotocol BGP (MBGP) is an enhanced BGP that carries IP multicast - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 197
, at the expense of some memory in RP1 processor. This feature is turned on by default. Use the command bgp regex-eval-optz-disable in CONFIGURATION ROUTER BGP mode to disable it if necessary. Debugging BGP Use any of the commands in EXEC Privilege mode to enable BGP debugging. Command Syntax - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 198
www.dell.com | support.dell.com Use the keyword no followed by the debug command To disable a specific debug command. For example, to disable debugging of BGP updates, enter no - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 199
Figure 8-34. Viewing the Last Bad PDU from BGP Peers Force10(conf-router_bgp)#do show ip bgp neighbors 1.1.1.2 BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 2.4.0.1 BGP state ESTABLISHED, in this state - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 200
www.dell.com | support.dell.com The buffer size supports a maximum value between 40 MB (the default) captured PDUs using the command show capture bgp-pdu neighbor. Figure 8-35. Viewing Captured PDUs Force10#show capture bgp-pdu neighbor 20.20.20.2 Incoming packet capture enabled for BGP neighbor 20. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 201
Figure 8-36. Figure 8-36. Required Memory for Captured PDUs Force10(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 support your own IP Addresses, Interfaces, Names, etc. Figure 8-37 is a graphic illustration of the configurations shown on the following pages. These configurations - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 202
www.dell.com | support.dell.com Figure 8-37. Sample Configuration Illustration AS 99 Physical Links GigE 1/21 10.0.1.21 /24 Loopback 1 192.168.128.1 /24 GigE 1/31 10.0.3.31 /24 Virtual Links Peer Group AAA - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 203
Figure 8-38. Enable BGP - Router 1 R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int gig 1/21 R1(conf-if-gi-1/21)#ip address 10.0.1.21 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 204
www.dell.com | support.dell.com Figure 8-39. Enable BGP - Router 2 R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.2/24 R2(conf-if- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 205
Figure 8-40. Enable BGP - Router 3 R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int gig 3/11 R3(conf-if-gi-3/11)#ip address - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 206
www.dell.com | support.dell.com Figure 8-41. Enable Peer Group - Router 1 R1#conf R1(conf)#router bgp 99 R1(conf-router_bgp)# network 192.168.128.0/24 R1(conf-router_bgp)# - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 207
Figure 8-42. Enable Peer Groups - Router 1 continued Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 208
www.dell.com | support.dell.com Figure 8-43. Enable Peer Groups - Router 2 R2#conf R2(conf)#router bgp 99 R2(conf-router_bgp)# neighbor CCC peer-group R2(conf-router_bgp)# neighbor - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 209
Figure 8-44. Enable Peer Group - Router 3 R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 210
www.dell.com | support.dell.com Figure 8-45. Enable Peer Groups - Router 3 continued Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 211
mode using the reload-type command. 2. Reload the switch in the configured mode using the reload command. Prerequisites Before you use BMP 2.0 to auto-configure a supported Dell Force10 switch, you must first configure a Dynamic Host Configuration Protocol (DHCP) server and a file server in the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 212
ports of a switch. BMP 2.0 is not supported in a stacking environment. Overview On a new factory-loaded switch, the switch boots up in Jumpstart mode. You can reconfigure a switch to reload between Normal and Jumpstart mode. • Jumpstart (BMP) mode: The switch automatically configures all ports - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 213
the default boot mode configured for a new switch arriving from Dell Force10. This mode obtains the FTOS image and configuration file from a the Image and Configurations file are placed. The address is assumed to be a TFTP address unless it is given as a URL. The switch supports TFTP, HTTP, and - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 214
www.dell.com | support.dell.com The DHCP option codes used are: •6 Domain Name Server IP •66 TFTP Server name •67 Boot filename •150 TFTP server IP address •209 Configuration File Note: The boot file name and configuration file name must be in the correct format. If it is not, the switch will be - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 215
server included on the most popular Linux distributions. The dhcpd.conf file shows assignment of a fixed IP address and configuration file based on the MAC address of the switch. Parameter Example option boot-filename code 67 = text; option tftp-server-address code 150 = ip-address; option config - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 216
www.dell.com | support.dell.com File Server Set up a file server and ensure connectivity. The server that holds the boot and configuration files must be configured as the network source for the switch. The switch recognizes HTTP, TFTP, FTP, external USB memory and Flash URLs. For example: • tftp:// - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 217
JUMPSTART_DISCOVER: DHCP DISCOVER sent on Ma 0/0. 3. The IP address, boot image filename and the configuration filename are reserved for the switch and provided in the DHCP reply (one-file read method). The switch receives its IP address, subnet mask, DHCP server IP, TFTP server address, DNS server - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 218
www.dell.com | support.dell.com ...00:09:50: %STKUNsyncing disks... IT0-M:CP %CHMGR-1 5-RELOAD: User done request to reload the chassis rebooting • If there is no version mismatch the switch downloads the configuration file. 00:27:12: %STKUNIT0-M:CP %JUMPSTART-2-JUMPSTART_DOWNLOAD_START: The config - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 219
230 • Applications for CAM Profiling on page 230 • Troubleshoot CAM Profiling on page 231 Content Addressable Memory Content Addressable Memory (CAM) is a type of memory that stores information in the form of a lookup table. On Dell Force10 systems, the CAM stores Layer 2 and Layer 3 forwarding - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 220
www.dell.com | support.dell.com CAM Profiles Dell Force10 systems partition each CAM module so that it can store the different are available for all systems. Refer to the Command Line Interface Reference Guide for details regarding available profiles for each system. Table 10-1. CAM Profile - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 221
18K 4K 3K 1K ipv4-64k-ipv6 32K 2K 64K 12K 24K 1K 1K 8K 16K 3K 4K 1K Microcode Microcode is a compiled set of instructions for a CPU. On Dell Force10 systems, the microcode controls how packets are handled. Content Addressable Memory | 221 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 222
Guide VLAN ACL Group feature, which permits group VLANs supported on platform t only. The default CAM profile has 1K Layer 2 ingress ACL entries. If you need more memory for Layer 2 ingress ACLs, select the profile l2-ipv4-inacl. When budgeting your CAM allocations for ACLs and QoS configurations - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 223
sub-partition. As with the IPv4Flow partition, you can configure the Layer 2 ACL partition from EXEC Privilege mode or CONFIGURATION mode. The amount of space that you can distribute to default (single-CAM) profile and remains in a problem state (Figure 10-1). The line card cannot forward traffic in - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 224
www.dell.com | support.dell.com • If you insert a dual-CAM line card into a chassis with a :56: %RPM0-P:CP %CHMGR-4-EG_PROFILE_WARN: If EG CAM profile is selected, non-EG cards will be in problem state after reload # After reload: 00:04:46: %RPM0-P:CP %CHMGR-3-PROFILE_MISMATCH: Mismatch: line card - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 225
Configure more Layer 2 FIB entries when the system is deployed as a switch. • Configure more Layer 3 FIB entries when the system is deployed as a router. • Configure • Optimize the VLAN ACL Group feature, which permits group VLANs for IP egress ACLs. See CAM profile for the VLAN ACL group feature on - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 226
www.dell.com | support.dell.com • If a the standby RPM has a profile different from the primary and IPv6 6 ACLs and QoS regions on the C-Series and S-Series by using the cam-acl command in CONFIGURATION mode. The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 227
system for the new settings to take effect. To configure the IPv4 and IPv6 ACLs and Qos regions on reload EXEC Privilege Test CAM Usage c e s The test cam-usage command is supported on platforms This Command Example: test cam-usage (C-Series) Force10#test cam-usage service-policy input - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 228
www.dell.com | support.dell.com View CAM Profiles View the current CAM profile for the Figure 10-5. Viewing CAM Profile Information in the Running-configuration Force10#show running-config cam-profile ! cam-profile default microcode default Force10# View CAM-ACL settings View the current cam-acl - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 229
Figure 10-6. View CAM-ACl settings on C-Series and S-Series Force10# show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 2 Ipv4Qos : 2 L2Qos : 2 L2PT : 1 IpMacAcl : 2 VmanQos : 0 VmanDualQos : 0 -- Line card 0 -- Current - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 230
www.dell.com | support.dell.com Figure 10-7. Viewing CAM Usage Information R1#show cam-usage Linecard|Portpipe| CAM a CAM profile and microcode that treats MPLS packets as non-IP packets. Normally, switching and LAG hashing is based on source and destination MAC addresses. Alternatively, you can - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 231
is running an FTOS version prior to 6.3.1.1, the system presents an error message. In this case, manually adjust the CAM configuration on the card to match the system configuration. Dell Force10 recommends the following to prevent mismatches: • Use the eg-default CAM profile in a chassis that has - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 232
www.dell.com | support.dell.com • Use the CONFIGURATION mode commands service-policy. The command test cam-usage service-policy provides this test framework, see Pre-calculating Available QoS CAM Space on page 582. Note: For troubleshooting other CAM issues see the E-Series Network Operations Guide - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 233
: • Protocol Overview • Implementation Information • Configuration Tasks • Configure the System to be a DHCP Server • Configure the System to be a Relay Agent • Configure the System for User Port Stacking • Configure Secure DHCP Protocol Overview Dynamic Host Configuration Protocol (DHCP) is an - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 234
www.dell.com | support.dell.com • Relay agent-an intermediary network device that passes DHCP 67 and transmits to port 68; the client listens on port 68 and transmits to port 67. The configuration parameters are carried as options in the DHCP packet in Type, Length, Value (TLV) format; many options - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 235
is already in use. In this case, the client starts the configuration process over by sending a DHCPDISCOVER. • DHCPINFORM-A client uses this message to request configuration parameters when it assigned an IP address manually rather than with DHCP. The server responds by unicast. • DHCPNAK-A server - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 236
an error message for configurations that exceed the allocated memory. • E-Series supports 16K DHCP Snooping entries across 500 VLANs. • C-Series, S-Series (S25/S50), S55, S60 and S4810 support 4K DHCP Snooping entries. • All platforms support Dynamic ARP Inspection on 16 VLANs per system. Refer to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 237
need. Configuring the Dell Force10 system to be a DHCP server is a 3-step process: 1. Configure the Server for Automatic Address Allocation 2. Specify a Default Gateway 3. Enable DHCP Server Related Configuration Tasks • Configure a Method of Hostname Resolution • Create Manual Binding Entries - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 238
www.dell.com | support.dell.com Configure the Server for Automatic Address Allocation c s This feature is /prefix-length Prefix-length Range: 17 to 31 Display the current pool configuration. show config Command Mode CONFIGURATION DHCP DHCP DHCP Once an IP address is leased - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 239
Command Syntax Command Mode ip dhcp server no disable Default: Disabled show config CONFIGURATION DHCP DHCP In the illustration below, an IP phone is powered by PoE and has acquired an IP address from the Dell Force10 system, which is advertising LLDP-MED. The leased IP address is displayed using - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 240
www.dell.com | support.dell.com Configure a Method of Hostname Resolution Dell Force10 systems are capable of providing DHCP Address Resolution using NetBIOS WINS Windows Internet Naming Service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 241
you want to guarantee that a particular network device receives a particular IP address. Manual bindings can be considered single-host address pools. There is no limit on the number of manual bindings, but you can only configure one manual binding per host. Note: FTOS does not prevent you from using - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 242
dell.com | support.dell.com Unicast Configure the System to be a Relay Agent Ze The following feature is available on platforms: DHCP clients and servers request and offer configuration can configure an interface on the Dell Force10 system on Layer 2 interfaces and VLANs. HCP Relay Device DHCP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 243
set the stacking-option variable to provide the stack-port detail so a stack can be formed when the units are connected. Configure Secure DHCP the switch. On the S4810, S55, and S60, the Remote ID can also be the hostname of the switch or an arbitrary string. Dynamic Host Configuration Protocol - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 244
.dell.com | support.dell switch. S4810, S60, S55: Enables Option 82. Remote ID is remote-id Command Syntax ip dhcp relay information-option ip dhcp relay information-option remote-id hostname ip dhcp relay information-option remote-id remote-id Command Mode CONFIGURATION CONFIGURATION CONFIGURATION - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 245
globally. Specify ports connected to DHCP servers as trusted. Enable DHCP Snooping on a VLAN. Command Syntax ip dhcp snooping ip dhcp snooping trust ip dhcp snooping vlan Command Mode CONFIGURATION INTERFACE CONFIGURATION Add a static entry in the binding table Task Command Syntax Add a static - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 246
www.dell.com | support.dell.com View the DHCP dhcp snooping binding Codes : S - Static D - Dynamic IP Address MAC Address Expires(Sec) Type VLAN Interface 10.1.1.251 00:00:4d:57:f2:50 172800 D Vl 10 Gi 0/2 10.1.1.252 00:00 the table : 4 246 | Dynamic Host Configuration Protocol (DHCP) - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 247
ARP cache of a network device. It is used to launch man-in-the-middle (MITM), and denial-of-service (DoS) attacks, among others. A spoofed ARP message is one in which the MAC address in the sender , after which, traffic from the gateway is broadcast. Dynamic Host Configuration Protocol (DHCP) | 247 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 248
www.dell.com | support.dell.com • denial of service-an attacker can send a fraudulent ARP messages to a profile allocates only 9 entries to the L2SysFlow region for DAI. You can configure 10 to 16 DAI-enabled VLANs by allocating more CAM space to the L2SysFlow region before enabling DAI. SystemFlow - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 249
Requests Invalid ARP Replies FTOS# : 0 : 1000 : 1000 : 0 Bypass the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environments. ARPs received on trusted ports bypass validation against the binding table. All - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 250
www.dell.com | support.dell.com The DHCP binding table associates addresses assigned by the only for packets from snooped VLANs. Task Command Syntax Enable DHCP MAC Source Address Validation. ip dhcp snooping verify mac-address Command Mode CONFIGURATION IP+MAC Source Address Validation - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 251
+MAC ACL for an interface for the entire system. Command Syntax show ip dhcp snooping source-address-validation [interface] Command Mode EXEC Privilege Dynamic Host Configuration Protocol (DHCP) | 251 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 252
www.dell.com | support.dell.com 252 | Dynamic Host Configuration Protocol (DHCP) - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 253
Dell Force10 Resilient Ring Protocol c e s Dell Force10 Resilient Ring Protocol is supported on platforms Dell Force10 Resilient Ring Protocol (FRRP) provides fast network convergence to Layer 2 switches distinction is ignored as long as the node is configured as a Transit node. If the ring is - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 254
dell.com | support.dell.com Figure 12-1. Normal Operating FRRP Topology R2 TRANSIT Ring Direction Primary Forwarding Secondary Forwarding Primary Forwarding Primary Forwarding Secondary R1 Blocking MASTER Secondary Forwarding R3 TRANSIT A Virtual LAN (VLAN) is configured instructing - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 255
control frame instructing it to VLAN that spans both rings is added as a Member VLAN to both FRRP groups. Switch R3 has two instances of FRRP running on it: one for each ring. The example topology that follows shows R3 assuming the role of a Transit node for both FRRP 101 and FRRP 202. Dell Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 256
www.dell.com | support.dell.com Figure 12-2. Example of Multiple Rings Connected by Single Switch FRRP 101 MASTER R1 by the Master Node at specified intervals • Multiple physical rings can be run on the same switch • One Master node per ring-all other nodes are Transit • Each node has 2 member - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 257
Frames, and cannot be used for any other purpose. Each ring maintains a list of member VLANs. Member VLANs must be consistent across the entire ring. Each node has two ports for each ring: Primary When the port is disabled or down, or is not on the VLAN. Dell Force10 Resilient Ring Protocol | 257 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 258
or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP. 258 | Dell Force10 Resilient Ring - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 259
VLAN ID for the Control VLAN. • A VLAN cannot be configured as both a Control VLAN and Member VLAN on the same ring. • Only two interfaces can be members of a Control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes Dell Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 260
www.dell.com | support.dell.com Use the commands in the following sequence, on the switch that will act as the Master node, to create the Control VLAN for this FRRP group. Step Command Syntax 1 interface vlan vlan-id Command Mode CONFIGURATION 2 tagged interface slot/ CONFIG-INT-VLAN port { - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 261
by the slot/port information. Slot/Port: Slot and Port ID for the interface. VLAN ID: Identification number of the Control VLAN Configure a Transit node Identify the Member VLANs for this FRRP group VLAN-ID, Range: VLAN IDs for the ring's Member VLANs. Dell Force10 Resilient Ring Protocol | 261 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 262
www.dell.com | support.dell.com Step Command Syntax 6 no disable Command Mode CONFIG-FRRP Set FRRP Timers Purpose Enable this FRRP group on this switch. Step Command Syntax 1 timer {hello-interval|dead-interval} milliseconds Command Mode Purpose CONFIG-FRRP Enter the desired intervals - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 263
255 Troubleshooting FRRP Configuration Checks • Each Control Ring must use a unique VLAN ID • Only two interfaces on a switch can be Members of the same Control VLAN • of rings allowed on a chassis is 255. Sample Configuration and Topology Figure 12-3 is an example of a basic FRRP topology. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 264
www.dell.com | support.dell.com Figure 12-3. Basic Topology and CLI Vlan 201 no ip address tagged GigabitEthernet 3/14,21 no shutdown ! protocol frrp 101 GiingtaebriftaEcteheprrniemtar3y/21 secondary GigabitEthernet 3/14 control-vlan 101 member-vlan 201 mode transit no disable 264 | Dell Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 265
VLAN Registration Protocol c e s GARP VLAN Registration Protocol is supported on platform Protocol Overview Typical VLAN implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GARP VLAN C-Series, and non-S60/S55 S-Series, Per-VLAN Spanning Tree (PVST+) or - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 266
Force10(conf)#protocol gvrp Force10(conf-gvrp)#no disable % Error: PVST running. Cannot enable GVRP. % Error: MSTP running. Cannot enable GVRP. Configuring GVRP Globally, enable GVRP on each switch to facilitate GVRP communications. Then, GVRP configuration is per interface on a switch-by-switch - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 267
and core switches. Edge Switches Core Switches VLANs 70-80 Edge Switches VLANs 10-20 VLANs 10-20 VLANs 30-50 VLANs 30-50 VLANs 70-80 NOTES: VLAN 1 mode is always fixed and cannot be configured All VLAN trunk ports must be configured for GVRP All VLAN trunk ports must be configured as 802 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 268
shutdown Force10(conf-if-gi-1/21)#show config ! interface GigabitEthernet 1/21 no ip address switchport gvrp enable no shutdown Configuring GVRP Registration • Fixed Registration Mode: Configuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 269
a GVRP Leave message. Additionally, the interface will not be dynamically added to VLAN 45 or VLAN 46, even if a GVRP Join message is received. Figure 13-5. Configuring GVRP Registration Force10(conf-if-gi-1/21)#gvrp registration fixed 34,35 Force10(conf-if-gi-1/21)#gvrp registration forbidden 45,46 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 270
www.dell.com | support.dell.com FTOS displays Message 1 if an attempt is made to configure an invalid GARP timer. Message 1 GARP Timer Error Force10(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. 270 | GARP VLAN Registration Protocol - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 271
interfaces on E-Series, 31 interfaces on C-Series and S-Series, and an unlimited number of groups on all platforms. Note: The S55 supports up to 95 interfaces. • Dell Force10 systems cannot serve as an IGMP host or an IGMP version 1 IGMP Querier. • FTOS automatically enables IGMP on interfaces on - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 272
www.dell.com | support.dell.com IGMP version 2 IGMP version 2 improves upon version 1 by specifying IGMP Leave messages, which allows hosts to notify routers that they no longer care about - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 273
Sending an Unsolicited IGMP Report A host does not have to wait for a general query to join a group. It may send an unsolicited IGMP Membership Report, also called an IGMP Join message, to the querier. Leaving a Multicast Group 1. A host sends a membership report of type 0x17 (IGMP Leave message) to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 274
www.dell.com | support.dell.com Figure 14-3. IGMP version 3 Membership Report Packet Format Version IHL (4) TOS (0xc0) Total Length Flags Frag Offset TTL (1) Protocol (2) Header Checksum Src IP Addr - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 275
Figure 14-4. IGMP Membership Reports: Joining and Filtering Membership Reports: Joining and Filtering Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 GMI Exclude None 1/1 224.1.1.1 Include 10.11.1.1 GMI 1/1 224.1.1.1 Include 10.11.1.1 GMI 10.11.1.2 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 276
www.dell.com | support.dell.com Figure 14-5. IGMP Membership Queries: Leaving and Staying Selecting an IGMP Version on page 277 • Viewing IGMP Groups on page 277 • Adjusting Timers on page 278 • Configuring a Static IGMP Group on page 279 • Prevent a Host from Joining a Group on page 447 • Enabling - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 277
(this system) IGMP version is 2 Force10# Selecting an IGMP Version FTOS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is system) IGMP version is 3 Force10(conf-if-gi-1/13)# Viewing IGMP Groups View both learned and statically configured IGMP groups using the command - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 278
www.dell.com | support.dell.com Figure 14-8. Viewing Static and Learned IGMP Groups Force10(conf-if-gi-1/0)#do sho ip initial query before sending a second one is the Last Member Query Interval (LMQI). The switch waits one LMQI after the second query before removing the group from the state table. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 279
is down is the Other Querier Present Interval. Adjust this value using the command ip igmp querier-timeout from INTERFACE mode. Configuring a Static IGMP Group Configure a static IGMP group using the command ip igmp static-group. Multicast traffic for static groups is always forwarded to the subnet - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 280
is supported on all S-Series stack members,. • IGMP Snooping reacts to STP and MSTP topology changes by sending a general query on the interface that transitions to the forwarding state. Configuring IGMP Snooping Configuring IGMP Snooping is a one-step process. That is, enable it on a switch using - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 281
show ip igmp snooping mrouter from EXEC Privilege mode. Configuring the Switch as Querier Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in the same VLAN, multicast traffic is not routed, and so - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 282
dell.com | support.dell.com • When enabled, IGMP snooping Querier starts after one query interval in case no IGMP general query (with IP SA lower than its VLAN IP address) is received on any of its VLAN query interval to expire. When an IGMP snooping switch is not acting as a Querier it sends out - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 283
are only supported on platform and are covered in the SONET/SDH chapter of the E-Series FTOS Configuration Guide. Basic Interface Configuration: • Interface Types • View Basic Interface Information • Enable a Physical Interface • Physical Interfaces • Management Interfaces • VLAN Interfaces - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 284
www.dell.com | support.dell.com Interface Types Interface Type Physical Management Loopback Null Port Channel VLAN Modes Possible L2, L3 N/A L3 the interface. If a port channel interface is configured, the show interfaces command can list the interfaces configured in the port channel. Note: To end - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 285
, 0 bytes 0 Vlans 0 64-byte pkts Force10 Manual administratively down down YES Manual up up YES Manual up up YES Manual up up YES Manual up up NO Manual administratively down down NO Manual administratively down down NO Manual administratively down down Use the show interfaces configured - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 286
www.dell.com | support.dell.com Figure 15-3. Interfaces listed in the show running-config Command (Partial) Force10#show running Current Configuration ... ! interface GigabitEthernet 7/6 no ip address shutdown ! interface GigabitEthernet 7/7 no ip address shutdown ! interface GigabitEthernet 7/8 no - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 287
Route Processor Module (RPM) of the C-Series and E-Series and on each unit of the S55; it provides dedicated management access to the system. The other S-Series (non-S55) systems supported by FTOS do not have this dedicated management interface, but you can use any Ethernet port configured with an - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 288
switchport no shutdown Force10(conf-if)# To configure an interface in Layer 2 mode, use these commands in the INTERFACE mode: Command Syntax no shutdown switchport Command Mode Purpose INTERFACE INTERFACE Enable the interface. Place the interface in Layer 2 (switching) mode. 288 | Interfaces - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 289
all interface types except VLANs, the shutdown command prevents all traffic from passing through the interface. In VLANs, the shutdown command prevents Error: Port is in Layer 2 mode Gi 1/2. Force10(conf-if)# Error message To determine the configuration of an interface, you can use the show config - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 290
mode (Figure 159). Figure 15-7. Command Example: show ip interface Force10>show ip int vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49 be configured if it appears in the main routing table of FTOS. In addition, Proxy ARP is not supported on this interface. Note: On the S55, a - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 291
mode: Command Syntax interface Managementethernet interface Command Mode Purpose CONFIGURATION Enter the slot and the port (0). ON the E-Series and C-Series, dual RPMs can be in use. Slot range: C-Series, E-Series: 0-1 S55: 0 To view the Primary RPM Management port, use the show interface - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 292
also Chapter 18, VLAN Stacking, on page 367. Note: To monitor VLAN interfaces, use the Management Information Base for Network Management of TCP/IP-based internets: MIB-II (RFC 1213). Monitoring VLAN interfaces via SNMP is supported only on E-Series. FTOS supports Inter-VLAN routing (Layer 3 routing - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 293
participating in an OSPF process. Figure 15-9. Sample Layer 3 Configuration of a VLAN interface Vlan 10 ip address 1.1.1.2/24 tagged GigabitEthernet 2/2-13 tagged TenGigabitEthernet 5/0 ip ospf authentication-key force10 ip ospf cost 1 ip ospf dead-interval 60 ip ospf hello-interval 15 no shutdown - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 294
www.dell.com | support.dell.com Null Interfaces The Null interface is another virtual interface created interface. The only configurable command in the INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 295
redistributed across the four remaining interfaces. Port channel implementation FTOS supports two types of port channels: • Static-Port channels that are statically configured • Dynamic-Port channels that are dynamically configured using Link Aggregation Control Protocol (LACP). For details, see - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 296
www.dell.com | support.dell.com For example, if four interfaces (Gi 0/0, 0/1, 0/2, 0/3) in new port channel on page 299 (optional) • Configure the minimum oper up links in a port channel (LAG) on page 300 (optional) • Add or remove a port channel from a VLAN on page 300 (optional) • Assign an IP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 297
• shutdown/no shutdown • mtu • ip mtu (if the interface is on a Jumbo-enabled by default.) Note: The S-Series supports jumbo frames by default (the default maximum transmission unit (MTU) is 1554 bytes) You can configure the MTU using the mtu command from INTERFACE mode. To view the interface - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 298
dell.com | support.dell.com Figure 15-10. show interfaces port-channel brief Command Example Force10#show int port brief LAG Mode Status 1 L2L3 up 2 L2L3 up Force10 bytes Input 1212448 IP Packets, 0 Vlans 0 MPLS 4857 64-byte pkts, the physical interface. The configuration and status of the port - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 299
)#show config ! interface Port-channel 5 no ip address switchport channel-member GigabitEthernet 1/6 Force10(conf-if-portch)#int gi 1/6 Force10(conf-if)#ip address 10.56.4.4 /24 % Error: Port is part of a LAG Gi 1/6. Force10(conf-if)# Error message Reassign an interface to a new port channel An - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 300
an example of configuring five minimum "oper up" links in a port channel. Figure 15-14. Example of using the minimum-links Command Force10#config t Force10(conf)#int po 1 Force10(conf-if-po-1)#minimum-links 5 Force10(conf-if-po-1)# Add or remove a port channel from a VLAN As with other interfaces - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 301
VLAN INTERFACE VLAN Add the port channel to the VLAN as a tagged interface. An interface with tagging enabled can belong to multiple VLANs. Add the port channel to the VLAN Command Mode Purpose ip address ip-address mask [secondary] INTERFACE Configure an IP address and mask on the interface. • ip - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 302
www.dell.com | support.dell.com Load balancing through port channels FTOS uses hash algorithms • Protocol type • TCP/UDP source port • TCP/UDP destination port Balancing may be applied to IPv4, switched IPv6, and non-IP traffic. For these traffic types, the IP-header-based hash and MAC-based hash - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 303
used for hash generation. Figure 15-15 shows the configuration and show command for packet-based hashing on the E-Series. Figure 15-15. based Force10(conf)#load-balance ip-selection packet-based Force10#show running-config | grep load load-balance ip-selection packet-based Force10# The - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 304
dell.com | support.dell.com IPv4, IPv6, and non-IP traffic handling on the E-Series The table below presents the combinations of the load-balance command and their effect on traffic types. Table 15-6. The load-balance Commands and Port Channel Types Configuration VLAN, Ethertype, source module - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 305
with the Default cam profile. E-Series and specifically include lag-hash-align microcode. Figure 15-16 shows a sample configuration for the hash-algorithm command. Figure 15-16. Command example: hash-algorithm Force10(conf)#Force10(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh-ecmp checksum 26 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 306
dell.com | support.dell.com On C-Series and S-Series, the hash-algorithm command is specific to ECMP groups and has different defaults from the E-Series. The default ECMP hash configuration prompt. In the following example, Tengigabit 3/0 and VLAN 1000 do not exist. Note: When creating an interface - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 307
15-17. Creating a Single-Range Bulk Configuration Force10(config)# interface range gigabitethernet 5/1 - 23 Force10(config-if-range-gi-5/1-23)# no shutdown Duplicate Entries Force10(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Force10(conf-if-range-vl-1,vl-3)# Force10(conf)#interface - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 308
below shows how to use commas to add VLAN and port-channel interfaces to the range. Figure 15-23. Multiple-Range Bulk Configuration with VLAN, and Port-channel Force10(config-ifrange-gi-5/1-23-te-1/1-2)# interface range Vlan 2 - 100 , Port 1 - 25 Force10(config-if-range-gi-5/1-23-te-1/1-2-so-5/1-vl - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 309
interfaces range to be configured using the values saved in a named interface-range macro. The example below shows how to change to the interface-range configuration mode using the interface-range macro named "test". Force10(config)# interface range macro test Force10(config-if)# Interfaces | 309 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 310
www.dell.com | support.dell.com Monitor and Maintain Interfaces Monitor interface statistics with the monitor interface command. This command displays an ongoing list of the interface status (up/down), - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 311
Force10# Maintenance using TDR The Time Domain Reflectometer (TDR) is supported on all Dell Force10 switch/ a transceiver is unplugged). TDR is useful for troubleshooting an interface that is not establishing a link, that is passing traffic. When a TDR test is run on a physical cable, it - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 312
.dell.com | support.dell.com To test the condition of cables on 10/100/1000 BASE-T modules, use the tdr-cable-test command: Step Command Syntax Command Mode 1 tdr-cable-test gigabitethernet / EXEC Privilege 2 show tdr gigabitethernet / EXEC Privilege Usage To test - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 313
for Fiber is 100 ms Figure 15-25. Setting Debounce Time Force10(conf)#int gi 3/1 Force10(conf-if-gi-3/1)#link debounce time 150 Force10(conf-if-gi-3/1)#= Show debounce times in an interface show interface E300 system. Each port to be shut down must be configured individually. Interfaces | 313 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 314
failures so that disturbances are not propagated. Important Points to Remember • Link dampening is not supported on VLAN interfaces • Link dampening is disabled when the interface is configured for port monitoring • Link dampening can be applied to Layer 2 and Layer 3 interfaces. • Link dampening - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 315
from EXEC Privilege mode, as shown in Figure 15-29. Figure 15-29. Viewing a System-wide Dampening Summary Force10# show interfaces dampening summary 20 interfaces are configured with dampening. 3 interfaces are currently suppressed. Following interfaces are currently suppressed: Gi 0/2 Gi 3/1 Gi - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 316
www.dell.com | support.dell.com Figure 15-30. Clearing Dampening Counters Force10# clear dampening interface Gi 0/1 Force10# show interfaces dampening GigabitEthernet0/0 InterfaceState Flaps Penalty Half-LifeReuse SuppressMax-Sup Gi 0/1 Up 0 0 20 500 1500 300 Link Dampening Support for - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 317
allow full duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal carry the PAUSE commands. Ethernet Pause Frames are supported on full duplex only. The only configuration applicable to half duplex ports is rx off - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 318
consulting with the Dell Force10 Technical Assistance Center. Note: The S55 supports only the rx control option. The S55 does not transmit traffic is received. threshold (C-Series and S-Series only): When tx on is configured, the user can set the threshold values for: Number of flow-control packet - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 319
must be no less than 1422: 1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The MTU range is 592-9252, with a default of 1500. On the E-Series, the user must enter the ip mtu command to manually configure the IP MTU to compensate for the Layer 2 header. The C-Series - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 320
www.dell.com | support.dell.com Port-pipes A port pipe is a Dell Force10 specific term for the hardware path that packets the line card Note: All references to the E1200 in this section include the E1200i-AC and E1200i-DC. References to E600 include the E600i. For the purposes of diagnostics, the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 321
module with catalog number GP-SFP2-1T is used in the S25P model of the S-Series, its speed can be manually Dell Force10 recommends keeping auto-negotiation enabled. Auto-negotiation should only be disabled on switch ports that attach to devices not capable of supporting .] Access CONFIGURATION mode. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 322
support.dell.com Note: The show interfaces status command displays link status, but not administrative status. For link and administrative status, use show ip interface [interface | brief | linecard slot-number] [configuration]. Figure 15-31. show interfaces status Command Example Force10 Vlan - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 323
Force10(conf)# int gi 0/0 Force10(conf-if)#neg auto Force10(conf-if-autoneg)# ? end exit mode no Exit from configuration mode Exit from autoneg configuration the interfaces. The interface sends keepalive messages to itself to test network connectivity on the interface. To change the default time - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 324
www.dell.com | support.dell.com Figure 15-34. show Commands with configured Keyword Examples Force10#show interfaces configured Force10#show interfaces linecard 0 configured Force10#show interfaces gigabitEthernet 0 configured Force10#show ip interface configured Force10#show ip interface linecard - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 325
Figure 15-36. Configuring Rate Interval Example Force10#show interfaces TenGigabitEthernet 10/0 of "show interface" counters 1d23h44m Queueing strategy: fifo 0 packets input, 0 bytes Input 0 IP Packets, 0 Vlans 0 MPLS 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 326
www.dell.com | support.dell.com Dynamic Counters By default, counting for the following four pipe, there is an impact on line rate performance. The following counter-dependent applications are supported by FTOS: • Egress VLAN • Ingress VLAN • Next Hop 2 • Next Hop 1 • Egress ACLs • ILM • IP FLOW - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 327
This command does not clear the counters captured by any SNMP program. To clear the counters, use the following command support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. (OPTIONAL) Enter the keyword vrrp to clear statistics for all VRRP groups configured - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 328
328 | Interfaces www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 329
Addressing is supported on platforms FTOS supports various IP addressing features. This chapter explains the basics of Domain Name Service (DNS), one network can be can configured with different masks. Supernetting, which increases the number of subnets, is also supported. Subnetting is when a - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 330
dell.com | support.dell.com is represented as 10.214.87.131 For more information on IP addressing, refer to RFC 791, Internet Protocol. Implementation Information In FTOS, you can configure IP addresses to physical or logical (for example, VLAN or port channel) interfaces to enable IP communication - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 331
support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. Enable the interface. ip address ip-address INTERFACE mask [secondary] Configure Mode Force10(conf-if)#show conf ! interface GigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown ! Force10(conf-if - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 332
www.dell.com | support.dell.com Force10#show ip int gi 0/8 GigabitEthernet 0/8 is up, line protocol ICMP redirects are not sent ICMP unreachables are not sent Force10# Configure static routes A static route is an IP address that is manually configured and not learned by a routing protocol, such as - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 333
Figure 16-3. show ip route static Command Example (partial) Force10#show ip route static Destination Gateway ----------- ------- S 2.1.2.0/24 Direct, Nu 0 subnet but which recursively resolves to a next hop on the interface's configured subnet. For example, if gig 0/0 has ip address on subnet - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 334
dell.com | support.dell.com To view the configured static routes for the management port, use the show ip management-route command in the EXEC privilege mode. Figure 16-4. show ip management-route Command Example Force10 provides some protection against Denial of Service (DOS) attacks. To enable - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 335
show hosts Command Example Force10>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not to resolve the partial domain. The host table contains both statically configured and dynamically learnt host and IP addresses. If FTOS cannot resolve - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 336
dell.com | support.dell.com Command Syntax ip domain-list name Command Mode CONFIGURATION Purpose Enter up to 63 characters to configure names to complete unqualified host names. Configure configure your switch to perform DNS with traceroute, follow the steps below in the CONFIGURATION Force10# - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 337
ARP Retries on page 341 For a complete listing of all ARP-related commands, refer to . Configure static ARP entries ARP dynamically maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static ARP) for the ARP cache. To - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 338
www.dell.com | support.dell.com Command Syntax arp ip-address mac-address interface Command Mode Purpose CONFIGURATION Configure an IP address Force10#show arp Protocol Address Age(min) Hardware Address Interface VLAN CPU Internet 10.1.2.4 17 08:00:20:b7:bd:32 Ma 1/0 - CP Force10# - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 339
VLAN interface, enter the keyword vlan followed by a number between 1 and 4094. E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS send to: • detect IP address conflicts • inform switches of their presence on a port so that packets - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 340
dell.com | support.dell.com Beginning with version 8.3.1.0, when a Gratuitous ARP is received, FTOS installs an ARP entry on all 3 CPUs. Task Enable ARP learning via gratuitous ARP. Command Syntax arp learn-enable Command Mode CONFIGURATION Learning via Gratuitous ARP VLAN ID: 1.1.1.1 ARP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 341
(ICMP Echo or Echo Reply). ICMP Error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic Configuration Task List for ICMP Use the following steps to configure ICMP: • Enable ICMP unreachable messages on page 341 • Enable ICMP redirects on - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 342
www.dell.com | support.dell.com To view if ICMP unreachable messages are sent on the is displayed in the show config command output. Enable ICMP redirects e Enable ICMP redirects is supported on platform By default, ICMP redirect messages are disabled. When enabled, ICMP redirect messages are - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 343
brief discussion of the differences between IPv4 and IPv6, and Dell Force10' support of IPv6. This chapter discusses the following, but is Feature Support • ICMPv6 • Path MTU Discovery • IPv6 Neighbor Discovery • QoS for IPv6 • IPv6 Multicast • SSH over an IPv6 Transport • Configuration Task List - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 344
dell.com | support.dell.com Some key changes in IPv6 are: • Extended Address Space • Stateless Autoconfiguration • Header Format Simplification • Improved Support service provider. Note: As an alternative to stateless auto-configuration IPv6 stateless auto-configuration supports the router side only - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 345
IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This provides 16 bytes each for Source and Destination information, and 8 bytes for general header information. The IPv6 header includes the following fields: • Version (4 bits) • Traffic Class (8 bits) • Flow Label (20 bits) • Payload - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 346
www.dell.com | support.dell.com Traffic Class (8 bits) The Traffic Class field deals requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required. Next Header (8 bits) The Next Header field identifies the next - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 347
Table 17-1. Next Header field values Value 59 60 Description No Next Header Destinations option header Note: This is not a comprehensive table of Next Header field values. Refer to the Internet Assigned Numbers Authority (IANA) web page http://www.iana.org/assignments/protocol-numbers for a - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 348
www.dell.com | support.dell.com Hop-by-Hop Options header The Hop-by-Hop options packet's Source IP Address identifying the unknown option type 11 Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet's Source IP Address only if the Destination IP Address is not - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 349
host and means that if several hosts connect to a common hub or switch, they have an instant communication path via their link-local IPv6 address. manually assigned to a computer by an administrator. Dynamic IP addresses are assigned either randomly or by a server using Dynamic Host Configuration - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 350
www.dell.com | support.dell.com Implementing IPv6 with FTOS FTOS supports both IPv4 and IPv6, and both may be used simultaneously in your system. Note: Dell Force10 recommends that you use FTOS version 7.6.1.0 or later when implementing IPv6 functionality on an E-Series system. Table 17-2 lists the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 351
Support Feature and/or Functionality FTOS Release Introduction Documentation and Chapter Location E-Series E-Series TeraScale ExaScale C-Series S-Series Basic IPv6 Commands 7.4.1 IPv6 Basic Addressing 8.2.1 7.8.1 7.8.1 IPv6 Basic Commands in the FTOS Command Line Interface Reference Guide - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 352
Line Reference Guide QoS for IPv6 in this chapter ICMPv6 c e s ICMPv6 is supported on platforms ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 353
Unreachable, Packet Too Big, Time Exceeded and Parameter Problem messages. • Informational messages provide diagnostic functions and commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages. Path MTU Discovery c e s IPv6 MTU Discovery is supported on platforms Path - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 354
www.dell.com | support.dell.com IPv6 Neighbor Discovery c e s IPv6 NDP is supported on platforms Neighbor Discovery Protocol (NDP) is a the link-layer addresses for neighbors known to reside on attached links, quickly purging cached values that become invalid. With ARP, each node broadcasts ARP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 355
FTOS IPv6 supports quality of service based on DSCP field. You can configure FTOS to honor the DSCP value on incoming routed traffic and forward the packets with the same value. IPv6 Multicast e IPv6 Multicast is supported only on platform FTOS supports the following protocols to implement IPv6 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 356
• Telnet with IPv6 • SNMP over IPv6 • Show IPv6 Information • Clear IPv6 Routes Change your CAM-Profile on an E-Series system e The cam-profile command is supported only on platform Change your CAM profile to the CAM ipv6-extacl before doing any further IPv6 configuration. Once the CAM profile is - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 357
17-5. Command Example: show cam profile (E-Series) Force10#show cam-profile -- Chassis CAM Profile -- --More-- Adjust your CAM-Profile on an C-Series or S-Series c s The cam-acl command is supported on platforms Although this is not a mandatory step, if you plan to implement IPv6 ACLs, you must - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 358
www.dell.com | support.dell.com Save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect. Command Syntax cam-acl { ipv6acl } show cam-acl Command Mode CONFIGURATION EXEC EXEC Privilege Purpose Allocate space for IPV6 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 359
supported on platforms Use the ipv6 route command to configure IPv6 static routes. Command Syntax ipv6 route prefix type {slot/ port} forwarding router tag Command Mode CONFIGURATION port-channel number • For a VLAN interface, enter the keyword vlan followed by the VLAN ID • For a Null interface, - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 360
www.dell.com | support.dell.com Command Syntax telnet ipv6 address Command Mode Purpose EXEC or EXEC SNMP over IPv6 c e s SNMP is supported on platforms Simple Network Management Protocol (SNMP) can be configured over IPv6 transport so that an IPv6 host can perform SNMP queries and receive SNMP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 361
IPv6 routing information rpf RPF table Force10# Purpose Show an IPv6 Interface View the IPv6 configuration for a specific interface with followed by the port-channel number • For a VLAN interface, enter the keyword vlan followed by the VLAN ID Figure 17-6 illustrates the show ipv6 interface - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 362
www.dell.com | support.dell.com Figure 17-6. Command Example: show ipv6 interface Force10#show ipv6 interface gi 2/2 GigabitEthernet 2/2 is down, line protocol is down IPV6 is enabled Link Local address: fe80::201:e8ff:fe06:95a3 Global Unicast address( - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 363
0 Non-active Routes 0 0 Figure 17-9 illustrates the show ipv6 route static command output. Figure 17-9. Command Example: show ipv6 route static Force10#show ipv6 route static Destination Dist/Metric, Gateway, Last Change S 8888:9999:5555:6666:1111:2222::/96 [1/0] via 2222:2222:3333:3333 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 364
www.dell.com | support.dell.com Show the Running-Configuration for an Interface View the configuration for any interface with the following command. Command Syntax show running-config interface type {slot/port} Command Mode EXEC Purpose Show the currently running configuration for the specified - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 365
IPv6 Addressing | 365 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 366
366 | IPv6 Addressing www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 367
Manual configuration to detect Compellent storage arrays where auto-detection is not supported. Detection and Port Configuration for Dell Compellent Arrays This feature is available on platforms Switches support is set to 12000 for the S4810 and 9252 for S55 and S60 on all ports and port-channels, if - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 368
www.dell.com | support.dell.com You must enter the iscsi profile-compellent command in INTERFACE configuration mode. For example: FTOS(conf-if-te-o/50# iscsi profile-compellent) Auto-detection of Dell Compellent To auto-detect iSCSI optimization on a switch connected to a Dell Compellent array, - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 369
Control Protoco c e s Link Aggregation Control Protoco is supported on platforms The major sections in the chapter are: • Introduction to Dynamic LAGs and LACP on page 369 • LACP Configuration Tasks on page 371 • Shared LAG State Tracking on page 374 • Configure LACP as Hitless on page 376 • LACP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 370
www.dell.com | support.dell.com Important Points to Remember • LACP enables you to add members to a port interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state. • Active-In this state, the interface is said to be in the "active - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 371
long timeout on page 372 • Monitor and Debugging LACP on page 373 • Configure Shared LAG State Tracking on page 374 Create a LAG To create a dynamic Placing a LAG into the Default VLAN Force10(conf)#interface port-channel 32 Force10(conf-if-po-32)#no shutdown Force10(conf-if-po-32)#switchport Link - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 372
www.dell.com | support.dell.com The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG (Figure 19-2): Figure 19-2. Placing a LAG into a Non-default VLAN Force10(conf)#interface vlan 10 Force10(conf-if-vl-10)#tagged port-channel 32 Configure the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 373
To configure the LACP long timeout (Figure 196): Step 1 Task Set the LACP timeout value to 30 seconds. Command Syntax lacp long-timeout Command Mode CONFIG-INT-PO Figure 19-4. Invoking the LACP Long Timeout Force10(conf)# interface port-channel 32 Force10(conf-if-po-32)#no shutdown Force10(conf - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 374
www.dell.com | support.dell.com Shared LAG State Tracking Shared LAG State Tracking provides LAG 2 into a single entity, called a failover group. Configure Shared LAG State Tracking To configure Shared LAG State Tracking, you configure a failover group: Step 1 2 Task Enter port-channel failover - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 375
R2#config R2(conf)#port-channel failover-group R2(conf-po-failover-grp)#group 1 port-channel 1 port-channel 2 View the failover group configuration using the show running-configuration po-failover-group command, as shown in Figure 19-7. Figure 19-7. Viewing Shared LAG State Tracking in the Running - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 376
due to this feature, its members may still be in the up state. Configure LACP as Hitless c e Configure LACP as Hitless is supported only on platforms: LACP on Dell Force10 systems can be configured to be hitless. When configured as hitless, there is no noticeable impact on dynamic LAG state upon an - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 377
-config redundancy ! redundancy protocol lacp Force10# Force10#show running-config interface gigabitethernet 0/12 ! interface GigabitEthernet 0/12 no ip address ! port-channel-protocol LACP port-channel 200 mode active no shutdown LACP Basic Configuration Example The screenshots in this section - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 378
www.dell.com | support.dell.com Configuring a LAG on ALPHA Figure 19-12. Creating a Last clearing of "show interface" counters 00:02:11 Queueing strategy: fifo Input Statistics: 132 packets, 16368 bytes 0 Vlans 0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 379
Configuration the number of links to bring up the LAG and that this is a switch port instead of a router port. LineSpeed 3000 Mbit Members in this channel: for this LAG and which interfaces are active. 621 packets, 78732 bytes 0 Vlans 0 64-byte pkts, 18 over 64-byte pkts, 603 over 127-byte - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 380
www.dell.com | support.dell.com Figure 19-15. Using the show lacp Command to Verify LAG 10 Status on ALPHA Alpha#sho lacp 10 Port-channel 10 admin up, - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 381
ALPHA Figure 19-16. Summary of the configuration on ALPHA Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 382
www.dell.com | support.dell.com Summary of the configuration on BRAVO Figure 19-17. Summary of the configuration on BRAVO Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 383
00:15:05 Queueing strategy: fifo Input Statistics: 708 packets, 89934 bytes 0 Vlans 0 64-byte pkts, 15 over 64-byte pkts, 693 over 127-byte pkts, 0 over 1023-byte pkts 705 Multicasts, 0 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 384
dell.com | support.dell.com Figure 19-19. Using the show interfaces port-channel Command to Inspect LAG 10 This does NOT match any of the Force10 the LAG and that this is a switch port instead of a router port. LineSpeed Statistics: 2189 packets, 278744 bytes 0 Vlans 0 64-byte pkts, 32 over 64 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 385
: State BDFHJLMP Key 0 Priority 0 Oper: State ACEGIKNP Key 10 Priority 32768 Force10# PPP is a connection-oriented protocol that enables layer two links over a variety of different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in half-duplex - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 386
www.dell.com | support.dell.com 386 | Link Aggregation Control Protoco - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 387
supported on platforms: This chapter describes the following Layer 2 features: • Managing the MAC Address Table • MAC Learning Limit • NIC Teaming • Microsoft Clustering • Configuring for the specified interface • vlan deletes all entries for the specified VLAN Command Syntax clear mac-address- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 388
www.dell.com | support.dell.com Set the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries, which means that they are subject to aging. For any dynamic entry, if no packet arrives on the switch with the MAC address as the source or destination address - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 389
of the MAC address table. • address displays the specified entry. • aging-time displays the configured aging-time. • count displays the number of dynamic and static entries for all VLANs, and the total number of entries. • dynamic displays only dynamic entries • interface displays only entries - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 390
dell.com | support.dell.com MAC Address Learning Limit is a method of port security on Layer 2 port-channel and physical interfaces, and VLANs. It enables you to set an upper limit on the number of MAC addresses that learned on an interface/VLAN does not take any configured station-move violation - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 391
the original interface and installs a new entry on the new interface. Learning Limit Violation Actions Learning Limit Violation Actions are supported only on platforms: e . You can configure the system to take an action when the MAC learning limit is reached on an interface and a new address is - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 392
www.dell.com | support.dell.com Station Move Violation Actions Station Move Violation Actions are supported only on platforms: e, , and . no-station-move is the default behavior. You can configure the system to take an action if a station move occurs using one the following options with the mac - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 393
An individual MAC learning limit can be configured for each VLAN using Per-VLAN MAC Learning Limit. One application of Per-VLAN MAC Learning Limit is on access ports. In the following illustration, an Internet Exchange Point (IXP) connects multiple Internet Service Provider (ISP). An IXP can provide - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 394
www.dell.com | support.dell.com Task Command Syntax FTOS#show mac learning-limit Interface Vlan Learning Dynamic Static Unknown SA Slot/port Id Limit MAC count the server MAC address is originally learned on Port 0/1 of the switch (Figure 20-2) and Port 0/5 is the failover port. When - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 395
configure the command mac-address-table station-move refresh-arp on the Dell Force10 switch at the time that NIC teaming is being configured on the server. Note: If this command is not configured . Microsoft Clustering e Microsoft Clustering is supported only on platform: Microsoft Clustering allows - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 396
the cluster's virtual MAC address, and it must forward traffic destined for the server cluster out all member ports in the VLAN connected to the cluster. To ensure that this happens, you must configure the command vlan-flooding on the Dell Force10 switch at the time that the Microsoft cluster is - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 397
When a member port is deleted, its ARP entries are also deleted from the CAM. • Port channels in the VLAN also receive traffic. • There is no impact on the configuration from saving the configuration. • The feature is not reflected in the output of the show arp command but is reflected in the output - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 398
www.dell.com | support.dell.com Configuring Redundant Pairs e c s Configuring Redundant Pairs is supported on platforms: Z Networks that employ switches that do not support Spanning Tree (STP) - for example, networks with Digital Subscriber Line Access Mutiplexers (DSLAM) - cannot have redundant - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 399
be a static or dynamic LAG In a redundant pair, any combination of physical and port-channel interfaces is supported as the two interfaces in a redundant pair. For example, you can configure a static (without LACP) or dynamic (with LACP) port-channel interface as either the primary or backup link - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 400
dell.com | support.dell.com Figure 20-7. CLI for Configuring 41 GigabitEthernet 3/41 unassigned YES Manual up up GigabitEthernet 3/42 unassigned NO Manual up down [output omitted] 3/41 00:24:55: %RPM0-P:CP %IFMGR-5-INACTIVE: Changed Vlan interface state to inactive: Vl 1 00:24:55: %RPM0 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 401
Restricting Layer 2 Flooding is supported only on platform: When Layer 2 multicast traffic must be forwarded on a VLAN that has multiple ports with flooding from INTERFACE VLAN mode. In combination with restrict-flooding, you can use the command mac-flood-list from CONFIGURATION mode, without - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 402
www.dell.com | support.dell.com Far-end Failure Detection e Far-end Failure Detection is supported on platforms Z Far-end Failure Detection (FEFD basis. Disabling the global FEFD configuration does not disable the interface configuration. Figure 20-10. Configuring Far-end Failure Detection FTOS - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 403
the same state, manual intervention is required to reset the interface. FEFD enabled systems (comprised of one or more interfaces) will automatically switch between four different states: Idle, Unknown, Bi-directional, and Err-disabled. 1. An interface on which FEFD is not configured is in Normal - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 404
www.dell.com | support.dell.com Important Points to Remember • FEFD enabled ports are subject to an 8 to 10 second delay during an RPM failover before becoming operational. • FEFD can be enabled globally or on a per interface basis. Interface FEFD configurations override global FEFD configurations. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 405
in INTERFACE mode. Disabling an interface will shut down all protocols working on that interface's connected line, and will not delete your previous FEFD configuration which can be enabled again at any time. Step 1 2 3 Task Command Syntax Command Mode Setup two or more connected ip address ip - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 406
www.dell.com | support.dell.com Figure 20-13. Debug FEFD events display FTOS#debug fefd %IFMGR-5-OSTATE_DN: Changed interface state to down: Gi 4/0 2w1d22h: %RPM0-P:CP %IFMGR-5-INACTIVE: Changed Vlan interface state to inactive: Vl 1 2w1d22h : FEFD state on Gi 4/0 changed from Bi-directional to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 407
supported only on platforms: This chapter contains the following sections: • 802.1AB (LLDP) Overview on page 407 • TIA-1057 (LLDP-MED) Overview on page 410 • Configuring MIB) on each device, and is accessible via SNMP. Protocol Data Units Configuration information is exchanged in the form of Type, - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 408
www.dell.com | support.dell.com TLVs are encapsulated in a frame called an LLDP Data mandatory in the construction of an LLDPDU except Optional TLVs. The inclusion of individual Optional TLVs is user configurable. Table 21-1. Type, Length, Value (TLV) Types Type TLV 0 End of LLDPDU 1 Chassis ID - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 409
basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Force10 system to advertise any or all of these TLVs. Table 21-2. Optional TLV currently support this TLV. IEEE 802.1 Organizationally Specific TLVs 127 Port-VLAN ID On Dell Force10 systems, indicates the untagged VLAN to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 410
of auto-negotiation. This TLV is not available in the FTOS implementation of LLDP, but is available and mandatory (non-configurable) in the LLDP-MED implementation. 127 Power via MDI Dell Force10 supports LLDP-MED protocol, which recommends that Power via MDI TLV be not implemented, and therefore - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 411
Services ELIN Indicates power requirements, priority, and power status Implementation of this set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. FTOS does not currently support these TLVs. Indicates the hardware revision of the LLDP-MED device Indicates the firmware - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 412
values of the LLDP-MED Device Type is listed in Table 21-5. The Dell Force10 system is a Network Connectivity device, which is Type 4. When you enable MDI-PSE 4 Extended Power via MDI-PD 5 Inventory 6-15 reserved FTOS Support Yes Yes Yes Yes No No No Table 21-5. LLDP-MED Device Types - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 413
of LLDP-MED is a device's VLAN configuration and associated Layer 2 and Layer 3 configurations, specifically: • VLAN ID • VLAN tagged or untagged status • Layer for dedicated IP telephony handsets and other appliances supporting interactive voice services. Specify this application type only if voice - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 414
different Power Value using the max-milliwatts option with the power inline auto | static command. Dell Force10 also honors the power value (power requirement) sent by the powered device when the port is configured for power inline auto. Figure 21-6. Extended Power via MDI TLV TLV Type (127) 7 bits - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 415
Transmit and Receive Mode on page 420 • Configuring a Time to Live on page 421 • Debugging LLDP on page 422 Important Points to Remember • LLDP is disabled by default. • Dell Force10 systems support up to 8 neighbors per interface. • Dell Force10 systems support a maximum of 8000 total neighbors per - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 416
www.dell.com | support.dell.com Figure 21-7. Configuration and Interface mode LLDP Commands R1(conf)#protocol lldp R1(conf-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol globally end Exit from configuration mode exit Exit from LLDP configuration mode hello LLDP hello - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 417
TLVs. If LLDP is configured both globally and at interface level, the interface level configuration overrides the global configuration. To advertise TLVs: video-conferencing •video-signaling •voice •voice-signaling ** Note: vlan-name is supported on C-Series and S-Series only. In Figure 21-8, LLDP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 418
www.dell.com | support.dell.com Viewing the LLDP Configuration Display the LLDP configuration using the command show config in either CONFIGURATION or INTERFACE mode, as shown in Figure 21-9 and Figure 21-10, respectively Figure 21-9. Viewing LLDP Global Configurations R1(conf)#protocol lldp R1( - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 419
MTU: 1554 Remote System Desc: Force10 Networks Real Time Operating System Software . Force10 Operating System Version: 1.0. Force10 App lication Software Version: 7.5.1.0. Copyright Remote Port Vlan ID: 1 Port and Protocol Vlan ID: 1, Capability: Supported, Status: Enabled Configuring LLDPDU - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 420
lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Configuring Transmit and Receive Mode Once LLDP is enabled, Dell Force10 systems transmit and receive LLDPDUs - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 421
conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Configuring a Time to Live The information received from a neighbor expires - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 422
www.dell.com | support.dell.com Figure 21-15. Configuring LLDPDU Time to Live R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 423
length 270 1w1d19h : Packet dump: Source Address (LLDP Multicast) Force10 System Chassis ID 1w1d19h : 01 80 c2 00 00 0e 00 sec fnC0051mp Relevant Management Objects FTOS supports all IEEE 802.1AB MIB objects. lists the objects associated with the LLDP configuration on the local agent. • Table 21 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 424
www.dell.com | support.dell.com Table 21-7. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP Configuration adminStatus Basic TLV Selection msgTxHold msgTxInterval rxInfoTTL txInfoTTL mibBasicTLVsTxEnable mibMgmtAddrInstanceTxEnable LLDP Statistics statsAgeoutsTotal - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 425
Specific TLV MIB Objects TLV Type TLV Name 127 Port-VLAN ID 127 Port and Protocol VLAN ID 127 VLAN Name TLV Variable PVID port and protocol VLAN supported port and protocol VLAN enabled PPVID VID VLAN name length VLAN name System Local Remote Local Remote Local Remote Local Remote - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 426
www.dell.com | support.dell.com Table 21-10. LLDP-MED System MIB Objects TLV Sub-Type TLV Name 2 Network Policy TLV Variable Application Type Unknown Policy Flag Tagged Flag VLAN ID L2 Priority DSCP Value 3 Location Identifier Location Data Format Location ID Data 4 Extended Power - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 427
c e s Multiple Spanning Tree Protocol is supported on platforms: Protocol Overview Multiple Spanning Tree Protocol achieve load balancing. Figure 22-1. MSTP with Three VLANs Mapped to Two Spanning Tree Instances R1 MSTI 1: VLAN 100 MSTI 2: VLAN 200, VLAN 300 1/21 2/11 R2 MSTI 1 root 1/31 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 428
FTOS Supported Spanning Tree Protocols Dell Force10 Term Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol Per-VLAN Spanning on page 432 • Modify Interface Parameters on page 433 • Configure an EdgePort on page 434 • Flush MAC Addresses after a Topology Change - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 429
SNMP Traps for Root Elections and Topology Changes on page 616 • Configuring Force10(conf)#protocol spanning-tree mstp Force10(config-mstp)#show config ! protocol spanning-tree mstp no disable Force10# When you enable MSTP, all physical, VLAN topology, configure it for Layer 2 and add it to a VLAN. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 430
dell.com | support.dell.com Create an MSTI using the command msti from PROTOCOL MSTP mode. Specify the keyword vlan followed by the VLANs that you want to participate in the MSTI, as shown in Figure 22-3. Figure 22-3. Mapping VLANs to MSTI Instances Force10(conf)#protocol spanning-tree mstp Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 431
priority Command Mode PROTOCOL MSTP The simple configuration Figure 22-1 by default yields the same VLAN in an MSTI. For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for name and revision will match on all Dell Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 432
www.dell.com | support.dell.com To change the region name or revision: Task Change configuration information before it refreshes that information by recomputing the MST topology. • Max-hops is the maximum number of hops a BPDU can travel before a receiving switch discards it. Note: Dell Dell Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 433
the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range my-mstp-region MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 forward-delay 16 MSTI 2 bridge-priority 4096 Force10(conf)# Modify Interface Parameters You - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 434
www.dell.com | support.dell.com Table 22-2 lists the default values for port cost by after receiving the BPDU violation. This feature is the same as PortFast mode in Spanning Tree. Caution: Configure EdgePort only on links connecting to an end station. EdgePort can cause loops if it is enabled - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 435
spanning-tree in INTERFACE mode). •Disabling global spanning tree (no spanning-tree in CONFIGURATION mode). Figure 22-8. Configuring EdgePort Force10(conf-if-gi-3/41)#spanning-tree mstp edge-port Force10(conf-if-gi-3/41)#show config ! interface GigabitEthernet 3/41 no ip address switchport spanning - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 436
www.dell.com | support.dell.com Blocking MSTP Sample Configurations The running-configurations in Figure 22-10, Figure 22-11, and Figure 22-11 support the topology shown in Figure 22-9. The configurations are from FTOS systems. An S50 system using SFTOS, configured as shown Figure 22-13, could be - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 437
Figure 22-10. Router 1 Running-configuration protocol spanning-tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! interface GigabitEthernet 1/21 no ip address switchport no shutdown ! interface GigabitEthernet 1/31 no ip address switchport no shutdown ! interface - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 438
www.dell.com | support.dell.com Figure 22-11. Router 2 Running-configuration protocol spanning-tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! interface GigabitEthernet 2/11 no ip address switchport no shutdown ! interface GigabitEthernet 2/31 no ip address - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 439
Figure 22-12. Router 3 Running-configuration protocol spanning-tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! interface GigabitEthernet 3/11 no ip address switchport no shutdown ! interface GigabitEthernet 3/21 no ip address switchport no shutdown ! interface - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 440
www.dell.com | support.dell.com Figure 22-13. SFTOS Example Running-Configuration spanning-tree spanning-tree configuration name Tahiti spanning-tree configuration revision 123 spanning-tree MSTi instance 1 spanning-tree MSTi vlan 1 100 spanning-tree MSTi instance 2 spanning-tree MSTi vlan 2 200 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 441
32768/128, Rem Hops: 19 [output omitted] Force10#debug spanning-tree mstp events 1w1d17h : MSTP: VLAN to Instance mapping The show spanning-tree mst commands will show various portions of the MSTP configuration. To view the overall MSTP configuration on the router, use the show running-configuration - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 442
www.dell.com | support.dell.com Figure 22-15. Sample Output for show running-configuration spanning-tree mstp command Force10#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 Figure 22-16. Displaying BPDUs and Events - Debug Log - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 443
Policies on page 446 • Multicast Traceroute on page 453 • Multicast Quality of Service on page 453 • Optimize the E-Series for Multicast Traffic on page 454 • Tune the Central Scheduler for Multicast on page 454 FTOS supports the following multicast protocols: • PIM Sparse-Mode on page 497 • PIM - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 444
www.dell.com | support.dell.com Multicast with ECMP Dell Force10 multicast uses Equal-cost Multi-path (ECMP) routing to load-balance multiple streams across equal cost links. When creating the shared-tree Protocol Independent Multicast (PIM) uses routes from all configured routing protocols to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 445
accordance with IETF draft draft-fenner-traceroute-ipm. • Multicast is not supported on secondary IP addresses. • Egress L3 ACL is not applied to to receivers to achieve lossless multicast. In previous versions, when the Dell Force10 system is an RP, all initial packets are dropped until PIM creates - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 446
www.dell.com | support.dell.com Multicast Policies FTOS offers parallel Multicast features for IPv4 and of multicast routes on the system. ip multicast-limit Range: 1-50000 Default: 15000 Command Mode CONFIGURATION When the limit is reached, FTOS does not process any IGMP or MLD joins to PIM - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 447
clearing the routing table by entering a permit any rule with high sequence number before you enter any other rules. In Figure 23-2, VLAN 400 is configured with an access list to permit only IGMP reports for group 239.0.0.1. Though Receiver 2 sends a membership report for groups 239.0.0.1 and 239 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 448
Joining a Group 448 | Multicast Features www.dell.com | support.dell.com Source 2 10.11.1.2 interface GigabitEthernet SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:07/Never (*, 239.0.0.2), uptime 00:01:10, expires 00: - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 449
ip pim neighbor-filter command from INTERFACE mode. Prevent a Source from Registering with the RP Use the command ip pim register-filter from CONFIGURATION mode to prevent a source from transmitting to a particular group. This command prevents the PIM source DR from sending register packets to RP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 450
to a Group 450 | Multicast Features www.dell.com | support.dell.com R2(conf )#do show ip pim tib flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 400 Forward/Sparse 00:00:43/Never (10.11.1.2, 239.0.0.1), uptime 00:00:17, expires - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 451
via the CLI is superseded by this hardware limit. The opposite is also true; the CAM might not be exhausted at the time the CLI-configured route limit is reached. Task Limit the total number of IPv6 multicast routes on the system. Command Syntax ipv6 multicast-limit Range: 1-50000 Default: 15000 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 452
www.dell.com | support.dell.com Prevent an IPv6 Neighbor from Forming an Adjacency Task Command Syntax Prevent a router from participating in PIM. ipv6 pim neighbor-filter access-list Force10(conf)#ipv6 pim neighbor-filter NEIGH_ACL Force10(conf)#ipv6 access-list NEIGH_ACL Force10(conf-ipv6- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 453
mroutes and mBGP routes are preferred over unicast routes. When a Dell Force10 system is the last hop to the destination, FTOS sends a response EXEC Privilege Multicast Quality of Service e Multicast Quality of Service is supported only on platform: The Quality of Service (QoS) features available - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 454
dell.com | support.dell.com Optimize the E-Series for Multicast Traffic e Optimize the E-Series for Multicast Traffic is supported applications like trading, Dell Force10 recommends reconfiguring some default queue egress multicast linecard (from CONFIGURATION mode) with the keyword bandwidth- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 455
, if the majority of your traffic is multicast, the default configuration might yield greater latency. In this case, allocate more backplane bandwidth the command queue multicast bandwidth-percent from CONFIGURATION mode. View your configuration using the command show queue backplane multicast - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 456
456 | Multicast Features www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 457
OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Force10 Operating System (FTOS). It is not intended to provide a Configuration Information • Configuration Task List for OSPFv2 (OSPF for IPv4) • Configuration Task List for OSPFv3 (OSPF for IPv6) • Sample Configurations - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 458
www.dell.com | support.dell.com Protocol Overview Open Shortest Path First (OSPF) routing is a link-state routing protocol that calls for the sending of Link-State Advertisements (LSAs) to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 459
in such a way that the backbone is not contiguous. In this case, backbone connectivity must be restored through virtual links. Virtual links are configured between any backbone routers that share a link to a non-backbone area and function as if they were direct links. An OSPF backbone is responsible - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 460
The router ID does not have to be associated with a valid IP address. However, Dell Force10 recommends that the router ID and the router's IP address reflect each other, to make troubleshooting easier. Figure 24-2gives some examples of the different router designations. 460 | Open Shortest - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 461
Figure 24-2. OSPF Routing Examples Router E Router F Interior Router Router M Interior Router Router K Router L Router D Not So Stubby Area Area 100 Router B Backbone Router Router C Stub Area Area 200 Router G Backbone Area Area 0 Router H Area Border Router Router A Router I Interior - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 462
www.dell.com | support.dell.com Area Border Router (ABR) Within an AS, an Area Border (ABR designations are not the same ad the router IDs discussed earlier. The Designated and Backup Designated Routers are configurable in FTOS. If no DR or BDR is defined in FTOS, the system assigns them. OSPF looks - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 463
them as if they are understood, while ignoring them in their own SPF algorithms. • OSPFv2 always discards unknown LSA types. The LSA types supported by Dell Force10 are defined as follows: • Type 1 - Router LSA • The router lists links to other routers or networks in the same area. Type 1 LSAs are - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 464
www.dell.com | support.dell.com Each router link is defined as one of four types: type 1, 2, area and the router ID of the other virtual endpoint (the other ABR). A Virtual Link cannot be configured through a Stub Area or NSSA. Router Priority and Cost Router priority and cost is the method the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 465
1 OSPFv3 process ID per system. Recall that OSPFv2 and OSPFv3 can coexist but must be configured individually. FTOS supports Stub areas, Totally Stub (No Summary) and Not So Stubby Areas (NSSAs) and supports the following LSAs, as discussed earlier in this document. • Router (type 1) • Network (type - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 466
for easier management. • The E-Series supports up to 28 OSPFv2 processes. • The C-Series supports up to 6 OSPFv2 processes. • The S50 and S25 support up to 4 OSPFv2 processes. • The S55, S60, and S4810 support up to 16 OSPFv2 processes. • The Z9000 supports up to 3 OSPFv2 processes. Each OSPFv2 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 467
command flood-2328 in ROUTER OSPF mode. When enabled, this command configures FTOS to flood LSAs on all interfaces. Confirm RFC 2328 flooding behavior -5. Enabling RFC-2328 Compliant OSPF Flooding Force10#show ip ospf Routing Process ospf 1 with ID 2.2.2.2 Supports only single TOS (TOS0) routes It - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 468
routers, manually set the dead interval of the Dell Force10 router to match the Cisco configuration. Use the Force10 (conf-if-gi-2/2)# Dead Interval Set at 4x Hello Interval For more information regarding this functionality or for assistance, go to www.force10networks.com/ support. Configuration - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 469
s Open Shortest Path First version 2 (OSPF for IPv4) is supported on platforms 1. Configure a physical interface. Assign an IP address, physical or loopback, authentication • Enable graceful restart • Configure virtual links • Redistribute routes • Troubleshooting OSPFv2 For a complete listing of - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 470
www.dell.com | support.dell.com If implementing, Multi-Process OSPF, you must CONFIGURATION ROUTER OSPF mode, assign the Router ID. The Router ID is not required to be the router's IP address. Dell Force10 recommends using the IP address as the Router ID for easier management and troubleshooting - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 471
process-id Force10#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single support up to 4 OSPFv2 processes. • The S55, S60, and S4810 support up to 16 OSPFv2 processes. • The Z9000 supports up to 3 OSPFv2 processes. Follow the same steps as above, when configuring - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 472
www.dell.com | support.dell.com Return to CONFIGURATION mode to enable the OSPF CONFIGURATION ROUTER OSPF mode, assign the Router ID. The Router ID is not required to be the router's IP address. Dell Force10 recommends using the IP address as the Router ID for easier management and troubleshooting - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 473
Assign interface's IP Address to an Area Dell Force10 recommends that the OSPFv2 Router ID be the interface IP addresses for easier management and troubleshooting. Use the show config command in CONFIGURATION ROUTER OSPF mode to view the configuration. Open Shortest Path First (OSPFv2 and OSPFv3 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 474
.dell.com | support.dell . Figure 24-11. Command Example: show ip ospf process-id interface Force10#show ip ospf 1 int GigabitEthernet 13/23 is up, line protocol is Router (ID) 192.168.253.3, Interface address 10.168.0.2 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 475
Configure stub areas OSPF supports different types of LSAs to help reduce the amount of router ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID 2.2.2.2 3.3.3.3 Force10# Router 1 1 Network S-Net 0 0 0 0 S-ASBR Type-7 0 0 0 0 Subtotal 1 1 To - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 476
www.dell.com | support.dell.com Enable passive supports 2094 VLANS. The default keyword sets all interfaces on this OSPF process as passive. The passive interface can be removed from select interfaces using the no passive-interface interface command while passive interface default is configured - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 477
Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.0 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 13:39 only be selected following consultation with Dell Force10 technical support. Open Shortest Path First (OSPFv2 and OSPFv3) - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 478
www.dell.com | support.dell.com Figure 24-14 shows the convergence settings when (fast-convergence enabled) Force10(conf-router_ospf-1)#fast-converge 2 Force10(conf-router_ospf-1)#ex Force10(conf)#ex Force10#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.2 Supports only single TOS (TOS0 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 479
Keyid range: 1 to 255 Key: a character string Be sure to write down or otherwise record the Key. You cannot learn the key once it is configured. You must be careful when changing this key. CONFIG-INTERFACE Change the priority of the interface, which is used to determine the Designated Router for - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 480
is 0 seconds. Enable graceful restart Graceful Restart is enabled for the global OSPF process. Use these commands to configure OSPF graceful restart. The Dell Force10 implementation of OSPF graceful restart enables you to specify: • grace period-the length of time the graceful restart process - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 481
restart in CONFIGURATION ROUTER OSPF supports graceful-restart for planned restarts only. A planned restart is when the user manually enters a fail-over command to force the primary RPM over to the secondary RPM. During a planned restart, OSPF sends out a Grace LSA before the system switches - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 482
www.dell.com | support.dell.com Figure 24-17. Command Example: show run ospf (partial) Force10#show run ospf ! router information on OSPF graceful restart, refer to the FTOS Command Line Interface Reference Guide. Configure virtual links Areas within OSPF must be connected to the backbone area ( - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 483
via interface GigabitEthernet 13/16, Cost of using 2 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:02 Force10# Filter routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 484
www.dell.com | support.dell.com Command Syntax Command Mode seq sequence-number {deny |permit} ip-prefix Lists, Prefix Lists, and Route-maps chapter in the FTOS Configuration Guide. Use the following commands in CONFIGURATION-ROUTER OSPF mode to apply prefix lists to incoming or outgoing OSPF - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 485
enter one of the keyword to redistribute those routes. rip is supported only on E-Series. • metric metric-value range: 0 to configuration, use the show running-config ospf command in the EXEC mode or the show config command in the ROUTER OSPF mode Figure 24-19. Command Example: show config Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 486
www.dell.com | support.dell.com Troubleshooting OSPFv2 FTOS has several tools to make troubleshooting easier. Be sure to check the following, as these are typical issues that interrupt an OSPFv2 process. Note that this is not a comprehensive list, just some examples of typical troubleshooting - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 487
! ipv6 router ospf 999 default-information originate always router-id 10.10.10.10 Force10# Use the following commands in EXEC Privilege mode to get general route and links in EXEC Privilege mode to view the OSPFv2 configuration for a neighboring router: Command Syntax show ip ospf neighbor Command - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 488
www.dell.com | support.dell.com Use the following command in EXEC Privilege mode to configure the debugging options of an OSPFv2 process: Command Syntax debug ip ospf process-id [event | packet | spf] Command Mode Usage EXEC Privilege View debug messages. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 489
List for OSPFv3 (OSPF for IPv6) c e Open Shortest Path First version 3 (OSPF for IPv6) is supported on platforms The configuration options of OSPFv3 are the same as those for OSPFv2, but may be configured with differently labeled commands. Process IDs and areas need to be specified. Interfaces and - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 490
www.dell.com | support.dell.com Enable IPv6 Unicast Routing Command Syntax ipv6 unicast routing Command Mode CONFIGURATION Usage Enables IPv6 unicast routing globally. Assign IPv6 addresses on an interface Command Syntax ipv6 address ipv6 address Command Mode CONF-INT-type slot/port - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 491
Assign OSPFv3 Process ID and Router ID Globally Command Syntax ipv6 router ospf {process ID} router-id {number} Command Mode Usage CONFIGURATION Enable the OSPFv3 process globally and enter OSPFv3 mode. Range: 0-65535 CONF-IPV6-ROUTER-OSPF Assign the Router ID for this OSPFv3 process number: - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 492
www.dell.com | support.dell.com Configure vlan 2222). E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. To enable both receiving and sending routing updates, enter the no passive-interface interface command. When you configure - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 493
-value] [route-map map-name] [tag tag-value] CONF-IPV6-ROUTER-OSPF Usage Specify which routes will be redistributed into OSPF process. Configure the following required and optional parameters: • bgp, connected, or static: enter one of the keyword to redistribute those routes. • metric metric-value - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 494
www.dell.com | support.dell.com Troubleshooting OSPFv3 FTOS has several tools to make troubleshooting easier. Be sure to check the following, as these are typical issues that interrupt the OSPFv3 process. Note that this is not a comprehensive list, just some examples of typical troubleshooting - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 495
by a number from 1 to 4094 (e.g. passive-interface vlan 2222). E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These are not - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 496
www.dell.com | support.dell.com Figure 24-21. Basic topology and CLI commands for OSPFv2 OSPF AREA 0 GI 1/1 GI 1/2 GI 3/1 GI 2/1 GI 2/2 GI 3/2 router ospf 11111 network 10.0.11.0/ - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 497
• The Dell Force10 implementation of PIM-SM is based on the IETF Internet Draft draft-ietf-pim-sm-v2-new-05. • C-Series supports a maximum requests in the same message. • FTOS supports PIM-SM on physical, VLAN, and port-channel interfaces. • FTOS supports 2000 IPv6 multicast forwarding entries, with - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 498
www.dell.com | support.dell.com Requesting Multicast Traffic A host requesting multicast traffic for a particular group sends an IGMP Join message to its gateway router. The gateway router is then - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 499
Select a Rendezvous Point. 3. Enable PIM-SM on an interface. See page 500. Related Configuration Tasks • Configurable S,G Expiry Timers on page 501 • Configure a Static Rendezvous Point on page 502 • Configure a Designated Router on page 503 • Create Multicast Boundaries and Domains on page 504 PIM - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 500
dell.com | support.dell.com Enable PIM-SM You must enable PIM-SM on each participating interface: Step Task 1 Enable multicast routing on the system. 2 Enable PIM-Sparse Mode Command ip multicast-routing ip pim sparse-mode Command Mode CONFIGURATION Gi 7/13 0x4 v2/S Force10# Nbr Count 1 1 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 501
Figure 25-3. Viewing the PIM Multicast Routing Table Force10#show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - updated, the changes are applied when the keep alive timer refreshes. To configure a global expiry time: Task Enable global expiry timer for S, G - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 502
www.dell.com | support.dell.com Step 3 Task Command Syntax Command Mode Set the expiry time for a specific (S,G) entry (Figure 25-4). Range 211-86400 seconds Default: 210 ip pim sparse-mode sg-expiry-timer seconds sg-list access-list-name CONFIGURATION Note: The expiry time configuration is - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 503
in EXEC privilege mode Figure 25-7. Display the Rendezvous Point for a Multicast Group Range Force10#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configure a Designated Router Multiple PIM-SM routers might be connected to a single LAN segment - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 504
www.dell.com | support.dell.com Create Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM Multicast Border Routers (PMBRs). PMBRs connect each PIM domain to the rest of the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 505
Source-Specific Mode c e s PIM Source-Specific Mode is supported on platforms: PIM-Source-Specific Mode (PIM-SSM) is it switches to the SPT. PIM-SSM uses IGMPv3. Since receivers subscribe to a source and group, the RP and shared tree is unnecessary, so only SPTs are used. On Dell Force10 systems, - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 506
with IGMPv2 versus PIM-SM with IGMPv3 506 | PIM Source-Specific Mode www.dell.com | support.dell.com R2(conf )#do show ip pim tib PIM Multicast Routing Table Flags: 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:02:12/Never (10.11.5.2, 239.0.0.2), - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 507
Dell Force10 implementation of PIM-SSM is based on RFC 3569. • C-Series supports a maximum of 31 PIM interfaces and 4K multicast entries including (*,G), and (S,G) entries. There is no limit on the number of PIM neighbors C-Series can have. • S-Series supports for configuring SSM range. Be - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 508
www.dell.com | support.dell.com Step 2 Task Enter the command ip pim ssm-range and specify the ACL you created. Command Syntax ip pim ssm-range acl-name Command Mode CONFIGURATION Display address ranges in the PIM-SSM range using the command show ip pim ssm-range from EXEC Privilege mode. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 509
interface GigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown Receiver 1 10.11.3.2 Group: 239.0.0.2 Source: 10.11.5.2 interface Vlan 300 ip pim sparse-mode ip address 10.11.3.1/24 untagged GigabitEthernet 1/1 no shutdown R1(conf )#do show run pim ! ip pim rp-address 10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 510
www.dell.com | support.dell.com Figure 26-4. Configuring PIM-SSM with IGMPv2 R1(conf)#do show run (conf)#do show ip igmp ssm-map IGMP Connected Group Membership Group Address Interface Mode Uptime 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:36 Member Ports: Gi 1/1 R1(conf)#do show ip igmp ssm- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 511
Series. The C-Series and S-Series transmit power to connected IEEE 802.3af-compliant powered devices through ports that have been configured to supply PoE. Those platforms also support the protocols LLDP and LLDP-MED, which help optimize power distribution to PoE devices. See Chapter 46, Link Layer - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 512
4W. Typical IP Phones require only 3-10 Watts. So, if the ports are configured optimally, more PDs can be powered with fewer PSUs. On the C-Series, though S25V and S50V models contain AC power supplies in order to support PoE. You can also add the external Dell Force10 470W Redundant Power Supply to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 513
or with power inline static max_milliwatts • Disable PoE on a port using the no power inline command. Ports configured with power inline auto have a lower priority for access to power than those configured with power inline static. As a second layer of priority setting, use the [no] power inline - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 514
dell.com | support.dell.com View the amount of power that a port is consuming using the show power inline command from EXEC privilege mode. Figure 27-2. PoE Allocation Displayed with show power inline Command (example from C-Series) Force10 indicates that the maximum configured amount of power is - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 515
the fields that the show power detail command displays. Table 27-4. show power detail Field Description Field Port Number Catalog Name Displays the Dell Force10 catalog number of the line card, RPM, and fan tray. Slot ID Displays the slot number in which the component in installed. Logic - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 516
www.dell.com | support.dell.com 1. the power-inline mode: static or auto, 2. the power-inline priority configuration, 3. the LLDP-MED in Extended Power via MDI TLV to the system. In this case, the Dell Force10 switch revises the power allocation to the value that the PD requests via LLDP-MED - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 517
allocated if there is sufficient power in the budget. See Table 27-1 on page 511. • If there is not enough power in the budget, the configuration is maintained and the port waits for power to become available. • If the device advertises its power requirement through LLDP-MED, then FTOS allocates the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 518
www.dell.com | support.dell.com • If there is not enough power in the budget, the configuration is maintained and port 790W on S-Series with load-sharing external DC PSU). Enabling PoE on more ports than is supported by the power budget produces one of these results: • If the newly PoE-enabled port - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 519
27-5 refers to "line cards with the lowest slot number", substitute "S-Series stack members with the lowest unit ID".) Table 27-5. PoE Ports Priorities Configuration Ports configured with power inline static Ports configured with power inline auto Port Number Priority Ports with the lowest port - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 520
www.dell.com | support.dell.com Recover from a Failed Power Supply If ports are PoE-enabled, and a PSU fails, power might be terminated on some ports to compensate for the power loss. This does not affect PoE individual port configurations. For C-Series, use the show power supply command to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 521
Office VOIP Deployment The phone requires one tagged VLAN for VOIP service and one untagged VLAN for PC data, as shown in Figure 27-7. You may configure voice signaling on the voice VLAN, but some implementations might need an additional tagged VLAN for this traffic; Figure 27-8 adds an additional - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 522
www.dell.com | support.dell.com Figure 27-8. Creating VLANs for an Office VOIP Deployment Force10#show running-config interface configured LLDP-MED. LLDP-MED advertises VLAN, dot1P, and DSCP configurations on the switch so that you do not need to manually configure every phone with this information - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 523
Configure Quality of Service for an Office VOIP Deployment There are multiple ways you can use QoS to map ingress phone and PC traffic so that you can give them each a different quality of service. See Chapter 31, Quality of Service service-policy input HonorDSCP power inline auto no shutdown Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 524
dell.com | support.dell depicts the topology and shows the configuration for a C-Series. The Force10#sh run int gi 6/2 ! interface GigabitEthernet 6/2 description "Uplink to E1200" no ip address switchport service-policy output BW no shutdown PC data VLAN 300: Voice Signaling VLAN 200: Voice VLAN - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 525
-map match-any phone-subnet match ip access-group phone-subnet Force10#sh run policy-map-input ! policy-map-input phone-pc service-queue 1 class-map pc-subnet service-queue 2 class-map phone-signalling service-queue 3 class-map phone-subnet Force10#sh run qos-policy-output ! qos-policy-output data - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 526
526 | Power over Ethernet www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 527
supported on physical ports only; VLAN and port-channel interfaces do not support port monitoring. • The Monitored (source, "MD") and Monitoring ports (destination, "MG") must be on the same switch. • In general, a monitoring port should have no ip address and no shutdown as the only configuration - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 528
dell.com | support.dell and E-Series ExaScale support the following. • FTOS supports one destination (MG) supports 1 monitoring session per port-pipe. E-Series TeraScale supports a maximum of 28 port pipes. On the E-Series TeraScale, FTOS supports the E-Series TeraScale supports as many monitoring - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 529
Port Monitoring Configurations on the E-Series Line Card 0 Line Card 1 Port-Pipe 0 Port-Pipe 1 Port-Pipe 0 Port-Pipe 1 Monitor Session 0 MD MG Monitor Session 1 MD MG Monitor Session 2 MD Monitor Session 3 MD Port Monitoring 002 E-Series ExaScale FTOS on E-Series ExaScale supports - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 530
www.dell.com | support.dell.com Figure 28-2. Number of Monitoring Ports on the C-Series and S-Series Force10#show mon session for example, 0/4). If you attempt to configure another destination, Message 5 appears. However, you can configure another monitoring session that uses one of previously - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 531
25 Gi 0/38 110 Gi 0/26 Gi 0/39 300 Gi 0/17 Gi 0/1 Force10(conf-mon-sess-300)# Direction --------rx rx rx rx tx tx tx Mode --- with VLAN ID 4095. If the MD port is in a Layer 3 VLAN, the frames are tagged with the respective Layer 3 VLAN ID. For example, in the configuration source - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 532
www.dell.com | support.dell.com FTOS Behavior: The C-Series and S-Series continue to mirror outgoing traffic even after an MD participating in Spanning Tree Protocol transitions from the forwarding to blocking. Configuring Port Monitoring To configure port monitoring: Step 1 2 3 Task Verify - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 533
Port Monitoring Example Host Traffic 1/1 1/3 Server Traffic 1/2 Host Server Force10(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 no ip address no shutdown Sniffer Force10(conf )#monitor session 0 Force10(conf-mon-sess-0)#source gig 1/1 destination gig 1/2 direction rx - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 534
www.dell.com | support.dell.com Flow-based Monitoring e Flow-based Monitoring is supported only on platform Flow-based (ACL), Prefix Lists, and Route-maps. access-list Command Mode MONITOR SESSION CONFIGURATION INTERFACE View an access-list that you applied to an interface using the command - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 535
Figure 28-8. Configuring Flow-based Monitoring Force10(conf)#monitor session 0 Force10(conf-mon-sess-0)#flow-based enable Force10(conf)#ip access-list ext testflow Force10(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor Force10(config-ext-nacl)#seq 10 permit ip 102.1.1.0/24 any count - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 536
536 | Port Monitoring www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 537
following major sections: • Private VLAN Concepts on page 537 • Private VLAN Commands on page 539 • Private VLAN Configuration Task List on page 539 • Private VLAN Configuration Example on page 543 • Inspecting the Private VLAN Configuration on page 544 Private VLANs extend the FTOS security suite - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 538
www.dell.com | support.dell.com • A community VLAN can only contain ports configured as host. Isolated VLAN - An isolated VLAN is a type of secondary VLAN in a primary VLAN: • Ports in an isolated VLAN cannot talk directly to each other. • Ports in an isolated VLAN can only communicate with - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 539
in the FTOS Command Reference. Private VLAN Configuration Task List The following sections contain the procedures that configure a private VLAN: • Creating PVLAN ports • Creating a Primary VLAN on page 541 • Creating a Community VLAN on page 542 • Creating an Isolated VLAN on page 542 Private - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 540
.dell.com | support.dell.com Creating PVLAN ports Private VLAN ports are those that will be assigned to the private VLAN (PVLAN). Step Command Syntax 1 interface interface Command Mode CONFIGURATION 2 no shutdown INTERFACE 3 switchport INTERFACE 4 switchport mode INTERFACE private-vlan - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 541
Mode Purpose CONFIGURATION Access the INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces. INTERFACE VLAN Enable the VLAN. INTERFACE VLAN Set the PVLAN mode of the selected VLAN to primary. INTERFACE VLAN Map secondary VLANs to the selected primary VLAN. The list - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 542
www.dell.com | support.dell.com Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN. The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary VLAN. Step Command Syntax 1 interface vlan vlan-id 2 no - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 543
Figure 29-2. Configuring VLANs for a Private VLAN Force10#conf Force10(conf)# interface vlan 10 Force10(conf-vlan-10)# private-vlan mode primary Force10(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 Force10(conf-vlan-10)# untagged Gi 2/1 Force10(conf-vlan-10)# tagged Gi 2/3 Force10(conf - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 544
for host PVLAN ports in the other switch travel through the promiscuous ports in the local VLAN 4000 and then through the trunk ports (0/25 in each switch). Inspecting the Private VLAN Configuration The standard methods of inspecting configurations also apply in PVLANs: • Within the INTERFACE - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 545
, I - Isolated Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Vlan-stack NUM * 1 100 P 200 I 201 Status Inactive Inactive Inactive Inactive Description primary VLAN in PVLAN isolated VLAN in VLAN 200 Q Ports T Gi 0/19-20 T Gi 0/21 PVLAN codes Private - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 546
dell.com | support.dell.com Figure 29-8. Example running-config Output of PVLAN Configuration from S50V ! interface GigabitEthernet 0/3 no ip address switchport switchport mode private-vlan promiscuous no shutdown ! interface GigabitEthernet 0/4 no ip address switchport switchport mode private-vlan - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 547
30 Per-VLAN Spanning Tree Plus c e s Per-VLAN Spanning Tree Plus is supported platforms: Protocol Overview Per-VLAN Spanning Tree Plus (PVST+) is a variation of Spanning Tree-developed by a third party- that allows you to configure a separate Spanning Tree instance for each VLAN. For more - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 548
www.dell.com | support.dell.com FTOS supports three other variations of Spanning Tree, as shown in Table 30-1. Table 30-1. FTOS Supported Spanning Tree Protocols Force10 Term Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol Per-VLAN Spanning Tree Plus IEEE - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 549
by entering the command show config from PROTOCOL PVST context, as shown in fig. Figure 30-2. Display the PVST+ Configuration Force10_E600(conf-pvst)#show config verbose ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Influence PVST+ Root Selection In Figure 30-1, all - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 550
www.dell.com | support.dell.com Forwarding Figure 30-3. Load Balancing with PVST+ STI 2 root vlan 100 bridge-priority 4096 R2 STI 1: VLAN 100 STI 2: VLAN 200 STI 3: VLAN 300 2/32 3/22 Blocking X 2/12 R3 3/12 STI 3 root vlan 100 bridge-priority 4096 1/22 X X 1/32 STI 1 root vlan 100 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 551
15 seconds Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds Command Syntax vlan forward-delay vlan hello-time Command Mode PROTOCOL PVST PROTOCOL PVST Per - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 552
www.dell.com | support.dell.com Task Change the max-age parameter. Range: 6 to 40 Default: 20 seconds Command Syntax vlan max- implementations use IEEE 802.1d costs as the default costs if you are using Dell Force10 systems in a multi-vendor network, verify that the costs are values you intended - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 553
in increments of 16 Default: 128 Command Syntax spanning-tree pvst vlan priority Command Mode INTERFACE The values for interface PVST+ parameters are feature is the same as PortFast mode in Spanning Tree. Caution: Configure EdgePort only on links connecting to an end station. EdgePort can cause - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 554
dell.com | support.dell pvst-bpdu. After you configure this command, if the VLANs. These ports are untagged because the hub is VLAN unaware. There is no data loop in the above scenario, however, PVST+ can be employed to avoid potential misconfigurations. If PVST+ is enabled on the Dell Force10 switch - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 555
with the VLAN ID. extend system-id PROTOCOL PVST Force10(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing Vlan 5 Configured hello time 2, max age 20, forward delay 15 ... PVST+ Sample Configurations Figure 30-6, Figure 30-7, and Figure 30-8 provide the running configurations - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 556
www.dell.com | support.dell.com Figure 30-6. PVST+ Sample Configuration: R1 Running-configuration interface GigabitEthernet 1/22 no ip address switchport no shutdown ! interface GigabitEthernet 1/32 no ip address switchport no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 557
no ip address tagged GigabitEthernet 2/12,32 no shutdown ! protocol spanning-tree pvst no disable vlan 200 bridge-priority 4096 Figure 30-8. PVST+ Sample Configuration: R3 Running-configuration interface GigabitEthernet 3/12 no ip address switchport no shutdown ! interface GigabitEthernet 3/22 no ip - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 558
558 | Per-VLAN Spanning Tree Plus www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 559
traffic. All queues are serviced using the Deficit Round Robin scheduling algorithm. You can only manage queuing prioritization on egress. Table 31-1. FTOS Support for Port-based, Policy-based, and Multicast QoS Features Feature Port-based QoS Configurations Set dot1p Priorities for Incoming - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 560
dell.com | support.dell.com Table 31-1. FTOS Support for Port-based, Policy-based, and Multicast QoS Features Feature Create an output QoS policy Configure policy-based rate limiting Configure e c e s e Direction Egress Ingress + Egress Ingress Egress - Egress Egress - - 560 | Quality of Service - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 561
) Rate Policing Buffers Class-based Queues Switching Rate Limiting Buffers Class-based Queues Egress Packet Processing Traffic Shaping Egress Congestion Management (WFQ Scheduling) Congestion Avoidance (WRED) Implementation Information Dell Force10' QoS implementation complies with IEEE 802 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 562
1 Force10(conf-if)#end Force10# Honor dot1p Priorities on Ingress Traffic By default FTOS does not honor dot1p priorities on ingress traffic. Use the command service-class dynamic dot1p from INTERFACE mode to honor dot1p priorities on ingress traffic, as shown in Figure 31-3. You can configure this - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 563
: You cannot configure service-policy input and service-class dynamic dot1p on the same interface. Figure 31-3. service-class dynamic dot1p Command Example Force10#config t Force10(conf)#interface gigabitethernet 1/0 Force10(conf-if)#service-class dynamic dot1p Force10(conf-if)#end Force10# Priority - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 564
www.dell.com | support.dell.com Figure 31-5. Displaying your Rate Policing Configuration Force10#show interfaces gigabitEthernet 1/2 rate police Rate police 300 (50) peak 800 (50) Traffic Monitor 0: normal 300 (50) peak 800 (50) Out of profile yellow 23386960 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 565
Rate Shaping to Outgoing Traffic Force10#config Force10(conf)#interface gigabitethernet 1/0 Force10(conf-if)#rate shape 500 50 Force10(conf-if)#end Force10# Policy-based QoS Configurations Policy-based QoS configurations consist of the components shown in Figure 31-9. Quality of Service | 565 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 566
www.dell.com | support.dell.com Figure 31-9. Constructing Policy-based QoS Configurations Interface Input Service Policy 0 Input Policy Map 7 Input Policy Map Output Service Policy 0 Output Policy Map 7 Output Policy Map Class Map DSCP Input QoS Policy L3 ACL L3 Fields Rate Policing - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 567
Force10(conf)#policy-map-input pmap Force10(conf-policy-map-in)#service-queue 7 class-map cmap1 Force10(conf-policy-map-in)#service-queue 4 class-map cmap2 Force10(conf-policy-map-in)#exit Force10(conf)#interface gig 1/0 Force10(conf-if-gi-1/0)#service map match-all from CONFIGURATION mode, and enter - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 568
dell.com | support.dell Different DSCP Values Force10#show run class-map ! class-map match-any example-flowbased-dscp match ip access-group test set-ip-dscp 24451 1 0 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 - 0 Display configured class maps and match criteria Display all class-maps or a specific - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 569
#show running-config policy-map-input ! policy-map-input PolicyMapIn service-queue 1 class-map ClassAF1 qos-policy QosPolicyIn-1 service-queue 2 class-map ClassAF2 qos-policy QosPolicyIn-2 Force10#show running-config class-map ! class-map match-any ClassAF1 match ip access-group AF1-FB1 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 570
www.dell.com | support.dell.com Create a QoS Policy There are two types of QoS policies: input output QoS policies are rate limiting, rate shaping, and WRED. Note: When changing a "service-queue" configuration in a QoS policy map, all QoS rules are deleted and re-added automatically to ensure that - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 571
b). Force10(conf-qos-policy-in)#show config ! qos-policy-input my-input-qos-policy set ip-dscp 34 Force10(conf-qos-policy-in)#end Force10# Configure policy-based rate limiting e Configure policy-based rate limiting is supported only on platform Policy-based rate limiting is configured Service | 571 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 572
dell.com | support.dell whenever you are allocating bandwidth to one queue, Dell Force10 recommends that you evaluate your bandwidth requirements for % 14% Specify WRED drop precedence e Specify WRED drop precedence is supported only on platform Specify a WRED profile to yellow and/or green traffic - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 573
to a queue Assign an input QoS policy to a queue using the command service-queue from POLICY-MAP-IN mode. Apply an input QoS policy to an input indicates to which queues FTOS maps DSCP values. When Trust DSCP is configured the matched packets and matched bytes counters are not incremented in show - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 574
www.dell.com | support.dell.com DSCP/CP hex range (XXX)xxx VLAN; see Priority-tagged Frames on the Default VLAN. Fall Back to trust diffserve or dot1p e Fall Back to trust diffserve or dot1p is available only on platforms: When using QoS service policies with multiple class maps, you can configure - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 575
packet is queued to the default queue, Queue 0. In the following configuration, packets are classified to queues using the three class maps: ! policy-map-input input-policy service-queue 1 class-map qos-BE1 service-queue 3 class-map qos-AF3 service-queue 4 class-map qos-AF4 ! class-map match-any qos - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 576
and QoS policies to the same interface. • You cannot apply an input Layer 2 QoS policy on an interface you also configure with vlan-stack access. • If you apply a service policy that contains an ACL to more than one interface, FTOS uses ACL optimization to conserves CAM space. The ACL Optimization - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 577
output policy map to an interface Apply an input policy map to an interface using the command service-policy output from INTERFACE mode. You can apply the same policy map to multiple interfaces, and and S-Series Range: 1-31 E-Series Range: 1-144 Command Mode CONFIGURATION Quality of Service | 577 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 578
www.dell.com | support.dell.com Strict-priority Queueing You can assign strict-priority to one unicast queue, 1-7, using the command strict-priority from CONFIGURATION mode. Strict-priority means that FTOS dequeues all packets from the assigned queue before servicing any other queues. • The strict- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 579
on it DSCP value before queuing it. DSCP is a 6 bit field. Dell Force10 uses the first three bits of this field (DP) to determine the drop precedence using the command wred. Configure WRED for Storm Control e Configure WRED for Storm Control is supported only on platform Storm control Service | 579 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 580
www.dell.com | support.dell.com WRED can be used in combination with storm control to regulate broadcast and unknown-unicast traffic. This feature is available through an additional option in command storm-control [broadcast | unknown-unicast] at CONFIGURATION. See the FTOS Command Line Reference - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 581
Force10 Green Yellow Out of Profile Force10# WRED1 WRED2 WRED1 WRED2 WRED1 Queues is supported on platform: CONFIGURATION mode. • If you configure configuration. • If you configure configure bandwidth-percentage for both unicast and multicast, then bandwidth is assigned based on your configuration - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 582
www.dell.com | support.dell.com For example, if you configure 70% bandwidth to multicast, 80% bandwidth to these commands: • test cam-usage service-policy input policy-map {linecard | stack-unit } number port-set number • test cam-usage service-policy input policy-map {linecard | stack-unit } all - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 583
cam-usage Command Example Force10# test cam-usage service-policy input pmap_l2 linecard 0 port-set 0 Linecard | Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status 0 0 L2ACL 500 200 Allowed(2) Viewing QoS CAM Entries e Viewing QoS CAM Entries is supported only on platform - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 584
584 | Quality of Service www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 585
Information Protocol c e s Routing Information Protocol is supported only on platforms: RIP is supported on the S-Series following the release of FTOS • Implementation Information on page 586 • Configuration Information on page 586 • RIP Configuration Example on page 594 RIP protocol standards - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 586
www.dell.com | support.dell.com This first RIP version does not support VLSM or CIDR and is not widely used. RIPv2 RIPv2 adds support for subnet fields address 224.0.0.9. Implementation Information FTOS supports both versions of RIP and allows you to configure one version globally and the other - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 587
RIP mode. When RIP is enabled, you can view the global RIP configuration by using the show running-config command in the EXEC mode or the config Command Example in ROUTER RIP mode Force10(conf-router_rip)#show config ! router rip network 10.0.0.0 Force10(conf-router_rip)# When the RIP process has - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 588
www.dell.com | support.dell.com Figure 32-2. show ip rip database Command Example (Partial) Force10#show ip rip database Total To disable RIP globally, use the no router rip command in the CONFIGURATION mode. Configure RIP on interfaces When you enable RIP globally on the system, interfaces - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 589
a specific router to exchange RIP information between it and the Dell Force10 system. You can use this command multiple times to exchange RIP Mode Purpose ROUTER RIP ROUTER RIP Assign a configured prefix list to all incoming RIP routes. Assign a configured prefix list to all outgoing RIP routes. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 590
www.dell.com | support.dell.com Command Syntax redistribute isis [level-1 | level-1-2 | level-2] [ 16 • map-name: name of a configured route map. Note: IS-IS is not supported on the S-Series platform. ROUTER RIP Include specific OSPF routes in RIP. Configure the following parameters: • process-id - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 591
-4 displays the command syntax for sending both RIPv1 and RIPv2 and receiving only RIPv2. Figure 32-4. Configuring an interface to send both versions of RIP Force10(conf-if)#ip rip send version 1 2 Force10(conf-if)#ip rip receive version 2 The show ip protocols command example Figure 32-5 confirms - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 592
www.dell.com | support.dell.com Figure 32-5. show ip protocols Command Example Force10#show ip protocols Routing Protocols is from other routes are advertised if the default-information originate command is configured. To configure FTOS to generate a default route, use the following command in - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 593
access-list-name {in | out} offset [interface] Command Mode Purpose ROUTER RIP Apply a weight to all routes or a specific route and ACL. Configure the following parameters: • weight range: 1 to 255 (default is 120) • ip-address mask: the IP address in dotted decimal format (A.B.C.D), and the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 594
www.dell.com | support.dell.com Debug RIP The debug ip rip command enables RIP Example Force10#debug ip rip RIP protocol debug is ON Force10# To disable RIP, use the no debug ip rip command. RIP Configuration Example The example in this section shows the command sequence to configure RIPv2 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 595
-11: Using show ip protocols command to display Core 2 RIP activity Figure 32-9. Example of RIP Configuration Response from Core 2 Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by Core2#show ip rip database Total number of routes in RIP database: 7 10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 596
www.dell.com | support.dell.com Figure 32-10. Using show ip route Command to Show RIP Configuration on Core 2 Core2#show ip route Codes: C - connected, S # Figure 32-11. Using show ip protocols Command to Show RIP Configuration Activity on Core 2 Core2#show ip protocols Routing Protocol is "RIP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 597
on Core 3 Figure 32-12. RIP Configuration on Core 3 Core3(conf-if-gi-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 598
www.dell.com | support.dell.com Figure 32-14. Using show ip routes for Core 3 RIP Setup Core3#show ip routes 06:53 0/0 00:06:26 Figure 32-15. Using show ip protocols Command to Show RIP Configuration Activity on Core 3 Core3#show ip protocols Routing Protocol is "RIP" Sending updates every 30 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 599
.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 Figure 32-17. Summary of Core 3 RIP Configuration Using Output of show run Command ! interface GigabitEthernet 3/11 ip address 10.11.30.1/24 no shutdown ! interface GigabitEthernet 3/21 ip address 10.11.20 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 600
www.dell.com | support.dell.com 600 | Routing Information Protocol - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 601
Monitoring is supported on platform collection on Dell Force10 Ethernet Interfaces. RMON operates with SNMP and monitors configure SNMP prior to setting up RMON. For a complete SNMP implementation discussion, refer to Chapter 6, Simple Network Management Protocol (SNMP), on page 47. Configuring - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 602
down, all sampled data is lost. But the RMON configurations are saved in the configuration file, and the sampling process continues after the chassis returns to operation. Platform Adaptation-RMON supports all Dell Force10 chassis and all Dell Force10 Ethernet Interfaces. 602 | Remote Monitoring - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 603
or rmon hc-alarm command in GLOBAL CONFIGURATION mode. To disable the alarm, use object to monitor-the variable must be in the SNMP OID format. For example, 1.3.6.1.2.1.1.3. The object type Tests the change between MIB variables, this is the alarmSampleType in the RMON Alarm table. • absolute: Tests - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 604
www.dell.com | support.dell.com Figure 33-1. rmon alarm Command Example Force10(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 owner nms1 Alarm Number MIB Variable Monitor Interval Counter Value Limit Triggered Event The above example configures - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 605
this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string "eventtrap". Configure RMON collection statistics To -3. rmon collection statistics Command Example Force10(conf-if-mgmt)#rmon collection statistics controlEntry 20 owner john Remote - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 606
dell.com | support.dell.com Configure RMON collection history To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in interface configuration history Command Example Force10(conf-if-mgmt)#rmon collection history controlEntry 20 owner john - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 607
with switches configured with STP and MSTP. FTOS supports three other variations of Spanning Tree, as shown in Table 34-1. Table 34-1. FTOS Supported Spanning Tree Protocols Dell Force10 Term Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol Per-VLAN Spanning - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 608
www.dell.com | support.dell.com • Configuring Spanning Trees as Hitless on page 713 • SNMP Traps VLANs; adding a group of ports to a range of VLANs sends multiple messages to the RSTP task. When using the range command, Dell Force10 recommends limiting the range to 5 ports and 40 VLANs. Configure - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 609
an interface is in Layer 2 mode and enabled using the show config command from INTERFACE mode. Figure 34-2. Verifying Layer 2 Configuration Force10(conf-if-gi-1/1)#show config ! interface GigabitEthernet 1/1 no ip address switchport no shutdown Indicates that the interface is in Layer 2 mode - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 610
www.dell.com | support.dell.com Figure 34-3. Verifying RSTP is Enabled Force10(conf-rstp)#show config ! protocol spanning-tree rstp no disable Force10(conf-rstp)# Indicates that Rapid Spanning Tree is enabled When you enable Rapid Spanning Tree, all physical and port-channel interfaces that are - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 611
34-5. show spanning-tree rstp Command Example Force10#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4 Configured hello time 2, max age 20 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 612
www.dell.com | support.dell.com Figure 34-6. show spanning-tree rstp brief Command the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. Note: Dell Force10 recommends that only experienced network administrators change - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 613
the forward-delay parameter. • Range: 4 to 30 • Default: 15 seconds Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds Change the max-age parameter. Range - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 614
www.dell.com | support.dell.com feature is the same as PortFast mode in Spanning Tree. Caution: Configure EdgePort only on links connecting to an end station. EdgePort can cause show config command from INTERFACE mode; Dell Force10 recommends using the show config command, as shown in Figure - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 615
tree on the interface (no spanning-tree in INTERFACE mode). •Disabling global spanning tree (no spanning-tree in CONFIGURATION mode). Figure 34-7. EdgePort Enabled on Interface Force10(conf-if-gi-2/0)#show config ! interface GigabitEthernet 2/0 no ip address switchport spanning-tree rstp edge-port - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 616
| support.dell.com Figure 34-8. bridge-priority Command Example Force10(conf-rstp)#bridge-priority 4096 0440:9267::05090:1.%eR8P0Mb0.-8P8:bRdP2Ol%dSPRAoNoMtG:R-352-7S6T8P:_0R0O0O1T._eC8H0A1N.GcEb:b4RSNTePw rRoooott:ch4a0n9g6e:d0.00M1y.eB8r0ibd.g8e8bIdD: Old root bridge ID New root bridge ID SNMP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 617
are supported on platforms This chapter discusses several ways to provide access security to the Dell Force10 system on page 643 • VTY Line and Access-Class Configuration on page 644 For details on all commands discussed and Authorization), which includes services for authentication, authorization, - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 618
notice before granting the user's process request • stop-only-Use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. • tacacs+ -Designate the security service. Currently, FTOS supports only TACACS+ 618 | Security - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 619
the TACACS+ attribute/value (AV) pairs. In the following sample configuration, AAA accounting is set to track all usage of EXEC commands and commands on privilege level 15. Force10(conf)#aaa accounting exec default start-stop tacacs+ Force10(conf)#aaa accounting command 15 default start-stop tacacs - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 620
:00:26 Elapsed, service=shell AAA Authentication FTOS supports a distributed client/server system implemented through Authentication, Authorization, and Accounting (AAA) to help secure networks against unauthorized access. In the Dell Force10 implementation, the Dell Force10 system acts as a RADIUS - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 621
is applied to all terminal lines. Possible methods are: • enable-use the password defined by the enable secret or enable password command in the CONFIGURATION mode. • line-use the password defined by the password command in the LINE mode. • local-use the username/password database defined in the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 622
www.dell.com | support.dell.com To view the configuration, use the show config command in the LINE mode or the show running-config in the EXEC Privilege mode. Note: Dell Force10 recommends that you use the none method only as a backup. This method does not authenticate users. The none and enable - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 623
Force10(config)# aaa authentication enable mymethodlist radius tacacs Force10(config)# line vty 0 9 Server-side configuration TACACS+: When using TACACS+, Dell Force10 sends an initial packet with service and Telnet and ping to test connectivity, but you cannot configure the router. This level is - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 624
www.dell.com | support.dell.com Privilege levels 2 through 14 are not configured and you can customize them for different users and access. After you configure other privilege levels, enter those levels by adding the level parameter after the enable command or by configuring a user name or password - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 625
the optional and required parameters: • name: Enter a text string up to 63 characters long. • access-class access-list-name: Enter the name of a configured IP ACL. • nopassword: Do not require the user to enter a password. • encryption-type: Enter 0 for plain text or 7 for encrypted text. • password - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 626
www.dell.com | support.dell.com Configure custom privilege levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels. Within FTOS, commands have certain privilege levels. With the privilege - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 627
john privilege 8 password john Force10(conf)#enable password level 8 notjohn Force10(conf)#privilege exec level 8 configure Force10(conf)#privilege config level 8 snmp-server Force10(conf)#end Force10#show running-config Current Configuration ... ! hostname Force10 ! enable password level 8 notjohn - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 628
www.dell.com | support.dell.com Figure 35-3. User john's Login and the List of Available Commands apollo% telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'. Login: john Password: Force10#show priv Current privilege level is 8 Force10#? configure - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 629
Service (RADIUS) is a distributed client/server protocol. This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Force10 -in User Service. RADIUS Authentication and Authorization FTOS supports RADIUS for user - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 630
| support.dell.com Idle Time Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values (configured - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 631
in the LINE mode or the show running-config command in the EXEC Privilege mode. Define a AAA method list to be used for RADIUS To configure RADIUS to authenticate or authorize users on the system, you must create a AAA method list. Default method lists do not need to be explicitly applied - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 632
www.dell.com | support.dell.com Specify a RADIUS server host When configuring a RADIUS server host, you can set different communication parameters, such as the UDP port, the key password, the number of retries, and the timeout. To specify a RADIUS server host and configure its communication - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 633
radius Command Mode Purpose EXEC Privilege View RADIUS transactions to troubleshoot problems. TACACS+ FTOS supports Terminal Access Controller Access Control System (TACACS+ client, including support for login authentication. Configuration Task List for TACACS+ The following list includes the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 634
www.dell.com | support.dell.com • Choose TACACS+ as the Authentication Method • Monitor TACACS+ • TACACS+ you must specify at least one TACACS+ server for the system to communicate with and configure TACACS+ as one of your authentication methods. To select TACACS as the login authentication method - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 635
default start-stop tacacs+ Force10(conf)# Force10(conf)#do show run troubleshoot problems. TACACS+ Remote Authentication and Authorization FTOS takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If you have configured - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 636
www.dell.com | support.dell.com Figure 35-5 demonstrates how to configure the access-class from a TACACS+ server. This causes the configured access-class on the VTY line to be ignored. If you have configured a deny10 ACL on the TACACS+ server, FTOS downloads it and applies it. If the user is found - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 637
Password: Force10# Force10# Command Authorization The AAA command authorization feature configures FTOS to send each configuration command to the ACL. RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configured into the line cards and enabled by default. SCP and - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 638
To enable the SSH server for version 1 and 2, use the following command in the CONFIGURATION mode: Command Syntax ip ssh server {enable | port port-number} Command Mode CONFIGURATION Purpose Configure the Dell Force10 system as an SCP/SSH server. To enable the SSH server for version 1 or - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 639
1. Command Mode CONFIGURATION CONFIGURATION CONFIGURATION EXEC Privilege This example shows the use of SCP and SSH to copy a software image from one switch running SSH Server on UDP port 99 to the local switch: Figure 35-7. Using SCP to copy from an SSH Server on another Switch .Force10#copy scp - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 640
dell.com | support.dell.com • ip ssh connection-rate-limit: Configure the maximum number of incoming SSH connections per minute. • ip ssh hostbased-authentication enable: Enable hostbased-authentication for the SSHv2 server. • ip ssh key-size: Configure to connect to the Dell Force10 system. This is - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 641
/admin/.ssh/id_rsa.pub. Command Mode 2 Copy the public key id_rsa.pub to the Dell Force10 system. 3 Disable password authentication if enabled. no ip ssh password-authentication CONFIGURATION enable 4 Enable RSA authentication. ip ssh rsa-authentication enable EXEC Privilege 5 Bind the public - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 642
admin 4 Copy the file shosts and rhosts to the Dell Force10 system. 5 Disable password authentication and • no ip ssh password-authentication RSA authentication, if configured • no ip ssh rsa-authentication • CONFIGURATION • EXEC Privilege 6 Enable host-based authentication. ip ssh hostbased - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 643
version Troubleshooting SSH • You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this case, Message 2 appears. Message 2 RSA Authentication Error %Error: No username set for this term. • Host-based authentication must be enabled on the server (Dell Force10 system - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 644
www.dell.com | support.dell.com VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in FTOS. These depend on which authentication scheme you use - line, local, or remote: Table 35-1. VTY - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 645
and Authorization FTOS retrieves the access class from the VTY line. The Dell Force10 OS takes the access class from the VTY line and applies it to the authentication method is radius, TACACS+, or line, and you have configured an access class for the VTY line, FTOS immediately applies it. If - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 646
www.dell.com | support.dell.com Figure 35-15. Example Access Class Configuration Using TACACS+ Without Prompt Force10(conf)#mac access-list standard sourcemac Force10(config-std-mac)#permit 00:00:5e:00:01:01 Force10(config-std-mac)#deny any Force10(conf)# Force10(conf)#line vty 0 9 Force10(config- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 647
36 Service Provider Bridging c e s Service Provider Bridging is supported on platforms: This chapter contains the following major sections: • VLAN Stacking on page 647 • VLAN Stacking Packet Drop Precedence on page 658 • Dynamic Mode CoS for VLAN Stacking on page 660 • Layer 2 Protocol Tunneling on - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 648
VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, these interfaces must be added to a non-default VLAN-Stack-enabled VLAN. • Dell Force10 cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 649
provider bridge. Assign all access ports and trunk ports to service provider VLANs. Command Syntax vlan-stack access vlan-stack trunk member Command Mode INTERFACE INTERFACE INTERFACE VLAN Display the VLAN-Stacking configuration for a switchport using the command show config from INTERFACE mode - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 650
www.dell.com | support.dell.com Display the status and members of a VLAN using the show vlan command from EXEC Privilege mode. Members of a VLAN-Stacking-enabled VLAN are marked with an M in column Q. Figure 36-3. Display the Members of a VLAN-Stacking-enabled VLAN Force10#show vlan Codes: * - - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 651
0/1 a trunk port that is configured as a hybrid port and then added to VLAN 100 as untagged VLAN 101 as tagged, and VLAN 103, which is a stacking VLAN. Figure 36-4. Hybrid Port as VLAN-Stack Trunk Port and as Member of other VLANs Force10(conf)#int gi 0/1 Force10(conf-if-gi-0/1)#portmode hybrid - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 652
Dell Force10 systems at network edges, at which, frames are either double tagged on ingress (R4) or the outer tag is removed on egress (R3). VLAN Stacking 0x81, for example, 0x8181. You can configure the first eight bits of the TPID using the command vlan-stack protocol-type command. In Figure 36-6, - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 653
VLAN BLUE SERVICE PROVIDER TPID 0x9191 VLAN GREEN VLAN BLUE R2-E-Series TeraScale TPID: 0x9100 R1-E-Series TeraScale TPID: 0x9191 VLAN GREEN, VLAN PURPLE VLAN PURPLE VLAN Building A is double tagged on egress at R4 and is switched towards Building B, but is not decapsulated on egress at R2 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 654
) (0x8100) Building C R4-Non-Force10 System TPID: 0x8100 TPID PCP (0x8100) CFI VID (0) (VLAN Red) CFI VID (0) (VLAN Red) VLAN RED Building A VLAN Stacking with E-Series ExaScale Systems E-Series ExaScale, beginning with FTOS version 8.2.1.0, allows you to configure both bytes of the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 655
-byte match mismatch switch as is (no decapsulation) drop ExaScale Behavior drop drop drop drop drop VLAN Stacking with C-Series and S-Series The default TPID for the outer VLAN tag is 0x9100. Beginning with FTOS version 8.2.1.0, both the C-Series and S-Series allow you to configure both bytes of - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 656
www.dell.com | support.dell.com VLAN BLUE You can configure the first eight bits of the TPID using the command vlan-stack protocol-type. The TPID on the C-Series and S-Series systems is global. Ingress frames that do not match the system TPID are treated as untagged. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 657
TPID: 0x8181 VLAN GREEN, VLAN PURPLE VLAN GREEN VLAN RED VLAN BLUE DEFAULT VLAN R1-C-Series w/ FTOS =8.2.1.0 TPID: 0x8181 TPID PCP (0x8100) R4-Non-Force10 System CFI (0) VID (VLAN Red) TERNET TPID: 0x8100 SERVICE PROVIDER Building - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 658
VLAN switch to default VLAN switch to default VLAN switch to VLAN switch to default VLAN switch to default VLAN VLAN Stacking Packet Drop Precedence c s VLAN Stacking Packet Drop Precedence is available only on platform: The Drop Eligible Indicator (DEI) bit in the S-Tag indicates to a service - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 659
is marked 0 on egress. Command Syntax dei enable Command Mode CONFIGURATION When Drop Eligibility is enabled, DEI mapping or marking takes place {0 | 1} {green | red | yellow} Display the DEI-honoring configuration. show interface dei-honor [interface slot/ port | linecard number port- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 660
www.dell.com | support.dell.com Task Command Syntax Force10#show interface dei-honor Default Drop precedence: Green CoS for VLAN Stacking c s Dynamic Mode CoS for VLAN Stacking is available only on platforms: One of the ways to ensure quality of service for customer VLAN-tagged frames - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 661
VLAN Stacking Untagged DATA 0x0800 SA DA S-Tag with statically-assigned dot1p S-Tag DATA 0x0800 1 400 0x9100 SA DA C-Tag 3 100 0x8100 SA DA C-Tagged C-Tag S-Tag 3 100 0x8100 4 400 0x9100 SA DA S-Tag with mapped dot1p When configuring have other dot1p QoS configurations; this option is classic - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 662
www.dell.com | support.dell.com FTOS Behavior: For Option A above, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 663
QoS configuration in case of conflicts. vlan-stack dot1p-mapping c-tag-dot1p values sp-tag-dot1p value Command Mode CONFIGURATION EXEC configuration is rate metering. You may use Rate Shaping or Rate Policing. Layer 2 Protocol Tunneling c e s Layer 2 Protocol Tunneling (L2PT) is supported - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 664
dell.com | support.dell.com SPANNING T INTERNE SPANNING TR Figure 36-13. VLAN Stacking without L2PT EE TREE REE NETWORK no spanning-tree T SERVICE Dell Force10 systems use to overwrite the Bridge Group Address on ingress was non-configurable. The value of the L2PT MAC address was the Dell Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 665
address: 01-80-C2-00-00-00 R2 Non-Force10 System R3 Non-Force10 System Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. • No protocol packets are tunneled when VLAN Stacking is enabled. • L2PT requires the default CAM profile. Service Provider Bridging | 665 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 666
-tunnel enable protocol-tunnel stp Command Mode EXEC Privilege CONFIGURATION INTERFACE VLAN Specify a Destination MAC Address for BPDUs By default, FTOS uses a Dell Force10-unique MAC address for tunneling BPDUs. You can configure another value. Task Overwrite the BPDU with a user-specified - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 667
320 kbps Command Mode CONFIGURATION EXEC Privilege EXEC Privilege VLAN STACKING Debug Layer 2 Protocol supported only on platforms: IEEE 802.1ad-Provider Bridges amends 802.1Q-Virtual Bridged Local Area Networks so that service providers can use 802.1Q architecture to offer separate VLANs - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 668
www.dell.com | support.dell.com Provider Backbone Bridging through IEEE 802.1ad eliminates the need for tunneling BPDUs with L2PT and increases the reliability of provider bridge networks as the network core need only learn the MAC addresses of core switches, as opposed to all MAC addresses - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 669
37 sFlow c e s Configuring sFlow is supported on platforms • Enable and Disable sFlow on page 671 page 676 • Extended sFlow on page 676 Overview FTOS supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 670
Remember • The FTOS implementation of the sFlow MIB supports sFlow configuration via snmpset. • Collection through management interface is supported on E-Series only • Dell Force10 recommends that the sFlow Collector be connected to the Dell Force10 chassis through a line card port rather than the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 671
VLAN field in the extended switch element will not be packed in case of routed packet. • Destination VLAN field in the extended switch no] sflow enable Command Mode Usage CONFIGURATION Enable sFlow globally. Enable and on an interface. This CLI is supported on physical ports and LAG ports. Command Syntax - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 672
www.dell.com | support.dell.com sFlow Show Commands FTOS includes the following sFlow sflow Force10#show sflow sFlow services are enabled Indicates sFlow is globally enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 673
, shown in Figure 37-2, is also displayed in the running configuration (Figure 37-4): Figure 37-4. Command Example: show running-config interface Force10#show running-config interface gigabitethernet 1/16 ! interface GigabitEthernet 1/16 no ip address mtu 9252 ip mtu 9234 switchport sflow - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 674
www.dell.com | support.dell.com Specify Collectors The sflow collector command allows : 6343 Default max-datagram-size: 1400 Polling Intervals The sflow polling-interval command configures the polling interval for an interface in the maximum number of seconds between successive samples - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 675
sampling, but the number of packets that are skipped before the next sample is taken. Although a sampling rate can be configured for each port, TeraScale line cards can support only a single sampling rate per port-pipe. Therefore, sFlow Agent uses sub-sampling to create multiple sampling rates per - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 676
version 5 draft. Once the back-off changes the sample-rate, users must manually change the sampling rate to the desired value. As a result of back-off, sFlow configuration from the LAG port. Extended sFlow e Extended sFlow is supported fully on platform c s Platforms and support extended-switch - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 677
Force10#show sflow sFlow services are enabled Global default sampling rate: 4096 Global default counter polling interval: 15 Extended sFlow settings show all 3 types are enabled Global extended information enabled: gateway, router, switch 1 collectors configured BGP. The Dell Force10 system packs - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 678
www.dell.com | support.dell.com Table 37-1. Extended Gateway Summary IP SA static/connected/IGP static/connected/IGP BGP BGP IP DA static/connected/IGP BGP static/connected/IGP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 679
in this chapter use a Unix environment with net-snmp version 5.4. This is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Force10 system using SNMP. Also, these configurations use SNMP version 2c. Configuring SNMP requires only a single step: 1. Create a community. See - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 680
www.dell.com | support.dell.com Related Configuration Tasks The following list contains configuration tasks for SNMP: • Read Managed Object Values on page 681 • Write Managed Object Values on page 682 • Subscribe to Managed Object Value Updates using SNMP on page 683 • Copy Configuration Files on - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 681
your SNMP configuration, using the command show running-config snmp from EXEC Privilege mode, as shown in Figure 38-1. Figure 38-1. Creating an SNMP Community Force10#snmp-server community my-snmp-community ro 22:31:23: %RPM1-P:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START. Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 682
sysName.0 s "R5" SNMPv2-MIB::sysName.0 = STRING: R5 Configure Contact and Location Information using SNMP You may configure system contact and location information from the Dell Force10 system or from the management station using SNMP. To configure system contact and location information from the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 683
Object Value Updates using SNMP By default, the Dell Force10 system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system. FTOS supports the following three - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 684
www.dell.com | support.dell.com Step Task 2 Specify which traps the Dell Force10 system sends to the trap receiver. • Enable all Dell Force10 enterpriseSpecific and RFC-defined traps using the command snmp-server enable traps from CONFIGURATION mode. • Enable all of the RFC-defined traps using - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 685
Table 38-2. Dell Force10 Enterprise-specific SNMP Traps Command Option envmon supply envmon temperature envmon fan xstp threshold exceeded for Mac %s in vlan %d PEM_PRBLM: Major alarm: problem with power entry module %s PEM_OK: Major alarm cleared: power entry module %s is good MAJOR_PS: Major - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 686
OID Copy Configuration Files Using SNMP Use SNMP from a remote client to: • copy the running-config file to the startup-config file, or • copy configuration files from the Dell Force10 system to a server • copy configuration files from a server to the Dell Force10 system The relevant MIBs - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 687
SNMP community string with read/ snmp-server community write privileges. community-name rw CONFIGURATION Copy the f10-copy-config.mib MIB from the Dell Force10 (that object does not support modification) Failed object: FORCE10-COPY-CONFIG-MIB::copySrcFileType.101 Simple Network Management Protocol - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 688
www.dell.com | support.dell.com Table 7 shows examples of using the command snmpset to copy a configuration. These examples assume that: • the server OS is Unix • you are using SNMP version 2c • the community name is public, and • the file f10-copy-config.mib is in the current directory or in the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 689
config.mib 10.11.131.162 copySrcFileType.7 i 3 copyDestFileType.7 i 2 FORCE10-COPY-CONFIG-MIB::copySrcFileType.7 = INTEGER: runningConfig(3) FORCE10-COPY-CONFIG-MIB::copyDestFileType.7 = INTEGER: startupConfig(2) Figure 38-9. Copying Configuration Files via SNMP using OID Syntax >.s1n.m3p.s6e.t1.-4c - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 690
www.dell.com | support.dell.com Table 38-4. Copying Configuration Files via SNMP Task Figure 38-11. Copying Configuration Files via SNMP and TFTP to a Copy a binary file from the server to the startup-configuration on the Dell Force10 system via FTP using the following command from the Unix server - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 691
-c private -m ./f10-copy-config.mib 10.11.131.140 copyTimeCompleted.110 FORCE10-COPY-CONFIG-MIB::copyTimeCompleted.110 = Timeticks: (1179831) 3:16:38.31 use SNMP manage VLANs. Create a VLAN Use the dot1qVlanStaticRowStatus object to create a VLAN. The snmpset operation in Figure 38-15 creates VLAN 10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 692
www.dell.com | support.dell.com Figure 38-15. Creating a VLAN using SNMP > snmpset -v2c -c mycommunity 123.45.6.78 .1.3.6.1.2.1.17.7.1.4.3.1.5.10 i 4 SNMPv2-SMI::mib-2.17.7.1.4.3.1.5.10 = INTEGER: 4 Assign a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 693
. Figure 38-18. Display the Ports in a VLAN in SNMP > snmpget -v2c -c mycommunity 10.11.131.185 00 00 00 00 00 00 The table that the Dell Force10 system sends in response to the snmpget request is a 00 in Figure 38-18, represents ports 1-7 in Stack Unit 0. The next pair to the right represents ports - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 694
www.dell.com | support.dell.com Figure 38-19. Displaying Ports in a VLAN using SNMP [Force10 system output] R5(conf)#do show vlan id 10 Codes: * - Default VLAN, G - GVRP VLANs Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Vlan-stack NUM Status Description - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 695
00 00 00 00 00 00 00 00 00 00 In Figure 38-21, Port 0/2 is added as a tagged member of VLAN 10. Figure 38-21. Adding Tagged Ports to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 0000 0000 0000 0000 0000 0000 0000 0000 0000 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 696
dell.com | support.dell.com Enable and Disable a Port using SNMP Step 1 2 3 Task Command Syntax Command Mode Create an SNMP community on the Dell Force10 system. snmp-server community CONFIGURATION From the Dell Force10 default VLAN, VLAN 1. The SNMP walk :01:e8:06:95:ac is .0.1.232.6.149.172 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 697
-default VLANs MAC Addresses on Force10 System R1_E600#show mac-address-table VlanId Mac Address Type Interface State 1000 00:01:e8:06:95:ac Dynamic Gi Interface Indices FTOS assigns an interface number to each (configured or unconfigured) physical and logical interface. Display the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 698
www.dell.com | support.dell.com Figure 38-25. Display the Interface Index Number Force10#show interface gig 1/21 GigabitEthernet 1/21 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:0d:b7:4e Current address - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 699
For interface indexing, slot and port numbering begins with the binary one. If the Dell Force10 system begins slot and port numbering from 0, then the binary 1 represents slot and port 0. For example, the index number in Figure 38-27 gives the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 700
www.dell.com | support.dell.com 700 | Simple Network Management Protocol - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 701
: Table 39-1. FTOS Supported Spanning Tree Protocols Dell Force10 Term Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol Per-VLAN Spanning Tree Plus IEEE Specification 802.1d 802.1w 802.1s Third Party Configuring Spanning Tree Configuring Spanning Tree is a two - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 702
www.dell.com | support.dell.com • Enabling PortFast on page 709 • Preventing Network Disruptions with BPDU Guard on page 711 • STP Root Selection on page 713 • SNMP Traps for Root Elections and Topology Changes on page 713 • Configuring Spanning Trees as Hitless on page 713 Important Points to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 703
on all switches that will participate in Spanning Tree must be in Layer 2 mode and enabled. Figure 39-1. Example of Configuring Interfaces for Layer command from INTERFACE mode. Figure 39-2. Verifying Layer 2 Configuration Force10(conf-if-gi-1/1)#show config ! interface GigabitEthernet 1/1 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 704
dell.com | support.dell Command Syntax protocol spanning-tree 0 no disable Command Mode CONFIGURATION PROTOCOL SPANNING TREE Note: To disable STP globally for Indicates that Spanning Tree is enabled Force10# When you enable Spanning Tree, all physical, VLAN, and port-channel interfaces that are - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 705
0 Number of transitions to forwarding state 1 BPDU: sent 21, received 486 The port is not in the portfast mode View the Spanning Tree configuration and the interfaces that are participating in STP using the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 706
www.dell.com | support.dell.com Confirm that a port is participating in Spanning Tree using the show spanning-tree 0 brief command from EXEC privilege mode. Figure 39-6. show spanning-tree brief Command Example Force10#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 707
for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in Spanning Tree. Note: Dell Force10 recommends that only experienced network administrators change the Spanning Tree parameters. Poorly planned modification of the Spanning Tree parameters can - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 708
www.dell.com | support.dell.com Table 39-2. STP Default Values STP Parameter Change the hello-time parameter (the BPDU transmission interval). Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 709
that PortFast is enabled on a port using the show spanning-tree command from the EXEC privilege mode or the show config command from INTERFACE mode; Dell Force10 recommends using the show config command, as shown in Figure 39-7. Spanning Tree Protocol | 709 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 710
www.dell.com | support.dell.com Figure 39-7. PortFast Enabled on Interface Force10#(conf-if-gi-1/1)#show conf ! interface GigabitEthernet 1/1 no ip address switchport spanning-tree 0 portfast no shutdown Force10#(conf-if-gi-1/1)# Indicates that the interface is in PortFast mode 710 | Spanning - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 711
configured on ports that connect to end stations. End stations do not generate BPDUs, so ports configured Dell Force10 system is configured with Portfast. If the switch is connected to the hub, the BPDUs that the switch Force10 0e90 Configured Force10(conf-if-gi-0/7)#do show ip - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 712
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If tree (no spanning-tree in CONFIGURATION mode). Figure 39-8. Enabling BPDU Guard Force10(conf-if-gi-3/41)# spanning-tree 0 portfast bpduguard shutdown-on-violation Force10(conf-if-gi-3/41)#show - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 713
privilege mode. Figure 39-9. show spanning-tree root Command Example Force10#show spanning-tree 0 root Root ID Priority 32768, Address 0001 snmp-server enable traps xstp. Configuring Spanning Trees as Hitless c e Configuring Spanning Trees as Hitless is supported only on platforms: You can configure - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 714
www.dell.com | support.dell.com Figure 39-10. Configuring all Spanning Tree Types to be Hitless Force10(conf)#redundancy protocol xstp Force10#show running-config redundancy ! redundancy protocol xstp Force10# 714 | Spanning Tree Protocol - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 715
manageable as a single switch through the stack management unit. This chapter contains the following sections: • S-Series Stacking Overview • Important Points to Remember • S-Series Stacking Configuration Tasks S-Series Stacking Overview The S55 supports up to 12 stack members with FTOS version - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 716
www.dell.com | support.dell.com Figure 40-1. S55 Stack Manager Redundancy Force10#show redundancy --------- Stack-unit Status --------- Mgmt ID: 1 Stack-unit ID: 0 Stack-unit Redundancy Role: Primary Stack-unit State: Active Stack-unit SW Version: SD8.3.5.1 Link to Peer: Up --------- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 717
Figure 40-2. Electing the S55 Stack Manager Force10# #show system brief Stack MAC : 00:01:e8:55:00:85 Reload Type : normal-reload -- Stack Info -- Unit UnitType Status ReqTyp CurTyp 0 Member online S55 S55 1 Management online S55 S55 2 Standby online S55 S55 3 Member not present - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 718
support.dell.com Figure 40-3. Adding a Standalone S55 with a Lower MAC Address to a Stack- Before STANDALONE BEFORE CONNECTION Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S55 S55 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 719
S55 S55 8.3.5.1 52 2 Member online S55 S55 8.3.5.1 52 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not present 9 Member not present 10 Member not present 11 Member not present Stacking S-Series Switches - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 720
www.dell.com | support.dell.com Figure 40-5. Adding a Standalone S55 with a Lower MAC Address but Higher Priority to a Stack- Before STANDALONE BEFORE CONNECTION Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 721
of commands, as shown in Figure 40-7. • Remote access: You may access the stack with SNMP, SSH, or Telnet through any enabled, Layer 3 interface on any stack unit. The S60 and S55 have a dedicated Management port and support the routing table, similarly to the E-Series systems. No other S-Series has - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 722
same version of FTOS. • Insert S55 stacking modules in the lower optional module slot (slot 0) only. The upper optional module slot does not support stacking modules. S-Series Stacking Installation Tasks • Create an S-Series Stack • Add a Unit to an S-Series Stack • Remove a Unit from an S-Series - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 723
and 52. Note: The S55 stacking modules are installed in the lower optional module slot (slot 0) and use ports 48 and 49. To add a unit to an existing stack: Step 1 2 3 4 Task Verify that each unit has the same FTOS version prior to stacking them together. Pre-configure unit numbers for each unit - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 724
-port 2/51 to 0/51; you may rearrange the stacking cables without triggering a unit reset, so long as the stack manager is never disconnected from the stack. Note: The S55 stacking modules are installed in the lower optional module slot (slot 0) and use ports 48 and 49 only. Figure 40-9. Displaying - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 725
its running and startup configurations with the stack. To manually assign a new unit a position in the stack: Step 1 2 3 4 5 6 Task Command Syntax While the unit is unpowered, install stacking modules in the new unit. On the stack, determine the next available stack-unit number, and the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 726
dell.com | support.dell.com Figure 40-11. Adding a Stack Unit with a Conflicting Stack Number-Before (S50 type) STANDALONE BEFORE CONNECTION Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack present 7 Member not present [output omitted] 726 | Stacking S-Series Switches - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 727
S50N S50N 7.8.1.0 52 2 Standby online S50V S50V 7.8.1.0 52 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present [output omitted] Stacking S-Series Switches | 727 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 728
www.dell.com | support.dell.com Remove a Unit from an S-Series Stack The running-configuration and startup-configuration are synchronized on all stack units. A stack member that is disconnected from the stack maintain this configuration. To remove a stack member from the stack, disconnect the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 729
conflict, the stack members retain their previous unit numbers. Otherwise, the stack manager assigns new unit numbers, based on the order that they come online. • The stack manager overwrites the startup and running config on the losing stack members with its own. Stacking S-Series Switches | 729 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 730
www.dell.com | support.dell.com Split an S-Series Stack To split a stack, unplug the desired stacking cables.You may do this at any time, whether the stack is powered or unpowered, and the units are online or offline. Each portion of the split stack retains the startup and running configuration of - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 731
new unit, or to prevent FTOS from assigning a particular stack-number. Task Create a virtual stack unit. Command Syntax stack-unit provision Command Mode CONFIGURATION Display Information about an S-Series Stack Task Display for stack-identity, status, and hardware information on every unit in - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 732
www.dell.com | support.dell.com Figure 40-17. Displaying Information about an S-Series Stack-show system (S50 type) Force10#show system Stack MAC : 00:01:e8:d5:f9:6f -- Unit 0 -- Unit Type : Member Unit Status : online Next Boot : online Required Type : S50V - 48-port E/FE/GE with - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 733
up AC 2 1 absent -- Fan Status -- Unit TrayStatus Speed Fan0 Fan1 Fan2 Fan3 Fan4 Fan5 0 up low up up up up up up 1 up low up up up up up up 2 up low up up up up up up Figure 40-19. Displaying Information about a Stack-show system stack-ports (S50 type) Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 734
www.dell.com | support.dell.com Figure 40-20. Show information about a stack-show system brief (S55) Force10#show system brief Stack MAC : 00:01:e8:55:00:85 Reload Type : normal-reload -- Stack Info -- Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S55 S55 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 735
Figure 40-21. Displaying Information about an S-Series Stack-show system stack-ports (S55) Force10#Force10#show system stack-ports status Topology: Ring Interface Link Speed Admin Link Trunk (Gb/s) Status Status Group 0/48 12 up up 0/49 12 up up 1/48 12 up - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 736
Privilege Monitor an S-Series Stack with SNMP S-Series supports the following tables in f10-ss-chassis.mib for stack management through SNMP: • chStackUnitTable • chSysStackPortTable Troubleshoot an S-Series Stack • Recover from Stack Link Flaps • Recover from a Card Problem State on an S-Series - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 737
Port 51 has flapped 5 times within 10 seconds.Shutting down this stack port now. Error: Please check the stack cable/module and power-cycle the stack. Recover from a Card Problem State on an S-Series Stack If a unit added to a stack has has a different FTOS version, the unit does not come online - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 738
www.dell.com | support.dell.com Recover from a Card Mismatch State on an S-Series Stack A card mismatch occurs if the stack has a provision for the lowest available stack number which does not match the model of a newly added unit (Figure 40-24). To recover, disconnect the new unit. Then, either: • - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 739
1 Management online S50N S50N 7.8.1.0 52 2 Standby online S50V S50V 7.8.1.0 52 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present Stacking S-Series Switches | 739 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 740
740 | Stacking S-Series Switches www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 741
packets per second (PPS) that storm control can limit on the S55 is 2. Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode Configure storm control from INTERFACE mode Configure storm control from INTERFACE mode using the command storm control. From INTERFACE - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 742
www.dell.com | support.dell.com Configure storm control from CONFIGURATION mode Configure storm control from CONFIGURATION mode using the command storm control. From CONFIGURATION mode you can configure storm control for ingress and egress traffic. Do not apply per-VLAN QoS on an interface that has - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 743
Chapter 42, System Time and Date settings, and Network Time Protocol are supported on platforms: e s System times and dates can be set and detected and avoided. Dell Force10 recommends configuring NTP for the most accurate time. In FTOS, other time sources can be configured (the hardware clock and - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 744
www.dell.com | support.dell.com • Roundtrip delay provides the capability to launch a message to arrive at the reference clock at a specified time. • Dispersion represents the maximum error of the - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 745
carrier loss 2: synch loss 3: format error 4: interface/link failure Recieve Timestamp Transmit Timestamp Implementation Information • Dell Force10 systems can only be an NTP client. Configuring Network Time Protocol Configuring NTP is a one-step process: 1. Enable NTP. See page 746. Related - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 746
www.dell.com | support.dell.com Enable NTP NTP is disabled by default. To enable it, specify an NTP server to which the Dell Force10 system NTP server to which the Dell Force10 system will synchronize. Command ntp server ip-address Command Mode CONFIGURATION Display the system clock state with - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 747
calendar 06:31:26 UTC Mon Mar 13 1989 R5/R8(conf)#do show calendar 12:24:11 UTC Thu Mar 12 2009 Command Mode CONFIGURATION Configure NTP broadcasts With FTOS, you can receive broadcasts of time information. You can set interfaces within the system to receive NTP information through broadcast. To - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 748
by the slot/port information. • For a VLAN interface, enter the keyword vlan followed by a number from 1 to 4094. E-Series ExaScale platforms support 4094 VLANs with FTOS version 8.2.1.0 and later. Earlier ExaScale supports 2094 VLANS. To view the configuration, use the show running-config ntp - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 749
as the number used in the ntp authentication-key command. To view the NTP configuration, use the show running-config ntp command (Figure 40) in the EXEC are encrypted. Figure 42-5. show running-config ntp Command Example Force10#show running ntp ! ntp authenticate ntp authentication-key 345 md5 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 750
www.dell.com | support.dell.com Command Syntax ntp server ip-address [key keyid] [prefer] [version number] Command Mode CONFIGURATION Purpose Configure an NTP server. Configure the IP address of a server and the following optional parameters: • key keyid: Configure a text string as the key - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 751
• Poll Interval: integer indicating the minimum interval between transmitted messages, in seconds as a power of two. For instance, a value of six indicates a minimum interval of 64 seconds. • Precision: integer indicating the precision of the various clocks, in seconds to the nearest power of two. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 752
www.dell.com | support.dell.com FTOS Time and Date The time and date can be set using the FTOS CLI. Configuring time and date settings The following list includes the configuration tasks for setting the system time: • Set the time and date for the switch hardware clock • Set the time and date - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 753
only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots. Command Syntax clock set time month day year Command Mode EXEC Privilege Purpose Set the system four-digit number as the year. Range: 1993 to 2035. Force10#clock set 16:20:00 19 september 2009 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 754
www.dell.com | support.dell.com Set the timezone Coordinated Force10#conf Force10(conf)#clock timezone Pacific -8 Force10(conf)#01:40:19: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" Set daylight savings time FTOS supports - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 755
zone) on which to convert the switch to daylight savings time on a one-time basis. Command Syntax clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] Command Mode Purpose CONFIGURATION Set the clock to the appropriate timezone - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 756
www.dell.com | support.dell.com Command Syntax Command Mode Purpose Force10(conf)#clock summer-time pacific date Mar 14 2009 00:00 Nov 7 2009 00:00 Force10(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 757
)#clock summer-time pacific recurring Mar 14 2009 00:00 Nov 7 2009 00:00 ? Force10(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar 14 2009;Summer time ends 00:00:00 pacific Sat Nov 7 2009" - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 758
www.dell.com | support.dell.com Command Syntax Command Mode Purpose Force10(conf)#clock summer-time pacific recurring ? Week number to start first Week number to start last Week number to start Force10(conf)#clock summer-time pacific recurring Force10(conf)#02:10:57: %RPM0-P: - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 759
with upgrades Direct any questions or concerns about FTOS Upgrade Procedures to Dell Force10' Technical Support Center. You can reach Technical Support: • On the Web: www.force10networks.com/support/ • By email: [email protected] • By phone: US and Canada: 866.965.5800, International: 408 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 760
760 | Upgrade Procedures www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 761
802.1Q Virtual Bridged Local Area Networks. In this guide, see also: • Bulk Configuration on page 306 in Chapter 15, "Interfaces," on page 283 • VLAN Stacking on page 647 For a complete listing of all commands related to FTOS VLANs, see these FTOS Command Reference chapters: • Interfaces chapter - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 762
| support.dell.com Table 44-1 displays the defaults for VLANs in FTOS. Table 44-1. VLAN Defaults on FTOS Feature Spanning Tree group ID Mode Default VLAN ID Default All VLANs are part of Spanning Tree group 0 Layer 2 (no IP address is assigned) VLAN 1 Default VLAN When interfaces are configured - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 763
VLAN, the VLAN conserves bandwidth. Finally, you can have multiple VLANs configured on one switch, thus segmenting the device. Interfaces within a port-based VLAN Layer 2 mode, it is automatically placed in the Default VLAN. FTOS supports IEEE 802.1Q tagging at the interface level to filter traffic - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 764
www.dell.com | support.dell.com • Tag Control Information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but 2 are reserved. Note: The insertion of the tag header into the Ethernet frame increases the size of the frame - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 765
continues to pass through the VLAN. If the VLAN is not a routed VLAN (that is, configured with an IP address), the shutdown command has no affect on VLAN traffic. When you delete a VLAN (using the no interface vlan vlan-id command), any interfaces assigned to that VLAN are assigned to the Default - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 766
www.dell.com | support.dell.com To tag frames leaving an interface in Layer 2 mode, you must assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use these commands in the following sequence: Step Command Syntax 1 interface vlan vlan-id 2 tagged interface - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 767
(So 0/0-1) T Gi 3/1 4 Inactive Force10#conf Force10(conf)#int vlan 4 Force10(conf-if-vlan)#untagged gi 3/2 Force10(conf-if-vlan)#show config ! interface Vlan 4 no ip address untagged GigabitEthernet 3/2 Force10(conf-if-vlan)#end Force10#show vlan Use the show vlan command to determine - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 768
and send routed traffic. For details, see Bulk Configuration on page 306. VLAN Interface Counters VLAN counters can be enabled for either Ingress packets, egress packets, or both. VLAN counters are disabled by default, and are supported on E-Series ExaScale exonly. Command Syntax Command Mode - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 769
port. The classic example is connecting a VOIP phone and a PC to the same port of the switch. The VOIP phone is configured to generate tagged packets (with VLAN = VOICE VLAN), and the attached PC generates untagged packets. To configure a port so that it can be a member of an untagged and tagged - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 770
770 | Virtual LANs (VLAN) www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 771
Protocol (VRRP) c e s Virtual Router Redundancy Protocol (VRRP) is supported on platforms This chapter covers the following information: • VRRP Overview • VRRP Benefits • VRRP Implementation • VRRP Configuration • Sample Configurations Virtual Router Redundancy Protocol (VRRP) is designed to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 772
www.dell.com | support.dell.com FN0001_lp In Figure 45-1 below, Router A is configured as the MASTER router. It is configured with the IP B to provide uninterrupted service to the users on the LAN segment accessing the Internet. Figure 45-1. Basic VRRP Configuration INTERNET Router A Master - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 773
of groups that can be configured and work efficiently, as a result of hardware throttling VRRP advertisement packets reaching the RP2 processor on the E-Series, the CP on the C-Series, or the FP on the S-Series. To avoid throttling VRRP advertisement packets, Dell Force10 recommends you to increase - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 774
www.dell.com | support.dell.com The recommendations in Table 45-1 may vary depending on to be dropped during that switch-over time. VRRP Configuration By default, VRRP is not configured. Configuration Task List for VRRP The following list specifies the configuration tasks for VRRP: • Create - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 775
supports a total of 128 VRRP groups on the switch with varying number of maximum VRRP groups per interface (Table 45-1). S-Series supports a total of 120 VRRP groups on a switch to multiple IP subnets configured on the interface, Dell Force10 recommends you configure virtual IP addresses belonging - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 776
www.dell.com | support.dell.com • Configure virtual IP addresses for this VRID. Command Syntax vrrp-group vrrp-id VRID Range: 1-255 virtual-address ip-address1 [...ip-address12] Range: up to 12 addresses Command Mode INTERFACE INTERFACE -VRID Figure 45-4. Command Example: virtual-address Force10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 777
sent: 27, Gratuitous ARP sent: 2 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.2.2 10.10.2.3 Authentication: (none) Force10# Different Virtual IP addresses When the VRRP process completes its initialization, the State field contains either Master or Backup. Set VRRP Group - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 778
www.dell.com | support.dell.com Configure the VRRP Group's priority with the following command in the VRRP mode: Task Configure the priority IP address: 10.10.2.2 10.10.2.3 Authentication: (none) Force10(conf)# Configure VRRP Authentication Simple authentication of VRRP packets ensures that only - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 779
Encryption type (encrypted) Password Figure 45-10. Command Example: show config in VRID mode with a Simple Password Configured Force10(conf-if-gi-1/1-vrid-111)#show conf ! vrrp-group 111 authentication-type simple 7 387a7f2df5969da4 priority 255 virtual-address 10.10.10.1 virtual-address 10 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 780
www.dell.com | support.dell.com Since preempt is enabled by default, disable the preempt function begins and the BACKUP virtual router with the highest priority transitions to MASTER. Note: Dell Force10 recommends you to increase the VRRP advertisement interval to a value higher than the default - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 781
10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 Force10(conf-if-gi-1/1-vrid-111)# Track an Interface Set FTOS to monitor the all the tracked interfaces should not exceed the configured priority on the VRRP group. If the VRRP group is configured as Owner router (priority 255), tracking - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 782
www.dell.com | support.dell.com Figure 45-15. Command Example: track Force10(conf-if-gi-1/1)#vrrp-group 111 Force10(conf-if-gi-1/1-vrid-111)#track gigabitethernet 1/2 Force10(conf-if-gi-1/1-vrid-111)# Figure 45-16. Command Example Display: track in VRID mode Force10(conf-if-gi-1/1-vrid-111)#show - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 783
Figure 45-17. Configure VRRP Router 2 R2(conf)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.1.1.1/24 R2(conf-if-gi-2/31)#no shut R2(conf- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 784
www.dell.com | support.dell.com Figure 45-18. VRRP Topography Illustration State Master: R2 was the first interface configured with 10.1.1.3 Authentication: (none) R2# State Backup: R3 was the second interface configured with VRRP R3#show vrrp GigabitEthernet 3/21, VRID: 99, Net: 10.1.1.1 State - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 785
are transmitted through those components. These diagnostics also perform snake tests using VLAN configurations. Important Points to Remember • You can only perform offline diagnostics on an offline standalone unit or offline member unit of a stack of three or more. You cannot perform diagnostics on - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 786
dell.com | support.dell.com • Diagnostic results are stored on the flash of the unit on which you performed the diagnostics. • When offline diagnostics are complete, the unit or stack an S-Series Stack Unit Offline Force10#offline stack-unit 2 Warning - Diagnostic execution will cause stack-unit to - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 787
Module 0 2 1 offline S50-01-12G-2S 2 -- Power Supplies -- Unit Bay Status Type 0 0 up AC 0 1 absent 1 0 up AC 1 1 absent 2 0 up AC format TestReport-SU-.txt. Message 2 Offline Diagnostics Complete Force10#00:09:32 : Diagnostic test results are stored on - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 788
www.dell.com | support.dell.com Figure 46-3. Running Offline Diagnostics on an S-Series Standalone Unit Force10#diag stack-unit 1 alllevels Wtaornsihnugt -didrieacgtnloystciocnneexcetceudtipoonrtwsill cause multiple link flaps on the peer side - advisable Proceed with Diags [confirm yes/no]: yes - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 789
Figure 46-5. Viewing the Results of Offline Diagnostics on a Standalone Unit Force10#show file flash://TestReport-SU-0.txt S-Series Diagnostics Stack Unit Board Serial Number : DL267160098 CPU Version : MPC8541, Version: 1.1 PLD Version : 5 Diag image based on build : E_MAIN4.7.7.206 SVt,ac2k. - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 790
do not support this functionality. Last restart reason (S55) If an S55 system restarted for some reason (automatically or manually), the show latest FTOS version on the S55. Note: The show hardware commands should only be used under the guidance of Dell Force10 Technical Assistance Center. 790 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 791
from the bShell through the CLI without going into the bShell. Troubleshooting packet loss The show hardware stack-unit command is intended primarily to troubleshoot packet loss. • show hardware stack-unit cpu data-plane statistics • show hardware stack-unit cpu party-bus statistics • show hardware - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 792
www.dell.com | support.dell.com • clear hardware stack-unit 0-11 unit 0-1 counters • clear hardware stack-unit 0-11 cpu data-plane statistics • clear hardware stack-unit 0-11 cpu party-bus statistics • clear hardware stack-unit 0-11 stack-port 48-51 Displaying Drop Counters The show hardware stack- - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 793
Counters Force10#show hardware stack-unit 0 drops unit 0 port 1 --- Ingress Drops --- Ingress Drops : 30 IBP CBP Full Drops : 0 PortSTPnotFwd Drops : 0 IPv4 L3 Discards : 0 Policy Discards : 0 Packets dropped by FP : 14 (L2+L3) Drops : 0 Port bitmap zero Drops : 16 Rx VLAN Drops - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 794
www.dell.com | support.dell.com Figure 46-8. Displaying Dataplane Statistics Force10#show hardware stack-unit 2 cpu data-plane statistics bc pci driver statistics for device: rxHandle :0 noMhdr :0 noMbuf :0 noClus :0 recvd :0 dropped :0 recvToNet :0 rxError :0 rxDatapathErr :0 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 795
sec, 2 packets/sec, 0.00% of line-rate Output 00.06 Mbits/sec, 8 packets/sec, 0.00% of line-rate Force10# Displaying Stack Member Counters The show hardware stack-unit 0-11 {counters | details | port-stats [detail] | register} command displays internal receive and transmit statistics, based on - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 796
server Command Mode CONFIGURATION Undo this command using the no logging coredump server. Mini core dumps FTOS supports mini core dumps f10StkUnit0.acl.acore.mini.txt flash: 3104256 bytes total (2959872 bytes free) Force10# When a member or standby unit crashes, the mini core file gets uploaded - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 797
>: 0024e2b0 : 0024dee8 : 0024d9c4 : 002522b0 : 0026a8d0 : 0026a00c - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 798
www.dell.com | support.dell.com 798 | S-Series Debugging and Diagnostics - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 799
is listed as supported by FTOS, FTOS also supports predecessor standards. One Ethernet (1000BASE-T) • 802.3ac - Frame Extensions for VLAN Tagging • 802.3ad - Link Aggregation with LACP • TIA-1057- LLDP-MED • Dell Force10 - FRRP (Dell Force10 Redundant Ring Protocol) • Dell Force10 - PVST+ • SFF-8431 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 800
dell.com | support.dell.com RFC and I-D Compliance The following standards are supported by FTOS, and are grouped by related protocol. The columns showing support by platform indicate which version of FTOS first supports ) 2474 Definition of the Differentiated Services Field (DS Field) 7.7.1 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 801
Protocol Requirements for IP Version 4 Routers Dynamic Host Configuration Protocol Virtual Router Redundancy Protocol (VRRP) Using 31- Agent Information Option VLAN Aggregation for Efficient IP Address Allocation Protection Against a Variant of the Tiny Fragment Attack FTOS support, per platform - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 802
www.dell.com | support.dell.com General IPv6 Protocols RFC# 1886 1981 (Partial) 2460 2461 (Partial) 2462 (Partial) 2463 2464 2675 3587 4291 Full Name DNS Extensions to support IP version 6 Path MTU Discovery for IP version 6 FTOS support, per platform S-Series 7.8.1 7.8.1 C-Series 7.8.1 7.8.1 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 803
for BGP-4 2918 Route Refresh Capability for BGP-4 3065 Autonomous System Confederations for BGP 4360 BGP Extended Communities Attribute 4893 BGP Support for Four-octet AS Number Space 5396 Textual Representation of Autonomous System (AS) Numbers draft-ietf-idr- A Border Gateway Protocol - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 804
www.dell.com | support.dell.com Intermediate System to Intermediate System (IS-IS) FTOS support, per platform RFC# Full Name E-Series E-Series System to Intermediate System (IS-IS) Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS) 5120 5306 M-ISIS: Multi Topology (MT - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 805
for Traffic Engineering Over MPLS Multiprotocol Label Switching Architecture MPLS Label Stack Encoding RSVP-TE: Extensions to RSVP for Switched Data Plane Failures (MPLS TE/LDP Ping & Traceroute LDP Specification Extensions to GMPLS Resource Reservation Protocol (RSVP) Graceful Restart FTOS support - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 806
www.dell.com | support.dell.com Multicast FTOS support, per platform RFC# Full Name S-Series C-Series E-Series E- for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches draft-ietf-pim Protocol Independent Multicast - Sparse Mode -sm-v2-new- (PIM - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 807
2024 2096 2558 2570 2571 2572 2574 2575 FTOS support, per platform Full Name E-Series E-Series S-Series for Data Link 7.6.1 7.5.1 8.1.1 Switching using SMIv2 IP Forwarding Table MIB 7.6.1 7.6.1 7.5.1 8.1.1 Network Management Protocol (SNMP) User-based Security Model (USM) for - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 808
www.dell.com | support.dell.com Network Management (continued) RFC# 2576 2578 2579 2580 2618 2665 2674 2787 2819 2863 2865 3273 3416 3418 3434 3580 FTOS support, per platform Full Name E-Series E-Series S-Series C-Series TeraScale ExaScale Coexistence Between Version 1, Version 2, and 7.6.1 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 809
-05) FORCE10-FIB-M Dell Force10 CIDR Multipath Routes MIB (The IP IB Forwarding Table provides information that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue. It reports the autonomous system of the next hop, multiple next hop support, and - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 810
FORCE10-LINK Dell Force10 Enterprise Link Aggregation MIB AGG-MIB FORCE10-CHAS Dell Force10 E-Series Enterprise Chassis MIB SIS-MIB FORCE10-COPY Dell Force10 File Copy MIB (supporting SNMP -CONFIG-MIB SET operation) FORCE10-MON- Dell Force10 Monitoring MIB MIB FORCE10-PROD Dell Force10 Product - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 811
/MIBs/MIB_OIDs.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/Support/AccountRequest.aspx If you have forgotten or lost your account information, contact Dell Force10 TAC for assistance. Standards Compliance | 811 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 812
812 | Standards Compliance www.dell.com | support.dell.com - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 813
Router. See ABR. AS 136 support 156 AS-PATH ACL "permit all routes" statement 187 configuring 173 AS_PATH attribute using 173 authentication 211 BMP 2.0 prerequisites 211 DHCP server requirement 213 restrictions 212 base VLAN 538 BGP 136 Attributes 141 Autonomous Systems 136 best path criteria 141 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 814
www.dell.com | support.dell.com enabling 177, 180 NO_EXPORT_SUBCONFED 177, 180 Community list configuring 178 community port 538 community VLAN 537, 538 Console terminal line 60 coredumps Protocol. See FTP. flowcontrol 318 Force10 Resilient Ring Protocol 253 forward delay 613, 707 FRRP 253 FRRP - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 815
interface 289 assigning to interface 331 assigning to port channel 301 assigning to VLAN 768 composition 329 configuring static routes 332 IP fragmentation 316 IP hashing scheme 304 ip local-proxy-arp command 544 IP MTU configuring 319 maximum size 316 IP prefix lists "permit all" statement 119, 120 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 816
www.dell.com | support.dell.com ip scp supported 465 M MAC hashing scheme 304 management interface 288 accessing 291 configuring a management interface 291 configuring IP address 291 definition 290 IP address consideration 291 management interface, switch 287 max age 613, 707 MBGP 196 Member VLAN - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 817
527 port priority 613, 708 port types (private VLAN) 538 port-based VLANs 763 assigning IP address 768 benefits 763 creating VLAN 764 definition 763 deleting VLAN 765 enabling tagging 766 interface requirements 763 IP routing 763 number supported 763 remove interface 767 remove tagged interface 766 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 818
dell.com | support.dell Service) chapter 559 Quality of Service (QoS) chapter 559 R RADIUS changing an optional parameter 632 configuration requirements 629 configuring server 638 searching show commands 34 display 34 grep 34 secondary VLAN 538 Secure Shell (SSH) 637 show accounting command 620 show - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 819
VLAN. Virtual Router Identifier. See VRID. Virtual Router Redundancy Protocol. See VRRP. VLAN configuration, automatic 265 VLAN Protocol Identifier 763 VLAN types 537 VLAN types (private VLAN) 537 VLANs 766 SNMP 768 tagged interfaces 764, 765 TFTP 768 untagged interfaces 765 viewing configured 764 - Dell Force10 S55T | S55 Configuration Guide FTOS 8.3.5.3 - Page 820
www.dell.com | support.dell.com configuring simple authentication 779 definition 771 disabling preempt 780 MAC address 771 monitoring interface 781 simple authentication 778 transmitting VRRP packets 775 virtual IP addresses 775 virtual router 774 VRID 771, 774 VTY lines access class configuration
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
-
565
-
566
-
567
-
568
-
569
-
570
-
571
-
572
-
573
-
574
-
575
-
576
-
577
-
578
-
579
-
580
-
581
-
582
-
583
-
584
-
585
-
586
-
587
-
588
-
589
-
590
-
591
-
592
-
593
-
594
-
595
-
596
-
597
-
598
-
599
-
600
-
601
-
602
-
603
-
604
-
605
-
606
-
607
-
608
-
609
-
610
-
611
-
612
-
613
-
614
-
615
-
616
-
617
-
618
-
619
-
620
-
621
-
622
-
623
-
624
-
625
-
626
-
627
-
628
-
629
-
630
-
631
-
632
-
633
-
634
-
635
-
636
-
637
-
638
-
639
-
640
-
641
-
642
-
643
-
644
-
645
-
646
-
647
-
648
-
649
-
650
-
651
-
652
-
653
-
654
-
655
-
656
-
657
-
658
-
659
-
660
-
661
-
662
-
663
-
664
-
665
-
666
-
667
-
668
-
669
-
670
-
671
-
672
-
673
-
674
-
675
-
676
-
677
-
678
-
679
-
680
-
681
-
682
-
683
-
684
-
685
-
686
-
687
-
688
-
689
-
690
-
691
-
692
-
693
-
694
-
695
-
696
-
697
-
698
-
699
-
700
-
701
-
702
-
703
-
704
-
705
-
706
-
707
-
708
-
709
-
710
-
711
-
712
-
713
-
714
-
715
-
716
-
717
-
718
-
719
-
720
-
721
-
722
-
723
-
724
-
725
-
726
-
727
-
728
-
729
-
730
-
731
-
732
-
733
-
734
-
735
-
736
-
737
-
738
-
739
-
740
-
741
-
742
-
743
-
744
-
745
-
746
-
747
-
748
-
749
-
750
-
751
-
752
-
753
-
754
-
755
-
756
-
757
-
758
-
759
-
760
-
761
-
762
-
763
-
764
-
765
-
766
-
767
-
768
-
769
-
770
-
771
-
772
-
773
-
774
-
775
-
776
-
777
-
778
-
779
-
780
-
781
-
782
-
783
-
784
-
785
-
786
-
787
-
788
-
789
-
790
-
791
-
792
-
793
-
794
-
795
-
796
-
797
-
798
-
799
-
800
-
801
-
802
-
803
-
804
-
805
-
806
-
807
-
808
-
809
-
810
-
811
-
812
-
813
-
814
-
815
-
816
-
817
-
818
-
819
-
820
 |
 |
FTOS Configuration Guide for
the S55 System
FTOS 8.3.5.3